In his post, Bob talks of Google trying to do social with an eye on the lucrative targeted advertising dollars that Facebook is currently hogging. This is the motive I alluded to at the end of my post as well. But things (appear to) have become a bit clearer here (albeit still speculation). During an interview with NPRs Andy Carvin, Google CEO Eric Schmidt didn’t throw out the usual pro RealName arguments about maintaining civil discourse online and such, but basically talked about Google’s ambition to be an identity service – a platform on which commerce and government services can run. And for such a platform to be widely adopted and billable, the data needs to have a certain fidelity – no different than the kind of identity stores we build within enterprises today.

Google already has such an identity platform – it’s called Google Profiles. If you’ve ever created a GMail account for any reason – as a GMail user, to enable an Android phone, for using Picasa – you have a Google Profile. The problem is that these service-derived profiles are of low value to the user, created only to get on to the desired service, and so they are never maintained and have low data quality. And like in a lot of enterprises that engage in identity administration and provisioning projects, Google has to deal with multiple identities per person that need to be linked and correlated. If doing that is hard in the enterprise space, imagine how hard that is do in the personal space where users not only have no reason to facilitate this, they actively engage in keeping some of these profiles separate and distinct. Just in writing this post I noticed that mine still reflects my Oracle position – unlike my LinkedIn, Twitter and Facebook profiles. The common thread through those three services that I kept up-to-date? They’re social, an extension of me into the online world.

That’s why Google+ is so important to Google’s aspirations for Google Profiles. Google wants to use social as the honeypot that draws in all those users and keeps them highly engaged and motivated to keep their data up-to-date. They see how well this is working for the Facebook identity platform and want to replicate that success. But here’s the disconnect – Facebook got to this spot organically. While Zuckerberg may be a visionary in many aspects, his first priority when building Facebook was to build a social network where people would hang out. As the social engagement increased the number and fidelity of identities in Facebook’s database grew as well, The team then pounced on the opportunity to build a platform out of this. In true engineering-driven style, Google is reverse engineering this – seeing where they want to get to and trying to replicate the same path, but instituting fixes that short circuit what took Facebook years to do. Except that there are no shortcuts.

The trouble with social is that it is social – with all the norms, behaviors and expectations that come with that. You cannot re-engineer that overnight (Facebook is being far more successful in doing so using far more insidious means). Facebook also has a policy of Real Names, but it realizes that to make the social work you have to cater to the psychology of the users. So there are no identity verification processes, no automatic suspension of accounts and schemes that entice us to provide real data instead of telling us to do so. The fidelity of the data is proven by it’s socially verified reputation, not because there is a policy document that can be pointed to (at the end of the day, a much more robust and legitimate mechanism).

Do you know what you get if you feed a tribble too much?

Google may think that social is all cute and cuddly, but they may be about to find out that it’s a completely different beast that could clog up their systems. Meanwhile, the battle for our online self-determination will continue. IIW XIII should be a lot of fun.

Tags: Digital Identity, Facebook, Google Plus, Google Profiles, Google+, Identity Services, IIW, NymWars, Privacy, Pseudonymity, Real Names, RealName

This debate is really about the concept of pseudonymity online – an argument that has been going on forever. While pseudonyms and their necessity have long been understood and accepted in the real world, for some reason the same logic is being discredited when the concept is extended to the online world.

As a parent, I know and understand the desire to create a safe haven online for my child. And as someone who does participate in online discussions on blogs and other social media, I am well aware of the problem of spammers and trolls. But these so-called “Real Name” policies have absolutely nothing to do with these issues, which are used as a false crutch to lend legitimacy to the argument. You just have to watch scenes from Capitol Hill, or the British Parliament, or this epic from the South Korean Parliament to see that knowing the commenter does absolutely nothing to tame uncivil discourse (as I hear shouts of “You Lie”!). And since no one is going to pay for any kind of identity proofing to actually validate the identities of these self-asserted “real names”, the promise of protection offered by such a policy is actually a blatant lie.

But what is even worse is that these policies create a discriminatory, exclusionary environment against those that need pseudonymity the most. Kee Hinckley wrote an amazing post that describes why allowing pseudonyms is a crucial part of society’s fabric, especially when brought online. What really gets me is the hypocrisy of social networks touting their role in social and political movements like the Iran and Egypt uprisings or support networks for LGBT youth, and then instituting policies that would remove the very protections that the people involved in those movements relied on. In the case of people organizing and posting during the middle east movements, pseudonymity was a key requirement enabling them to do their work without fear of reprisal on them or their families. And the fact that they were pseudonyms did not detract from us believing (trusting) them, as they built their reputation over time through their actions and voice online.

(source)

The names we choose online are also key to establishing context for what we are doing, and even more important in keeping different contexts that we want to keep separate apart. While the ability to link disparate personae is getting easier every day based on complex data analysis on publicly available data becoming cheaper (I would point you to Bob Blakley‘s excellent “The Death of Authentication” talk if it ever makes it’s way online, but read commentary here), it is still not possible for the casual observer that we care about in a social sense (the one that would care if you are a gay rights activist who also happens to teach in their son’s school). These contexts also allow the building and establishment of reputations that would get diluted by all the extraneous noise that would come from combining them.

It is true that as commercial entities, Google and Facebook are well within their rights establish any sort of policy that they want, and that as consumers we are free to take our business elsewhere. But that argument misses a much larger reality. As much as we may want to deny it, Google and Facebook are an increasingly large part of the very fabric of our online existence, and exert huge sway over how the business of the internet is being shaped. When Randi Zuckerberg throws out ridiculous ideas that “anonymity must be eliminated online” (not just on Facebook, but everywhere on the internet), she’s not viewed as just another marketing executive, and it unfortunately has a great deal of influence. Eliminating pseudonyms on networks where “most of” the people are will exclude from these spaces the very people that need the social benefit of their network effects, as Danah Boyd (or should I say @zephoria) so passionately articulates. Being a social network comes with some social responsibility too, and as Paul Carr recently reminded us it would behoove all of us (in the tech industry) to remember that. Because “Real Names” isn’t about eliminating spam and increasing civility. It’s really about ensuring that the data we have online is as real as possible for the benefit of the advertisers who are paying for accurately profiled targets. And I’d argue that even that is a false premise.

Tags: Digital Identity, Face, Google Plus, Google+, Identity Fallacies, NymWars, Privacy, Pseudonymity, Real Names, RealName

How many times have we heard stories of hospital personnel getting into trouble for accessing patient information for the wrong reasons. Broadly classified under VIP Privacy Protection, we usually hear about it when it involves a celebrity like George Clooney. But having spent some time talking to folks in the IdM and privacy protection practices at healthcare organizations, I have come to understand that it actually covers a much larger set of cases than just entertainers and politicians. For instance, it has to cover cases where people who work at the hospital have to get their own medical treatment there and want to keep it private from co-workers (has been described as an interesting use case for having pseudonymous identities). It must also cover situations where relatives of hospital personnel need medical treatment, but don’t want their family to find out (I heard an extremely interesting, bizarrely tragic, anecdote that I won’t share here, but will tell you over a drink if interested). There are many more such use cases. A side effect of this is that when a major hospital did a review of their records, they found that there were a very high number of cases that were classified as VIP cases. This meant that it couldn’t be handled on an ad-hoc basis.

Now, the prevailing thought has often been that these situations can be handled by putting in strong access controls that prevent privacy violations by restricting access. But in a hospital environment, such preventive controls are anathema, since you do not want a life-and-death situation running up against a case of access denial because the policies are too tight. So, unlike the policies you encounter in financial institutions where you err on the side of being more restrictive, healthcare institutions prefer to err on the side of being more permissive, relying more on trust than security.

This is why Detective Controls take on a far greater role in such environments. The ability to analyze behavior to raise alerts and initiate audit investigations takes on added importance. You can add in additional factors of authentication and notification that not only verify the identity of the individual, but also let them know that what they are doing is being scrutinized more diligently. This can both increase trust in the transactions taking place and also deter folks who may be nosing around in places they shouldn’t be. You also need an analytical system behind the scenes that is intelligent enough to handle “break the glass” situations while also being adaptable enough to be fine tuned and evolve over time – reducing the number of false positives, thereby avoiding the “ignore the fire alarm” mentality that can set in.

There are a few solutions trying to address this challenge, including our own Oracle Security Governor for Healthcare. The best practice is a good blend of both preventive and detective controls, one that has been tuned to fit the operational, regulatory and security needs of your organization. And that is a good lesson no matter which industry you are in.

