Digital identity is slippery: it can easily be narrowed down to “I want to login securely to a webshop to order a book”. The whole theme seems clear and soluble: the online bookstore has to deal with the details of its customers with some care. But for the good, or imaginative, constituent, the title of the book and the address to which it goes are in themselves enough ingredients for a new novel. That’s how it goes in a physical bookstore: a man with ribbed pants and a dated hat buys a biography of Stalin. Everyone who sees that, will get a picture of the identity of this man: who he is, why he is reading about Stalin now, in which newspaper he read a review. After a few moments you realize that this is not all that interesting and move onto other thoughts.
But online, this whole mess is of course neatly stored. An always available sea of inspiration for marketers, researchers, and their automated variants who can write all kinds of novels. And so digital identity has ended up in dramaturgy and interactionism: sociological concepts that state that identity is not something, but that it arises in interactions. So, by definition, you can not have complete control over identity, let alone record it: ‘Identity is in the eye of the beholder’.
Exciting. Interesting. But how do I order a book? How do I trust the web merchant? Or the parking permits department? A number of authors succeed in creating order in the conceptual confusion: a number of examples below. Somewhat random and also mainly selected for readability.
Seven laws
As early as 2005, Kim Cameron described seven laws for digital identity systems, of which the first four have recently been anchored in European legislation with the GDPR / AVG. The central point is the insight that machines must gain people’s trust step by step.
In a presentation (20 minutes) from the beginning of this year, Cameron once more lined up what is the result of the systematic violation of these principles and how that led to a whole series of scandals and warnings that have been extensively in the news over the past two years. More can be found on the Cameron website that is entirely dedicated to digital identity.
The concept of Sovereign Identity has emerged, especially from the blockchain community. In 2016, Christopher Allen described what he believes to be sovereignty over identity and appointed ten underlying principles.
Crisis and chaos
There are many illuminating insights in The Identity Crisis (Alpar, Hoepman, Siljee 2011). Because the lifespan of an identity does not have to match the lifespan of the person (or the thing) whom the identity says something about, identity does not have to be equal to reality. A nice, concise definition of trust is given: trust means that parties can go unnoticed by each other’s rules: which also means that every time that there is confidence, there is also a safety risk.
An original explanation for the chaotic diversity of login systems, password managers and e-readers comes from Steve Wilson. This diversity reminds him of evolutionary processes: organisms arise, mutate, and merge in response to ever-changing local differences.
10 Choices
Based on his experiences with Idensys, Jaap-Henk Hoepman recently formulated 10 choices we are facing in the Netherlands. These include whether government systems should be open to other parties and what the risk is:
Again, a larger system leads to lower trust, and the development of such a system becomes uncontrollable because of the (too) large group of stakeholders.
Author: Job Spierings, project manager at Waag