I was talking yesterday to Dennis Szerszen, vp of marketing at Securewave, a company that keeps Microsoft shops ticking over calmly by enabling whitelist policies of acceptable executables (the zen of behaviour blocking).
Anyway, we were discussing the notion that identity is only important in context. We both agreed the notion of a single canonical digital identity for everything is absurd.
To my mind this is why the approach of the mooted British National ID Card System looks like an expensive and potentially dangerous failure (in terms of budget, civil liberties and fraud opportunities); its a Big Bang, the kind of program the UK Government and associated public sector service provider cartel have a terrible track record for delivering. Most problematical however is the attempt to create a digital ID useful in seemingly every conceivable public meets private sector digital context. It will prevent welfare benefit fraud, catch terrorists, be used by commercial organizations (Insurance companies, potentially), and probably solve world poverty too.
Unfortunately in real life the massive central ID database will probably suffer from information bulimia, a disorder common amongst information intermediaries, characterized by episodic binge data collection followed by uncontrollable vomiting and purging, leading to information leakage and theft.
But anyway back to Dennis and the conversatron. We were discussing USB memory sticks and other portable mass storage devices, a huge information breach challenge for all kinds of company. You don’t necessarily want to block all USB access, it depends on the context. That is where his firm is focusing attention.
I wanted to provide more context for our discussion and suggested Dennis read some blogs on “the new identity thinking”. I don’t mean oldline discussions concerning SSO and PKI, but rather people working on new (often lightweight) approaches and thinking to identity problems. These are the thinkers that will enable new business models, and hopefully some more coherent national policies on identity and privacy going forward. We should all engage with this kind of thinking because ID is important and it is tightly associated with our civil liberties.
Anyway – I reckon that if you subscribe to and read the blogs below for just a few days your ID IQ will be significantly increased. i tried to limit it to ten or so, and gave myself some breathing room for feedback. Should I have included Sun’s very own Superpat, for example? Who is driving the new thinking at IBM- is there a Sam Ruby of ID out there? I basically erred on the side of Web 2.0 folks. Change agents, that is.
So here you go – Now go get smartened up.
Kim Cameron, Microsoft
Perhaps the most influential figure in Identity 2.0. Why? Because Kim is driving Microsoft’s Identity Management strategy, and he wants to put the user, rather than the corporation, at the center of the world. The real deal is our Kim. Put forward seven laws of identity to help drive the debate forward.
Jamie Lewis, Burton Group
Whatever you think of industry analyts it is hard to argue Burton Group have been instrumental in driving the state of the art forward on directory and identity.
Eric is quite simply an identity news maker. Is that the same as a noise-maker? 🙂 No-he gets things done.
Kaliya Hamlin, Identity Woman
Kaliya has all necessary technical gubbins, the respect of her peers, and umm. she’s a she. Its important more women are part of the identity conversation because they likely see things differently than male alpha geeks. As we’re seeing over at the Blogher conference, questions of identity and credibility are closely associated (the link debate). What is the A-list? Its surely an identity management system… And if women do share more personal information online, as Blogaholics notes, what does that say for identity and metadata management in a digital age, and potential abuse of same?
Phil Windley, Technometria
Smart dude from Brigham Young, part of the new identity community cluster.
Scott C. Lemon, Digital Identity Management
Digital Identity-its what Scott does. This blog is a great place to start thinking about the issues.
On The Identity Trail, Province of Ontario ID mavens
Ontario is an e-government hub. Canada hopefully shows us that privacy should be considered when governments drive ID initiatives.
Dick Hardt, Identity 2.0
I couldn’t exactly use Identity 2.0 in my title without pointing to the guy credited with coming up with the term. I subsequently changed the blog title, but he is certainly an influencer of merit.
There are some organizations with something useful to say: Liberty Alliance, Sxip Networks, Identity Commons, LID NetMesh, Passel.org. Here is an HP primer on Federated ID-related protocols.
So there you go Dennis – some advanced thinking on identity in context.
A final word from monkchips: digital living will increase the number of identities we use as it increases the number of contexts and communities in which we interact.
David A. Kearns says:
August 3, 2005 at 5:30 pm
You only have one identity. But you do have multiple personas (or, as the classicalists would say, personnae). That’s what “context” brings to the discussion – a personna is an identity in a given context. You are who you are for all time and all places, but how you represent yourself, how others perceive you – that can change and that is persona.
James Governor says:
August 3, 2005 at 6:12 pm
that’s one view, sure. a little platonic for my liking, but it does make sense.
how does that make sense in terms of identity theft? how can it be stolen it if its one immutable thing?
should we call it persona theft?
also just from a langauge perspective i have seen no buzz around persona, but plenty around ID. trying to make this taxonomy stick might be like pushing rocks up hill. i see you have been hammering on kim, eric and so on on this issue already? any luck?
My take on it is there is no immutable essence of me. Your argument for DNA as identifier, for example, might not make it through the decade, let alone the century, if gene manipulation technology continues apace.
I am both more than, and less than, the sum of my parts and interactions. Don’t get confused by the “I” – that is just a symbol representing something we like to talk about… ourselves.
Language games and family resemblances and contexts and communities is my starting point for discussion.
Jaime Cardoso says:
August 3, 2005 at 7:22 pm
Even if David’s definition may not be very important on the level where we implement an IdM solution. Semantics are already causing problems with IdM.
