Independent Identity - Take It of Leave It

This article appeared as my column for Connect Magazine in December 2004.

Last month I attended Digital Identity World. Most of the conference was about digital identity in the enterprise space, that is, products for managing identity problems in big organizations. All of that is interesting, but what held my attention were the side conversations on what might be called personal identity.

Companies spend a lot of money managing their information about you. When you apply for a credit card, the bank creates an account for you, gives it a unique identifier and begins to collect information. Of course, they're not trying to compile your life story, they're documenting their relationship with you. They not only record relevant attributes like your address and credit score, but also so-called "demographic" information like your age and even the kinds of products you frequently buy.

Meanwhile, your wallet is filling up with evidence of the relationships you have with all these companies. From your perspective, these relationships are all managed separately, according to the rules set down by the company-take it or leave it. Imagine, however, if you could link these relationships and take control of the conversation. Someone at Digital ID World called this "company relationship management," in an obvious twist on the familiar "customer relationship management" software that companies use to manage their customer information.

Consider, for example, what happens when you sign up for some online service. You give them lots of information about you and they give you something of value in return. They probably have a privacy policy that tells you what they're going to do with all the information you gave them-take it or leave it.

Now, imagine a different world where instead of being offered a one-size-fits-all privacy policy, a software agent on your side enters into a negotiation on your behalf and comes away with a custom privacy policy, tailored just for you. People negotiate on price all the time, why not negotiate on information exchange as well?

In order for this to be possible, people need a way to manage their own identity information and the key to making that happen is a permanent, personal identifier. Some people think i-names (see www.2idi.com) are the answer. An i-name is standards-based personal electronic identifier. You sign up for an i-name and it's yours for 50 years. My i-name is =windley (i-names are always written with an equal sign in front of them).

In some ways, an i-name is like a domain name for people and organizations. Just like domain names, i-names need a broker to map the name to some useful service. Right now, the only service your freshly minted i-name supports is an email contact point, but other uses including federated login to Web sites and even as a phone ÒnumberÓ you never have to change are possible.

How does an i-name, or something like it, let me take control of the identity relationships in my wallet? By linking them all to an identifier that I own and control. With the right software, that identifier can be linked to the attributes that are important in those relationships and to preferences that I have independent of them.

Letting me control preferences sequences events so that I'm in the drivers seat. Here's an example: When I rent a car online, they may all know my preference for a Ford, but because I have to choose one of them first and then they see if they can meet my preference, its hard for me to make them compete for my business on that basis. They make me an offer-take it or leave it. Even if I go from Web site to Web site, the rental car company isn't explicitly aware that they're in competition.

If, on the other hand, I can express a preference first and then makes the rental car companies compete for my business, they're more likely to take it into account when making me an offer since now they're aware they're in competition. Big organizations have used this technique for years in the form of RFPs. When you own the repository of your attributes, traits and preferences, you have the power to request proposals.

An i-name is the basis for building your independent online identity. Services like privacy negotiation or individual RFPs are built on top of that independent identity. It may be that i-names never take off, but I'm convinced something like them will. Until, then, it's a take it or leave it world.

Phillip J. Windley is an Associate Professor of Computer Science at BYU. He is the former CIO for Utah and writes a daily blog at www.windley.com. Contact him at phil@windley.com.

Last Modified: Friday, 31-Dec-2004 23:24:25 UTC