Anil John
Making Digital Services Secure and Trustworthy

Anil John

Does Public Sector Identity Federation have a Compelling Gain-to-Pain Ratio?

 Tweet  Share  Share  Comment  Print  Email

The adoption of higher assurance federated credentials by Users and Public Sector Service Providers (RPs) require that there be value in using them for both parties. This blog post provides some thoughts from the user's perspective in utilizing federated credentials.

As I noted in the "Role of Multi-Sided Platforms in Identity Federation", compelling value propositions need to be made to BOTH Users and RPs in order to have a sustainable federation environment. To date, especially in the public sector arena, a significant amount of energy has been focused on providing this for RPs. But ultimately this is about delivering services to Users, and for User adoption to occur, their concerns about using federation technology must be addressed and a compelling and clear motivator for use must be articulated.

In doing a bit of research on technology adoption, I came across the term gain-to-pain ratio in the financial sector which is a tool for assessing an investor’s risk/return balance. I also found an interesting presentation from the Harvard Innovation Lab and an associated article by Michael Skok, a general partner at the VC firm North Bridge Venture Partners, on applying the gain-to-pain ratio for technology/product adoption:

Most entrepreneurs are so focused on the features they deliver they forget to examine how hard it will be for customers to learn to use their product. So the Gain/Pain ratio involves measuring the gain you deliver the customer vs. the pain and cost for the customer to adopt. As an investor, I look for non-disruptive disruptions: technologies that offer game-changing benefits with minimal modifications to existing processes or environments. Simply put: disruptive innovation would ideally be non-disruptive to adopt [...] If you can’t deliver a 10x gain/pain promise, customers will typically default to “do nothing” rather than bearing the risk of working with you.

Must-read for founders: A VC explains how to build a killer value proposition

I've highlighted what I believe to be the two relevant take-aways:

1. If you can’t deliver a 10x gain/pain promise, customers will typically default to “do nothing”
The number here is not important; what is important is that both research and anecdotal evidence supports our bias towards "do nothing" in the face of change. Not going to talk a lot more about this in this blog post, but would highly recommend the book "Switch: How to Change Things When Change Is Hard" for strategies on how to overcome this bias.
2. Disruptive innovation should be non-disruptive to adopt

Unfortunately, the way higher assurance federated credentials are currently envisioned to be provisioned and used by everyday Users, the adoption IS disruptive! We are expecting users to go through remote identity proofing process in order to be issued multi-factor credentials from entities with which whom they don't typically have an existing relationship. The more I delve into this, the more concerned I become, because we as a community seem to be looking at this from a technology perspective and not a lifestyle perspective.

I am still in the gathering info and thinking phase on this one. Some data points that I am looking at are:

  • Education and Financial Sectors. Everyone touches them; what on-ramps can they provide? What are the barriers?
  • Commoditizing baseline CSP capabilities but supporting differentiation based on value added services or data use policies
  • Portability of credentials across organizations/sectors. Using credentialing work done in one place to bootstrap credentialing elsewhere
  • Success factors that went into user adoption of facebook Login (Connect)? Are there other "bright spots" out there that we can learn lessons from?

Comments, thoughts and pointers to ongoing work in this area would be very much appreciated.

RELATED INFO


Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!

I will never share, rent, or sell your information to anyone. Cancel anytime.

This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.

Topic(s):
By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post. Please leave a comment below!

I am a digital security coach. I help technical leaders make digital services secure and trustworthy. Learn more »

Free Updates

I will never share, rent, or sell your information to anyone