Kim Kameron defends the existance of several types of attributes: Subject, Target, Request and Context attributes. While he’s definition may look like it makes sence, I think it’s pointless and harmfull.
The name “Identity Management” implies some need to recognize and validate a name (name, common name, login or whatever). But, truth is, what is commonlly known has IdM MUST have a much larger spectrum.
In this case, seguementation will lead to partial implementations and to lack of future funcionality since this solution may or may not, depending on context, require a unique id of someone OR something.
I hope my meaning was clear. If not, I can make up some examples to better explain my points.
Mike Milinkovich says:
August 3, 2005 at 9:31 pm
James,
An interesting bunch that you may be interested in knowing about is the Identity Gang at http://cis-berkman.editme.com/. There is also a very interesting trust framework project (http://www.eclipse.org/higgins/) here at Eclipse which is being led by Paul Trevithick (http://paul.trevithick.name/)
Superpat says:
August 3, 2005 at 11:21 pm
Hi James, thanks for the mention. Your readers might also be interested in Planet Identity ( http://planetidentity.org ), which aggregates your top 10 identity bloggers and a few more besides.
James Governor says:
August 4, 2005 at 2:01 pm
frankly pat, for planetidentity to be a useful feed it should be about identity. its actually just an a-list club, isn’t it? what am i missing?
can someone tell me why i should get a piece from marc canter on RIA and Lazlo – on an identity feed?
http://marc.blogs.it/archives/2005/08/rich_internet_a.html
then phil windley posts on Gibson guitars from oscon. phil is great – but thats nothing to do with identity. i know i included his blog already, so maybe i am shooting my argument in the foot. but planetidentity should maintain focus if its going to be about identity. shouldnt it?
oh great here is more:
Eve on a Sun summer school.
http://www.xmlgrrl.com/blog/archives/2005/08/03/xml-summer-school/
no ID!!!
and as for this doc searls entry… gimme a break
http://doc.weblogs.com/2005/08/03#overseen
monkchips makes no claims to be about one thing, that’s why it treads far and wide.
marc’s voice is lovely. but that’s a different feed. isn’t it?
Superpat says:
August 5, 2005 at 5:11 am
I get your point, James, and I do tend to err on the side of inclusiveness with Planet Identity – maybe I need to be a bit more editorially ruthless.
Most bloggers don’t categorise their posts, so it’s tricky to get the identity related stuff without the rest. Besides, I like a bit of chaff with my wheat – that’s what makes blogs more interesting than just reading MSDN or developers.sun.com 🙂
BTW – do let me know if you’re in the Bay Area – it would be good to meet you…
James Governor says:
August 5, 2005 at 10:25 am
apparently we have a name for these folks -the identerati…
Mark Dixon:
http://blogs.sun.com/roller/page/identity?entry=identarati
Kaliya Hamlin says:
August 13, 2005 at 9:13 pm
Hey there James I am just wondering what a gubbins are?
James Governor says:
August 15, 2005 at 9:05 am
aha great question Kaliya. Basically i meant all the technical stuff in this context. gubbins is one of those words that can mean pretty much anything, in my lexicon.
i could have said “has all the technical doodads”
here is wordnet on the subject:
1 entry found for gubbins.
gubbins
n : something whose name is either forgotten or not known [syn: dohickey, dojigger, doodad, doohickey, gimmick, hickey, gizmo, gismo, thingamabob, thingumabob, thingmabob, thingamajig, thingumajig, thingmajig, thingummy]
Source: WordNet ® 2.0, © 2003 Princeton University
Stephan Engberg says:
August 30, 2005 at 11:58 pm
Beyond the question of psycho-demographics, we need to realise that in a world where we eliminate the phsycial barriers between IT-systems and -databases, we need to introduce the concept of logical barriers to ensure security and protect against cascading Identity Theft.
The 7 laws of identity might suffice for the old legal view, but consent is insufficent as to Security, Privacy and trust Socio/Economics.
http://www.securitytaskforce.org/dmdocs/workshop2/stephan_engberg.pdf
james governor says:
September 2, 2005 at 9:35 am
I take it you haven’t actually looked at the laws Stephan? Otherwise your answer is a bit odd.
Stephan Engberg says:
November 20, 2005 at 7:34 pm
James,
Strange response. The Identity laws does not ensure anything, neither security nor privacy.
The only sure thing seems to be that MS and MS partners control access to the digital networks.
See for instance Ben Lauries remarks.
http://www.links.org/?p=17
Why should anyone trust this? Because MS say so?
It seems to me that MS can enforce any update of your system without you even being able to detect installed spyware.
Honestly, I do understand why MS come with an attempt to regain control with the identity space after the Passport failure. It is necesary to maintain their present market position and as such predictable.
But I dont see any substantial reason why I should not consider Infocards merely a distributed passport model and likely MS trying to move intravenously into the transactions as an active part as a method to counter for instance google and others.
Can you give me any reason (strategically and supported technically) to think otherwise ?
James Governor says:
November 21, 2005 at 8:47 am
well for one thing stephan the laws are not the same as infocards. one is an attempt to provide some structure to thinking/policy about distributed identity, while the other is an attempt to create a technical mechanism for it. if you decouple your criticism of infocards from that of the laws we can have a discussion of some kind.
sorry stephan but i maintain that you are not saying anything about the laws here. my response isnt strange.