Tags: Detective Controls, Healthcare IT, Healthcare Security, Identity Analytics, Oracle Security Governor for Healthcare, Privacy

Over the last few years we have been talking a lot about how enterprise identity management deployments have started to expand beyond management of internal users (employees) to external users (partners, contractors, customers) as well. But in that conversation, I had never considered visitors – people who randomly, and often out of the blue, visit enterprise premises for meetings or to just pay someone an unexpected visit. Often (as I have grown accustomed to in the US), the process of getting inside the building takes the form of walking up to reception, telling them who you are meeting, having them call up to confirm that you should be allowed in, getting issued a visitor badge (usually a piece of paper with your name and the floor you are going to), and then getting let in through the security turnstile/gate by the security guard. Sometimes they will ask for ID to confirm that you are who you say you are before calling up to the person you are visiting.

But in Europe, security measures at some of the companies I was visiting are far stricter. And what I came across was a combination of Administrative User Registration with Just-In-Time Provisioning into a Physical Access Control System. Essentially I provided the security personnel at reception some identification (in some cases my passport, in others my US drivers license), observed them enter my details (more on that later!) into a user registration screen, and got provisioned a full-fledged security badge which I could use at the turnstiles to get into the building myself. I could use it inside the elevator to get to the floor I needed to (I didn’t try to get to the floor I wasn’t supposed to go to), and to enter certain rooms. When leaving the building, I had to use the badge at the turnstiles to get out of the building, and hand over the badge (in one case, to get back my drivers license which I had to leave with security as collateral).

Obviously the PAC Systems in place at these enterprises were capable of handling this kind of visitor management. But I wonder if these systems are integrated into the identity management systems of the enterprise at all. What kind of periodic review regarding who was being let into the building is taking place? And it seems quite susceptible to insider abuse. Moreover, the Day 1 type issues regarding time to set up exist at a micro level. The local Oracle teams were aware that this would need to happen, so we had to budget extra time to arrive early to get this done at each place, which with my tight schedule was a bit challenging. The good (and bad!) part was that the account teams that had been there already were already in the system and got their cards provisioned fairly quickly.

Seems like the whole system could be greatly improved by making it a part of a larger Enterprise IdM process. You could incorporate some self-service to have the person being visited pre-register their visitors into the system. This provides you not only audit, but also removes the time issue of data entry at the security desk (by folks who are quite frankly not terribly skilled at this). This would also enable some review processes and integration into monitoring systems. And enable enterprises to add some much needed de-provisioning to the process (see below).

Privacy Problems

With all this, one thing that stood out for me was the privacy issue. Europe is famous for having strong privacy protection (or at least strong privacy protection intentions). Yet my whole trip experience in Europe had me scratching my head a little bit. The amount of sensitive PII getting gathered about me – my name, address, passport/drivers license information, company I work for – at the hotels and office buildings is quite significant (some hotels even photocopy your passport). And there seems to be no mechanism in place to provide me any kind of privacy protection.

From seeing the visitor registration process for my colleagues it was clear that the information entered into the system is retained in case of any future visits, and there was no way for me to ask them to erase it as I left. When I asked if it is automatically removed after some time, all I got was a shrug. And since they didn’t take any contact information for me, they clearly have no way to notify me in case of a breach. Some (limited, I admit) research has not found me a single law/directive that governs how long hotels must keep my information, and how they must destroy it. We’ve heard of identity theft concerns due to PII data encoded into electronic hotel room keys, but not much about the data gathered during registration.

And the fact that these visitor IdM systems (for that is what these are) are not connected to enterprise IdM systems means that it is highly likely they are not being protected, audited, monitored or controlled with the same level of diligence that other systems holding just as sensitive information are. For all I know, all that information of mine is sitting in the clear – in a manila folder in the hotel manager’s office or unencrypted in a database table for the visitor module of the PACS system.

And, of course, there is no way to opt-out of providing this information, as the answer you get is that it is required by law. A little disconcerting to say the least. Does anyone have any insight into this (paging Mr. Robin Wilton)?

Tags: Identity Management, Just-In-Time Provisioning, PACS, Privacy, Visitor Identity Management

Oracle Security Governor for Healthcare is a governance solution that is aimed specifically at healthcare organizations, where the introductions of various regulations globally and the transformation of healthcare IT has created a number of challenges in the area of patient confidentiality that need to be addressed.

• VIP record snooping
• Medical identity theft and fraud
• Healthcare data theft and fraud
• Coworker, family member and neighbor record snooping

Oracle Security Governor for Healthcare addresses these concerns by providing a solution that helps proactively protect and prevent privacy and security breaches, insider snooping and medical identity theft in an organization. The solution is based on some key features:

• Rapid Incident Detection: Criteria based automated reporting functionality that allows rapid incident detection, case management and investigations.
• Automated Privacy Audits: Allows audits on activities of various entities accessing the applications and reports suspicious activities.
• Accelerated Enterprise-wide Data Retrieval: Allows rapid integration with existing systems.

Architecture

Oracle Security Governor is built on some key products in Oracle’s portfolio, enhanced with some healthcare specific intelligence and artifacts.

Oracle Security Governor for Healthcare Architecture

• Oracle Security Governor for Healthcare leverages the Oracle SOA Suite Adapters (like Database, Log and HL7 adapters) to pull data in from virtually any data source into a central data warehouse.
• In-database data mining and predictive analytics built using Oracle Data Mining is used to detect anomalies and suspicious activity that may have taken place in the past.
• The solution also uses an advanced risk assessment engine (based on Oracle Adaptive Access Manager), which has been pre-loaded with healthcare specific risk and fraud rules to proactively detect incidents.
• Oracle Entitlement Server provides unique risk-aware fine grained authorization on record and data access, cutting down the possibility of unauthorized activity and fraud.
• Finally, Oracle Business Intelligence Publisher is used to provide insight into all of this through risk analytics, reports and alerts.

Benefits

Oracle Security Governor helps deliver significant benefits to a healthcare organization. Some of these benefits include:

• Historical Detection: that can be used as audit trails and for detection of suspicious activities related to access, privacy, fraud and security breaches, that have taken place in the past.
• Real Time Detection: Oracle Security Governor can also be used to detect suspicious and fraudulent activity, in the real time.
• Real Time Prevention: Oracle Security Governor can prevent suspicious activities, in the real time. The activities detected as anomalous or suspicious can either be completely blocked or the end-user can be alerted or required to meet additional security requirements, depending on the deployment needs.

Oracle Security Governor for Healthcare Benefits

Looking Ahead

Oracle Security Governor for Healthcare is just the beginning. In the future, Oracle hopes to use the Oracle Security Governor framework to build more solutions that address challenges faced in other verticals besides healthcare. But that doesn’t mean you have to wait – you can leverage the products mentioned above to build your own security and privacy solutions. Just ask us how.

You can find more information about Oracle Security Governor for Healthcare here on the product page.

Tags: Healthcare IT, Healthcare Security, Identity Analytics, Identity Governance, OOW10, Oracle Identity Management, Oracle OpenWorld, Oracle Security Governor, Oracle Security Governor for Healthcare, Privacy

2 years later, today at RSA, Microsoft announced not only that U-Prove technology will be incorporated into their upcoming identity platform technologies, but (more importantly for the identity community) that they are releasing it under its “Open Specifications Promise”, allowing anybody to use and incorporate the technology royalty-free. You can read more detailed analysis on the announcement by Kuppinger Cole analyst Felix Gaehtgens here. Suffice to say, those of us in the identity and privacy community are glad to see this day finally come.

By enabling truly minimal identity disclosure as part of trusted online transactions, the technology has the potential to open up the floodgates on a number of identity-based transactions that were previously considered onerous if not near impossible due to privacy concerns. Microsoft’s demo during the RSA keynote demonstrated one of the most obvious use cases: creating trusted online IDs that are based on, but don’t expose, authoritative government issued IDs. Think of it as being able to show the bartender your drivers license for age verification, but with everything except the date of birth blacked out, and the bartender still is assured that the information presented is accurate. This means big things for the advancement of claims-based identity transactions. Should be interesting.

Tags: Claims-based Identity, Privacy, RSA Conference, RSAC, U-Prove

Day 2: Lets get back to basics

The first half of Thursday was focused on enterprises looking for ways to achieve efficiencies and ROI through their IdM deployments, an outcome that had lost its relevance in the rush to achieve compliance objectives. But the current economic climate, and the slew of M&As (mainly As) and layoffs has brought this to the forefront once again, and sustained market interest in IAM when other initiatives are being pared back.

The day was a very good one for hearing about how customers were leveraging their IdM deployments in creative ways.

• I heard some interesting use cases of how Virtual Directory was being used to achieve efficiencies.
  • Companies are using Virtual Directory to expose the same identity data in different forms for different use cases.
  • The presenter from Sony talked about using Virtual Directory on top of geographically local LDAP servers to provide global access to data while satisfying their data compliance needs.
• There were a couple of sessions on managing UNIX infrastructure via AD (which is when I ducked into the cloud computing track).
• Wendy Booker of SunTrust Banks described how they used the cost savings (which they had to demonstrate and prove) from their IdM deployment to self-fund their project, which was a story I am sure more than a few attendees were interested in.

