Saturday, January 21, 2006

Notes on Laws of Identity (Part 1)

1. Problem Statement: Since there is no identity layer on the internet, various "identity one-offs" emerged to fill the gap. This has led to two problems: (a.) No consistent comprehensible framework allowing users of the internet to evaluate the authenticity of the sites they visit (b.) Lack of a framework for controlling many aspects of their digital existence.

2. Phishing and pharming are two of the fastest growing segments of the computer industry, thereby threatening the trust of the people to use the internet ...thereby limiting the potential of the internet. One huge hole would be the prevention of reaping the benefits of web services.

3. It's hard to add an identity layer to the internet because digital identity is related to context, and the internet is experienced through a thousand kinds of content in at least as many contexts. So the many attempts to add a "layer" in fact work great for a specified set of contexts, but not to other contexts.

4. Therefore, the emergence of a single simplistic digital identity solution as a universal panacea is not realistic. The diverse needs of many players demand that we weave a single identity fabric out of multiple constituent technologies.

5. This is going to be damn tough, but history has proven that things like this are acheivable. Two examples: (a.) Way back when, apps had to be "aware" of specific hardware and code "to it". Over time, a software layer emerged to abstract the specifities of a given hardware. Device drivers enabled interchangeable hardware to be plugged in as required. Hardware became "loosely coupled" to the computer. (b.) Way back when, apps had to be "aware" of specific network devices. Add a layer of abstraction and voila! TCP/IP allows apps to work without knowing a darn thing about the underlying systems (Token ring, ethernet, blah blah). We now "add" wireless to the mix, and no apps break! great stuff.

No comments: