Yesterday I respondeed to Kim Cameron’s Identity Blog posting titled INTERVIEW ON OPENNESS AND PRIVACY, discussing an interview between Bill Gates and the Financial Times. I just wanted to get my comment up here in case Kim never authorises it on his site. He may not trust me.
Bill Gates: â€œThatâ€™s called federation, where we take their trust statement and we accept it, within a certain scope. So they donâ€™t have to get another user account password. Thereâ€™s no central node in this thing at all, there never can be. Banks are a key part of it, governments can be part of it. The US, probably not as much.â€
This statement highlights the number one problem that a federated identity system is going to face – the federation of trust. Compared to the problem of trusting â€˜trustâ€™ identity management is a piece of cake. Yet the discussion continually seems to revolve around the sharing of identity secrets, but it is the trust of the owners of the identity secrets that is the greatest challenge. It is fairly clear that in the world today trust is an expensive commodity that is not easily transferable.
I believe that there needs to be a way of abstracting this trust problem to one or more (competing?) third parties. The question is â€˜who do you trustâ€™?