Aldo Castañeda recently hosted Johannes Ernst, Dick Hardt & John Kemp in what he called a “User-Centric” episode. Paradoxically, what I got from this excellent show was the entire opposite, i.e. that there’s nothing “user-centric” in Digital Identity. Here are my impressions from the sub-text of that show.
Johannes Ernst maintained that in the future we’ll have an eBAY without an eBAY. Meaning: instead of having eBAY as a broker, people will engage in eBAY-like transactions without relying on a central entity. Ernst added, that this vision of completely decentralized business transactions, running on a global, peer-to-peer infrastructure, is currently under construction.
This insight shed an interesting light on the Skype-eBAY deal (Skype as a p2p infrastructure company. And see also A Skype Rashomon: P2P, Voice and the Read/Write Web ).
Naturally, Identity makes an essential part of any business infrastructure and a globaly distributed p2p business platform makes no exception. It is therefore logical to envision a decentralized Identity infrastructure as part of the future p2p business sphere, and indeed, that’s one of the key success factors for Digital Identity, as presented by Dick Hardt.
But the explicit and repetitive mentioning of the Digital Identity’s decentralized architecture serves, imho, another goal. Usually, when decentralization is discussed, people think about the centralized opposite with its Big Brother connotation. Decentralization triggers, therefore, an immediate, tangible sensation of freedom and user-control. I’m afraid that Digital Identity rides on these feelings; some of its promoters describe its decentralized nature as if this will bring salvation (and control) to the users of the virtual-o-sphere. (I disagree with this sub-textual message, and see also Identity2.0 Illusion of Control).
This time, though, I heard a different tone – some kind of disillusionment from that alleged spirit of freedom. The panel agreed that federation and/or decentralization don’t imply personal control. Actually, they sort of agreed that the only control a User maintains is whether or not to engage in a business transaction, and that’s basically it. If the user elects to do the transaction, then she must provide the service provider with whatever Identity attributes the provider requires. There’s no Identity Bazaar in which the user negotiates what attributes to reveal and what to conceal. Moreover, without a 3rd-party – a trusted Identity Provider that confirms the User’s Identity claims – no transaction is possible, because in the world of Digital Identity the User is – by a paradoxical default – untrusted!
So if Digital Identity is not about user’s empowerment, what is it about?
I’d say it’s about the service providers making more money in the virtual-o-sphere. Both Hardt and Ernst mentioned, more than once, the importance of a trusted Digital Identity for the enablement of business transactions (for instance, proving that I’m over 18, that I live in the US, that I have that credit in my bank account etc.) and in the peer-to-peer reality, where business transactions will happen at the edges of the network, a peer-to-peer trust has to exist.
I would therefore suggest that the whenever Identity is discussed in an authentication/authorization context, the user-centric theme should be viewed as nothing but a marketing strategy in the spirit of the current web2.0 Zeitgeist (Identity2.0…). There’s no user-centricity in Identity2.0.
There are other voices and other aspects to Identity. A prominent speaker of this “other Identity” is Marc Canter. My next post will describe his take on the matter.
User-Centric Identity part 1 May 18th, 2006
User-Centric Identity part 2 May 24th, 2006
The Story of Digital Identity, episode 27 [part 1]
The Story of Digital Identity, episode 28 [part 2]
Technorati User-Centric Identity, Technorati the Podlink