Saturday, April 30, 2005, 2:29 PM

Painting the Future: Panopticons and Choice

After scrounging around for a while in the literature of digital identity, I still only have a fuzzy picture what the future of digital identity would and should look like. Here's my attempt at painting a more focused picture of the future:

Enterprises - Panopticons. Panopticons will be reality for enterprises. You'll be able to ask "What did Joe do the last sixty days?" and be able to get a reasonable answer as opposed to the blank stares from corporate officers today. Enterprises are legally accountable for the actions of their employees, so it's important and reasonable that they know what their employees are up do. Because employees are also private citizens, the debate will be around how much privacy an employee can expect while using an enterprise's resources, while working for the enterprise. Employees should not expect privacy with the identities issued to them by an enterprise because the technical systems will not support anonymous identities. (I'd better note here that my assumption is that private citizens who want privacy as employees can still get it using their personal identities.)

Identity Providers (IdP's) - Every Server. Most of the present services (, Skype, Gmail, etc.) and future ones will be their own identity providers for their users. As the experience of Microsoft Passport has shown us, there is no incentive for an organization to depend on some other entity to be the identity provider for their own customers. (See also Pick your superpower by Ben Hyde.) And as far as end-users can tell, regardless of the sophistication of the implementation, to do otherwise would be construed as breaking Kim's Law of Fewest Parties.

Global Identity Providers (GIP's) - the Few. Money talks. The only global identity providers I can think of are the credit card companies (Visa, MasterCard, American Express). Governments come close, but a business in Paris might not accept an identity issued by the state of Texas. These GIP's will be the means by which the vast majority of IdP's notarize the identities the IdP's manage in order to ensure that the identities they have are unanonymous.

Private Citizens - Choice. Private citizens will have a choice of anonymous identities or unanonymous identities with different trade-offs. There might be proxy services that allow consumers to anonymously shop online. By contrast, consumers could also choose to allow organizations to track their online behavior for financial or other considerations. A private citizen could choose to have an almost zero online footprint or could be fully visible in all their activities; the bulk of us will be somewhere in between, with some aspects of our digital life visible to the other entities we deal with, and other aspects private. The future will bring us choice. (Yes, I'm an optimist.)

Question. If you accept the future I've painted (which is admittedly pretty silo'ed), what do you think that means for the adoption of federated identity systems? (Peter Davis also has something to say about this in Where are the Customers?)

Jamie Lewis started the ball rolling for me with Ends and Means: Identity in Two Worlds. Tim Grayson responded with Information Dogma, which prompted my note in Alex Cameron helped with Beyond the Panopticon: Architectures of Power in DRM. And, of course, Kim Cameron with his seven Laws of Identity (which I'd rather label "Principles of Identity Systems Design", but alas, we might have past the tipping point for labeling Kim's laws/principles) laid out the rules for building universal identity systems. Stefan Brands and Johannes Ernst helped me clarify my thoughts on how Strong Identities Can Be Anonymous.

0 Comment(s):

Post a Comment

<< Home