I was having a conversation with friends the other day and while it may sound nerdy as hell, the topic was focused on identity. I swear (trust me) that no drinks were involved but the conversation went pretty deep, nonetheless. What is identity, how is it used, and how can it be protected? Like Aristotle and Plato before us, we modern day philosophers discussed the various aspects that make up our identity, how we can control it, and how we can selectively share it with our intended audiences. In an era when our private information has been unleashed like the proverbial opening of Pandora’s Box, how can we regain control of our identities without impacting our existing relationships or experiences?
But what about identity? What is it really, and why should you care?
When I think about identity, I think in terms of aggregation, management, and sharing. Each of these are key ingredients when it comes to users owning their own identities, but each of these can be further strengthened when we add trust to the mix. So, what is the recipe for success as it pertains to trusting identities in cyberspace? Let’s take a closer look at each of these ingredients to see.
My identity is the aggregation of all the things there is to know about me. One could trivialize this by saying it is simply all the discrete data elements about me (i.e. hair color, height, ssn, etc.) but in essence, it is much more. It consists of my habits, my history, my data, my relationships – basically everything that can be me and everything that can be tracked about me. Identity information is not found in a single location, it is distributed across multiple repositories but this informaiton can be aggregated into a virtual identity – which is essentially, me.
When we allow someone to manage their own identity, we are allowing them to control their discrete data elements, but we are also allowing them to manage every other aspect about themselves as well. You can change your mobile number attribute (data element) when you get a new phone, or you can change your address attribute when you move. But just like you can remove the cache, history, and cookies in your browser, you should be able to maintain your privacy by removing (or hiding) your identity characteristics as well. Identity management simply means that I am able to manage those aspects of my identity that are my own.
In real life, I have the ability to select which characteristics and/or information about myself that I want to share with each of my friends, family, co-workers or acquaintances. My work-related benefits stay private between my boss and I in the workplace. Conversely, I don’t share my family conversations within the office. Investment information stays private between my broker and I, yet I Tweet favorite quotes to the world. In essence, I selectively share information with different audiences based on the role I am playing at that time. Online personas facilitate the same selective sharing within the social web similar to our interations in the real world. I may take on a different persona as I interact in the virtual world and elect to share different information with each audience based on where I elect to use that persona. This also means that I can act anonymously if I so choose (which is similar to going ‘incognito’ in your browser).
Sharing data with others fulfills my desire to communicate information about me to you, but just like in real life it is totally your option to accept the validity of that information or not. To take the sharing to the next level (and address a major need on the Internet today), we need to have some method of trusting the information that we receive. Trust is transient (it changes), contextual (it is based on the situation), and 100% given by the receiving party – essentially they decide to trust you or not. In the real world we use driver’s licenses, passports, or referrals from friends to validate users and establish trust. This is no difference in the social web except for the fact that we are not seeing each other face to face and do not have the ability to provide a driver’s license as proof of identity. Hence the need for another method.
If the ingredients in the identity cake are aggregation, management and sharing, then validation is the icing on the cake; not the cake itself. While each of these ingredients are key in making the perfect cake, leaving trust out of the mix is kind of like leaving salt out of the recipe. Trust simply brings out the flavor and without it, the cake is way too bland!