Identity 2.0: A world that’s simple, safe and secure.
Who is the Dick on My Site? by Dick Hardt (Sxip Identity Corporation)
“Really, data is about people. It’s really identity data.”
“Identity helps you predict behavior.”
“Identity is who you are.”
“Identity is also what you like.”
“Identity enables you to uniquely identify somebody.”
“There are things that other people say about you, too.”
“Modern identity is about photo IDs so you can prove your identity.”
“Identity is a complicated issue….Everyone has a different idea of what it is.”
Identity transactions are:
party identification (who)
profile exchange (info about that person)
NOT record matching
Identity transactions can be:
but it’s unverified
How do you verify?
ID, subject matches credential, assuming the feature that only the one person can use that ID.
Photo ID is asymmetrical in trust, because the issuing organization (province of British Columbia) doesn’t know when the ID is being used, so there’s some privacy.
What is digital identity?
sometimes, site registration.
definitely a hassle, could be simpler
unverified, fewer trust cues than verbal
Interesting point — searching de.li.cio.us shows you what other people think you are.
How do you prove to a website who you are? It’s not what you give to the site, but what the site knows about you! If you have a good eBay rating, can you take that over to Craigslist?
What we want in Identity 2.0 is a way to make identity user-centric, not site-centric, so a person can move their identity around.
How do we solve this? You have a trusted agent that can give information to relying parties — a relying party is any site that the user wants to share information. The agent does not need to trust the relying party, the sites don’t need to trust the agent. The relying party does need to trust the agent (“issuer”), but that’s it. This is how OpenID works.
Identity data isn’t just data, it’s data about a person.
Why does identity matter?
“The future has arrived, it is just not evenly distributed yet.” William Gibson
More and more apps are becoming distributed (ie, Google). Biometrics are becoming prevalent. There’s a lot of device convergence — a phone can pay for things, etc.
There are “digital natives” and “digital immigrants” — natives grew up with the computer, with the internet. An immigrant has an accent — “digital camera” for an immigrant, “camera” for a native.
Identity 2.0 predictions:
minimal passwords — the agent makes it simpler
rich portable profiles — don’t need to keep re-writing the profile information over and over
portable credentials — digital driver’s licence, prove attributes digitally
agency/delegation — an assistant can book a flight for you, or one site can get
reputation services — like blogosphere, page rank, great contributor to wikis or open source. Similar to credit rating.
identity services — disposable e-mail, one-time tokens, such as one-time payments, one-time phone numbers, all this stuff can help reduce spam and protect privacy.
State of user-centric identity:
functionality — there is nothing out there that’s functional out there for what we need
industry — many organizations are working together, that wouldn’t normally – Grade: A
standards — needs more work – Grade: C
interop — standards not quite there, but folks are making it work – Grade: B
deployment — there’s a start, but more needed – Grade: C
utilization — nominal – Grade: D probably should be F
vitamins — should take, but don’t
painkillers — don’t want to take, but do
viagra — want to take, probably shouldn’t
Identity 2.0 is still at the vitamin stage. There’s no pain.