Consult Hyperion

I do want to talk about what the “no pseudonyms” policy adopted at G+ means for women, LGBT folk, and civil servants.

[From Why Google+ hates women « Bug Girl’s Blog]

Hey! What about me! I want pseudonymity too! It isn’t about people being able to “hide”, it’s about given people choices about how they interact and the ability to interact in different ways via different persona. I don’t think this in conflict with having an identity infrastructure, I think it should be part of that infrastructure. As far as I’m concerned we need an infrastructure more than ever, which is why I find this kind of comment puzzling.

It won’t work; and if it did, you would have to trust big government to stay benign as it tracks your every online step. As for the latter, ask the citizens of Egypt, Tunisia, China, Iran, and other countries that closely monitor their citizens’ Internet usage (or block it in whole or part).

[From Internet Evolution - Robert McGarvey - Why an Internet ‘Driver’s License’ Won’t Work]

Let’s put to one side the question of whether the US wants to monitor or block citizen’s internet usage (although generally on behalf of Disney rather than democracy) and address the central point. What has NSTIC got to do with trusting the government? Most people will use IDs provided by their bank, mobile operator, sports team or favourite pop group. I really, really doubt that the DMV will be able to compete for the business.

Olden suggests building a single sign-on from a handful of IDs that are in wide use. Think Facebook, Gmail, perhaps Yahoo. Facebook alone is emerging as a kind of de facto single sign-on with 500 million users… So scratch Commerce’s NSTIC, and find ways to lace together the passwords we already use.

[From Internet Evolution - Robert McGarvey - Why an Internet ‘Driver’s License’ Won’t Work]

This is confusing two entirely different issues. Issue no.1 is what framework we use for identity, and NSTIC seems to me to be as good as any other (although, as I have often written, I would have liked to have seen an emphasis on pseduonymity as the norm). Issue no.2 is which identities we use. If we only use the same, single identity everywhere that we go through the interweb tubes, then the “owner” of that identity will indeed be able to monitor our journey. I don’t care whether that owner is the Feds or Facebook, I don’t want it to happen.

Personally, I would want a pseudonymous identity from someone like my bank. That why I could do stuff online, and people online could interact with me knowing that the bank knows who I am, if you see what I mean. I don’t think that managing a few identities will be at all different, thanks to the magic of the mobile phone. I spotted an interesting comment on this mobile future in a very positive review of Google Wallet in the Wall Street Journal.

Google Wallet can’t hold your driver’s license or other official forms of identification, so even if it takes off and works everywhere, you’ll still have to carry your license with you.

[From The Digital Solution: Google Mobile App Aims to Turn Phones Into Wallets - WSJ.com]

In the long run, as we all know, it’s the digitisation of identity that will have the biggest impact on society and it’s very interesting to me that the arrival of mobile wallets has stimulated these thoughts.

It would be easy to carry an MIC, or “Mobile Identification Card” on my phone, instead of a physical card in my leather wallet (Google, are you listening?)

[From Invasion of the Invisible Wallet - Forbes]

So what would it take to get my bank pseudonym and (in the US example) the driver’s license into the Google Wallet? We have the technology and we have a framework—NSTIC in the USA and Identity Assurance in the UK—but we need some thing to kick-start and coagulate the swirling possibilities. If we’re all agreeing that government identities are going to do it, then perhaps we should focus on something else.

Government agencies could (and should, in my opinion) become attribute providers, so there’s no reason why the couldn’t issue an electronic drivers license in the NSTIC framework. You provide your proof of identity to the DMV along with a digital identity (in essence a public key from a key pair held in the secure element of the Google phone and accessible from the Google Wallet) and the DMV sends you back a public key certificate (your public key together with the relevant attributes signed by a DMV private key). This would combine my private sector identity and my public sector attribute to deliver the Google Wallet fantasy mentioned above.

Federal Chief Information Officer Steven VanRoekel last week released a long-awaited memorandum requiring that, over the next three years, agencies launching or upgrading sites that prompt people to obtain a username and password also must be compatible with logon services handled by certified third-party vendors.

[From White House may cut purse strings to enforce online credentialing | Ready-Sourcing.com - World Industrial Sourcing News covering national and international Trading affairs.]

It’s a small step, but requiring government sites to offer (in essence) NSTIC-compatible access alongside usernames and passwords will help to get things moving: companies will begin to develop software that offers this possibility. Yes there’s a long way to go, but I think both public and private sector organisations can at least begin to formulate strategy bounds and think about the strategic role of identity in their futures.