Push vs. Pull in identity — sounds familiar?

The blogosphere is buzzing over Bob Blakley’s recent presentation at the Gartner/Burton Catalyst conference. The issue seems to be this, as expressed by Ben Goodman of Novell:

According to Blakley’s assertions, identity management today is based on a “push” model as IdM applications centrally store user entitlements and those entitlements are “pushed” out to the applications so that users with the appropriate rights can access them … Blakley contends that this model is broken and that a new identity paradigm needs to emerge now. One where user access privileges are “pulled” at the time of use to the application or service the user wants to consume…

Why does this sound so eerily familiar? We had that same argument in the early days of OpenID! (For one thread, see here.)

My argument at the time was centered around LID and is the same as Bob’s: Pull is vastly preferable. With the widespread implementation of oAuth (which follows the pull model) and corresponding lack of OpenID AX implementations since (using push), I think I rest my case.

The sad part is that it’s 4 or 5 years later, and only now is that same discussion starting in the enterprise. Why did it take so long? Even back then, we weren’t exactly trailblazers: arguably the web’s (HTTP’s) success depended wholly on it being built around pull … even for things like RSS feeds that arguably look like “push” to the user.