The term "user-centric" identity is getting bandied about a lot these days. It's generally understood to be a different way of expressing the entire identity transaction as opposed to what might be called the "enterprise-centric" approach traditionally used within provisioning, federation and even simplified sign-on situations. There is still much confusion as to exactly what steps are necessary to make the transaction truly user-centric, though.

Unfortunately, when most people outside the identity field look at the two supposedly opposed organizational methods they simply don't understand what all the fuss is about as both methods revolve around the identity of people, the users. There's also nothing that mandates that either method is solely concerned with the identity of people; both can (and are) extended to the identity of things, concepts, protocols and more.

So where's the difference?

Sxip CEO Dick Hardt recently posted a note about this and I was taken with his second definition: "The user has a consistent user experience. That does not mean that all users have the same user experience, but that a specific user is using the same identity agent over and over for each identity transaction, similar to the interfaces we all see for saving and printing files regardless of the application. Currently each SP [service provider] provides its own user interface which means the user is learning a new interface, sometime for onetime use (e.g. site registration). By separating the identity component from the rest of the application, the user also has more certainty on who the SP is which helps resolve phishing."

In the enterprise system, the user probably does have a consistent experience because the enterprise is using a single interface to provide enterprise simplified sign-on (ESSO). This satisfies Hardt's definition because it takes the multiplicity of sign-on interactions that are present in a non-ESSO environment and reduces them to a single one that is always the same for the user.

Outside of the enterprise, the user is being presented with as many, if not more, types of dialogs as there are services that need authentication. That's not a friendly experience, and it isn't user centric.

Perhaps Microsoft's Card Space (formerly InfoCard and now generically called iCard) can set a standard for the interface as Windows has done for file and print dialogs. That would be an excellent legacy for Bill Gates to leave as he retires from active service.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.