Tag Archives: online identity

dataI got into a big discussion / argument once with a friend and colleague about how to define identity. The argument went something like this, human beings are defined by their identity (I said), yes, but identity is just made up of pieces of information and so the concept of identity does not exist in its own right (he said). And so it went on, back and forth becoming more complex, until finally we both went our separate ways on the matter and talked about much more important things like the weather.

A few years later and I still mull over the matter. I am becoming though, increasingly more receptive to the idea of using a reductionist approach to identity access management (IAM). However, I need to warn you that the story does not end there and my friend hasn’t quite won the argument…

Lets start out by looking at what reductionism is. I am going to look at it from a behavioural ecology / anthropology standpoint because, after all, we are talking about human beings here, the technology of which should follow – a point eloquently made by another colleague in this LinkedIn discussion here.

The debate around reductionism vs. holism in the world of ecology is a raging and unresolved argument. Reductionism resolves any given system down into its component parts, holism, looks at those parts as a whole. Reducing systems into their component parts can potentially miss effects that are only seen when those parts are working together. And looking only at the whole can miss opportunity to make effective changes to that whole by making subtle changes to the components. The question is, are the parts actually greater than the whole and will reducing an identity system to its component parts be better than setting the context of the use of the identity by the human operator?

I believe that you do not need to choose one side of the argument over the other. In creating complex technology systems which will serve as our digital me, we should be looking at both sides of what is essentially, the same coin. Yes, we can break identity down into its constituent parts, data, but then, these data can mean different things within different contexts. My friend was right, identity is just about data, but how we use that data in the human / technology interface needs to be designed holistically.

p.s. I am going to explore this theme further and look at the effects of approaching data platform design from both a reductionist and holistic methodology. As an ex chemist and anthropologist, the scientist in me craves a proper scientific approach to this subject. Maybe someone out there is looking at this? If you know of any research into this area of identity and data please let me know.

41mTdWYvhaL__SY300_I have had a number of conversations, leading into often intense arguments, about just what is digital identity. I’m at the stage now where I’m not even sure that question is relevant or helpful.

No one seems to have established what an identity is. OK, we can try and map the idea back to our real world identity, setting out common criteria such as recognisable ‘credentials’ and identifying ‘claims’ or ‘attributes’. But in the end, does any of this really get us what we want? Have we actually established…’what we want’?

I often wonder if using the term ‘identity’ has thrown a red herring into the mix. It’s not really about identity as we normally express it, or rather how we are used to expressing it – which, lets face it is something we hardly even think about in any detail. It’s more about how do we get what we want, online, quickly and with as little fuss as possible. This is currently dictated by the parties we are trying to get that ‘stuff’ from.

What we currently have is a messy, complicated, insecure, highly irritating, nebulous mix of methods, of identifying yourself online. If I have to setup another account, with yet another password, based on yet another set of, fatally flawed, password policies, I think I’ll end up screaming.

This situation cannot continue. It’s at best incredibly irritating but mainly it is highly insecure and very efficient. And more importantly, it does not have to be this way.

What I am about to say is not new, it has been said by the great and good of this vanguard for years. But I will reiterate it anyway, because maybe the time is now.

We need to establish a coherent, interoperable identity system for the web: By this I don’t mean one god-like identity system, it could be many variants. There are a number of working groups heading towards this, but this is not just about technology this is about much more, this is about humanity and expectations and needs and most importantly, working together towards a common goal. The goal is a connected internet. One that recognises the myriad of ‘identities’ that we, as the human who ultimately own¬†our ‘identity’¬†decide to keep under our control (more on that in later posts).

Technology, including identity technology, needs to become more human. It is after all, our way of embracing communities and spaces that are really just an extension of ourselves.