Tuesday, July 15, 2008

Understanding identity systems

John Udell has been explaining the virtues of the laws of identity to some non-techie friends and to his surprise they got it!

"In conversation with English and Welsh friends last week, the subject of Britain’s imminent National Identity Scheme came up. My friends, who are worldly and well-educated but not technical, voiced concerns about the amount of personal information that will be stored. Their understanding was that a lot of this information will be kept on the new ID card. In fact, the proposal says that only a subset will stored on the card, which will be backed by a cloud-based (and decentralized) National Identity Register. But either way, my friends’ concerns are of course valid. If governments or businesses aggregate too much personal information, accidents and abuses will occur.

At the same time, my friends do recognize the need for a strong and secure means of identification. So they’re not opposed to identity cards on principle, they just don’t want those cards to contain, or link to, extensive dossiers.

At this point, channeling Kim Cameron, I launched into an explanation of the laws of identity and the identity metasystem. Well, sort of. I didn’t say anything about cryptography, or digital certificates, or XML web services. But I did paint a picture of a world in which individuals interact with many identity providers and many relying parties, in which all actors trust one another in exactly the ways they already do today, and in which disclosure of personal information is minimal and context-dependent.

Halfway through I thought, well, this will never fly. This whole scheme is based on decentralization and indirection, and I know people don’t take naturally to those concepts.

But…they completely got it! ... it was a hopeful moment. "

No comments: