By Peter Horne
My recent post about online identity, “How to Think about Privacy and Managing Your Online Identity” discussed the fact that we don’t own our identities, as they are simply identifiers inside processes that we don’t control. My proposition was that because we can’t control the processes that control our identities, we only have limited scope for control. Basically, we can choose what processes we enter, and, once in them, we can choose what we do; but, other than that, we have no control. So we just have to be judicious about what we choose to reveal about ourselves.
We Need an Alternative Concept to "Identity"
But is that all that we can do? I think the answer is in two parts. The first part is that, at this point in time, that is all we are able to do, and the second part is that we are accepting that this is the way the online world works. But what if we change the way we think about identity - will we change what we accept? If we change what we accept, will the way we have to operate online change with it?
The problem with "identity" is that it is ethereal, and we cannot measure or manage it. We need to define identity in a way that is concrete, measurable, and something that has intrinsic value that is worth defending.
My recent work has been on implementing authorities in a distributed financial services application. And I mean really distributed. It’s not just a few servers and clients – it’s a mash-up model with financial data moving across clients, custodian banks, and our own firm’s data center. It’s complicated. We have some large clients that don’t want to communicate with anyone external, and some smaller firms that want us to do everything. It’s only one framework, and so I have been spending a lot of time thinking about authority – who can do what with what piece of information.
Bear with me for a moment to explain my thinking process. I distilled authority down to a few simple concepts – identity, entitlements, and authority. Identity is who is doing something, entitlements are what you can do, and authority is validation of identity and entitlements. Furthermore, you can break down the actions of entitlement to request, grant & revoke, and the actions of authority to assert, accept, and reject.
The model works on paper – but as I was implementing it, I found that identity, authority, and entitlement keep ending up looking like the same object. And then it dawned on me; they are all the same – they are what I now call an “asset.”
Identity, Entitlements, and Authority Are Assets!
Being present, what you do, and being trustworthy are assets. If you keep an inventory of the assets a user owns, you can say what assets a user needs to own to perform a function or do a transaction. You may also need an asset to grant an asset, remove an asset, change an asset, etc.
So if you drop the concept of identity, rights, and authorities as being separate concepts and combine then together as assets, you change the conversation. If “identity” is an asset, if “authority” is an asset, and if an “entitlement” to do something is an asset – how are we deploying our assets? And are others stealing our assets?
Managing my Digital Identity Assets
If my identity in a group of friends is an asset, how should I deploy and protect that asset? If my authority to approve the existence of relationship is an asset, how should I deploy and protect that asset? And, if my entitlement to express an opinion or ask a question is an asset, how should I deploy and protect that asset?
The answer is that we want to use our assets profitably and protect them from being misappropriated or misused.
Do You Trust Google and Facebook to be Your Asset Managers?
Ok, now lets look at Facebook and Google as asset managers – what do we get in return for parking our assets in their system? The answer is that they are misappropriating and misusing them. They are taking our assets and turning them into their product that they sell without our really understanding of what it is that they are doing. Just ask the music and movie industries about how much asset value is destroyed when digital assets are taken and used outside the terms of licensed or fair use.
If we view our identity as an asset, then we can fairly view Google and Facebook as the Napster’s of the identity world; they are taking our digital assets and not giving us fair value for them and distributing them to places we would not allow if they asked for our permission.
Next: Assessing the Performance of Your Asset Managers
So now that we are talking about assets, we can talk about asset manager performance, asset manager regulation, and risk management. That is what I am going to ponder next – how do we quantify digital asset value, asset manager performance, and risk management? Maybe if we can put some numbers on these, we can change the identity conversation and put some pressure on the managers and the companies that they pass our assets on to!
What do you think?
Cheers,
Pete
[email protected]
From "Let’s Talk About Digital Asset Management"
RSS 2.0 Feeds
Really interesting perspective. I like the reframing of the identity concept.
Posted by: cherisse | July 28, 2012 at 09:13 PM
Thought provoking article Patty.
I have wondered for a long time about knowledge assets and how they combine to form things. These intangible assets have enormous value as collective data. So for me as the data proliferates those who can tap the hidden assets profit and the data providers (you) get nowt as they say in the north of England.
This model is ripe for disruption. Why not pay us for our data, or enable other things that we then have a choice of sharing or not and with whom. Opt in, or opt out.
If data is the new oil or soil depending on how you view it. We need more than ever to give authority to those we wish to work with. Common goals and empathy.
It is not that hard to imagine it. It is building a big enough network to sustain and protect it.
Stimulating ;)
Mark
Posted by: Damfoundation | July 21, 2012 at 12:57 PM