Dissecting Consumer Identity

Title: Dissecting Consumer Identity, or, Are We Trying to Do Too Much?

Convener: Jim Fenton, Cisco

Notes-taker(s): Eric Sachs

Attendees: Technology Discussed/Considered:
 * Eric Sachs,
 * Skip Beney,
 * Tom Brown,
 * James Mclaughlin,
 * Dave Crocker,
 * Andrew Nash

Identity management, as broken into:
 * Identifier Management
 * User Authentication
 * Provision of User Attributes

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Problem: Mainstream consumer websites (Amazon, LLBean, etc.) face new problems that enterprise intranets don’t (trust, anonymity, etc.)

Discussion of trust barriers:
 * Relying Party <-> attribute providers
 * Can an IDP in the middle bootstrap finding each other?
 * Can the IDP cache attributes and re-assert them?
 * Can an attribute provider trust the IDP trust the IDP to get the user’s permission to share attributes with a relying party?

What are the most important attributes?
 * Age,
 * name,
 * country,
 * >21 flag, etc.

How is the permission to share information obtained?
 * Policy expressed by user to IDP, or query to user each time information is shared (hint: this can be very tedious and lead to bad decisions)