Commentary by Mark Wahl
Organizing principles for identity systems:
Digital ID World 2005, day 1
(2005/5/11)
At the Digital ID World conference this week, at a hotel next door to the Embarcadero Center.
Dick Hardt gave a presentation on the concepts of an "Identity 2.0" - that users should be able to maintain their own identities, rather than be in private systems (e.g. eBay reputations) or 'walled gardens' (e.g. a federation network).
One difficulty I saw on user identity portability is that the attributes defined by a particular service or organization may be tightly bound to large amounts of information that the service/organization maintains, that represents the intellectual property. For example, an eBay reputation "number" may be extractable, but to verify that number requires reviewing the transaction log within the eBay database, and commentaries in that log by potentially thousands of other participating users. While a service like eBay might allow 'linking' to that information, it would be difficult for this kind of service to allow import and export of reputation data.
Mr. Hardt suggested that users might choose to host their identities at service providers which already hold some of their information, e.g. Amazon.com.
I observe that there is already a category of service providers who maintain attributes about millions of identities, and have well-established business relationships with thousands of other organizations. These are the credit-reporting agencies. Conceptually it is only a minor extension for their business models to be maintaining identity information beyond employment, location and credit history, to be able to host a wider spectrum of identity attributes.
Term of the day: quasonymous identity. A quasonymous identity is not entirely pseudononymous or anonymous, even if it appears to be so. There may be an identified cost or difficulty of indirecting through the quasonymous identity to obtain another, presumably different, identity.