What I found really great was that a lot of the sessions were presented by organizations that had moved on to the 2nd or 3rd phases of their identity management program rollouts. This is quite different from all the previous conferences (Catalyst and others) I have been to, and speaks to the maturity of the market and some of these deployments.

The second half of the day was focused on identity transparency and governance. One of the most important points of the conference was made by Chris Howarth in his excellent kickoff talk, when he said that identity management must facilitate both hierarchical organizations that are necessary to implement enterprise controls, and social networks that are necessary for collaboration to take place. A lot of the discussion in the following talks were focused on the need to increase transparency with respect to how identity data is used, managed and secured to allow for accurate risk assessment and compliance to take place (echoing what was discussed in the cloud computing SIG). And increased transparency only works when complexity is reduced (preventing opacity from just being replaced by obscurity), an architectural requirement that aligns nicely with the identity services vision discussed on day 2.

Day 2 ended with the second night of hospitality suites, including Oracle. We got such a crowd in the Oracle suite that I barely managed to leave it for a few minutes to meet up with some old friends and colleagues in the other suites. And I made some good friends that day (and into the night – not a topic for this blog). I will say that celebrating Ian Glazer‘s birthday at a speakeasy called Prohibition was very cool, even if they didn’t ask me for the password.

Day 3: Identity and Privacy are Blood Brothers

Day 3, while just a half day, still packed a solid punch with lots of intellectually stimulating discussion on the topic of privacy. Ian Glazer made a good point at the start of the conference when he said that the identity community is uniquely qualified to deal with the emerging privacy issues. And the sessions on Friday laid out exactly why. The key point made was that Security (making it difficult to get to something you shouldn’t have access to) should not be confused with Privacy (making it easy to get to something you should have access to). They are related, but not the same thing.

Robin Wilton gave an inspiring talk in which he laid out a framework for having productive privacy discussions with the multiple stake-holders involved. He arrived at this framework by analyzing the results of a series of round table discussions held around the globe as part of the Liberty Alliance Privacy Summit to get contextual understanding of privacy. Robin laid out a “Ladder” framework (Philosophy | Strategy | Implementation | Technology) that helps the parties involved focus on the use cases and issues to resolve. I hope he makes his presentation publicly available in some format in the future, because really is a great piece of work.

Bob Mocny, Director of the US-VISIT program, talked about some of the identity and privacy issues involved in running the single largest biometric authentication program in the world. One of the key takeaways from his and the follow-up sessions was the need for organizations to implement privacy audits as separate programs from their IT-Security audits.

Heidi Wachs, Directory of IT Policy and Privacy Officer at Georgetown Univ, gave an interesting talk about the lessons learned during Georgetown’s efforts to  handle a privacy breach. What I found fascinating was how they went about trying to create and enforce a policy on the use, collection and retention of SSNs. Their findings on how far the data was “leaking”, how hard it was to track down all the possible data flows, and how users went to great lengths to hide their mistakes were a lesson that every enterprise should be aware of. It also highlighted the challenges the extended enterprise, working with business and IT partners and services providers, faces in locking down privacy issues.

The day ended with Google talking about how they protect the privacy of their users. It may have only been a half-day, but the quality of content made it a fitting way to end a thought provoking conference. Look forward to what the next one has to bring.

Tags: Breach Remediation, Burton Catalyst Conference, Catalyst09, Identity Governance, Ladder Framework for Privacy, Privacy, Privacy Audits, Virtual Directory

Computer scientists Arvind Narayanan and Dr Vitaly Shmatikov have proven that the anonymized data sets that social sites sell to marketing firms are not really that anonymous. It is possible to reverse engineer these data sets and obtain actual names and addresses, by looking at the content and structure of the data (in their example, correlating data from Twitter with Flickr).

• BBC Coverage
• Detailed look by Ars Technica
• The paper: De-anonymizing Social Networks

This raises grave concerns about a practice that has becoming increasingly common as social networking sites seek ways to monetize their data. They routinely release social graphs from which a few bits of personally identifiable information (PII) has been stripped to interested parties – advertisers, third-party apps, government and academic researchers. Conventional thinking is that this is good enough to protect people’s identities.

But as the paper shows, this is nowhere near good enough. It’s an interesting study that essentially redefines the term PII, and could (should) have grave implications for social networks and their responsibility towards their users.

The lesson, as Ars Technica points out, is that “anonymity is not sufficient for privacy on the web”.

