Ben Laurie blathering

Liberty Loves Silos

At both the recent Identity Open Space in Brussels, and the OECD workshop on identity management Liberty folk talked about the urgent need for protocols to discover identity services.

At the time, I was bemused: why would anyone need to discover services? Surely they would be communicated to you as they were needed? But last night I realised the truth: Liberty thinks you need discovery because they think it is both inevitable and correct that all your data should live in silos, beyond your control, and ideally where you can’t see it. Of course, in this case, you can’t assist in the process of locating information about you. Nor can you detect, let alone correct, inconsistency and incorrectness.

This is clearly so much better than user-centric identity (where, in case it isn’t obvious, discovery would be unnecessary – you would just ask me where to look). I can see why Liberty is so keen.


  1. Ben, you want to remember where the various pieces of your identity are located, go for it. Write down the addresses on sticky notes, email them to yourselves, scribble them on your palm, be my guest. Should you be available when some provider seeks your identity, you can sort through the list of equivalent providers and specify your choice. How very user-centric.

    Comment by Paul — 11 May 2007 @ 13:07

  2. Personally I run my discovery service (a Liberty DS) on my phone, where it’s quite well under my control (I can turn the phone on and off at will.) But I wouldn’t want to let just anyone access this service running on my mobile phone would I? I guess I’m in the ultimate user-centric silo containing just the one “identity”…

    Comment by John Kemp — 11 May 2007 @ 13:33

  3. What a strange idea – why would I do the work of my computer myself, Paul?

    Comment by Ben — 11 May 2007 @ 13:42

  4. John, I’m pleased to hear that Liberty DS can be used in a user-centric mode. I look forward to trying it – where do I get it from?

    Did I say you should let just anyone access it? Obviously you would want to control who had access to what, though I would suggest that securing it through the obscurity of your discover service is probably not the best way to handle the problem.

    Comment by Ben — 11 May 2007 @ 13:44

  5. Paul: user-centric to me means that *I* own the data, i.e. I can access, control, protect, manage it etc etc in my own space, on my own terms. Why on earth would I need to remember “the various pieces of your identity”? It should be right there, under my own control… not on a platform, silo, storage, architecture, protocols, applications etc, etc that someone else grants me access to.

    Comment by Adriana — 11 May 2007 @ 13:55

  6. Hi Ben,

    My point was more that individual deployments and implementations can do different things using Liberty specs. Nokia S60 phones already have an ID-WSF SDK on them, and can be used to do things such as I suggest, under direct user control, but I don’t think that’s the only way to do a “user-centric” deployment of ID-WSF – Google could certainly offer each of its users her own DS within the Google network if it so desired, and I don’t see why that couldn’t be “user-centric” if the deployment was done that way. Which is to say, I look forward to hearing news of Google’s user-centric implementation and/or deployment of the ID-WSF specifications.

    Comment by John Kemp — 11 May 2007 @ 14:49

  7. I should point out that my blog in general, and my views on identity management in particular, are not Google’s.

    Comment by Ben — 11 May 2007 @ 16:09

  8. Silos, Schmilos!

    Ben Laurie posts flame-bait this morning, with an entry titled ‘ Liberty Loves Silos ‘. I always find it amazing how folks ascribe the most sinister motivations to Liberty – maybe now that a load of our (previously private) mailing lists are publ…

    Trackback by Superpatterns — 11 May 2007 @ 17:20

  9. […] LinksBen Laurie blathering « Liberty Loves Silos […]

    Pingback by Links » Is Liberty User-Centric? — 13 May 2007 @ 13:02

  10. Ben, I’m puzzled.

    I was the only person on the agenda at the OECD workshop with an explicit Liberty remit, and I didn’t mention discovery services at all. In fact, I referred specifically to the (User Interaction) mechanisms, included in the Liberty design from the outset, which allow third parties to request the user’s consent to attribute exchange. If used, these not only help protect the user’s privacy, but also provide a means for the user to spot and correct inaccuracies in their data.

    Nor do I remember other speakers expressing a Liberty view about the urgent need for discovery services. A working-group member from the ITU did, repeatedly, Perhaps you’re getting your attributions in a tangle?

    Comment by Robin Wilton — 15 May 2007 @ 14:00

  11. Liberty’s design had identity providers and service providers. The hope was to create a system that assured that different firms (or individuals) could fill those roles. It seemed very likely that once vendor X becomes a user’s identity provider X would be able to up sell the user all kinds of other services. That was viewed as bad for a slew of reasons. Service discovery is the design’s attempt to reduce that risk. I’m confused, the design was intended to avoid the identity provider becoming a silo!

    Are you really saying there should be no scheme for discovering the services associated with an named entity?

    Comment by Ben Hyde — 15 May 2007 @ 15:43

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress