17 July 2018

44975

Retired Member

3,614Posts 14,166,039Views 4,515Comments
Whatever...

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

Identity Now - Not Interoperability in the 22nd century

21 June 2009  |  2292 views  |  0

There are many issues to this current emergency need to restore identity, but I expect the ones that will most influence the outcome are cost and convenience. Trust is always at the forefront when it comes to people's finances and at the moment as far as I can see that trust rests firmly with the systems of government supporting the financial system.

The government is probably in a better position to enhance that trust with identity than banks are at the moment. They also have the greatest imperative to reduce costs. It isn't convenient to spend vast sums on identity, and even greater ones convincing, cajoling and coercing citizens into using whatever they put forward as the solution. This will play as big a part in the debate as anything else.

All the arguments for interoperability could be used to support the case for a central government supported, regulated and perhaps guaranteed identity management system. It would have to be appropriately positioned in neutrality.

Governments are generally inclined to take the course of least resistance. That path does not appear to be identity cards, although all citizens rcognise the need to protect and express their identity. The main problem with identity cards is that they either require vastly more personal and even biometric information than they have already had stolen or compromised. The currently proposed identity processes are a one way street - the authentication is perhaps one way, rather than mutual and is percieved to have greater potential dangers than currently face us without workable, reliable, secure identity.

Identity can actually strengthen democracy, make life easier, safer, reduce random and opportunity crime, fraud and provide cost saving benefits which would enable governments to provide better services to everyone.

We all agree on that, however few proponents of identity schemes have bothered to investigate the real and immediate benefits it can give citizens, rather the benefit (often somewhat dubious) which flows to government. It is well recognised that forced ID will probably create more home grown terrorists than any previous issue.

Web service and technology companies as a whole certainly want to make it easier for consumers to be protected, and to reduce their exposure to damage and loss, however the objective they seek is probably a wasye of resources and effort, rather adopt a single interoperable central auhtentication provider model and combine resources to monitor, supervise secure and maintain it and empower everyone to immediately begin to enjoy the benefits of properly concieved identity provision.

Get on with business and enjoy the infrastructure that we all have an a stake in.

Immediately you suggest a central 'big brother' identity provider the conspiracy lovers and privacy advocates begin to scream. There is no need for alarm. Similarly Stephen points out the trust relationships are currently selective and the commonly perceived idea of a central identity provider suggests that we are forced to trust everyone who is a part of the system.

Not so.

It is possible to have acentral identity provider which has no actual dat on any individual.

It is also possible to have a central identity system which alklows participants to choose who they trust, or whose recommendations to trust in much the way they can now.

It is the process that must different.

Simply provide a robust, defendable and easy to comprehend framework through which to communicate trust - once the participants are authenticated.

We can then choose who we want to trust, like we do now, based upon the experiences of someone else we have chosen to trust.

All we neeed to know is that the individual we are deciding whether to trust is the same individual that our other trusted partner trusts.

Simple is missing in most individual solutions, which generally are 'temporary' solutions and then become the debis after a breach.

Simple is missing from the OIIOI equation. I  have great difficulty picturing a successful outcome. I wouldn't bet on it. Not in my lifetime. Even the it still suffers from the lack of accountability issue as well, something they conveniently forget. Remember part of the existing problem is that  you have a thousand times more chance of being caught and punished for jay-walking than you do for fraud. Any process aiming to prevent fraud and id theft must facilitate apprehension of those who seek to do wrong, not just the odd random one who actually succeeds.

The thing to do is adopt something we can all live with and benefit from - in the here and now, while others form scores of discussion groups and standards committees to integrate a diverse and ever-changing universe of strategies and approaches. People will still be free to choose to add whatever layer of exotic gadgetry they choose, but just let the rest of us get on with business because we all need identity - it's the foundation of trust.

It only has to be good enough to be better than nothing at this stage.

KISS.

Keep It Simple Stupid.xx

It is about peace and progress, not saving the butts of every misguided would-be identity and gadget provider. I can see the instinct to huddle together in the face of disaster, but strength in numbers won't hide the truth or keep the wolves from our caves. At best - one by one...crunch, at worst it'll be a bloody disaster.

Comments: (0)

Comment on this story (membership required)

Retired's profile

job title
location
member since 2014
Summary profile See full profile »

Retired's expertise

Member since 2009
3595 posts4,515 comments
What Retired reads

Who's commenting on Retired's posts

Pooja Golakonda
Behzod Sabirov
Ketharaman Swaminathan
Melvin Haskins
James Treacher
Kenneth Marritt
Mark Santall
Alexander De Lange
Graham Seel
Kishore Meda
Willem Lambrechts