An Identity Problem — Part 1
We Need a Primer
So, I’ve got an identity problem. Which is strange, because I work in assisting organisations with their digital identity.
My problem is everyone understands intuitively what their identity is, but not many can articulate exactly how to define it. Try to define identity in a few sentences — then get more than 5 people to agree with you. I’ll wager you get at least 3 different views in return. But we all understand it. Why is that?
Language is important. It provides the immeasurable power to define a notion into an understood meaning. But we if struggle to define the notion of identity into a common meaning, then how can we even talk about it?
We Need an Identity Primer
So here I go. Plenty of smart people expert in identity before me have had plenty of good insights on defining identity. This is the part of a series of provoking views on what digital identity is, and where it is going.
To be fair, it is a melting pot of ideas and writing, some based on experience, some based on reading and research. If the reader is also fluent in this field then you may come across ideas that you have also read elsewhere. This paper draws on lots of influences and not every idea, view or thought is unique to this view alone; it’s a collective.
Why ?
Identity is inherent to who we are and how we transact in society. Identity is an age old system that provides individuals and organisations with the confidence to trust each other.
Originally the internet was designed with little or no consideration for how to perform trusted transactions between parties based on their identity. It was essentially anonymous. However it quickly emerged that the absence of this identity layer was a fundamental obstacle in enabling trusted transactions online to increase the velocity of business.
Early on the understandings of traditional forms of identity, such as paper based, where attempted to be translated into the digital world. Original attempts met with various levels of success, but typically only generated further process bottlenecks in identity proofing, where at the core of the process the paper based form was still relied upon. Identity was no exception to the realm business process design efficiency — you only realise true efficiency when you get rid of the reliance in the very last bit of paper in the process.
Digital identity solutions have emerged as a means to provide trusted transactions in an online, digital and paperless world. However our normal concepts of identity are often still rooted in our social traditions, and institutions as we have all intuitively used it to obtain trust it in our everyday world.
While we typically know reasonably quickly when we trust someone or when we don’t based on who they are and how they act. But in an digital world, where physical presence is remote, this is a much harder problem to solve. And its an even harder thing to trust.
Why Is Digital Identity Important?
A ‘Digital by Default’ world has emerged where a preference for online transactions drives how customers expect services to be provided. Furthermore, the emerging customer generation of ‘digital natives’ will expect to transact purely online. The benefits of this paradigm for customers and organisations include ease of use, velocity of business, operational efficiency, reduction of overheads, transparency and enhanced reputation.
Traditionally organisations achieved digital security by locking all their assets inside secured perimeters such as firewalls. Only trusted internal staff access was allowed, but it was secure. This approach is no longer viable in a digital world where online access into an organisation’s digital assets is the reality. Identity and Access Management is now the ‘digital services firewall’ in the modern environment where organisations must securely transact with their customers. It is a critical business enabler for any organisation that wants to know their customers better and provide personalised services.
Identity Trust and Security
A well-constructed identity solution provides individuals and organisations with the confidence to trust each other. The trust provided by an identity is two way. It forms a respected relationship between individuals and organisations.
The use of identity to form trust relationships is an entirely natural human way of social behaviour between groups of people. Identity allows transactions for goods, funds, data, people movement and other resources to occur between people, organisations and states.
Organisations solve trust in their users by an identity management capability. They register users and provision trust against them. So when they recognise a returning user they can offer them legitimate services.
It’s harder for individuals though. Individuals select organisation’s services based on personal decisions that balances the utility and convenience they obtain from the service verses trust in how the organisation respects their privacy and reputation.
The balance of the decision is particular to the person. Many people will give away significant amounts of personal information if they get high value out of the service. Others will wish to give away only relatively anonymous information if the value of the service is low and they have less trust.
But if individuals are selecting their organisations based on their trust in the treatment of their concerns for privacy and reputation, how do they know which organisations can be trusted? This is a tricky process for individuals. It’s easy to get this wrong initially, but overtime individuals become savvy to those who they can trust and those they are wary of.
The interesting point is that in effect their privacy and repudiation needs can drive the identity capability of organisations. If organisations indulge in poor identity practice then individuals detect and share this malpractice and the general market of customers will start to shy away from them and go elsewhere. Consequently the organisation’s success ultimately withers and dies.
Conversely, if individuals trust the organisation’s services, they will use them. In turn utilized services become highly successful services. So the level of respect in user’s privacy and repudiation is a key enabler for successful digital services.
Coming next — Part 2 — A Short History of Identity….
