Whoa – where did that idea come from?
Identity discussions revolve around competing designs, especially Centralization vs Decentralization. But it is Centralized and will aways be so!
Yikes – is this Identity’s The Truman Show moment?
Dang.
Read on.
Identity is Centralized – now and forever
Yes, you betcha it is.
By centralized, I mean that an individual’s Personal Identity Information (PII) is held in central databases by central government departments, local government, corporations, companies, societies, and other organizations. The Identity source of truth is the PII in central databases – we are given physical copies of that PII to use in the form of passports, birth certificates, drivers’ licences and the like.
And I clearly do NOT mean that there is one big brother database. Don’t throw that one at me.
I mean the customer databases that we have today, now, currently everywhere.
This is fairly mundane so far, nothing controversial here, but wait for it…
Identity will remain centralized – no radical change
Really and truly. No kidding here, serious stuff. Why? Because:
People trust organizations with their PII (don’t get off your horse yet - I’ll cover this sacred cow in my next newsletter).
Organizations need PII to operate.
People expect organizations to use their PII effectively to provide services.
And the big secret here is that organizations do that job quite well.
People expect organizations to respect their privacy and abide by privacy laws and, as we all know, they mostly try to and mostly do.
Protecting PII is getting better, and organisations holding high-level assurance PII data are very good at it (e.g. central
Sure, we have short-term operational problems (i.e. 10 years of increasing friction over 50 years of Digital Identity) but the fundamental design of Centralized Identity is working, it’s been here for a long time, and it’s not going to change.
I don’t care how much the anti-establishment ideologues tell me that the mythical centrists are fundamentally flawed bad people, I don’t believe the techno boffins have a wonderful solution that will make decades of worldwide infrastructure irrelevant, I don’t think that the blockchain will revolutionize Identity, hackathons will not be drivers of long-term Identity development, and ideology will not triumph over the currently installed Identity base and economics.
We have Centralized Identity and we will continue to use it as a basic building block of our society. Decentralized Identity will not replace Centralized Identity
The question is how to extend and utilise current infrastructure to provide effective Centralized Identity re-use.
So the question is centralized digital identity reuse
And this means, of course, how to get a piece of PII from one centralized data source to another (i.e. Identity Provider to Relying Party).
Do you know what I mean? The question is NOT how to build a new Identity system! The question is how to build a structures that allow current Identity databases to be reused by sharing data.
And we know that is not easy as we are still relying on physical documents. I’ve written a lot on this, but now I frame the question differently as ‘finding the best way to enable the re-use of Centralized Digital Identity’.
See the difference? This is not a question of building something completely standalone and new. It is how to extend what we have.
And there is an easy way and there is a hard way
Networked Identity – extend current networking technologies to cater for the complexities of Identity and base this on lessons from operating solutions in Estonia and Scandinavia.
Decentralized Identity – create billions of PII copies housed in apps on countless varieties of personal digital devices, that are fully secure, supported by multiple asynchronous processes and evolving crypto-based technologies, with additional techniques to ensure credentials are up-to-date, and with subsystems to verify organizations etc.
Think about the size and complexity.
How much should you need to build to move some PII from here to there!
Alan