Monday, November 19, 2007

20 Questions (is 19 too many)

In "The One Percent Doctrine", there is a story of a US Intelligence Officer meeting with a Soviet counterpart during the Cold War.

Each was allowed to pose exactly one question to the other, who would be 'honour' bound to either answer truthfully, or not at all. Nice model, if not prone to abuse.

Business partners considering federated identity operations between themselves get to ask far more than a single question when attempting to assess the 'assurance capability' of the other. They can ask about identity proofing, authentication mechanisms, audit etc - the list is long.

The value of an assurance framework like that of the Liberty Alliance is that partners need only pose a single question when considering doing federated business with another, that being
"What IAF assurance levels do you support, and how can you prove it?"

OK, two questions, but still an improvement. And without even needing Stoli.

No comments: