[Dave Birch] A diversion. I filled in a questionnaire about digital identity (for reasons not germane to this post) so I thought it might be mildly interesting to post my answers and see if they attract any comment.

  • Who are you? (Name, job role and organisation)
  • Dave Birch, Director, Consult Hyperion
  • What does the term ‘digital identity’ mean to you?
  • It's the bridge between virtual identities that exist only inside computers and things in the real world.
  • s your digital identity ‘you’? Why? You may also want to comment on whether your ‘digital identity’ is an individual understanding or composed of group, community and organisational identities?
  • My digital identity isn't me, although it may be created by me. In general use, I imagine that people will have a small number of digital identities, just as they have 3 or 4 credit and debit cards, but each of these may support a large number of virtual identities. These virtual identities will, by and large, embody relationships.
  • What skills and competencies do we need to manage our digital identity?
  • We need to implement the "front end" in familiar ways while hiding the OpenID, PKI and all the rest of it. It should be a simple of matter of "who do you want to be today" and choosing from a menu on your mobile phone screen. I do not believe that the average person has either the competenices or, frankly, the inclination to manage their identities (and privacy) properly, so we (ie, responsible professionals) need to construct and infrastructure that will do it for them.
  • What do you see as the current issue/s of concern surrounding digital identity
  • The tension between the unlimited possibilities of technology and the limited vision of politicians, regulators, designers. Since virtual identities do not behave as mere electronic simulations of "real" identities, but can in fact do far more, we need people with vision who can understand what technology can deliver.
  • What do you see as future issue/s of concern in the area of digital identity?
  • Managing multiple digital identities in ways that make sense, so that there's a narrative around identity and privacy that can underpin future social, commercial and government relationships.
  • Which tools and services do you use to manage your digital identity? For example do you separate personal and professional identities?
  • I do separate personal and professional identities. I have different e-mail addresses, different blogs and now different OpenIDs. Sometimes I even comment on things anonymously. Personally, I think this is a natural way to work — my kids do it implicitly when they IM me, e-mail their grandma and Facebook their friends.

i expect my responses were a little different from most people, partly because I spend a lot of time thinking about this sort of thing but also partly because I have quite a strong model of the relationship between real and virtual identities and I locate digital identity there.

So what. Why does have a strong model matter? Well, I feel that in both the public and private sectors, people are still building systems that deal with identity without having either a consistent or communicable idea of what identity is. And it's really hard to tell a computer what to do if you don't understand the problem. Here's one take on the problem that I picked up in connection with something else a while ago.

Over the years I have been designing and building software I have noticed one recurring set of problems that keep cropping up, regardless of company, product domain or programming language. Software developers’ often have a naïve understanding of identity (myself included!), and this leads to all sorts of bugs, hacks and design compromises. You’d think something as fundamental as how to identify a Thing would have been settled by now! To make matters even worse, changing how you identify a Thing after you’ve already amassed a lot of data (Thing Instances) is typically very complicated and expensive.

[From ILOG BRMS Blogs » Blog Archive » Identity in Software Design]

I'm not saying that having a strong, shared paradigm for digital identity means that we can just code and go. After all, in operational situations where identity has any value, there's the real world to worry about.

Robert Temple, BT's chief security architect noted that relationships between BT and organisations sharing its federated IDs were plagued by lawyers and contracts. "In the end, we asked the lawyers politely to get out of the way as we knew what we were doing," he said. Temple said this was not to minimise the legal issues, which required partners to spend a lot of time building trust in each other.

[From RSA 2008: BT trials federated identity management | 8 Apr 2008 | ComputerWeekly.com]

While I was hacking out my questionnaire answers, I couldn't help but wonder why — given the widespread knowledge that I have given examples of above — we still seem to have such a fragmented approach to digital identity. We seem to have the software and tools, we seem to have a legal infrastructure (even though it is complicated and expensive) and goodness knows we have the need, but we're stuck.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

2 comments

  1. Heyo Dave,
    The challenge is, identity is nebulous enough that we have different concepts. As you may recall, I tend to be on the same page as you regarding this stuff. However, when I think of the term ‘digital identity’ I think of the accumulated mass of the individual identities one has developed. There is more to digital identity than what we choose to show, for example.
    That said, yes, we are stuck. I sometimes wonder if we have the regulatory competence to become unstuck… or if that is the answer at all.

  2. “I think of the accumulated mass of the individual identities one has developed”
    I think you’re right to highlight this but in my deranged taxonomy this is another topic. There’s something about the reputation/footprint of virtual identities that is linked to digital identity but is not under the control or management of digital identity (and therefore, in my scheme, of the real identities it links to.

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: