I haven't spoken to, or spoken about, Roger Sullivan in quite some time. Once his company, Phaos Technology, was acquired by Oracle in May 2004, it was almost as if he'd dropped completely out of sight. That was too bad, as he'd contributed some excellent and thought provoking insight to this newsletter in the past. He was the first to offer the "yacht club scenario" as a metaphor for identity federation. He also contributed heavily to another issue - convincing upper management of the benefits of identity management.

Besides running Phaos as president when I first met him, Sullivan was also vice president of the Liberty Alliance, a position he still holds in addition to his "day job" as VP of business development for Oracle's identity practice.

You'd think with Oracle and Liberty Alliance credentials Sullivan would be the poster boy for top-down, enterprise-centric identity, right? But his recent blog entry is a compelling argument for the kind of bottom-up, user-centric, personally controlled identity that's been the major buzz whenever identity people get together over the past year or two.

Sullivan wrote about the "good news, bad news" effect of a recent move: "The bad news is that I got to experience first hand just how difficult personal identity management is for the average individual." He went on to explain: "While most of my 'cyber' identities don't really care (much) where I'm physically located, the identities that I really care about (banks, insurance, investment accounts, DMV, tax authorities, etc.) are tied closely to my geographic location." Making sure everyone of these had the new address and phone number was, as most of you probably know, a mind-numbing and time-consuming activity.

Sullivan's plaintive cry: "What I wouldn't have given for a trusted one-stop Identity Provider to which I could have given my new address, the effective date of the change and been done with it! This Identity Provider would then have made this change available to all of the sites that I had pre-authorized. Read: As a consumer, I would have paid good money for the service!" Do you hear that identity vendors - he would PAY GOOD MONEY FOR THIS SERVICE!

While much of what's written about user-centric identity concentrates on the, admittedly valuable, issue of Web single/reduced sign-on, there's a lot more that can be accomplished. Specifically, having one source of authority for your identity, under your control, is something most people readily agree they want once it's explained to them. Most people, I said, not most geeks or most identity gurus but most people - average Joes, your friends and neighbors and, yes, even guys who are VPs of the Liberty Alliance.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.