« Law 1: Sufficient Information | Main | Testing Law 1 Compliance: Task analysis »

Identity 3.0

Tim Mather has an interesting piece in Secure Computing on Identity 3.0. Although we are currently in the throes of Identity 2.0, it is not too early to think about 3.0.

Tim mentions my argument for attribute only authentication and unlinkable identifiers in The dotCrime Manifesto. Attribute only authentication is already here from a technical point of view, you can do it in Shiboleth which is built on SAML. But unlinkable identifiers has been a problematic area because there has been a great deal of IP floating round and navigating the channels has appeared to be a difficult proposition.

One factor that may have simplified the issues there is the acquisition of Credentia by Microsoft a few months back.

Posted by Phillip Hallam-Baker on March 27, 2008 5:25 AM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)