digital identity

dataI got into a big discussion / argument once with a friend and colleague about how to define identity. The argument went something like this, human beings are defined by their identity (I said), yes, but identity is just made up of pieces of information and so the concept of identity does not exist in its own right (he said). And so it went on, back and forth becoming more complex, until finally we both went our separate ways on the matter and talked about much more important things like the weather.

A few years later and I still mull over the matter. I am becoming though, increasingly more receptive to the idea of using a reductionist approach to identity access management (IAM). However, I need to warn you that the story does not end there and my friend hasn’t quite won the argument…

Lets start out by looking at what reductionism is. I am going to look at it from a behavioural ecology / anthropology standpoint because, after all, we are talking about human beings here, the technology of which should follow – a point eloquently made by another colleague in this LinkedIn discussion here.

The debate around reductionism vs. holism in the world of ecology is a raging and unresolved argument. Reductionism resolves any given system down into its component parts, holism, looks at those parts as a whole. Reducing systems into their component parts can potentially miss effects that are only seen when those parts are working together. And looking only at the whole can miss opportunity to make effective changes to that whole by making subtle changes to the components. The question is, are the parts actually greater than the whole and will reducing an identity system to its component parts be better than setting the context of the use of the identity by the human operator?

I believe that you do not need to choose one side of the argument over the other. In creating complex technology systems which will serve as our digital me, we should be looking at both sides of what is essentially, the same coin. Yes, we can break identity down into its constituent parts, data, but then, these data can mean different things within different contexts. My friend was right, identity is just about data, but how we use that data in the human / technology interface needs to be designed holistically.

p.s. I am going to explore this theme further and look at the effects of approaching data platform design from both a reductionist and holistic methodology. As an ex chemist and anthropologist, the scientist in me craves a proper scientific approach to this subject. Maybe someone out there is looking at this? If you know of any research into this area of identity and data please let me know.

Or IRM as it’s going to be known. Which is odd as IRM has another meaning for me, Information Rights Management, which is an area of technology I know well. But getting back to Kantara and their new initiative, which is to look at ‘evolving’ identity away from its enterprise roots and mind-set to a more internet capable organism. If we want to keep on the theme of evolution, then as you know, natural selection is the mechanism of evolution, so there must be selection pressures to make online identity ‘evolve’. And certainly there are environmental changes afoot.

To say a lot of us use the internet these days, is a bit of an understatement – 2.7 billion users at the last count. People are now pretty savvy at using the internet too, most likely thanks to user centred design and platforms like Facebook, et. al. which were built for us to play with. I know this is a generalisation and there are still a lot of people who aren’t online, or who struggle with the whole use of the internet, but it’s a moving train and we need to get on it at some point. So technology follows suit, pressurised by how people behave, human behaviour pulling technology after it, rather than technology trying to dictate human behaviour (as is attested by many a failed technology application).

So Kantara have recognised this and have started an initiative looking at the needs of modern identity platforms, in light of mass internet use, the extended enterprise and the complexity of online interactions. They have called this initiative, Identity Relationship Management and have created a set of ‘pillars’, each of which describe how the new technology paradigm should be approached.

When I first saw this I was very bolstered. Avoco Identity have been working in the emergent area of consumer (or human, or citizen, or user centric) identity management for a number of years now – our own evolutionary path into this area is an interesting one…It was extremely refreshing to see that an organisation like Kantara, who represent the industry and are on the frontiers of innovation, an example being UMA (user managed access – much more on that in another post soon) are starting to really look at the requirements needed for an identity platform for the modern era.

Avoco Identity are particularly pleased because it condones our own design choices, by that I mean:

Elastic scalability – this means you can use a platform to  service 1 to a billion+ users

Consumer relevant – this is a myriad and multi-layered discussion and utilises all sorts of technology to seamlessly fit with human expectations

Adaptable and intelligent – again this comes in many forms, but the premise is that the platform works with you and understands your behaviour and your internal policies, whilst (and this is just as important) also balancing the policies of the service you are interacting with

Without borders – no modern IAM solution can really be contained within a boundary. I’m sure there will always be situations where that sort of platform is required, but for business to expand and take advantage of how their employees (BYOD), partners and ultimately customers operate, they need to work outside of boundaries.

I will talk about lots of the above in much more detail in later posts, but if you agree with the tenets of the Kantara IRM initiative, you can add your voice here.

41mTdWYvhaL__SY300_I have had a number of conversations, leading into often intense arguments, about just what is digital identity. I’m at the stage now where I’m not even sure that question is relevant or helpful.

No one seems to have established what an identity is. OK, we can try and map the idea back to our real world identity, setting out common criteria such as recognisable ‘credentials’ and identifying ‘claims’ or ‘attributes’. But in the end, does any of this really get us what we want? Have we actually established…’what we want’?

I often wonder if using the term ‘identity’ has thrown a red herring into the mix. It’s not really about identity as we normally express it, or rather how we are used to expressing it – which, lets face it is something we hardly even think about in any detail. It’s more about how do we get what we want, online, quickly and with as little fuss as possible. This is currently dictated by the parties we are trying to get that ‘stuff’ from.

What we currently have is a messy, complicated, insecure, highly irritating, nebulous mix of methods, of identifying yourself online. If I have to setup another account, with yet another password, based on yet another set of, fatally flawed, password policies, I think I’ll end up screaming.

This situation cannot continue. It’s at best incredibly irritating but mainly it is highly insecure and very efficient. And more importantly, it does not have to be this way.

What I am about to say is not new, it has been said by the great and good of this vanguard for years. But I will reiterate it anyway, because maybe the time is now.

We need to establish a coherent, interoperable identity system for the web: By this I don’t mean one god-like identity system, it could be many variants. There are a number of working groups heading towards this, but this is not just about technology this is about much more, this is about humanity and expectations and needs and most importantly, working together towards a common goal. The goal is a connected internet. One that recognises the myriad of ‘identities’ that we, as the human who ultimately own our ‘identity’ decide to keep under our control (more on that in later posts).

Technology, including identity technology, needs to become more human. It is after all, our way of embracing communities and spaces that are really just an extension of ourselves.