Can We Control Our Digital Identities?
The web and cloud need an identity layer for people to give us more control over our sprawling digital identities.
There was a time when you were identified by two pieces of information: your phone number and your address. But with the rise of social apps, mobile, and big data, your identity -- now your digital identity -- is far more complex.
Your digital identity encompasses a staggering amount of information. Every credit card transaction, uploaded photo, shared social post, social login, sent email, and site cookie shapes our digital identity. It's all out there somewhere in the cloud.
Much of this gets linked and correlated (often through social logins or other identifiers such as phone numbers and email addresses), and the aggregate effectively represents you online -- that's your digital identity -- and gives you wonderfully personalized services and precisely targeted ads. But you don't own your digital identity -- or at least you don't manage or control it.
[In the next five years, expect vendors to roll out digital-self services. Read How Will You Manage Your Digital Self?]
As our digital identity becomes more useful and more accurate, there are both concerns and excitement about the new value it creates. The British research firm Quocirca published a report last year detailing BYOID, or Bring Your Own Identity, discussing how employers are using social and third-party SaaS logins to replace or augment enterprise identity, and how identity brokers -- meaning companies that establish the holistic view of the customer through insights and analytics -- add degrees of verification through social graphs and digital information.
In other words, who you are is increasingly cross-linked across multiple domains, in multiple dimensions, and even across your real-life persona.
Closer to home, the National Strategy for Trusted Identities in Cyberspace (NSTIC) calls for what it dubbed the Identity Ecosystem, a digital environment built on clearly defined guidelines for the use/access of personal data by individuals and corporations. The Identity Ecosystem will be defined as a success so long as it is enhances privacy and is voluntary, secure, resilient, interoperable, cost-effective, and easy to use.
That's all well and good, but what does that mean for consumers and organizations?
First, though no service provider is yet able to have a holistic view of your digital identity, the potential for the linkages are technically there, and that is the overall direction we are headed -- like it or not.
Second, it means that individuals need more control over their digital identities. The NSTIC may spark some paradigms for this. And the online industry, as well as regulators, are debating the right ways to ensure security, privacy, and personal data control. At the same time, they are allowing the personalization of online services and the economy that drives the availability of those services, which to a great extent is fueled by the very data that makes up our digital identity.
But none of this addresses the core question of ownership and control of one's digital identity. And, really, it can't. Our digital identities are not something integral that reside in one place. Rather, they are spread across our online data and identifiers, and most of that belongs to the services we use.
It's possible that the web and the cloud need a new layer -- an identity layer for people and organizations -- similar to the identity layer for web sites (DNS) that built the web as we know it. Today, we don't have an analogous service that allows us to discover people and organizations (or things, for that matter). We can do this within a social app or a proprietary web app, but we can't do this across the whole web.
Such a layer would help us get control over our digital identities. For example, it would allow us to link and share our various cloud identities (such as social identities, SaaS logins, and other identifiers such as phone numbers) and data. Through federation and other delegation, we can assert control over our identities and data via a graph. Those familiar with gateways, DNS, and RDF graphs will see how these concepts can be joined together, so that a discoverable identity could act as an authorization manager for all of the cloud-based assets related to our identity.
As our lives move online and our digital identities achieve a kind of power they never had before, we need to own our digital identities. The best way to achieve this is through a web infrastructure that rides above the applications we consume on the web. We will finally have durable digital identities, and because we control access to our personal clouds via these identities, we'll be able to control our own privacy threshold.
Interop Las Vegas, March 31 to April 4, brings together thousands of technology professionals to discover the most current and cutting-edge technology innovations and strategies to drive their organizations' success, including BYOD security, the latest cloud and virtualization technologies, SDN, the Internet of things, and more. Attend educational sessions in eight tracks and visit an Expo Floor more than 350 top vendors. Register with Discount Code MPIWK for $200 off Total Access and Conference Passes. Early Bird Rates end Feb. 21. Find out more about Interop and register now.
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024