How to set smart url in zend framework?

What prevents a telecom operator from being a full fledged identity provider?

• What prevents a Telecom Operator from being a full fledged Identity Provider? Hello all I am seeking feedback/ looking to interview someone for an ongoing blog/ paper article This is a new class of blogs on http://www.opengardensblog.futuretext.com  where I will start to work with key industry issues and seek feedback / interviews from experts as they  evolve. Here is the first of these blogs .. If you want to give me your views anonymously, please email me on ajit.jaokar at http://futuretext.com Any comments welcome and also any more QUESTIONS welcome! I think the framework itself needs to be defined Why cannot the Telecom Operator be an Identity Provider? i.e.  What prevents a Telecom Operator from being a full fledged Identity Provider Here are some more top level questions and thoughts 1)  What is an Identity provider? and for that matter what is Identity? 2)  How do you decide who becomes an identity provider? (using basics of trust levels http://www.pgpi.org/doc/pgpintro/) In principle, Anyone can become an OpenID provider. That is why OIX  exists. A service provider can use the OIX framework to determine the level of trust you can put in an IdP. So, why would an Operator not  become an Identity provider? 3) What is lacking for Telcos to be full Identity providers(what are the limitations?) 4) Who governs regulations in Europe, UK and USA? 5)  What is the role of the client for end to end Identity provision? 6) When it comes to Telco, what elements are relevant to be a true Identity provider? (end to end) 7)  Relationship between Identity and authentication Is Identity the thing as authentication? Authentication is the provision of a set of credentials issue an identity token. if so are there general requirements regardin the strength and of the authenication presumed when an identiity token is issued  are there requirements about how it can be used. What is an identity token – is it a virtual representation of yourself – which can then be provided to other services  – and those services can use that token as a proxy of yourself – (meaning you do not need to be re-authenticated) Are there standard implied “things” that can be inferred/implied by a token Is a token unique over time.  – and if not unique, for it to have any  use between independent peer entities – then there must he a common convention understanding of what the qualities of the token are – or each token just sees a random number….. 8 ) Can telcos provide tools for others to be Identity providers? (to be a platform) 9 )  Standing on the shoulders of giants .. How can a stack be built from existing technology? What is already existing  and how can that be leveraged? In the OpenID sense, identity is just a URL, which someone makes a claim about. The role of an identity provider (IdP) is quite well defined. Looking  at OpenID, anyone can be an IdP, but in order for resource providers to  know the level of trust they can put in an IdP, the Open Identity Exchange (OIX) was created, which can certify IdPs claim to different trust levels. Thus OIX provide the trust framework, not only for OpenID IdPs, but for any identity provider. 10 ) PDS – Personal data stores – What roles do they have to play? I have covered Private planet and Mydex on this blog before 11) What are the gaps? – in the stack, the telco and the legal framework 12) Understand the evolution of internet privacy and federated social networks. 13)  Software signing and authentication of web servers are well known and deployed technologies. If by certification mean an audit process of apps, similar to what Apple and Brew does, this is object level authentication and could tie to a person level authentication 14)  Identity of an individual vs Identity of an object 15)  OIX From the OIX FAQ: What Open Identity Trust Frameworks are OIX now servicing? The US General Services Administration (GSA) and the Identity, Credential, and Access Management Committee (ICAM) has approved OIX as the first trust framework provider to the US government. This permits OIX to issue certifications for the US ICAM LOA 1 trust framework to identity providers who are assessed to meet its identity, security, and privacy requirements.  The National Institute of Health (NIH) is the first US federal agency to move into production status to accept OpenID and Information Card credential issued by OIX-certified identity providers. Are there any identity providers certified for US ICAM? what is the telco role in this space? 16) Are other governments adopting the trust framework model? 17) What about Minimum disclosure as an Identity Solution So, any comments welcome and also any more QUESTIONS welcome! Happy to reference you if you want kind rgds Ajit

• Answer:

  I used to work at a telecom operator about 9 years ago, and I had proposed a similar idea. At the time it was a very simple idea: give every phone customer an email which matched its phone number, and use this email address as identification for online services. It was frustrating because at the time nobody could see the value of having the identity of the user tied to their services. So the answer is to your question is: the internal culture of telecom operators prevent them from doing it.