Fixing the Liberty Spec Before It’s Too Late

by guest on July 20, 2002

in Carol Coye Benson, Writings

By Carol Coye Benson

Like everyone else in the digital identity world, I have spent the last
few days reading through the version
1.0 specifications
from the Liberty Alliance. Overall, hats off! Alliance
members have done an outstanding job of creating a framework for shared
authentication and identity. We can (and will) argue with elements of
the design—with its over-complication of simple processes and the
over-simplification of complex issues. But the Alliance has commendably
tackled most of the issues, and importantly not shied away from the hard
problems or vulnerabilities. This has neatly set the stage for early adopters
to get to work.

Federate, Federated, Federating… What’s In A Word?

But we see one huge problem that needs to be addressed ASAP for rapid—or
even reasonably measured—adoption to occur. That problem is the vocabulary,
and specifically the "F" word. Alliance members (and now even
Microsoft!) have fallen in love with "federate". The term occurs
in some form several hundred times in the Liberty overview document alone.
It’s an adjective: "federated identity". It’s a noun: "after
federation has occurred". But most often, it’s a verb. A person "federates"
their identity, "de-federates" their identity and—inevitably—will
be able to "re-federate" or even "dis-federate" it.

Let’s be clear here. There is no way that consumers (and by this I mean
end users at home, on campus, or in businesses) are going to understand
or tolerate this word. It simply doesn’t mean anything to the average
person, and getting consumers to understand and adopt it will be a long
and painful effort. Never mind its vaguely governmental associations—it
is simply incomprehensible. Try it out. Explain the concept to your mother,
or your neighbor, or your cubicle-mate. Ask them how they’d like to "federate"
with you. Then duck.

Ok, So What’s The Problem?

I know this is just the technical specification. It doesn’t mean that
identity providers or service providers (using the Liberty Lingo) need
to use these words with consumers. They are free to substitute more user-friendly
terms during implementation.

But—wait a minute—this won’t work. The whole point here is
a network of participants using a common technical standard. So if Identity
Provider A asks me to "link" my identity to Service Provider
X, and Identity Provider B asks me to "associate" my identity
to X, what does X’s Web site do? "Click here to link to A"?
"Click here to associate to B"?

Everyone loves comparisons between payments systems and the emerging
identity systems. Well, bankers—and the card associations—have
learned painful lessons about consumer adoption and the need to be consistent,
clear, and direct with communications, including both labeling and branding.
What if your bank sold you a "PayFast Card" and the store advertised
that it accepted only the "EasyPay Card". Hmmm, wouldn’t work.
Of course, this is just an analogy: we are not talking about a brand for
identity "federation" (although acceptance type brands may well
emerge later).

What we need here is clear labeling: a common verb that describes to
consumers what they are doing. This is particularly important considering
that we are asking consumers to do something they have basically never
done before. In other words, this is not like creating a new payment mechanism
(credit cards) to replace an existing one (checks). Let’s do consumers
a favor and give them some clear language to describe what they are doing.

This isn’t a to-do item for version 2.0 of the specification. We need
it now. If not, the initial implementations of shared authentication are
going to completely confuse the market. "Federated" just isn’t
going to cut it.

Good Morning Marketing, This is Your Wake Up Call

The Liberty Alliance has a Marketing Committee. Hey guys, take on the
task! This issue is pretty easy compared to some others you have already
tackled. There are plenty of available candidate terms-linking, affiliating,
associating, and sharing all come to mind. Even the venerable term "Single
Sign-On" might be used: "Click here to use Identity Provider
A’s Single Sign-On Service".

I have no quarrel with "federated" for insider talk within
the Alliance. But let’s start with a consistent market vocabulary that
helps, not hinders, broad consumer adoption.

Publication History

Initial Publication Date: July 20, 2002

Comments are closed.

Next post:

Clicky Web Analytics