OIDC User Experience

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

Context

  • Kim Cameron articulated early that "The internet was built without an identity layer", by which he meant an organic life form identity layer.
  • Clearly the DNS is a silicon life form identity layer where each silicon life form gets an IP address.
  • OIX & OpenID foundation want to address this with Identity first.
  • The problem is that (most Western) humans do not want to be objectified. (I admit I never understood Confucius.)
  • So, identifiers and attributes (nouns and adjectives) are antithetical to privacy.
  • Does privacy impact OpenID foundation? - yes it does! T-Cell designed to destroy the virus created by OIX & OpenID.
  • Somehow ecosystems have evolved to accommodate both. So we know that it can be done.
  • I was musing about the self-sovereign community and how they chose to accommodate privacy and identity.
  • So the DID core spec has evolved to have no concept of the distinction between organic and silicon life forms.  In other words, it is amoral.
  • What they have created to enable the distinction is the type in the VC and Governance Frameworks to regulate ecosystems.
  • Or in other words, they have recreated federations (or governments) using other words to make it sound like something new and different.
  • The Governance Frameworks are Ethical frameworks, or morals. (I do understand Aristotle.)
  • FAPI exists within a Governance Framework which eventually goes back to a financial framework which is backed by laws which are backed by morals.
  • The same can be said to apply to the mobile phone work group in OIDF or any other specific application area.
  • The AB/C work group seems to have chosen to avoid consideration of Governance Frameworks. (and that has worked up until now.)
  • So the question for OIDF AB/C is whether to address the Governance Framework for OIDC (or its successor spec)?
  • For identifiers to work with privacy, IMHO such a common Governance Framework is required.
  • Perhaps that is how to deal with the disruption that the browser guys are creating.
  • As of right now there is not a common framework between the privacy-first and the identity-first advocates.
  • As a result, it is hard for OIDF to formulate a strong case to present to the browser guys.
  • At a minimum I propose that we need a framework that deals with both identity and privacy as equals.
  • Or we can just let them continue on their path and try to accommodate to their framework.

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=OIDC_User_Experience&oldid=15024"