Tuesday, June 12, 2007

IdP marketing 101

In a posting today, Mark Wahl seems to believe that a CardSpace managed card identity provider will generate claims on the users behalf without any validation that the data is correct. I've no idea where he thinks this might arise, except perhaps thru stray gamma rays flipping bits in the database. He says:

In an enterprise IdP case, a user may wish to validate certain claims the identity provider makes about them, such as "address" or "telephone number", but not give their validation for others, such as "department code". Also, the user may wish to validate only certain values of a multi-valued claim: the identity provider might be storing multiple addresses for the user, and some may be incorrect. (Merely receiving claims should not lead to the relying party to the the presumption that the user belives the claim values are correct: the user might not be concerned with the accuracy of some of the claims.)
But any IdP which doesn't allow me to modify changeable personal data (address, spouse's name, numbr of children, employer or so much more) isn't going to be an IdP of mine for very long. And any one which provides no mechanism for correcting erroneous information won't stay in business very long. The user has the choice of which IdPs to use, the market competition will be the same as in any service industry - IdPs will compete for your business (as do banks, insurance companies, etc.) based on the perceived value of the service. Those that don't deliver a good user experience will quickly fall by the way side.

I made my comments at http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html.
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]