Lately I’ve been thinking about identity as a composite. There was a point where I was convinced by the reversal of poles – switching from the system-based identity to the user-centered identity. An individual has many roles and she can reveal whichever identity attributes that are necessary for a particular transaction. We think of these fragments of identity as the pieces that make up the whole. But another way to look at it is to think of identity of a composite of wholes. Some elements match exactly, but live in a different name space. It’s probably not a complete list, or maybe it’s too long, but here’s an an initial take on the modes of identity. Each one could be consider a whole identity.
- Private / Restricted
- Private / Restricted / VRM
If identity is composite, should there be a single control point? If there were to be a single point of access to the management of this identity, authentication would have to be both multi-factor and multi-band.
Should we put all our eggs in one basket? With investment portfolios we preach diversification– we seek assets that don’t correlate in changing markets. It’s called covariance, we don’t want everything to go up or down at the same time. If we can’t risk a single control point, then we need to move to multiple control points. And in fact, even the ownership of identity is in question. We hear a lot about “my data” and “my identity,” but there is no data or identity outside the Network. The idea of multiple control points means more than I control my identity from multiple credential sets, it means I share control of my identity with other entities. The power and political economy of an identity is distributed throughout a network of relations. We don’t live in a frictionless plane, we live as mortals, among mortals, in this world that unfolds around us in the stream of time.