Identity heavyweight Marcus Lasance is Managing Director of U.K.-based MaXware. He wrote this piece on E-commerce and User-Centric identity management in ITSM Watch:
New ID schemas are emerging that will, hopefully, ease IT's management burden while fueling e-commerce, writes ITSM Watch guest columnist Marcus Lasance of MaXware.
Enterprise organizations and governments view customer relationship information as a key asset and are fiercely protective of this asset. Fortunes are spent on maintaining customerâ€™s personal information and protecting this information from prying eyes as mandated by data protection legislation.
CIOs are relying on meta directory technology to solve one of the industryâ€™s thorniest problems: how to maintain information about the same individual scattered over different databases and directories nevertheless perfectly synchronized. Corporate-managed updates are effectively replicated using standards based connectors and schema mapping between systems.
However, what this technology cannot solve is the ability to provide updates we donâ€™t know about. In the real world, our customerâ€™s circumstances are constantly changing, yet businesses and (most) government agencies are not automatically alerted. This is an ongoing problem, because no matter how good we are at synchronizing data across platforms and applications, it doesnâ€™t matter when the data becomes rapidly obsolete.
No call center can solve this problem. As an industry, we need to find a more logical way to manage this; namely through user-centric computing which puts individuals back in charge of their own identities.
Today, CIOs are watching two different user-centric solutions rise in popularity: InfoCard from Microsoft and Project Higgins from the open source community.
Conventional wisdom indicates that, with the advent of Vista on countless PC desktops, InfoCard will become the de-facto way users will manage their identity information. CIOs need to take note: On a global scale, employers are expected to issue InfoCards to their employees, governments to their citizens, etc.
Greater acceptance to InfoCard is due, in part, to InfoCardâ€™s being based on WS-Trust and providing a much more “open” solution than Microsoftâ€™s previous and suspiciously received Passport offering. InfoCard is not designed to run exclusively on Microsoft servers or Microsoft owned networks, which means that, in principle, every home PC connected to the Internet can become an identity provider.
What will be the business implications of a huge uptake of InfoCards as a mechanism to replace good old username-password logins to most e-commerce websites? Is it another expensive hype that hasnâ€™t lived up to its expectations like PKI, which was predicted to fuel e-commerce like a out-back fire storm?
Well-known companies like eBay and Amazon are most likely to be early adopters of user-centric computing and other e-commerce sites will soon follow suit or be left behind. Cost savings combined with better security should follow naturally.
I can see a future in which most users will have between three-and-six InfoCards that can regularly used for different types of public or private transactions. The chore of maintaining personal information relating to those cards now resides with the individual, making it easier for organizations and consumers both.
With user consent and by subscribing to change alerts from identity providers companies donâ€™t have to waste tremendous financial and human resources managing data with a rapidly deteriorating life span. Individuals donâ€™t have to worry about maintaining endless silos of personal data.
When consumers can assign preferred identities to trusted vendors and more anonymous identities to things like chat rooms we will eliminate the need to enter reams of personal information on webpages we donâ€™t necessarily trust; organizations will reap the financial rewards by cost savings and better quality of information.
However, in my opinion, the really big money will be made by a few, select organizations with the financial clout and public-trusted brand names to become the default public identity providers. Remember an InfoCard does not store the actual information, just the links to it. The information itself has to be stored and secured and backed up somewhere. Some kind of identity meta system will emerge, backed by a few powerful players. Organizations will emerge with similar roles that Swift, BACS, MasterCard and VISA now perform for financial services network.
Itâ€™s possible that giants like AT&T, Nokia or BT might be able to make a few pennies every time a user selects their InfoCard (from a stash of many InfoCards) stored on a desktop or IMS mobile terminal. Imagine the total world wide economic value of such e-commerce mediators.
With the individual in control and new technologies that will soon take the pain out of logging on the new services, user-centric computing could once more revitalize the e-commerce industry, and the market opportunity to become an identity service provider might mean even bigger business for a lucky few.
Interesting thoughts, though I actually think, in the fullness of time, Information Cards will convey subtle aspects of identity like reputation in various contexts, and be much more bottoms-up than Marcus suspects.