WEIS 2011 :: Session 2 :: Identity :: Economic Tussles in Federated Identity Management

Susan Landau
Tyler Moore

Presentation [PDF]

Tyler presented really well and it’s a great data set and problem to investigate. He & Susan shed a ton of light on an area most folks never think about. Well done.

Twitter transcript

#weis2011 this looks to be a "must read" resource for anyone embarking on a federated identity management (FIM) system.

#weis2011 Tussle #1: Who gets to collect transactional data? FIMs generate a TON of data. Diff FIMs benefit svc prvdrs, others id prvdrs

#weis2011 Facebook is a HUGE FIM, both id provider & service provider < and u thought it was just for congresscritters to show private parts #weis2011 FIM platforms that share social graph data attract more service providers < so much for privacy #weis2011 Tussle #2: who sets rules for authentication in FIMs? Time to market is primary concern. Users want "easy" < security loses #weis2011 Tussle #3: What happens when things go wrong? svc unavail == no login; unauth users can be incorrectly authenticated; lots of finger pointing

Cover image from Data-Driven Security
Amazon Author Page

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.