La digital identity (le nostre login sui vari siti, l'accesso dispoisitivo all'home bancking, ecc. ) sta divenendo sempre più un problema. La cardinalità (almeno la mia) esplode.
L'identity metasystem può essere una risposta al problema. Segue delle leggi ben precise (le riporto integralmente):
- User Control and Consent: Identity systems must only reveal information identifying a user with the user's consent.
- Minimal Disclosure for a Constrained Use: The identity system must disclose the least identifying information possible, as this is the most stable, long-term solution.
- Justifiable Parties: Identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
- Directed Identity: A universal identity system must support both "omni-directional" identifiers for use by public entities and "uni-directional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
- Pluralism of Operators and Technologies: A universal identity solution must utilize and enable the interoperation of multiple identity technologies run by multiple identity providers.
- Human Integration: Identity systems must define the human user to be a component of the distributed system, integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.
- Consistent Experience Across Contexts: The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.
La risposta di Microsoft si chiama InfoCard. In Indigo c'è un esempio di implementazione molto interessante. Da investigare...