However, the user’s personal data is still saved with one

centralized server in the ownership of the Identity Provider that the

other parties can check and trust. Hence, its identity management

system can still lead to a single point of failure and mass attack by

hackers.

17.2.3 User Centric Identity

This identity model further improves the user experiences to the next

level.

As per wiki, “User-centric designs turned centralized identities into

interoperable federated identities with centralized control, while also

respecting some level of user consent about how to share an identity

(and with whom). It was an important step toward true user control of

identity, but just a step. To take the next step, required user

autonomy”.

Microsoft’s CardSpace falls under this category, whereas some of

the most widely used user central identity protocols, perhaps today,

are OpenID (2005), OpenID 2.0 (2006), OpenID Connect (2014),

OAuth (2010), and FIDO (2013). The roles in this identity patterns

are of four types, which are as follows:

1. User or Resource Owner

2. Client Application that accesses protected resources on behalf

of the user

3. Authorization Server that issues access tokens to authenticated

client applications

4. Resource Server that assigns access to a protected resource

on the basis of access tokens

As shown in Figure 17.5, this approach though had some benefits

over previous patterns, however was not enough. The pattern

needs long connectivity and can get disconnected in between.

Refer to Figure 17.5, as follows: