Identity federation

There’s been a couple of recent posts by Eric Norlin and Steve Borsch on the social web and how it would be much better off if social websites all got together and federated.  To my mind they’re missing some very important points.

        Posted by Paul


First up, the reasons for federation as they see it are mainly usability. Basically applying a opensource web 2.0 approach to identity management.  Quotes like this from Steve just emphasises it

 



The opportunity lies in a web 2.0 company that is willing to open up its identity stores to portability and a sense of user-centrism”


 

The point, the real crux of this issue is lock in. Social sites are all about eyeballs. Why would they when they want your eyeballs going to another social site? How does that serve them? How can they market to you, if you are on someone else’s site? Social networks are at their very essence a form of viral tie in. You go there because your friends do, or people you do business with etc etc you get the idea.

In this whole process there’s not one compelling reason to federate unless its to your parent organisation ( Flickr and Yahoo) , to a non competitive but synergistic site or you’re loosing the race and really need one of the big guys of the web to help you out.

Other than that is all a nice hypothetical debate.


To my mind the thing that always has, and will continue to hold this type of federation back is money and trust.  Lets deal with money first. This applies in two ways.

Firstly every web entity is about lock in, they’re fighting for clients every bit as hard as streetside retailers. If your on their site (store) they can sell to you. End of story.

Secondly, identity federation isn’t seriously going to go anywhere until the people with the money (banks, ) get into federation. Because, federation at its very heart is a commercial issue. Why? Well for a lot of reasons. One is that for any online transaction, you never really show up, the clerk can’t look you over, check its really you and that its your money you are spending.

Secondly its about delivering shareholder value, and no matter how you monetise your online presence, its core metric is driven by the volumes of users (them being identities). The people that are your masters, don’t want us to do the nice thing. They want a return…

And finally its about trust. Trust is fundamental to the fabric of ecommerce  (and hence the web) for the reasons above. In fact if we don’t solve it there’s a good chance the ecommerce world could unravel (with growing identity theft and fraud levels) The lack of trust is also a major inhibitor of federation, Eric Norlin puts it pretty well here but he’s arguing for the opposite. Intriguing…


 

 “As the argument goes, users will actually be worse off than they are today because they will no longer be protected by just having one account that goes to one site hacked, they'll have all of them compromised at once.”

 


This brings a bunch of associated liability and compliance issues ( imagine if your bank account got cleaned out because someone got your federated social network login!!!). Which means a lot of money is going have to spent (there’s that word again) on technology, lawyers, people etc etc)

 A second element of trust is associated with true identity management. Proving who you are, deciding what you have access too, and just as importantly, ensuring the web site is who they say they are. Two factor authentication is only pushing the demands onto the user and addressing only half the problem. The same issue exists for users of websites as for websites, the user can’t ensure the store they’re paying in is actually that store anymore.

So is there room for a identity hub? Sure, my pick is it should be a Telco.  (it could be a web behemoth like Google or Yahoo – scale could win this game too) If Telco’s stepped up their ID management programs they could do something really slick. They already (especially if they’re a monopoly) know who you are, they’re already slick at routing requests around (calls or IP packets), and they are already pretty well down the clip the ticket billing (because it has to make money remember!) and every bank deals with them.  

 
As an aside, for the life of me i’ve never understood why a Telco doesn’t set up a banking division for just this reason…

Leave a Reply