Yesterday I read an article in the New York Times entitled ‘Securing Very Important Data: Your Own‘. One of the rare mainstream discussions about personal identity management (as opposed to the common identity theft related articles that you see constantly), the article touched upon some of the more interesting discussions that are going on in the IdM community. Most of these are in the second half of the article, after you get past descriptions of yet more online services that want to know more about you and hold onto and use that data. It is an extremely good article, so give it a read.
In the article, Denise Caruso quotes Drummond Reed to explain the core value of identity services:
“The myth is that companies have to know all this information about you
in order to do business with you. But from a liability perspective, the less I
know about my customers the better.”
Exactly! While a particular online service may need some identity data at a point in time to perform some function, it shouldn’t need to store it, own it, or be liable for protecting it in order to do its business. The very use case for identity services.
Denise also talks of two interesting ideas that are taking hold as possible identity constructs on which this vision could be delivered. One is the Identity Governance Framework (IGF) that we have been talking about. You can get more details by checking out some of my previous posts about it here. The other is the idea of a Limited Liability Persona (L.L.P) that the folks at the Burton Group have floated (you can read their introduction to the concept here).
The article has led to some interesting discussions in the blogosphere, which has some implications for the identity services vision I have presented. I will touch on these in my next post.