About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« There's whiskey in the jar-o | Main | It's not all sexy stuff »

Why are we waiting?

By Dave Birch posted Sep 20 2010 at 1:31 PM

[Dave Birch] It isn't only dreamers like me who want to see an effective digital infrastructure in place.

Law enforcement worldwide should focus on developing an international identity verification system, according to INTERPOL secretary general Ronald K. Noble.

[From INTERPOL: International ID verification system needed]

I agree, although I imagine my vision of this infrastructure and Interpol's may differ in a few details. But governments, irrespective of the law enforcement agenda, should be enthusiastic too. In a September 2010 research notes on "eIDs in Europe", Deutsche Bank say that

At the European level a number of electronic identity cards (eIDs) and the qualified electronic signature (QES) do already exist. Together they possess the potential to form another of the foundations of the internal market for financial services – especially for opening accounts.

Deutsche Bank go on to say that

A further obstacle will be that the design of ID cards does not fall within the competence of the EU and varies greatly from one member state to the other. To date, there are e.g. no harmonised European definitions for the topic of "identity" or "identification". This means that in the medium term the issue for the trailblazers in this segment is likely to be enhanced cooperation.

(Note to foreign readers: remember when reading that paragraph that "competence" in EU-speak does not mean the same thing as it does in normal language: they don't mean that the Commission would be hopeless at designing eID systems, although I'm sure they would be, but that it is not their problem -- it is a problem for national governments to solve.)

So how do we move forward then? Is it time for an ESTIC, a version of the US National Strategy for Trusted Identities in Cyberspace (NSTIC) that adds European values to the technical infrastructure to create something that the public and private sectors can use to transform (I mean this seriously) service delivery? This would rest on corporate identities (eg, your bank identity) being extended across corporate boundaries and into government -- as is already the case in Scandinavia -- and implies a much greater degree of public-private sector co-operation than we have seen to date.

What kind of private sector co-operation might we see in the short term? Consumer standards are in flux, with OpenID, Information Cards, OAUTH and so on all swirling around on the Internet. At the eema European e-Identity conference, Microsoft's Identity Architect and Forum friend Kim Cameron gave a typically excellent presentation and raised a few issues that need to be considered to make for effective co-operation:

  • Legal and governance factors dominate the technical interoperability and Kim was absolutely right to say that we need to get these guys involved right away.
  • Kim said that developers need to be able to "bet on identity" in order to make it part of their roadmaps.
  • I agree with Kim that minimal disclosure technology is fundamental to a successful federation infrastructure.
  • He also raised a point that deserves reflection: can identity metasystems "survive adoption"? What he meant was that suppose a scheme such as OpenID becomes standard and everyone starts to use it. Have we thought through what it means?

I have been thinking so more about Kim's last point, as have other people:

If my government would be my OpenID provider, they could basically track all instances where I log into a web site. Very bad, and luckily nobody is thinking of this (yet).

[From Ralf Bendrath: Dangerous Moves: OpenID and Government-Issued ID tokens]

So was Kim right to say at eema that given the complexity of the problem, it's unreasonable to expect it to be fixed quickly? For people like me to call for digital identity infrastructure in the mass market is unrealistic? Well, yes, but it isn't being fixed quickly, we've been talking about it for years.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference Why are we waiting?:


The comments to this entry are closed.