user-centric identity

Or IRM as it’s going to be known. Which is odd as IRM has another meaning for me, Information Rights Management, which is an area of technology I know well. But getting back to Kantara and their new initiative, which is to look at ‘evolving’ identity away from its enterprise roots and mind-set to a more internet capable organism. If we want to keep on the theme of evolution, then as you know, natural selection is the mechanism of evolution, so there must be selection pressures to make online identity ‘evolve’. And certainly there are environmental changes afoot.

To say a lot of us use the internet these days, is a bit of an understatement – 2.7 billion users at the last count. People are now pretty savvy at using the internet too, most likely thanks to user centred design and platforms like Facebook, et. al. which were built for us to play with. I know this is a generalisation and there are still a lot of people who aren’t online, or who struggle with the whole use of the internet, but it’s a moving train and we need to get on it at some point. So technology follows suit, pressurised by how people behave, human behaviour pulling technology after it, rather than technology trying to dictate human behaviour (as is attested by many a failed technology application).

So Kantara have recognised this and have started an initiative looking at the needs of modern identity platforms, in light of mass internet use, the extended enterprise and the complexity of online interactions. They have called this initiative, Identity Relationship Management and have created a set of ‘pillars’, each of which describe how the new technology paradigm should be approached.

When I first saw this I was very bolstered. Avoco Identity have been working in the emergent area of consumer (or human, or citizen, or user centric) identity management for a number of years now – our own evolutionary path into this area is an interesting one…It was extremely refreshing to see that an organisation like Kantara, who represent the industry and are on the frontiers of innovation, an example being UMA (user managed access – much more on that in another post soon) are starting to really look at the requirements needed for an identity platform for the modern era.

Avoco Identity are particularly pleased because it condones our own design choices, by that I mean:

Elastic scalability – this means you can use a platform to  service 1 to a billion+ users

Consumer relevant – this is a myriad and multi-layered discussion and utilises all sorts of technology to seamlessly fit with human expectations

Adaptable and intelligent – again this comes in many forms, but the premise is that the platform works with you and understands your behaviour and your internal policies, whilst (and this is just as important) also balancing the policies of the service you are interacting with

Without borders – no modern IAM solution can really be contained within a boundary. I’m sure there will always be situations where that sort of platform is required, but for business to expand and take advantage of how their employees (BYOD), partners and ultimately customers operate, they need to work outside of boundaries.

I will talk about lots of the above in much more detail in later posts, but if you agree with the tenets of the Kantara IRM initiative, you can add your voice here.

41mTdWYvhaL__SY300_I have had a number of conversations, leading into often intense arguments, about just what is digital identity. I’m at the stage now where I’m not even sure that question is relevant or helpful.

No one seems to have established what an identity is. OK, we can try and map the idea back to our real world identity, setting out common criteria such as recognisable ‘credentials’ and identifying ‘claims’ or ‘attributes’. But in the end, does any of this really get us what we want? Have we actually established…’what we want’?

I often wonder if using the term ‘identity’ has thrown a red herring into the mix. It’s not really about identity as we normally express it, or rather how we are used to expressing it – which, lets face it is something we hardly even think about in any detail. It’s more about how do we get what we want, online, quickly and with as little fuss as possible. This is currently dictated by the parties we are trying to get that ‘stuff’ from.

What we currently have is a messy, complicated, insecure, highly irritating, nebulous mix of methods, of identifying yourself online. If I have to setup another account, with yet another password, based on yet another set of, fatally flawed, password policies, I think I’ll end up screaming.

This situation cannot continue. It’s at best incredibly irritating but mainly it is highly insecure and very efficient. And more importantly, it does not have to be this way.

What I am about to say is not new, it has been said by the great and good of this vanguard for years. But I will reiterate it anyway, because maybe the time is now.

We need to establish a coherent, interoperable identity system for the web: By this I don’t mean one god-like identity system, it could be many variants. There are a number of working groups heading towards this, but this is not just about technology this is about much more, this is about humanity and expectations and needs and most importantly, working together towards a common goal. The goal is a connected internet. One that recognises the myriad of ‘identities’ that we, as the human who ultimately own our ‘identity’ decide to keep under our control (more on that in later posts).

Technology, including identity technology, needs to become more human. It is after all, our way of embracing communities and spaces that are really just an extension of ourselves.