Response to Means and Ends.

The Means and Ends posting has gotten a lot of response. Thanks to both Doc Searls and Eric Norlin for the links and the kind words that brought it to people’s attention. I’ve gotten some great email responses as well.

 

Carol Coye Benson of Glenbrook Partners responded by saying:

 . . . consumer-centric identity is fine in theory, but I continue to believe that the great mass of consumers will expend absolutely zero effort in getting any of this straightened out, organized, etc.  But consumer-centric identity systems can’t exist without some active effort on the part of consumers. Most people’s wallets, desktops, kitchen drawers, and old-IRA’s are a complete mess.  Digital identities will be as well.

 

I don’t agree about the government as credential issuer – not completely.  I think right now they mean what they say (the feds, in the eAuth gateway).  States could but can’t afford to.  I can easily imagine a bank issued credential being good enough to file taxes with.  On the other hand, I also believe that we are “one incident away” from a “real” national ID system.  This one will be interesting to watch.

 

Within the world of “means” there are interesting distinctions between direct authentication and indirect (inferred, knowledge-based) authentication.  That’s a collision of worlds that is coming faster than most people realize.

All fine points.

 

I do think that customer-centric identity faces a hurdle in creating a value proposition for the individual people. Technology-savvy folks may have a vested interest in managing their identity, but it’s unclear what will motivate everyone else to do so. (By the way, Carol’s comments about customer-centric identity are consistent with her excellent presentation at Digital ID Word in October of last year. She used the analogy of folks who actually use QuickBooks to organize their finances; it’s a very small fraction of the population. Most people don’t bother.) Having said that, however, Doc and other folks that want a customer-centric identity are working for something that's worth thinking about.

 

The government side is an interesting case. I keep hearing what Phil Windley, former CTO of the state of Utah, said at Digital ID World: He predicted that the federal government would, in the form of an unfunded mandate, make the states turn the driver's license into an electronic ID card, making it the default national ID card (although he thinks they won't call it that). There’s also the need to federate identity trans-nationally. Carol also has a great point regarding bank IDs being sufficient to file tax returns. That's certainly possible. 

 

But sooner or later, it seems likely that governments will get involved with digital identity, especially when it comes to transnational issues. Today, for example, we have treaties to which most countries are signatories that establish the use of passports as identity proofs that work transnationally. International travel and business will one day force some level of digital identity that’s recognizable across borders. But as Craig Mundie, CTO for Microsoft, has pointed out on multple occassions, it took nearly 20 years to negotiate the treaties around passport usage. So we could be in for a long wait.

 

And I agree with Carol that the both different grades and types of authentication are important facets of the identity issue. In the piece, however, I tried hard not to dive off into the technology, but to make the point that the three areas in which digital identity is likely to grow will develop somewhat independently, but must interact. I look forward to exploring all of these issues in more detail.

 

John McDowall also has a great take on the different worlds. He says:

I would characterize them as inside, outside and among. Inside is within a corporation and the notion of identity is controlled by the corporate directory(s). Outside are your customers coming into the enterprise and they have the individual identities that are not within the enterprise and also their identity is typically not attached to their enterprise. Among is when two organizations have a relationship the relationship may be managed by users with an identity within their organization but the basis of the relationship is among the two organizations. 

His discussion of the “spheres of legal control” that require different approaches “both technologically and socially” is another good perspective.

[Jamie Lewis]
10:10:33 AM  #