A paper on “Economic Tussles in Federated Identity Management” provides some interesting insights into which FIM systems succeed and which fail. A simplistic summary would be that success requires a win-win outcome, where every party (Identity Provider, Service Provider and User) gains some benefit from adopting a federated approach. Viewing federations as a two-sided market provides some deeper insights and perhaps pointers to how such outcomes can be achieved.
A two-sided market has two groups of participants, each group gets increased benefit as the number of participants in the other group increases. So a Service Provider (SP) will only be interested in a federation if it contains Identity Providers (IdPs) to whom the SP wants to provide service, and vice versa. Such markets are likely to involve conflicts of interest (referred to in the paper as tussles) between the two groups. For example in identity federations:
- Who gets to collect transactional data? For services that rely on profiling users either for direct income or to improve their service to attract more users, information about which users do what is very valuable. The parties may not have free rein in this area since Governments may (and in EU do) regulate what is done;
- Who gets to set rules of authentication? In general IdPs reduce costs by making registration and authentication of users to be as easy as possible; SPs reduce risk if those processes to provide strong guarantees. However there is a significant first-mover advantage, so an IdP that can offer a large number of users may persuade SPs to accept lower strength authentication;
- What happens when things go wrong? Both IdP and SP are likely to suffer damage both if an authorised user cannot gain access or if an unauthorised user can. Each would naturally prefer the other to carry the burden of this damage. Federations where there is a shared interest in restoring proper service and less concern about allocating blame/cost suffer less from this tussle.
- Who gains/loses from interoperability? If anyone loses then federation is unlikely to succeed, no matter how large the incentives for other participants are.
Even if it is not possible to agree common positions on these tussles individually then federation may nonetheless succeed if parties recognise that the overall balance is fair: for example if the parties that gain the most also carry most of the risk. Different examples of successful federations suggest that there can be very different ways of achieving this.
Education federations (InCommon and WAYF are the two cited) are seen as succeeding because they align nearly all of these interests. In particular service providers see significant benefit in not having to maintain accounts for each individual user (indeed for site-licensed content the SP may not even know who individual users are). This contrasts with the apparent failure of OpenID, where despite a very large number of users, service providers seem to have perceived reduced user information as a significant loss. For SPs who rely on advertising OpenID’s release of name, country, e-mail address and perhaps language, gender or picture, even though it is far more than most educational IdPs will release, appears to be insufficient. This is contrasted with the success of Facebook as an IdP, which shares “name, gender, list of friends, and all public information stored by Facebook; all profile information, including birthday, education and work history”. This set of attributes is apparently rich enough to compensate SPs for their reduced profiling ability.
The authors conclude that, contrary to Tolstoy, every successful federation is successful in its own way. That suggests that linking even successful federations together may be quite a challenge.