Tyler presented really well and it’s a great data set and problem to investigate. He & Susan shed a ton of light on an area most folks never think about. Well done.
#weis2011 this looks to be a "must read" resource for anyone embarking on a federated identity management (FIM) system.
#weis2011 Tussle #1: Who gets to collect transactional data? FIMs generate a TON of data. Diff FIMs benefit svc prvdrs, others id prvdrs
#weis2011 Facebook is a HUGE FIM, both id provider & service provider < and u thought it was just for congresscritters to show private parts #weis2011 FIM platforms that share social graph data attract more service providers < so much for privacy #weis2011 Tussle #2: who sets rules for authentication in FIMs? Time to market is primary concern. Users want "easy" < security loses #weis2011 Tussle #3: What happens when things go wrong? svc unavail == no login; unauth users can be incorrectly authenticated; lots of finger pointing