15.05.2013 17:00-18:00

European Identity & Cloud Conference 2013
Combined Session


An Ecological Theory of Digital Identity

Cybercrime and the password plague have led to a near universal acceptance of the idea of Federated Identity. Yet federation has struggled in practice. It has really only thrived in no-holds-barred social networking, where we enjoy the convenience of logging onto multiple sites with an unverified Facebook or Twitter account. However, absent special legislation, higher risk services like banking, healthcare and government do not freely federate. Instead they tend to maintain their own identifiers and sovereign registration processes. Many promising initiatives and technologies like CardSpace have collapsed, and there’s been a revolving door of security industry collectives.

This presentation explains why Federated Identity is easier said than done. The core problem is people underestimate the changes it forces on how we normally do business. Federation complicates long standing relationships and liability arrangements, exposing customers and service providers to unprecedented legal risks. The stakes are high. Government and industry have grand plans to build “identity ecosystems”, such as the US National Strategy for Trusted Identities in Cyberspace (NSTIC) and the UK’s Government ID Assurance project. And Facebook, Google and LinkedIn are jockeying for position as global Identity Providers. So which of these will thrive and which will die another slow death?

The answer lies in studying the way Digital Identities have evolved. Ecosystem is the buzzword du jour yet identity management has lacked genuine ecological thinking, until now. Here is a fresh and predictive ecological theory of Digital Identity. The simple reason we have so many identities is we have so many different transaction contexts, with distinct risk profiles. When an ID has evolved to fit a particular business niche, then trying to re-use it in another context is a lot like taking a saltwater fish and dropping it into a fresh water tank. We show that Digital Identity is “memetic”, with each ID being shaped by numerous memes, to do with enrolment process, user interface, algorithms, password rules, key length, KYC legislation, terms & conditions and so on. We introduce the possibility of memetic identity engineering, and set out a renewed identity research program to go forward.

Trust in Adherence to a Predefined Role

In old Venice, upper-class citizens for centuries were used to wear masks in everyday life, not only during carnival times. One special mask and disguise, “Bauta e Tabarro”, was commonly used to go to business meetings, to friends, to lovers or to the casino without being identified.

The use of the Bauta costume was acknowledged and regulated by the government. The mask itself was standardized in a similar way to English school uniforms to be suitable even for official political events when all citizens were required to act anonymously as peers. Only legitimate Venetian citizens, which practically meant members of the Venetian gentry, had the right to use it.

It was not allowed to wear weapons along with the mask, and police had the right to enforce this ruling. So whenever you met someone wearing the mask, you could be reasonably sure that he or she was a legitimate upper-class citizen of Venice with some accountability and that he or she was unarmed. In addition to that, it was accepted by the Venetians, that every bearer of a Bauta should behave politely, friendly and with grace.   

Interestingly, with all the well-known problems of how to enforce rules when dealing with people acting anonymously, this concept worked well enough to let the Venetians stay with the concept until the culture completely changed when Venice became Austrian territory in 1797. There are no reports that show a higher crime rate resulting from the practice of allowing citizens to live and act anonymously whenever they wanted.

But what exactly was the trust framework behind concept like? Can it be compared to modern communication trust frameworks suggested for anonymous use of the internet? The key factor seems to be that the actors within the Venetian community widely accepted that switching over to anonymous mode meant taking over a predefined role with a limited choice of behavior patterns. For every bearer of a Bauta it was a point of honor to at least play the role of the ideal, civilized, charming Venetian citizen. Whoever failed to meet these expectations risked to be unmasked and to lose honor. Could this be a model for internet communities – and could this concept be mirrored by online platforms?   

Seraphinite AcceleratorBannerText_Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.