Identity

Seems to me that Don Park’s mostly right about identity:

Control over identity mean nothing to the users.  It’s control they are not even aware they need to have.  Giving users full control over their identity amounts to giving them full control over new chores they have to do.

Replace his term “users” with “consumers” and it seems right to me.

Enterprise, on the other hand, is a related but different enough space and opportunity.

Elsewhere, Johannes Ernst has been describing his new Light-Weight Identity scheme (LID). Being URL-based, LID reminds me of Dan Bricklin’s earlier SMBmeta scheme — designed to allow a distributed directory of small company metadata to be created. We’ve had an SMBmeta XML file up on our Glenbrook Partners website for two years — but Dan’s whole initiative never seemed to get any kind of critical mass of adopters.

Johannes idea takes the notion of storing static XML data at a URL a bit further — through the use of a script that actually handles a number of potential queries to the identity URL (see the white paper (PDF)). In the process, he’s created what might be thought of as a mini-web service capable of serving up a number of different identity-related responses on the user’s behalf.

An initial use he suggests is using your LID URL to identify yourself at a new web site requiring registration — saving you the time and hassle of having to re-enter your personal information each time. You provide the site with your LID URL and it retrieves the appropriate information required for registration.

Another advantage he’s claiming is that since the personal data is maintained and updated by each individual, relying parties can simply re-query the LID URL to get current information. Similarly, I could distribute my public key in this manner. This could also, for example, eliminate the seemingly endless Plaxo requests I get from correspondents seeking to update their address books (I refuse to signup for Plaxo!).

Anyway, that’s the basic idea. Store some XML data and a script at a unique URL that becomes your ‘digital identity’. Using different queries to the URL, the script can selectively return, in a web services-like way (either text, HTML, XML, etc), a variety of different elements of personal (or business) information.

LID currently has a crude access control mechanism that controls what information the script serves up depending upon who’s asking — more work seems likely to be required in this area as it has to be bulletproof with response to only serving appropriate information to various (legitimate and illegitimate) requesters. LID supports also pseudonyms allowing users to create (although in a relatively cumbersome manner currently) unique LID’s to use at various places.

Interesting stuff and a fun synthesis of many different ideas. If this is going to go anywhere, there’s a lot more work required to bury its complexity into a simple user management interface. Too bad that it’s just a bit too complicated to be incorporated into DNS itself.

On the Mac, for example, this might get bundled into a combination of the Address Book (my card) and my .Mac online subscription. Similar to iDisk, a Mac-based identity service would allow me to easily control the personal information available and the associated access control requirements to release it from my PowerBook. .Mac would host the data and the associated script and respond to requests from everywhere to serve up my identity data.

Leave a Reply

Your email address will not be published. Required fields are marked *