Tags: PII, Privacy, Social Graph, Social Networking

Privacy is a funny thing – most people assume they have it unless they explicitly do something to give it up, but in actuality, information about us is flowing all over the place without our knowing it. As Bob Blakley likes to say, “There are no secrets”. In the US (which is yet to ratify this convention), data about individuals is a commodity at the heart of many a business. And advancements in technology have opened the floodgates, with many of us contributing to the flow through our usage of social media. I’ve lost track of the number of articles I have read warning college students of the impact their Facebook activities could have on their job searches. Asking individuals to basically shrink away from communities in order to protect their privacy is not the right answer. We need to do more to enable privacy.

In honor of International Privacy Day, I thought I’d post a few links that provide some (essential/interesting/weird/amusing) perspectives and information on the topic of privacy as it is being talked about today.

• Proposed “Camera Phone Predator Alert” bill would require all cameraphones to make themselves heard
• One Man’s Experiment With a Location-Aware Lifestyle: An interesting post from the blog of the Privacy Commissioner of Canada
• More information on Data Privacy Day, thanks to Intel (see this interview with David Hoffman, Director of Security Policy and Global Privacy Officer at Intel as well)
• In the United States, the US Privacy Coalition (including EPIC) is launching a campaign to urge the US government to support the Council of Europe Privacy Convention
• Search Privacy Issue Goes Mobile
• Forrester Research Making the case for Data Masking
• A Move Toward More Privacy Online: Yahoo changes data retention policies
• Identity Governance Framework at Liberty Alliance
• Data Privacy Day Exhibit Differences in Approach from Google and Yahoo

If you are doing anything for International Privacy Day (and it isn’t private! – thanks @trevcook), or have links to interesting stories regarding privacy, please leave me some comments. And be sure to pass on the word. Request your government to support the Council of Europe Convention on Data Protection (No. 108) and to adopt comprehensive privacy legislation based on that standard.

Tags: Identity Governance Framework, IGF, International Data Privacy Day, International Privacy Day, Privacy

I found the conversation on anonymity particularly interesting. Those of us in the field of identity management tend to get hung up on terminology a lot. It’s an important aspect to any emerging field, as improperly used or appropriated terms tend to create confusion in the marketplace, and act as a barrier to productive engagements. It is with that in mind that I raised the question on the forum last week “Isn’t a pseudonym the same as a persona?”. Dave Kearns weighed in on my question in this weeks Network World IdM Newsletter.

Much of the conversation last week was on the nature of anonymity and, by extension, pseudonymity. One of the important ideas established is that they are transactional constructs, existing within the context of some identity-based interaction. My question was posed with that frame of reference.

True anonymity in the digital world is pretty hard. There is always some sort of trail (IP addresses, etc) that can lead back to the original user. So it would seem to me that all we have today is varying degrees of anonymity – starting from the barest minimum of information, ranging through being able to piece together a picture based on multiple interactions, having semi-anonymous interactions based on the establishment simply of a username, to a full-fledged fake identity being set up in a website. In other words, all that exists today is pseudonymity.

Does that mean that anonymity is simply an edge case of pseudonymity? I think not. Just because anonymity doesn’t exist today does not mean that we don’t want to achieve it. Therefore retaining the separation (that an anonymous interaction can never lead back to the originating identity, while a pseudonymous interaction is simply an imposed barrier between the interacting party and the originating identity) is important as a way of enabling us to work towards the technological solutions necessary to achieve anonymity in the digital world.

More interesting is where digital personas fit into this conversation. Look at the definition of a  Persona as defined in the ID Commons Lexicon, and in particular at comment 1:

A Persona is something put forward by a user, but how it is perceived, recognized, accepted, rejected, trusted, used etc. by a Relying Party cannot be specified or in any way implied.

Based on the underlined part, it seems to me that a pseudonymous identity is simply a persona. When a user sets up a persona, they specify the information they want to present through that persona. This information can be completely fake, as minimal as necessary, and set up solely for the purpose of interacting with that one party. In other words, the interaction using that persona is pseudonymous in nature. Since personas and digital pseudonyms seem to share the same characteristic of having a range with respect to amount and transparency of identifying information, it would seem to me that they are one and the same thing.

Understanding these constructs will be important as we move beyond identity management systems and start building persona management systems for use on the web. In particular, understanding the relationship between persona and pseudonymity will help frame the requirements for these systems as they help protect us in our online interactions.

Tags: Anonymity, Persona, Privacy, Pseudonymity