[Dave Birch] Andre Duran, the CEO of Ping Identity, and a chap who knows a thing or two about digital identity, said earlier in the year that there are four “megatrends” that are changing the landscape for interaction. These are…
…cloud, social, mobile and big data. The world looks very different today than it did even five years ago. And so our thinking and our solutions must change with it.
I don’t think anyone would disagree. Digital identity is core to the connection between these trends, which I’m sure is one of the reasons why the accountants Deloitte flagged up digital identity as one of their “technologies to watch” or something similar for 2012. So they’re on my page, as I believe the young people say. But it’s one thing to say “digital identity” and another to turn it into an element of organisational strategy, and one of the main reason why is that the term is diffuse. To me, digital identity means something quite specific. But that’s not, I think, generally true.
Former Twitter CEO Evan Williams noted in a blog post this weekend that online identity is one of the thorniest issues any web-based service has to deal with — in part because the word “identity” means a number of different things.
True. And I suppose I might reasonably be accused of sticking to more technology-centric or “tool-centric” definition, but I prefer to do that because it is more specific.
This is a very tool-centric, or marketing-centric approach, and leaves out — or dismisses — all the messy and interesting philosophical aspects of identity. Consider issues like publicy: How much of these various aspects of identity do you want to be revealed? Or context-based identity: you are a different you with the bowling league, at work, or on Suicide Girls.
Digital identity means different things to different people, naturally, but I think one of the common threads that I am beginning to see is control. Could it be that “control” is the key concept that will bring digital identity alive for businesses and consumers alike?
Personal, which Forrester Research has identified as a leader in the emerging personal identity management space, is focused on empowering consumers to take control over their own data. Doug Wheeler, co-founder and COO of Personal, described the company as a “private network where users store all of life’s important details in bite size pieces called data ‘gems.’
I make no comment about whether their technology or business is any good, but refer to this snippet in order to make a different point: that technologists like me will get nowhere without the marketing guys. It’s “data gems” that sell, not “digitally-signed NDEFs containing references to personally-identifiable information”. One of my constant complaints about the world of digital identity, data privacy and the apparently paradoxical online world that delivers simultaneously more security and more privacy is that it remains disconnected from the marketing and commercial side of organisations such as, for example, mobile operators.
Fighting technology with technology seems most promising—by replacing ID cards with phones.
I think the first serious “identity in phone” project that Consult Hyperion worked on was for the Japanese company NTT Data, and that was a decade or so ago. Yet the concept doesn’t seem to making much progress in the mainstream. I’d quite like to use a standard phone-based identity to access most services and it drives me to distraction to have to deal with hundreds of different usernames, password, PINs, secret words and personal questions to get what I want to get online. I have all of them stored in an app on my phone anyway (I happen to use “SplashID”, which is pretty good, but I’m always forgetting to add things into it) and I’d really like to avoid problems like this morning, when I had to do something in Firefox and it asked me for a “Master Security Password” that I had absolutely no memory of).
Why the slow going? Maybe it’s something to do with the packaging. If we could package the digital identity message properly, with a common understanding of the term and a shared narrative that animates it, so that we can connect with the commercial guys, then I think we could reasonably expect growth. You’d think the accountant-style persons in operators and elsewhere would be all over it, because the scale of the problem is huge and the opportunity to do something about it — because of the frameworks that are coming into place, the technologies available to us and the experience already built up — is immediate.
Cases of online fraud have increased threefold compared to 2010, partly due to consumers having a large number of web accounts, according to new research.
But. There’s still not a lot happening. I have a memory of a Vodafone woking on something around a decade ago, and Turkcell have some services live, but there’s a disconnection somewhere. Mobile operators seem, to me, to be the natural providers of a digital identity infrastructure and one of the natural providers of identity and attribute services that could take advantage of it. How? Earlier this year, Assaf Bielski wrote a succinct prescription when commenting on the slow uptake of service (e.g., the Estonian mobile ID, which has only 30,000 users).
The best way to to this is to engage with the rest of the digital identity community that tries to solves these problems globally (see earlier post), and add the MNO assets, the mobile device and the SIM to it, and not to treat it as a stand-alone service.
Exactly. Who cares about “Joyn“. I want standard, open and interoperable digital identity with the keys in tamper-resistant hardware. Why don’t the mobile operators start with OpenID on their own sites (so I don’t have to mess about remembering different passwords for O2, Orange, 3 and Virgin) and then enable 2FA OAuth2 using SIM-based keys. Eating your own dog food, I believe our transatlantic cousins call it. If millions of mobile customers began using it for operator services, then it would presumably become attractive for other service providers to use it and thus become a market for value-added services.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers