Economic tussles in federated identity management
Federated identity management (FIM) enables a user to authenticate once and access privileged information across disparate domains. FIM’s proponents, who see the technology as providing security and ease of use, include governments and leaders in the IT industry. Indeed, a cornerstone of the current U.S. government’s efforts to secure cyberspace is its “National Strategy for Trusted Identities in Cyberspace” (U.S. Department of Commerce, 2011). Yet adoption of federated identity management systems has been slow.
From disputes over liability assignment for authentication failures to concerns over privacy, there have been many explanations for the slow uptake of federated identity management systems. We believe the problem is embedded in stakeholder incentives. We present an economic perspective of stakeholder incentives that sheds light on why some applications have embraced FIM while others have struggled. To do so, we begin by briefly analyzing seven use cases of successful and unsuccessful FIM deployments. From this we identify four critical tussles that may arise between stakeholders when engineering a FIM system. We show how the successful deployments have resolved the tussles, whereas the unsuccessful deployments have not. We conclude by drawing insights on the prospects of future FIM deployments.
Authors retain copyright to their work published in First Monday. Please see the footer of each article for details.