Federated Network Identity is the title of a thoughtful mail posted to the RISKS digest about the consequences of "single sign on" systems such as Microsoft Passport or the Liberty Alliance Project.
The basic gist is that right now we have a certain amount of anonymity when we surf the net but that would be diminished if sites used a federated network identity. The information that you are willing to pass to one site is not necessarily the same as you would be willing to pass to another. Do people really want to remove the hassle of having to log in to each site separately if the consequence is that sites know more of their private information than they would have willingly told them. It's already scary to visit sites that use the Amazon donation system as they greet you by name. The sites themselves don't have your name it's just the included in graphic that they are pulling from Amazon but the feeling is just the same.
At a minimum users should be allowed to opt out of single sign on system. I'm sure that this is going to be a big issue soon as single sign on becomes more ubiquitous.
Posted by stuartcw at March 19, 2003 10:15 AM