There’s a real need to have better identity management, to declare your age and to know that when you’re talking to, say, Barclays bank, that you’re really doing so.
The backers of Geni are hoping that it can find answers to problems like this. It is supported by America’s National Science Foundation and has a timescale of 10-15 years. Hhhmmm. Dipankar Raychaudhuri, a professor at Rutgers University in New York, says
Once you’ve built something as large and complex as the internet it is difficult to start over again.
Quite, but do we really need to?
Technorati Tags: identity, internet, privacy
On the one hand, the Internet works tolerably well and some form of digital identity management infrastructure — while undoubtedly complex to bring together in practice — can at least be imagined. Yet there are people who think that this won’t be enough. Ben Laurie has previously pointed out that identity management systems are not the only way you are identified and tracked. And this is a problem, because if society chooses a particular kind of identity management system — perhaps one which responds to European sensibilities around privacy and data protection — but has to deliver it on top of a surveillance infrastructure (ie, the current Internet or something similar), then society’s political choices are subverted. In other words, there must be a substrate of anonymity to make higher level choices about pseduonymity or conditional anonymity valid. I am entirely sympathetic to this line of argument, but I just cannot see how engineers will be able to persuade governments, law enforcement agencies and tabloid newspapers that it’s better for society in the long term to allow certain kinds of anonymity in certain circumstances.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]
> There’s a real need to have better identity management, …
I’ve not seen that need, at least, not in the current Internet. Any supplier that needs “identity” can happily use an ex-internet method to provide this. It’s simply not clear that we should be demanding board, IP-stack-based protocol, bits, memory, etc to understand and “know” identity.
On the other hand, there are “identity” capabilities around. Why aren’t client-side certs used? If the answer is “too difficult,” is the question, “I want something for free?”