About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Tinfoil tests | Main | Driving forwards »

More converts?

By davebirch posted Dec 14 2006 at 8:08 AM

[Dave Birch] The International Telecommunication Union (ITU) has issued a report "digital.life"  calling for more "joint efforts" to set up a coherent digital identity scheme that should be able to facilitate on-line interactions while protecting data and alleviating privacy concerns.  What caught my eye was that the report asks for digital identity management that is based on the use of "partial identities" depending on context and user choice.  This sounds very much like the real-digital-virtual identity model that we use whereby different groups of virtual identities are bound to different digital identities.

The report was drafted by a team of analysts from ITU's Strategy and Policy Unit, covering chapters on "going digital," lifestyle, business, identity and living in the digital world.  Chapter 4, called "identity.digital" will be the one of most interest to blog readers.  It's not bad: it covers a lot of the main issues in a fairly readable way and section 4.3.3 covers the benefits of pseudonymity as an operational mode, making the critical point that it should be up to individuals to determine the subset of their attributes that is communicated in order to effect a transaction.

Technorati Tags: ,

If you're wondering what pseudonymity means in practice, here’s a simple example that I often use.  Imagine walking into a shop to buy something with your bank card.  The bank card has a computer chip on it and when you punch in your PIN at the checkout, the chip tells the merchant’s till that the PIN is correct.  Therefore the merchant’s till is happy to accept the bank card, you take your goods and walk out.  Where did your real identity come in to this?

This is a pseudonymous transaction: the first party (you) wants to perform a transaction that requires knowledge of your identity (to access your bank account) and the second party (the shop) doesn’t know that identity but trusts a third party (the bank) that does.  Authenticating the digital identity, by punching in a PIN, turns the account number attribute into a credential that the bank can trust and it can then process the transaction. Note that in this case, where the bank knows who you are but the shop doesn’t, the virtual identity stored in your card is a pseudonym or, in the language of the European Commission Directive on Digital Signatures, an “indirect identity”.  Incidentally, since the bank knows who you are and guarantees the payment, there’s no reason why your real identity should even appear on the front of the card: then if you drop it in the street, a potential identity thief doesn’t know who it belongs to. The moral of the story: knowing who people actually are is not always necessary to do business with them, and the reason that you are often forced to disclose who you are is because of legacy implementations.  In fact, as Forum friend John Browning once wrote in Wired magazine, the true identity of a counterparty may be the least important credential in a commercial transaction.

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]


The comments to this entry are closed.