There are a number of problems with the identity systems available on the Internet:
- Trying to keep track of all the username and passwords of all different accounts is hard enough but if you are like my wife, who likes to have a separate password for all her accounts, the problem is ten times more vexing.
- Trying to ascertain that you are indeed on a web page you think you are on is not easy for technically unsophisticated users. This leads to a number of Phishing incidents.
- Trying to ascertain who you are dealing with is hard on the internet. This leads to a number of baiting scams.
- Identity theft is a growing menace with offenders able to easily complete a number of fraudulent transactions with the stolen identity data.
- Email spam and comment spam on blogs is growing problem.
Kim Cameron’s laws of identity provide an excellent roadmap for building solutions that can address the identity infrastructure needs. Based on some of the laws, there are a number of solutions in the market waiting to mature and provide solutions to some of the problems listed above. A few of these solutions/approaches are SXIP identity, OpenID, Inforcard (Microsoft) etc. While there solutions and laws are important in addressing the glaring needs of identity infrastructure, they might not apply to all layers of identity.
Every individual has multiple personas. People have a persona as a professional (VP of engineering), a persona as a customer (buying a book from Amazon.com), a persona as a citizen (INS etc.) persona as a member of social clubs (treasurer of TIE), a persona for friends (you don’t know him like I do!), a persona for parents (I am not intimidated by him as I have seen him in diapers), a persona as a spouse and a parent (remember that time in Hawaii) etc.
Some of these personas like customer or citizen personas require explicit credentials based claim validations but several others like treasurer of a social club are validated by other people based on shared experiences. Remember that famous scene from Ghost, when Oda Mae Brown (Whoopi) allows Sam to take over her body and touch Molly. Molly does not ask Sam for any social security number or password, a touch based on their shared past is all the identification she needs to feel Sam’s presence. There shared experiences are important form of identification especially in the online social networks. In fact companies are willing to pay money for some of these personas if they can be unambiguously identified.
What kind of infrastructure is needed to support to capture such shared experiences? Do all the laws of identity still apply? How does it fit with the first law of user control and consent?