"Today Geekdom, Tomorrow the World"

Issue/Topic: “Today Geekdom, Tomorrow the World” (F3B)

Conference: IIW-East September 9-10, 2010 in Washington DC Complete Set of Notes

Convener: Wayne Burke

Notes-taker(s): Wayne Burke

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Background:

Putting together an association of vendors & developers in the citizen engagement space. Nobody knows what to do with Identity - voter registration, constitnuent Identification, etc.

Identity has its own language and acronyms, etc., how do we describe the problems, the products, the solutions, to people who are not "in the know".

Vendors who sell to congressional offices, sell to advocacy groups, growing market for "citizenspace" products, ways for citizens to connect to elected officials, advocacy groups, etc.

What problem are we trying to solve? Identifying messages from constituents, because these are relevant/valuable, verification of Identity might amplify the message. They "get" that this is important, but they don't know how to solve the problem.

Trying to help the adoption curve.

Describing Identity in terms that "normal" people will understand. Drivers license/passport analogy, versus using lots of acronyms that make MEGO.

Okay, we understand the problem. What's the next step? People know that there's a need and a problem in this space, but they don't know how to begin looking for a solution. What are the key components that need to be determined? What are the top-level things that ppl need to understand? Start at a high level start to drill down.

Identity is simple. It's not easy, but it's simple.

Break down AuthN, AuthZ, Auditing

Two-part problem: how do we communicate clearly in a language that they understand? How do we express the problem in a way that a BDM will care?

Has there ever been a talk about common terms of service for an IdP, RP? What are "citizen-centric" term of service for a site/app?

Do organizations need to be "convinced" of the need for user-centric identity?

Identity systems need to have ease of use, usability baked in, or they won't be adopted to any scale.

Identity systems should shield the inner workings of the IAM system where possible - my mom doesn't care about LOA.

Education also matters - users need to be taught what is "normal" and what is a possible sign of trouble.

The UX of the IdP/RP will inevitably reflect on the reputation of the app utilizing them, even though decoupled. #iiw

We are not looking for understanding at a certain point, we are looking for adoption. My mom doesn't need to understand SAML.

Is there really value prop for the user to understand the technology? Or do we just need to educate them that its usable?

If you want mass adoption of a standard, it helps if it comes with additional benefits. OpenID vs Facebook.

Laura E. Hunter Principal Technology Architect MSIT ICS – Identity & Access Management