George Siemens of elearnspace pointed to a couple of papers written last week by Stephen Downes on digital identity (part 1, part 2) which were very interesting. A disclaimer, not being an academic I personally find Stephen’s work difficult to read so I might have misunderstood the intent, if so let me know.
Stephen’s first paper provides the context of the problem he is trying to resolve, while part 2 provides us an answer. Part one covers Identification, Authentication, Privacy, and finally self-identification and within the paper touches on several of The Laws of Identity both from a positive and negative perspective. In fact much of his ideas and concepts directly relate to a recent White Paper released by Kim Cameron. So what are the 7 laws of identity, you can either read the white paper, or have a look at this old post.
The second part of Stephen’s paper actually provides a set of perl scripts that implement a digital identity system called “mIDm”. The system looks nice and simple, to quote Stephen:-
* A user declares the name of his or her private website – the location of an mIDm script on their own server (or a server provided by a host, such as an online community of their choosing)
* When the user attempts to access a remote website, the remote website redirects their browser to that mIDm server with an access key (sometimes called a ‘handle’, though I don’t like that name).
* The mIDm server accepts and stores the key. The idea here is that only a person with access to the mIDm server can store that particular key.
* The mIDm server redirects the user back to the remote website.
* Upon the user’s return, the remote website independently requests the key from the mIDm server.
* If the key is returned, then the server accepts that the mIDm address provided by the user is valid, and hence, may request additional information (such as, say, FOAF data) from the mIDm server.
While not a perfect solution a good starting point.
I have been reading some of the posts that have come out of Digital Identity World over the last few days and am finding some interesting (there’s that word again) comparison with Stephen’s work. Such as this post from Kim Cameron where he is quoting an idea from Scott Mace on the concept of an ID-Legal web site:-
“…what we need is a Web site that determines which Web sites and services comply with (the) 7 laws of identity. Maybe it could be modelled on this, and let the visitors vote on the compliance of each particular Web site with the 7 laws.”
Stephen’s system is working along these lines, not 100% but close enough for me. He has defined a nice solution that works on a one to one basis.
If we pick up on Eric Nolan’s post on Law 7 we start to see that what Stephen is proposing is something very much like the “Secure Token Service” or STS. But to do this we will need some standards to ensure communication across the metadirectory is seamless, maybe that is what they are talking about and I am missing the point. Stephen did not see too impressed with the whole metadirectory idea but his solution does seem to go down the path of the laws, I wonder if he intended this or it is a coincidence? What I like about Stephen’s solution is he has touched on many of the aspects that are being discussed as part of the broader debate around digital identity but in a simplified format that non-experts can related to which is always a good thing.
In leaving Stephen’s work for a minute I am all jazzed up about the deeper meaning of the 7th Law, specifically the bit about “consistent experience while enabling separation of contexts”. I have ranted over and over again about the whole user experience and it seems imbedded in these laws is that if systems complied with all 7 would begin to improve the user experience.
This poses some interesting challenges for system designers. How does one build a system that allow the portability, as discussed, but still simply enough to be used by joe average and not requiring 100 consultants for a large consulting firm to implement? At the core we need to be able to understand the identity of a person using a workplace tool so that their user experience can be personalised to their specific needs based on their role in the organisation, aka the employee portal. My definition of an “Employee Portal” is a solution that provides a secure, single point of interaction with the organisation, covering information, business processes, and people, personalised to the employee’s role, needs and responsibilities.
Personally I am not able to dig deep enough (if you are check out these links) into the complexity posed by all of this work within the digital identity space, I am more just a keen observer who really wants to simplify how we provide secure access to systems for employees to use on a day to day basis and easy enough so that all systems will implement it. Complexity in the management of identity within enterprises is one of the leading causes poor people data management begin to solve identity management and the rest becomes simplier.