So I am sitting here at the Internet Identity Workshop and so far, I’ve been impressed with the quality of the presenter. (I’ll have more on that later.)
I was chatting with Dale Olds from Novell and came across the following thoughts. With the rise of the empowered user, as Doc Searls speaks of, we may be facing a major downside. These concepts of user-centric identity are great… if the user actively manages their identity. What happens when this empowered user isn’t actively managing his or her identity? It seems to me that an inactive empowered user’s identity is equivalent to an unpatched Windows machine. Without actively managing my identity, it becomes a great target for not nice people to do not nice things.
If we elevate identity to the same status as a domain or device, then we elevate the responsibility of the identity owners. I, as an identity owner, have to maintain that identity: update privacy choices, update demographics, geographic information, etc. I would say that maybe, just maybe, 5% of the overall web population actively maintain their identities. My grandparents, for example, are not part of that 5%. So of the nearly 1 billion web users out there, there are literally hundreds of millions of identities which will not be actively maintained. An unmaintained identity is a prime target for not nice people just as an unpatched machine is a prime target.
Will unmaintained identities become weedy vacant lots in the city of the web in which nefarious types can use to their own ends? I think so.
- the default settings for empowered users matter. But who creates these defaults? Communities? Governments? Insurance companies?
- the tooling for maintaining my identity must be usable by my grandparents. We must not expose the underlying data model to the end user. We have to present identity and identity-related preferences in a way that the most basic users can understand.
- there needs to be a way to remain un-empowered. There will be a majority of users who do not want to have to actively manage their identity. These people will not manage their identities and those identities, left unmanaged, will be perfect targets for phraud and other identity crimes.
- we as an industry have a lot more work to do.