I still remember the fun that was had when Dick Hardt first made his cool presentations on User Centric Identity Management and regaining control of who would access to what attribute of your multiple personas, be it online, at home or at work. We all know, that his company sxip identity failed because it did not gain enough momentum to monetize on the idea. Still, concepts such as the (also “failed”, much to my demise) Information Cards by Microsoft or the OpenID approach share some aspects of the sxipper product – putting you in control of your data. The current hype around the new EU privacy and data security legislation is putting some more focus to this!
Apparently, only very tech savvy users – geeks like you and me  – seem to widely adopt and use OpenID. I, personally was attracted to Clavid, a Swiss IDP who combines OpenID with the one thing missing everywhere else: Strong Authentication! Most of you know that this is sort of my pet topic here at KCP and so I was really amazed to see them offer Yubikeys, Avionics’ Internet Passport and even SwissID Government issued certificates as a means of strong authentication – making Clavid an early representative of the prospering “Authentication as a Service” market segment. Not prospering enough, I guess, as I did not see the Clavid guys buying fast cars and castles at Lake Geneva’s´ shores…
Anyway, the concept of letting us – the users/consumers/customers – decide on who gets access to which detail of my life and (digital) identity remains an unsolved issue. Be it the tedious task of filling out forms after forms to get your kid into day-care or getting new insurance for your car – you have to share information about yourself and your loved ones and wonder: do they REALLY need that info? And if so: why do they ask me the same questions over and over again?
Wouldn´t it be nice if more of these form-fields could be “auto-filled”, depending on your choice of what to disclose and what not? Wouldn´t it be great to have one common place to securely store all the insurance information, account information and whatnot? Just like putting your valuables in a bank deposit box (or your high-security safe in your secret lair downstairs, depending if you are a super villain or not)? You could even “compartmentalize” your life into stuff belonging to work/career (like digital versions of all your certifications and endorsements), your personal leisure activities (like memberships in sportsclub and your fishing license, Open Water Diver certificate), your kids info (school district, Headmaster contacts, the football team coach) and the list continues.
I recently tried to gather my families´ core identity data, such as passport and ID card numbers, SSN, healthcare ID, tax ID etc. and it took me full Sunday. Last week I did it all over again, as I misplaced the sheet of paper I used – pretty old school, don´t you think?
But all personal stupidity aside: wouldn´t it be great to use that “digital vault” full of your own personal data to actually ERASE all the personal detail that are stored at the gazillion of companies and organizations you interact with day to day? Why must I put my CC info and full address with “your airline of choice”, if I could use their services “pseudonymously” and only allowing access to those details “on demand” while I actually book a flight? Currently, if I lose my CC or it expires the internet economy burdens me with changing my CC info in each of the gazillion pages I do business with. Why?
I am looking forward to a (hopefully very near) future, where I can actually manage my data in one place and have those who need access to it authorized on a configurable basis. Sure, my employer should have continuous access to my bank account information! But if I am leaving – how can I make them erase that info on file today?
Look put for some colnew announcements and blogs on KCP on this – my colleagues will provide more info as it becomes “freely available”

Well, I thought nothing could puzzle me regarding the IAM market these days - acquisitions, mergers, emerging start-ups.

This ONE “acquisition” really hit me: Dick Hardt joins Microsoft! I almost dropped my morning espresso shot, when I received his (mass-)email… Once I read through his blog-posts here and here  though, I fully understand and congratulate both Dick and my former co-workers at Microsoft! It almost makes me wish I was still there  - now with even more big AND versatile brains in Redmond it must feel like the “in the old days”… Nevertheless, I think the (not so evil) empire really was able to “strike back”. Hiring Dick shows that Microsoft really wants this IAM thing to work – not only product-wise for the enterprise market, but also for the general population “BORGrosoft drones”, which most of us still tend to be…

It really makes me book a flight to Seattle next spring to have some good Mac&Jack´s Amber, deep-fried turkey (see Dick´s blog) and most of all: some great discussion on Identity 2.1 , as I would call it from now on!

Dick & Jennifer: I wish you all the best in and around Redmond, it IS a great place to stay in the US!

