Day: August 10, 2006

User Centric is here to stay

I came across the following exchange on the ID Workshop discussion list.

First up was Brett McDowell of the Liberty Alliance:

I've just started looking for the follow-on thread I was expecting out of the “User Centric” session Dick led in Vancouver. I don't see it. Has that happened yet?

I was expecting an email that captured the consensus we had and a list of new “titles” for what I call “the identity management architecture formerly labeled ‘user-centric’ which is to be renamed in acknowledgement that at least two architectural models are appropriately labeled ‘user-centric'” (one model being a “user-centric deployment of Federation” and the other model being “TBD”… but it is what SXIP does).

That was our consensus view at the well-attended Vancouver session and I'm keen to participate on the naming exercise for the other architecture.

For more background read the wiki notes here. (note I'm not sure attendees are done tweaking these notes yet so they may not yet represent a true consensus but they are helpful now nonetheless):

So, Dick… are you going to kick this off? (or did I just miss it?)

Brett's challenge was directed at Dick Hardt, the amiable CEO of SXIP who understands better than any of us how to explain digital identity to a broad audience. (If you don't know him or forget how powerful his message is, make sure you look at this.)

After reviewing the meeting and looking at the graphics that were drawn, I think that user-centric might be the right term. The term has a fair amount of market awareness already and is being used to convey a model that is different from Federation.

I think User-centric means that each site trusts the user, and the user is free to choose any identity agent that provides the appropriate technical functionality. Federations are where a set of sites have decided to trust each other and the user has a relationship with one of those sites, which can then be communicated to the other sites.

This does NOT mean that “federation technologies” cannot be deployed in a user-centric manner.

Hopefully being August, the signal to noise ratio on any ensuing discussion will be high, but that may be wishful thinking.

I agree with Dick on this one, and don't really understand why Brett wants to fold user-centricity and federation into a single axis.  They are orthogonal. 

Federation technologies aim at helping internet portals, their suppliers, and their enterprise customers (businesses or government) to digitally identity the subjects of their business transactions.  This might or might not involve “users” in the conventional sense.

User-centric technology aims at helping individual people organize their relationships with many different and unrelated portals and internet sites – contact relationship management for individuals, as Doc Searls once said.

So in my view we are likely to have individuals employing user-centric technology to organize their relationships with federations.  There is no contradiction here, and no need to get rid either of the notion of the user-centric, or of the idea of federation.

The individual needs – and has a right to – technology that represents her.  The individual hasn't really been a factor in the identity equation until recently – she has simply been whatever some domain says she is.  That's changing.  User-centric technology delivers those changes.

Tales from beyond the crypt

Just when I was ready to drop the whole British ID Card thing and head back to the beach, a reader sent me this link to a piece Gaby Hinsliff, political editor of the Observer.

Gordon Brown is planning a massive expansion of the ID cards project that would widen surveillance of everyday life by allowing high-street businesses to share confidential information with police databases.

Far from intending to dump ID cards once he is in Downing Street, Brown is quietly studying how biometric technology – identifying people by unique markers such as fingerprints and iris patterns – could be expanded over the next 20 years to fight crime.

Police could be alerted instantly when a wanted person used a cash machine or supermarket loyalty card. Cars could be fingerprint-activated, making driving bans much harder to disobey.

The plan would make the ID cards scheme cheaper, since companies would pay for access to the national identity register – a government database of biometric information being compiled for the ID cards programme. Brown's plans belie reports that the Treasury, concerned about the cost of ID cards, would ditch them when he became Prime Minister. ‘It's almost the opposite – Gordon's thinking about ID cards is that it's part of the answer but there's a much wider picture,’ said a source close to him.

There are serious questions about the existing ID cards project – designed primarily for immigration control. The Commons’ science and technology select committee last Friday said it was still unclear how cards would be used or what data would be revealed, while a Home Office consultation with the IT industry – to be published this month – is expected to argue that the cards should be phased in so that technical glitches can be sorted out.

Brown has set up a taskforce, under former HBOS bank chief executive Sir James Crosby, on identity management, and a broader review of public services, led by Sir David Varney, on optimising use of existing identity information. He is considering a fundamental redesign of the ID project to fight a wider range of crime. He believes that, as private companies acquire biometric security systems, their spread in daily life is inevitable.

'There is going to be a key issue over the next 10 to 15 years about identity management right across the public and private sectors,’ said the source close to Brown, adding that immigration control would be only part of it. ‘It's about people coming to accept that this is not only a necessary but desirable part of modern society over the next 10 years. What [the Tories] are objecting to in the political sphere is going to be absolutely commonplace in the private sphere and saying “it's not the British way” is just not going to work.’

Brown believes that, if myriad private databases develop, there is a risk that information will leak or be stolen. The Crosby review is looking at safeguards.

Critics said the ID cards project was already too troubled to be expanded. ‘It's a pretty shoddy way of cutting the costs, and it doesn't really alter the fact that all the signs are Whitehall is simply not in a position to deliver even the early stages of an ID card,’ said Nick Clegg, the Liberal Democrat spokesman for home affairs. He said giving the private sector access to centralised databases was a big step towards ‘a full surveillance state’.

David Davis, the shadow home secretary, said: ‘This is an admission that the government's ID card system as it stands is destined to fail without something else to prop it up. It is regrettable that what the government is proposing will actually worsen the assault on privacy without materially improving security.’

Tony Blair's insistence on Thursday that ID cards would be a ‘major plank’ of the next Labour manifesto was seen as an effort to tie Brown into the idea, but it appears Brown is already committed.

The Observer recently disclosed that the company analysing police DNA samples was storing them, despite assurances they would not stay in private hands. However, sharing biometric data with high-street companies would be even more controversial.

If anyone reading this knows Mr. Brown's private source, and if this is what he actually said, could you please mention that in the private sector we actually try really hard not to alienate our customers.  We try to do the things they will want us to do, that they will thank us for having done.  I for one don't have a clue how or why a company like mine would want to be associated with the type of relationship proposed above.  To me it sounds really goofy.

This ID card discussion as presented here needs a complete reset.  It's time to reboot, to install a new bios. 

Let's start all over, and begin by protecting the security of our citizens.  What is privacy except security from the point of view of the individual?  Protecting individual privacy will do more to secure the state than anything else that can be attempted – because it will result in well-designed systems that are impossible for enemies to penetrate.