Marco comments that
I guess that to be a viable business, the Identity Oracle needs to have relationships with many Relying Parties – which themselves might have relationships with other parties. How to track the source of improper leakages/data misuses? Wouldn’t the cost of “forensic analysis” be potentially very high for the Identity Oracle (which I assume it must make the first steps in investigating the incident and in finding the source of improper disclosure)?
In my case, I began wondering about the business of Identity Providers (Identity Oracles). What would be a good example of a highly motivated Identity Provider? There are actually lots of examples out there. For one, employers use outsourced travel services and even HR service, need to be able to act as Identity Providers about their employees.
Another example is professional organizations. These organizations often have legislated responsibilities to determine who is a professional in their area of expertise within a specified jurisdictional region. For example, the "College of Physicians and Surgeons" is often cited as the provincial, state, or national group that regulates who is a physician and what their specialties are. Or in the case of Engineering, the Professional Engineering Associations.
Today, these organizations don't have a way to electronically publish directories of their memberships. Instead, they often share their entire membership directory with hospitals, health insurance agencies, etc. The problem? Some of this information is likely confidential Who has access? How is it used? To whom is it disclosed? This is the way things have been for a long time, but from a privacy perspective, this doesn't make it right. Any time you hear of entire databases being copied from one organization to another, alarm bells should be ringing.
Being an Identity Provider combined with IGF policy offers these professional organizations the ability to control the disclosure of information in real time. Instead of providing the entire list of professionals in a jurisdiction, the professional provider can simply answer questions like "Is Dr. Smith licensed?" or provide assertions detailing Dr. Smith's qualifications at a certain point of time. This might occur in a user-agent based system where it the doctor her/himself that requests the assertion in order to access a patient care system. Done this way, the Identity Provider has the ability to record who asked the question and when the question was asked and potentially for what purpose. From a liability perspective knowing what was said to whom, when, and why can be critically important. This just isn't possible when the professional organization simply shares copies of spreadsheets or databases.
In an upcoming post, I'll enumerate some of the motivators and de-motivators for Identity Providers.