Welcome to my world of Digital Identity – hopefully it will be as entertaining (and hopefully at least slightly insightful) for you to read as it is for me to write!
First of all, I would like to post my vision own of digital identities – which might slightly differ from what others think… there are some people out there who have rather far fetched visions, driving the future of how our digital lives will look like in some five to ten years or even beyond that. What I would like to sketch is rather short sighted for being called a vision, nonetheless this is far from being reality, to my own regret!
Let us start with our normal daily identity treadmill – booting my PC and… logging in… Ok, well…starting my Email client and… logging in! Getting a nice message that my Blog is online, and these & that are the credentials to… log into it. Catch my drift? Anyway, we all know this and there are products out there to tackle these problems, some doing a great job, some only improving the situation slightly. Most of these solutions come as enterprise packages, with lots of administration and a beautiful (or not so beautiful) GUI to tweak and turn. So, my work place identity/-ies are taken care of. Nice! But what happens with the “other” digital identity, my personal, private one? There is no admin to take care of it, there is no ID management tool that coordinates and keeps track of everything. And if there was – how would this thing cope with me being on the road all the time?
Well, there are tools for this also, one might say. And yes, some of them are pretty elaborate, mainly those based on some sort of USB memory stick with security functions. None of those do offer me the security and usability I would be looking for, though! What happens if I loose the USB stick? What happens if I change the password to access it, and then forget the right password due to me being only a lazy human?
As I had the pleasure to speak at a security conference lately, I was bound to ask: where is my digital drivers license? (courtesy of Dick Hardt, some will remember!). But could Dick be more accurate? His analogy holds true in most scenarios! Often I only need to proove that I am of certain age to access “content” – and we have our own little identity crisis here in Germany around this since the BGH (Federal High Court) ruled that XXX content needs to be protected by proper age verification. In other scenarios, it is only necessary to prove that I am that certain guy who registered some account and needs access to it. No need to disclose “real” personal info – just a verification that I have a valid claim to access the information in question. Thus, claims based ID management, such as discussed by Kim Cameron, come into play (but this is really the future, I guess- I won´t start wishful thinking until next year!).
One could come with more and more of these scenarios, each with small but significant deviations from each other. Most of those could be tackled with some sort of digital drivers license, I presume. And I would be mre than happy to get my hands on Dick Hardts’ digital drivers license any time soon… just to check out if I could buy Vanilla Stoli with it in Canada!
Cheers and a wonderful christmas time as well as a perfect New Years Eve!
See you all soon
Sebastian
- now with even more big AND versatile brains in Redmond it must feel like the “in the old days”… Nevertheless, I think the (not so evil) empire really was able to “strike back”. Hiring Dick shows that Microsoft really wants this IAM thing to work – not only product-wise for the enterprise market, but also for the general population “BORGrosoft drones”, which most of us still tend to be…
