This was followed by a panel discussion on the different “faces” of identity: ethical, legal and technical.
- The ethical perspective came from Alexander Hanff, Head of Ethical Networks at Privacy International. Alexander noted the significant changes that have occurred in the UK in the last couple of weeks, with the abolition of the ID card, Children’s Index and so forth. He was rather positive about the new Coalition and said that he expected more “positive changes” to come. I have to say that I wasn’t clear on the vision, although he did mention transparency as a key element in the new identity and trust landscape, and that’s something I do agree with.
- He did mention in passing that most businesses are unprepared for the impact of European telecoms regulation. This isn’t my field, so I didn’t entirely follow this part, but it seems that the EU is going to require the interweb to spy on its users in case they are terrorists or something.
- The legal perspective came from Kevin Fraser, Head of Data Protection, Ministry of Justice. Kevin explained the eight key principles of data protection.
- The technical perspective came from Forum friend Kim Cameron, Chief Architect, Identity & Access, Microsoft. Kim set out some of the drivers for cloud computing and some of the challenges that it faces. He mentioned in passing the problems of synchronising data over the interweb, which is exactly the problem that I have noticed with Microsoft Exchange and Outlook (they seem to send megabytes of data back and forth). He asked, essentially, whether the costs of identification and authentication will erode the cost advantages of the cloud (I think not, because I expect standard platforms to arise) and pointed out, entirely accurately, that none of this has really been thought through. He was advocating a claims-based model and reminded people that this is about M2M as well.
I liked having these different perspectives brought together at the beginning of the event as it made for a good foundation for observations and questions in the Digital Identity Forum stream, where John Bullard from Identrust chaired the speaking session and I chaired the panel session: though I say so myself, it was an excellent afternoon — many thanks to John Skipper, Vincent Jansen, Giles Sergant, Frank McCarthy, William Heath, Pete Bradwell, Robin Wilton and Henry Potts — and I came away with a number of new ideas to take back to our customers who are interested in developing identity-based businesses for the mass market. I was specifically curious as to whether the panel and the delegates had any feelings about the potential for banks to be identity providers, but the conversation was much more interesting and wide-ranging. I’ll put together a discussion of a few key points for the EEMA web site when I have some time.
One of the topics that came up several times in conversation at the event was Facebook, which seems to have become a sort of benchmark against which identity and privacy ideas can be tested. I am particularly curious about this at the moment: since Facebook seems to have defined what the general public understand by electronic identity, privacy and so forth, is it forming “healthy” attitudes? Here’s an example of what i mean: is your virtual identity on Facebook synonymous with your identity, a facet or persona, or something distinct from your “real” identity? I tend to see these virtual identities as distinct from real identities. Chris Skinner highlighted this issue recently.
“The days of you having a different image for your … co-workers and for the other people you know are probably coming to an end pretty quickly … Having two identities for yourself is an example of a lack of integrity.” Mark Zuckerberg, founder and CEO of Facebook
So here’s my lack of integrity: I’ve got two Facebook accounts,[From The Financial Services Club’s Blog: The name is Skinner … Jason Skinner]
Personally, I have one identity on LinkedIn and one on Facebook. I don’t see any problem with this at all: the professional relationships I have with people on LinkedIn and the personal relationships that I have with people on Facebook are separated by more than perspective: I don’t see LinkedIn Dave and Facebook Dave as different facets but as different identities that anchor different relationships.
Digital identities exist to enable human experiences online and if you store someone’s Identity you have a relationship.[From Identity, relationships and why OAuth and OpenID matter « Derivadow.com]
In my bizarre and distorted world view, the author should have said “virtual identities”, not “digital identities” i, but I couldn’t agree more with the central conceit. To my mind, each virtual identity is a relationship and while some of these relationships may overlap, they remain distinct. This fits very neatly with the idea that Kim was putting forward that relationships are contexts for claims, and it is easy to see how this can be implemented since the public key certificates that are the instantiation of the relationships (as virtual identites) can contain any number of attributes (eg, CHYP_EMPLOYEE) than become worthwhile credentials after authentication.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]