Ray & Kim: nice catch

Howdy?
I am sitting in the lounge of IIW2008b, or the Internet Identity Workshop, Fall 2008, in the Computer History Museum, Mountain View, CA. Well, I am expecting the start of the event, as it will be kick off at 1 PM… I am really looking forward to this as I travelled all around California the last two weeks and the impression have been overwhelming so far. According to Dave Kearns, (thanks for a delicious dinner!) it will be quite a nice event!

Stay tuned for some up-to-date info what´s happening here!

Sebastian

I talked to my Sensei-san, Dr. Kpatcha Bayarou of Fraunhofer SIT, recently and allthough only having a few minutes, we came to some extreme views on what User Centric IAM really was about.

Power!

The power to control who gets access to what of my content and information! You are reading this text without disclosing anything about yourself, which is due to  my totally hedonistic way of “sharing the knowledge” . Ok, one might say it is to lure some of you into registering for this site, for our newsletters and even some of the reports. That is, to get YOUR IDENTITY and YOUR MONEY   Do you get a feeling where this will go?

Until recently, anybody who had something to offer on the internet (or elsewhere in the brick&mortar world) would request your registration to do business with you. This was tedious, had lots of flaws and still puts a  lot of burden on us consumers, especially the ones with the infamous “Geiz ist geil” attitude, always hunting for the best price of a merchandise. These bargain hunters would willingly subscribe anywhere and register with any online-shop where they would be able to buy something marginally cheaper of get their hands on a shiny new gagdet first. Well, we all did this sometime, somewhere, didn´t we? It may even have been just to get a special software that we would need to get something done quickly…

There the bargain hunters end up with a multitude of logins and passwords, as if we had known it. The background is the same everywhere: somebody who has something we want won´t let us have it until we sacrifice/disclose some of our identity information. Actually these people have power over us, and they are executing it freely. We seem to ignore this fact, as we are so much used to “register for free…”. This is seldomly “free”, we pay with facettes of our identity, and those are valuable to me.

Welcome to my world of Digital Identity – hopefully it will be as entertaining (and hopefully at least slightly insightful) for you to read as it is for me to write!

First of all, I would like to post my vision own of digital identities – which might slightly differ from what others think… there are some people out there who have rather far fetched visions, driving the future of how our digital lives will look like in some five to ten years or even beyond that. What I would like to sketch is rather short sighted for being called a vision, nonetheless this is far from being reality, to my own regret!

Let us start with our normal daily identity treadmill – booting my PC and… logging in… Ok, well…starting my Email client and… logging in! Getting a nice message that my Blog is online, and these & that are the credentials to… log into it. Catch my drift? Anyway, we all know this and there are products out there to tackle these problems, some doing a great job, some only improving the situation slightly. Most of these solutions come as enterprise packages, with lots of administration and a beautiful (or not so beautiful) GUI to tweak and turn. So, my work place identity/-ies are taken care of. Nice! But what happens with the “other” digital identity, my personal, private one? There is no admin to take care of it, there is no ID management tool that coordinates and keeps track of everything. And if there was – how would this thing cope with me being on the road all the time?

Well, there are tools for this also, one might say. And yes, some of them are pretty elaborate, mainly those based on some sort of USB memory stick with security functions. None of those do offer me the security and usability I would be looking for, though! What happens if I loose the USB stick? What happens if I change the password to access it, and then forget the right password due to me being only a lazy human?

As I had the pleasure to speak at a security conference lately, I was bound to ask: where is my digital drivers license? (courtesy of Dick Hardt, some will remember!). But could Dick be more accurate? His analogy holds true in most scenarios! Often I only need to proove that I am of certain age to access “content” – and we have our own little identity crisis here in Germany around this since the BGH (Federal High Court) ruled that XXX content needs to be protected by proper age verification. In other scenarios, it is only necessary to prove that I am that certain guy who registered some account and needs access to it. No need to disclose “real” personal info – just a verification that I have a valid claim to access the information in question. Thus, claims based ID management, such as discussed by Kim Cameron, come into play (but this is really the future, I guess- I won´t start wishful thinking until next year!). 

One could come with more and more of these scenarios, each with small but significant deviations from each other. Most of those could be tackled with some sort of digital drivers license, I presume. And I would be mre than happy to get my hands on Dick Hardts’ digital drivers license any time soon… just to check out if I could buy Vanilla Stoli with it in Canada!

Cheers and a wonderful christmas time as well as a perfect New Years Eve!

 See you all soon

Sebastian