Thursday, February 18, 2010

Now the lawyers are involved!

Of course this blog post title caught my interest: The Legal Thicket of Federated Identity Management by Thomas Schmendinghoff of E-Commerce Times. I’ve said many times that the legal issues around federation – not technology – are what might derail this technology. Thomas gives a good overview of federation and some great use cases. However, it was Thomas’ mention that the American Bar Association has gotten involved that really caught my attention...
The ABA Legal Task Force has undertaken two key projects to address these challenges. The first is to identify the legal issues and risks that must be addressed in a federated identity management system. These legal risks can come from a variety of sources, including statutes and regulations, common law, applicable standards, contractual obligations, and self-imposed obligations. They vary depending on the jurisdictions involved, further complicating the operation of a cross-border identity management system -- but until they are fully known and understood, they cannot be addressed.

A second key project undertaken by the ABA Legal Task Force will be to consider what legal frameworks might work best for addressing and controlling these legal obligations and risks. This will involve identifying and evaluating structures for contractual relationships among the various roles in an identity system. It will also include analysis of various contractual approaches that define the rights and obligations of each role, recognize the requirements of applicable law, allocate the risks among the roles, and provide an appropriate enforcement mechanism.
Is this a good thing? Is it ever a good thing when the lawyers get involved? As long as I am not paying the bill I guess it's okay. Good luck guys!

1 comment:

Richard Blackham said...

The fact that the legals are now involving themselves could indicate a softening towards federation in the enterprise. no lawyer bothers with anything unless there is a buck in it for him so perhaps federation has achieved a critical mass at last. Or...maybe Microsoft is paying them :-)
Call me cynical...