Archive for the ‘Identity’ Category

P2P Business Platforms and the Story of Digital Identity

June 6, 2006

the story of digital identity.jpg

Aldo Castañeda recently hosted Johannes Ernst, Dick Hardt & John Kemp in what he called a “User-Centric” episode. Paradoxically, what I got from this excellent show was the entire opposite, i.e. that there’s nothing “user-centric” in Digital Identity. Here are my impressions from the sub-text of that show.

Johannes Ernst maintained that in the future we’ll have an eBAY without an eBAY. Meaning: instead of having eBAY as a broker, people will engage in eBAY-like transactions without relying on a central entity. Ernst added, that this vision of completely decentralized business transactions, running on a global, peer-to-peer infrastructure, is currently under construction.

This insight shed an interesting light on the Skype-eBAY deal (Skype as a p2p infrastructure company. And see also A Skype Rashomon: P2P, Voice and the Read/Write Web ).

Naturally, Identity makes an essential part of any business infrastructure and a globaly distributed p2p business platform makes no exception. It is therefore logical to envision a decentralized Identity infrastructure as part of the future p2p business sphere, and indeed, that’s one of the key success factors for Digital Identity, as presented by Dick Hardt.

But the explicit and repetitive mentioning of the Digital Identity’s decentralized architecture serves, imho, another goal. Usually, when decentralization is discussed, people think about the centralized opposite with its Big Brother connotation. Decentralization triggers, therefore, an immediate, tangible sensation of freedom and user-control. I’m afraid that Digital Identity rides on these feelings; some of its promoters describe its decentralized nature as if this will bring salvation (and control) to the users of the virtual-o-sphere. (I disagree with this sub-textual message, and see also Identity2.0 Illusion of Control).

This time, though, I heard a different tone – some kind of disillusionment from that alleged spirit of freedom. The panel agreed that federation and/or decentralization don’t imply personal control. Actually, they sort of agreed that the only control a User maintains is whether or not to engage in a business transaction, and that’s basically it. If the user elects to do the transaction, then she must provide the service provider with whatever Identity attributes the provider requires. There’s no Identity Bazaar in which the user negotiates what attributes to reveal and what to conceal. Moreover, without a 3rd-party – a trusted Identity Provider that confirms the User’s Identity claims – no transaction is possible, because in the world of Digital Identity the User is by a paradoxical defaultuntrusted!

So if Digital Identity is not about user’s empowerment, what is it about?

I’d say it’s about the service providers making more money in the virtual-o-sphere. Both Hardt and Ernst mentioned, more than once, the importance of a trusted Digital Identity for the enablement of business transactions (for instance, proving that I’m over 18, that I live in the US, that I have that credit in my bank account etc.) and in the peer-to-peer reality, where business transactions will happen at the edges of the network, a peer-to-peer trust has to exist.

I would therefore suggest that the whenever Identity is discussed in an authentication/authorization context, the user-centric theme should be viewed as nothing but a marketing strategy in the spirit of the current web2.0 Zeitgeist (Identity2.0…). There’s no user-centricity in Identity2.0.


There are other voices and other aspects to Identity. A prominent speaker of this “other Identity” is Marc Canter. My next post will describe his take on the matter.


User-Centric Identity part 1 May 18th, 2006

User-Centric Identity part 2 May 24th, 2006

Original Podlink:

The Story of Digital Identity, episode 27 [part 1]

The Story of Digital Identity, episode 28 [part 2]

technorati3.jpgTechnorati User-Centric Identity, Technorati the Podlink

Identity2.0 Illusion of Control

April 2, 2006

Seeing and hearing Dick Hardt's "600-mouse-clicks in 12 minutes" presentation is a must: it is the most formidable elevator pitch I have ever seen.

So what's Identity 2.0? Is it indeed a radically different approach to identity as its suffix suggests, or is it the same old stuff rebranded in the spirit of the current Zeitgeist?

If you ask Dick Hardt he will tell you two things:

1. Identity 2.0 is all about empowering the user. A user-centric model in which the user defines and controls his/her Identity.

2. What is Identity? Identity is "The collective aspect of the set of characteristics by which a thing is definitively recognizable or known". In this context, Hardt talks much about Personas (assertions about MY Identity), as well as about Reputation – assertions that others are making about (aspects of) who I am. An example for that would be the eBAY reputation of a seller.

I think the two points mentioned are problematic.

First is the illusion of control. The User is not in a real control of what her Identity is. The different Identity Providers – Government, Universities, Work places and so forth – provide assertions about me that I cannot control nor alter. But at least, these are Objective and factual assertions. With Reputations, though, we're entering the realm of the subjective, with assertions that might be biased, inaccurate and sometimes false. Objective or Subjective – it does not really change the fact that People are not in control of their Public Identity!Differently put, Identity 2.0 is probably about controlling the How (distribution, interaction etc.), rather than controlling the What (Who am I).

This leads me to the second problem, which relates to implicit assertions. This kind of assertions is not an explicit part of the Identity2.0 discussion. I am referring here to what can be induced from the data and the meta-data (clickstreams, gestures, attention or whatever) the user is generating inside the various service providers. My mails at Gmail, my docs at Writely, my photos at Flickr and so forth, say a lot of things about ME and are, therefore, essential components of MY Identity. If Identity 2.0 is all about giving ME the ability to control MY Identity, then Data and Meta-Data MUST be part of the design goals of Identity 2.0, for unlike Personas and Reputation – Data and Meta-Data are controllable. Unfortunately,though, I couldn't find any trace to these critical aspects of Identity in the 7 laws of Identity, nor in the 14 design goals of Identity 2.0.

Dick Hardt – See and listen – it's only 16 minutes.



See and Listen: Identity 2.0, OSCON 2005

Just Listen: Dick Hardt – Identity 2.0

Original Podlink: IT Conversations, Dick Hardt, Identity 2.0


Dick Hardt: Identity=Reputation

Dick Hardt: Identity 2.0 Design Goals

Kim Cameon: The Seven Laws of Identity

technorati1.jpg Technorati Identity 2.0, Technorati the Podlink