I think we all understand that the identity infrastructure that we have now is not suited for the connected world that it was never designed for.
On the one hand, the problem seems obvious. We all need some kind of consistent digital identity (think virtual ID “card”) that can identify and authenticate us not only to all our devices, but also to all our online services, commerce and banking accounts, and essentially anywhere where we need to digitally, or even physically, verify who we are.
From The Digital Identity Dilemma | Seeking Alpha
Now, in my world, words such as “digital identity” and “virtual identity” are not bandied around with gay abandon. To me, they mean something very specific and I am of the strongly-held opinion that it’s not possible to discuss such topics without some agreed model to work with. At Consult Hyperion we used “three domain identity” (or “3DID” model) to help our clients to develop their strategies for digital identity and its use in the mass market.
//embedr.flickr.com/assets/client-code.js
The very kind people from Security Printers 2016 invited me down to Seville to deliver keynote about next generation identity today. I used the 3DID model to explain that in the connected world, all transactional interactions are between virtual identities and that the virtual identities ought to be constructed to allow for partitioned and partial identities. It is more than a decade since Kim Cameron published his seminal “seven laws of identity” that included the key principle of minimal disclosure, the idea that system should disclose the least amount of identifying information possible to effect a transaction.
To illustrate this point, I got one of my old “psychic ID” presentations out of the closet and used Dr. Who to illustrate my point about showing only what the relying party needs to (and is authorised to) see. But I finished up by talking about it will mean to have “smart” identity built on top of some sort of identity infrastructure (whether the 3DID infrastructure that I was talking about or some other infrastructure). This led into some pretty interesting discussions later in the day, so I thought I’d jot down a couple of notes here.
First, I explained that making something smart does not mean either putting a chip in it or putting on the blockchain. I was using smart in a more domain-specific way, unrelated to the particular implementation. I defined a smart ID to be an ID that can not present only those attributes that a relying party needs for a transaction and is authorised to see but can also verify the attributes presented by another smart ID. In other words, my smart driving licence can check whether your smart driving is real when you turn up to test drive my car . Your psychic paper can check that your date’s psychic paper is not lying when it says they have a Barclays account and are UK resident when you log in to online dating. The nightclub bouncer’s psychic paper (Android watch) can check that a patron’s psychic paper (iPhone app) shows he has a real VIP invite to the club.
Snippings 