Commentary by Mark Wahl, CISA
Organizing principles for identity systems:
Concordia meeting notes for session BC Government (20070626)
The Concordia Project workshop in San Francisco (preceding the Burton Group Catalyst Conference) reviewed use cases from organizations deploying services that would encourage interoperability between multiple identity protocols on the Internet.
The presentation by Ian Bailey of the Canadian Provice of British Columbia included
- One use case is the goal of citized centered service: improving access by citizens to government services, such as by only requiring a single credential to access public services. One difficultly in this use case is that the user (the citizen) may have multiple overlapping roles.
- A second use case is the connected workforce, in which the user has a role within their enterprise through which they provide a public service (e.g., a lawyer or surveyor). In this case it is desirable that the user need not have a separate authentication credential for their public service role in accessing government services: they should be able to leverage a credential provided by their enterprise.
One of the requirements in this environment is the necessity of service provider to express its policy of how it will use identity information (attributes, claims) provided to it by or on behalf of the user. A key concern is scalability: whether it will be possible to deploy federation to include all the organizations (smaller organizations with only a few employees might be hosted).