Just as individual identity is fundamental to our face-to-face interactions, digital identity is fundamental to our interactions in the online world. Unfortunately, many of the challenges associated with the Internet stem from the lack of widely deployed, easily understood, and secure identity solutions. This should come as no surprise. After all, the Internet was designed for sharing information, not for securely identifying users and protecting personal data. However, the rapid proliferation of online theft and deception and the widespread misuse of personal information are threatening to erode public trust in the Internet and thus limit its growth and potential.

Microsoft believes that no single identity management system will emerge and that efforts should instead be directed toward developing an overarching framework that connects different identity systems and sets out standards and protocols for ensuring the privacy and security of online interactions. Microsoft calls this concept the Identity Metasystem. The Identity Metasystem is not a specific product or solution, but rather an interoperable architecture that allows Internet users to use context-specific identities in their various online interactions.

PDF

M$ has released a new paper ‘The Identity Metasystem: Towards a Privacy-Compliant Solution to the Challenges of Digital Identity’. The above is from the summary. This paper is flawed from the outset; the ‘problem’ of identity on the web is a vendor looking for a solution.

individual identity is fundamental to our face-to-face interactions, digital identity is fundamental to our interactions in the online world

This is not true. When I buy a newspaper from a street vendor, he doesn’t need to know anything about me to sell me an Evening Standard. When I buy a bouquet of flowers from a shop in the high street, the shop keeper doesn’t need to know who I am and where I live, or anything else about me. All they have to know is that my money is good. They can then deliver the flowers to wherever I say it should go. The second part of that quoted sentence, “digital identity is fundamental to our interactions in the online world” is simply wrong, for reasons I give below.

many of the challenges associated with the Internet stem from the lack of widely deployed, easily understood, and secure identity solutions.

This is not true; the problem is, as I say below, one of buggy whip manufacturers trying to sell their wares to bicycle makers. Poor analogy!

the rapid proliferation of online theft

Is caused by this misapplication of existing systems and a misunderstanding of what is actually required for an online purchase.

Microsoft believes that no single identity management system will emerge and that efforts should instead be directed toward developing an overarching framework that connects different identity systems and sets out standards and protocols for ensuring the privacy and security of online interactions. Microsoft calls this concept the Identity Metasystem.

Identity management systems are not needed. The onus needs to be swung back onto the user. Identity management systems will eventually be replaced by light systems where the users ‘identity’ is owned by the user. These bad, antiquated systems will eventually collapse like MS Passport collapsed, when the solution that solves the problem correctly is launched.

Identity, like cash, needs to be owned by the user, and it needs to be cash like, and not card like. The problems of CC fraud are caused by old style services trying to shoehorn ’70s style payment systems into a twentieth century shoe. The way forward is to literally let people own their identities, i.e., in systems that do not rely on you revealing who you ‘really are’ to get things done, but which rely on you managing your identity in a cash like manner. I have said this before on BLOGDIAL; your data has an actual monetary value and should be treated as a valuable thing, like precious metals etc.

Skype payments (and all payment systems like it) are a good example of a cash like identity system; they are light, limited in their exposure of user info, and the onus is on the user to protect a single piece of information; her login.

Skype doesn’t care who you ‘really are’ in order for you to spend Skype money (when they roll this out); its up to you to protect your user name and password, just like it is your responsibility to look after your wallet in your pocket when you are in the street. Oyster, for all its flaws (following people around) is the same. When you buy an anonymous Oyster card, no one will care who you are when you go and buy a Mars bar with it in a shop. Who you ‘really are’ is irrelevant to all transactions both online and offline; this is the paradigm (re) shift that identity system vendors resist but which has been in place for generations. It is only now that it is possible to know everything about someone when they grocery shop that companies are clamoring for ways to actually do this and harvest this data. It has never been needed and will be rejected wholesale when people cotton on (again) to how bad these systems really are for people and society.

You can buy with Skype money, have goods delivered to any address that you like, and be completely anonymous while taking full advantage of e-commerce. This is the way that identity should be managed; in light, not heavy systems, that are cash-like, where the onus on security is pushed (or released) back to the consumer. Chaumian e-cash did this beautifully; you should look it up as an example of how identity can and should be managed.

Biometrics, ID cards, iris scans and every other vendor created snake oil product to ‘secure’ identity and e-commerce is just that, Snake Oil. Twenty first century thinking and systems are what is needed and are what will eventually take over. Over zealous, pointless, vendor driven ‘solutions’ are detected as damage by ‘the internets’ and economics, and both of these will be automatically routed around, circumvented, defeated and replaced by systems that are both better and beneficial.

One thing is for sure, Microsoft will not be the vendor to come up with it. It will be someone like Skype, or its decedents that does it; some outfit that is light, decentralized, focussed and unfettered, unlike M$, which is encumbered, lethargic, immobile and who has been playing catch up since Netscape. It will not be Google either, as we have seen from the YouTube buy out. Whoever does it, this solution will change everything overnight. It will destroy the old (and wrong) ideas about identity, and then we will enter ‘The Third Bubble’.

This entry was posted on Friday, October 27th, 2006 at 11:34 pm and is filed under NIR, Privacy, Software.