Jiri’s Notepad

But it wasn’t until one of the late panels, “Identity on the Frontier” (with heavies from Microsoft, Sun and General Motors), that a problem and its solution became clear to me. There was a missing party at this table: the *customer*. All these guys were looking for ways to impose yet another identity management system on “the consumer”. Yet our most personal identities, like the Net itself, are unmanageable.

Identity is something that proceeds from the inside out, from me to the world, not from the world to me. All the identities by which the world labels me are secondary, not primary. My primary identity is mine alone. I should be able to remain anonymous (or pseudonymous) or do business with other parties on my terms as well as theirs. “Natural markets are about relationships”, my third-world friends tell me, “not just transactions.”

• To buy your groceries, you disclose an awful lot by your physical appearance. Age, sex, race, social status, health. Trying to conceal these by wearing balaclava won’t help much because the shopkeeper would likely call the police.
  
• To get a bank account in a foreign country, you have to come to the bank personally (and thus disclose your physical) and provide a proof of identity (through ID card or passport) and some evidence of reputation (such as copy of receipts or letter of recommendation from your home country bank). In the beginning, you get a limit on the day withdrawal which you can raise after a period.

• In different scenarios you identify yourself through various means. Some are simple (groceries), some more rigorous (bank).
  
• In most interpersonal and commercial transactions, you can’t conceal your identity completely (balaclava in your local shop)
  
• Your identity is “managed” by third parties you are conducting a transaction with (bank system stores your credetials).
  
• Though identity management can be partly outsourtced to a third party (ie credit check company), this is rather ad-hoc and there is no single organisation or system that would centrally manage this.
  
• Relationships are being created through a history of events

IMO, one of the objectives of building digital identity infrastructure should be to for it ro reflect relationships from the real world as reflected in law and fair business practice. Any changes in balance of power should be done with the genral consent of both parties conducting the transaction. 

Doc is critisising BigCos and he thinks that when building the new infrastructure, they are trying to shift the power on their side. Judging from current architectures and public appeearances, this maz apply partially to Microsoft Passport or to the similar service from AOL. Liberty Alliance approach, according to presentations and various interviews that has been published, seems to respect the real world balance of power, customer’s right of choice etc.

Because LI specs are not out yet and very little information has been publicised, it is still possible that the infrastructure coming from Project Liberty will disadvantage the customer, any open-source public identity management effort would be indeed beneficial. Howver, an area where open-source project could be important, is infrastructure to support non-commerce transactions that is generally not of an interest to commercial vendors.