This is a bit late. Why - because I rewrote it twice. It is important so I hope it worked out!
The title of this newsletter is Identity Paradigms. The aim is to indicate both where we are now and future possibilities. This is not a roadmap, it is a list of paradigms.
But what is a paradigm? The word, made famous by Thomas Kuhn in 1962 in The Structure of Scientific Revolutions, depicts a theoretical movement or a way of working with a common basis. The best example are three paradigms from physics: Newtonian physics, relativity, and quantum mechanics. In these three paradigms of physics, the underlying theoretical basis changes hugely.
Identity is more practically focused, so the Identity paradigms are based on the underlying technology-basis. This is the prime driver of Identity and supersedes any ideological or theoretical considerations.
Please note that:
These are generalized paradigms, not rigorous definitions. Use them to have efficient discussions. Do not treat them as defining principles.
The horizontal axis generally indicates progress through time, but it is clearly not linear and it varies by sector/industry/country.
The vertical axis is more reliable as it reflects how technology develops over time.
Each paradigm may include the use of other paradigms. There is no exclusivity in Identity! For example, many solutions/sectors currently in Identity 2 utilize components of Identity 0.
Identity 0 – Knowledge includes the oldest recorded use of an Identity technique when Odysseus returned from the Trojan War, over 3,000 years ago, and was identified by remembering a secret only he could know. A more generalized knowledge technique is passwords and, as we all know, this age-old technique is alive and well today (well, maybe just alive).
Identity 1 – Documentation is also centuries old and has gone through numerous changes, from the use of seals, to watermarks, and now sophisticated technologies such as holograms. However, with modern counterfeiting becoming more sophisticated and available to all, documents are no longer as secure as they once were.
Identity 2 – Technology is currently where most sectors are. There are many varieties of technologies including hardware devices and software apps, techniques such as biometrics, full blown solutions such as behavioral analytics, and methods such as MFA (multi-factor authentication). This is a lot to bundle into one Identity paradigm, but I do so because all these technologies have a common aim of mitigating Identity risk, especially in the on-line world. Mitigation is the current arms race to keep ahead of the criminals.
It is worth noting the recent trend of Identity companies evolving to become ‘orchestration players’ often through mergers and acquisitions. These new entities combine multiple techniques, as they find that there is no single solution to the Identity problem (examples are Trulioo, Mitek, and Jumio).
Identity 2.5 – Networking doesn’t get its own whole number as it is essentially an extension of current Identity capabilities, but uses network effects. The highest profile implementations are National Identity Systems in Scandinavia and Estonia which have one highly secure authentication method which is then networked out to other applications and processes. They leverage high-quality databases, such as banks’ customer data, to raise the veracity of the total system, but a key component is the presence of a national identity number scheme that simplify integration challenges.
Identity 3 – Decentralization is a major technology step-change that would see Identity being based in decentralized assets held in the Internet and which would remove the reliance on centralized assets. Blockchain has been seen as a major contributor to this effort, and there are significant standard associations, such as W3C, leading the decentralized push. Decentralization has a certain ideological tinge to it, as it finds ‘big business’ to be as much the problem as the criminals who are trying to break down Identity. While Decentralization promises much, it has yet to deliver any significant solutions.
Insights
In Identity 2 Technology, the challenges of Identity are being met by ‘adding more’. This is both by making specific methods more sophisticated and by combining methods. The strategy can be summarized as ‘more complexity = more security’, While this may mitigate security risk, it comes at the cost of more complexity for the user, as many of us experience every day. So this can be restated as ‘more complexity = poor customer experience = more security’. Who won out of that?
Identity 2.5 Networking essentially uses current networking capabilities and current assets to achieve a more widespread adoption of some standard approaches to Identity. The major success stories have been in codified law countries where intrenched use of national identifiers makes implementing solutions relatively straight-forward. However, this does not mean that this paradigm cannot be implemented in common law countries.
Identity 3 Decentralization promises to be a totally new beginning and to revolutionize identity. If and when successful, it will be a revolution for not just Identity, but for Information Technology in general. However the question is still ‘if’, and the lack of any identifiable solutions suggests that the promise may be beyond current capabilities.
What does this all mean? Well, technology matters and technology is undecided: the performance of Identity 2 is a problem, the potential of Identity 2.5 is not well understood, and the viability of Identity 3 is uncertain.
The name of my newsletter, Identity 2.5, gives away which paradigm I think we should be aiming for. In my next newsletter, the last in this initial series, I’ll elaborate on why Identity 2.5 is the future.
A final thought
As I reflect on this newsletter, it seems as though this is all somewhat self-evident. I hope you feel the same way and I have been able to create a simple set of paradigms that are intuitively obvious and that facilitate better conversations.
All the best
Alan