In my blog post of August 4, 2010 I mused about one aspect of user centricity little talked about: That is the availability of a simple secure user interface, in which the user can manage his/her identity affairs. In the portal there could be a link that gives access to audit trail information on what information is sent to which Relying Parties by the IdP.
Some authors/architects seem to think Jo Public is not interested in such details and we just have to concentrate on ‘ease of use’ and ‘choice’ while hiding all the complexity from the user and bury it somewhere in the network.
The National Strategy for Trusted Identities in Cyberspace introduces a new role of Attribute Provider (AP), who in the identity eco system is responsible for the processes associated with establishing and maintaining identity attributes.
See, I don’t like where this is going, because to me that’s too much like going behind the user’s back in profiling the user. This reminds me of the tactics of the search engine providers and the credit rating agencies. “To them you are the product, not a customer” it is often joked.
I would like the user himself to manage his/her claims and so I introduced in one of my blogs the concept of ‘trust provider’ to back up those claims. Simple example: In my professional identity I may like to put forward the claim, that I have an MBA degree and will authorise my identity provider to verify that claim with the Rotterdam School of Management (RSM). When I want to proof residency in order to obtain a residents’ parking permit my utilities could vouch they deliver services to my address and that the accounts are in my name.
In the illustration below I tried to make a mock-up, of what such a dashboard transaction could look like. In it I link my identity to one of my utility providers Britsh Gas. It is the equivalent of my bank asking me to bring a utility bill as part of their ‘Know your customer’ identity verification process. Only in my portal it is all done on-line from my comfortable chair sitting with my laptop. With each relationship I prove in such a way my trustworthiness bar goes further ‘in the green’. This untill I reach a certain level of verification that can be readily accepted by most relying parties I deal with.
- My name is…….
- I have lived at this address for > 10 years (30 points)
- EON is supplying me electricity (10 points)
- British Gas is Supplying me with gas (10 points)
- Anglian Water is supplying me with water and sewerage.
- My Passport number is ( 25 points)
- My Drivers License no is ( 5 points)
- I bank with Barclays Bank (20 points)
- I have never been declared ‘Bankrupt’ ( 5 points)
- I have not been banned from public office ( 5 points)