Tuesday, December 06, 2005

Two wrongs (and two postings) don't make it right

Kim Cameron posted twice today (here and here) about how the "overcentralization of identity information increases the risks involved once the idea of a breach is accepted."

That is, it's generally accepted that data breaches will occur, it's a question of when, not if. Cameron's thought is that keeping dribs and drabs of identity data in different repositories (even, it seems, implying that it's best to maximize the number of repositories) with different authentication schemes and methods is the preferred way to keep the data loss to a minimum.

I disagree.

We must proceed with the thought that all data repositories will eventually be breached. By maintaining multiple repositories we actually increase the risk that some data will be compromised (ask any statistician) while at the same time increasing the work needed to use any particular bit of data! It's definitely a lose-lose proposition.

Keep the data wherever it seems best to do so, then use federation technology (not what the Liberty Alliance means when they say Federation), such as Novell suggested for the Personal Directory, to make it easily accessible to the owner of the data will building in strong safeguards - safeguards which make the cost of breaching the data higher than it's value. That maximizes the safety of the data and minimizes the pain of using it - and isn't that what we're looking for?

Hi Dave, can you help me understand what you mean when you contrast your preferred 'personal directory' with Liberty/SAML style federation?

The LAP architecture already supports client-hosted identity (see Client Profiles spec) with more functionality coming.

For Liberty, client-hosted is a valid model - just not the only one.


There are three kinds of lies: lies, damned lies, and statistics. - Benjamin Disraeli

The risk may increase, but the damage will be less. That is the whole point against centralizing in the first place.

You may prefer Novell and thats your choice, but please dont blur the facts to promote a technology you prefer.
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]