Arbitrage

One of the commonly voiced dissatisfactions with SAML and Liberty is their implicit reliance on a third party to make assertions on behalf of a user. The idea of a corporate identity provider dishing out personal information raises privacy and civil rights concerns and as a response to these concerns, many personal digital identity systems have evolved which allow the user to manage and selectively assert identity attributes on their own (e.g LID, i-names, etc.).  While self-assertion is useful, it is only appropriate within a very specific sphere  of identity transactions, it cannot be the sole basis of federated identity. Many identity transactions require a level of trust that can only be achieved through the use of a third party. 

An example from the physical world helps illustrate the limits of self-assertion and the neccessity for 3rd party identity assertions.  Your age is an identity attribute which you can assert in any number of contexts. On a first date, at a cocktail party,  or in any number of social settings, self assertion is the best way for this attribute to be conveyed.  In these settings a person retains complete control over who they tell their age to and what age they claim to be and that's great, but there are distinct limits to the types of transactions where self assertion works. For example, when I buy a movie ticket and ask for a senior discount or when I buy a bottle of Ketel One, self assertion of my age is not sufficient.  In those settings, I need to present my driver's license on which the state (acting as a trusted 3rd party) asserts my age on my behalf. The movie theater owner and the liquor vendor both require a 3rd party in order to trust and verify my age, as they should.

There is currently no virtual analogy to a driver's license - but it is a safe bet that trusted 3rd parties will play a key role in digital identity on the Internet - there are just too many transactions where self assertion falls short. For this reason, it is important to place digital  identity discussions in a personal or enterprise context - this is where  the airplane/bicycle framework posted by Stefan Brands is particularly useful.

In an ideal future - the land of the universal metasystem for identity - personal digital identity systems will somehow interoperate with more trusted federated identity systems.  Until then, it is important to have a very clear and distinct understanding of the differences between these two ways of thinking about and implementing digital identity technology.