User Experience and Federated Identity

Identity Economics workshop
Friday, January 28, 2005, 9:00am to 4:30pm
Crowne Plaza Cabana
Palo Alto, California

A meeting of technology inventors and pioneering implementors with expertise in security and privacy domains meet interaction designers and user experience designers, complete with collaboration support. Sign up; become a sponsor.

Identity Economics Workshop:
User Experience and Federated Identity

Friday, January 28, 2005
Palo Alto, California

This event is canceled.

Registration is open

Would you like to federate your account? Yes, No, Cancel?

End user adoption is now the crucial factor for the success of emerging identity technologies. Users want improved security and control over privacy, but not at the loss of convenience. The success of these solutions lies in the hands of the customers.

Technology, Ready.

Of the new technologies poised to deliver the necessary capabilities, the OASIS SAML and Liberty Alliance's open standards for federated identity are the most deployed. Liberty anticipates 400 million seats by end of 2005. WS-Federation, the forthcoming OASIS SAMLv2.0, and other proprietary solutions will build on that. Most major identity management platforms already offer this capability.

And now: The User's Experience

Without attention to user experience this infrastructure will remain but a back-office tool. Worse, bad user interfaces could undermine security. Even single sign-on, the popular elevator-pitch benefit, depends on getting user experience right. Delivering more value, such as confidence in security and privacy, and the higher levels of trust necessary to engage in new online products and services ... well this will require a strategic approach and an advanced design practice. Perhaps even guidelines, patterns, recommendations, or standards.


Broadly, two communities will engage in mutual discovery in this session:


Despite the maturity of the technology, this is a very early stage in engagement on the user experience question. Accordingly we will likely agree to some modest objectives for this session. Here is what has been suggested so far:


The session is a full-day open-collaborative exchange of experiences, challenges, and questions. We will have a few presentations serving to introduce key aspects of the work. This includes technology overviews to brief those unfamiliar with its capabilities (and open work), and deployment case studies, and reviews of early challenges from the user interface. Joint work sessions will attempt to elaborate domains of interest to the group.

The event will include graphic recording, to aid in the day's work, and to build a base for further work. These graphics will be digitally-processed and distributed to participants.


The location is the Crowne Plaza Cabana Palo Alto, in Palo Alto, California. The date, Friday, January 28, 2005, is the day following the Liberty Alliance Sponsors' meeting at the same location. We will run from 9:00am to 4:30pm. We will have catered lunch and an afternoon break. There is no room block associated with this event.

Registration is open

The event is limited to 40 people.

Registration fee is $135.00. Lunch and refreshments are included.

Receive updates by email (on the home page) or via Identity Economics' RSS Feed Identity Economics RSS feed XML icon.

Sponsoring the Workshop

Our current sponsors include:

We are looking for event sponsors to marquee and fund the event and the related services, including the CD from the graphic recording.

Who is in?

These folks have declared their intent to participate:

Of Interest

  • 20Apr09, Is LOA Unsuitable for the Dominant Pursuits of the Enterprise and their Customers?. Our frequent collaborator, Lena Kannappan, of FuGen Solutions, in preparing for chairing a panel at the upcoming RSA conference proposed this discussion question: Do the NIST/OMB LOA definitions translate to current and future needs of federation? My conclusion: LOA has shown itself to be a simplification too far. The reasons boil down to the contradictions between the Share principles guiding identify federation, and the Prohibit principles of LOA. Moreover, LOA offers thin expressive power just in the range where organizations and individuals derive their most value. As a closer, I consider how LOA undermines key design patterns of identity federation.
  • 19Apr09, Core Interaction Patterns of an Identity Federation Framework. An October 17, 2007, presentation for the Cyberinfrastructure Design Workshop of the Ocean Observatories Initiative, at UCSD La Jolla. Specialized for their domain model, briefly presents the two main patterns: the interaction pattern embodied in authn messages, which is the more potent and the source of semantic richness; and the interaction pattern embodied in exchanges of authn, which is more fully exploited, perhaps excessively so in compensation for a poorer understanding of the former pattern. Presents identity as an organizing principle. Touches on how IdP and SP, working together, convert the grit of arbitrary claims into the grease (viz assertions) of the Identity Internet. Offers a basis for understanding the sources of extensibility, and the purposes to which it might be applied. Includes notes.
  • 19Apr09, Privacy, a study in assiduity is a presentation used, initially, in my October, 2007, talk at Stanford's CS44 course: What Hath Google Wrought: Managing Information in the Information Age. It is a primer, with discussions of the asymmetries involved among the user, malefactors, advertisers, and others, drawing a comparison to the Dutch and the Carnarsee Indians. Touches on the expectations of and by users; and possible actions. Elaborates on my [Crack:Cry] metric for passwords and consequences. Includes notes.
  • 13Oct07, Why the Identity Internet? How is the Identity Internet a disruptive technology? What lessons are there in the design choices between world-ready TV-Anytime and the disasterous, cravenly anti-consumer, and US-centric ATSC program guide standards? Now available, the full version of the October, 2005, presentation: IIW2005 Bandwagon Economics, The Necessary Ingredient for Success on the Identity Internet (ppt). Also in more direct exposition Bandwagon Economics ... Identity Internet (pdf); more explanation, no pictures.
  • 13Oct07, The detailed Appendix A (plus Introduction, and overall Table of Contents) to the more detailed, earlier draft of the Versatile Interoperability Identity Internet in Europe (see below), giving the expanded version of the EU regulatory regime, Directives, Regulations, and other actions, which the work addresses or accommodates in its architecture and recommendations.
  • 22Aug06, A focused and much abbreviated version of the IIW2005 Bandwagon Economics, The Necessary Ingredient for Success on the Identity Internet: Identity in the Digital Age, an Introduction for Interaction Designers. In giving this talk I've found it doesn't entirely satisfy many, but it gets folks engaged. You will find introductory material on how digital identity is cast as a disruptive technology. It is also available in 'handout pdf'. Both forms are constructed just for browsing, not presentation.
  • 29May06, A Versatile Interoperable Identity Internet in Europe. TWIST Standards has released its whitepaper entitled Realizing SEPA Benefits: Corporate Requirements and Key Elements of the Business Solution. (13Oct07: That link is temporarily dead; here is a cached version: TWIST SEPA White Paper on Identity Internet in Europe.) Although it may not sound like it, this document lays out the ways in which identity is crucial for business success, and why business success is crucial for SEPA, for the EU privacy and identity project, and for it's people. It is a triumph of (someone else's) editing, taking among other contributions our detail on the identity infrastructure-related guidance in EU Directives and such, and the central part of our architecture for a Versatile Identity Infrastructure.
  • 12Apr06, Update to links and a minor addition (and typo correction) to prioritized federated identity specs reading list for technos just beginning designs based on FedId architectures.
  • 13Mar06, By-deployment details on SAML and Liberty Alliance adoption published by LAP. Dig into the segments to see 65 unique entries (unique-ish; sans repeats 18 are anon. But counting Exostar which was html-hidden). Not counting 29 addt'l IdM vendor items. Scan the remarkably dull press release. BTW, a generous SWAG from the numbers listed gave me 875 million, somewhat less than the touted 1 billion; that's still likely way high. Nonetheless, it's impressive.
  • 7Jan06: Updated on resources re 9Mar05 Standardization of the SAMLv2.0 specification. Check out the revised, updated SSTC page. SAMLv2.0 Executive Overview is the best, latest, updated executive overview of federated identity technology.