Sunday, 2 August 2015

Unblocking Digital Identity

When it comes thinking about citizen identity schemes, centralisation is so Y2K.  A decentralised or federated model would remove the bureaucracy, put the customer at the heart, delegate control to the user and balance security and usability.  Though look out federation, there is a new kid in town.  Distributed is where identity is at - or is it?

Blockchain, the distributed ledger solution behind Bitcoin, is becoming the hot topic of the digital identity world.  It ticks many of the important boxes - privacy by design, cryptographically secure, robust architecture, irrefutable provenance, consent and control with the user.  So Identity on the Blockchain could be the next big thing for citizen eID.

Though before giving up on federation we should put Bitcoin in context.  Relative to the British Pound (born 775), Bitcoin is a mere pup (born 2008/9) - though to compare it with another digital disrupter, by the time Facebook was 6 years old it had over 600m users - Bitcoin has less than 4m.  Having an unregulated, community owned technology is arguably more of a negative than a positive - particularly when it comes to things of value.  It is estimated that around a third of the Bitcoins created are now classed as zombie coins - the cryptographic keys required to transact them lost at the bottom of a rubbish tip.  And with no central authority there is no redress, no one to hold accountable other than the end user themselves.

Though the lack of a central authority has created a marketplace for a federation of exchanges and wallets; performing as an intermediary between the end user and the overall community.  Though in an unregulated marketplace how can you trust these intermediaries?  With loss of their customer's crypto keys and pending criminal prosecutions it would seem the answer to that question is that you can't.

While the Blockchain may be a future technology upon which citizen identity could be based it is also worth considering that the concept of the distributed ledger for identity has been used successfully for quite some time.  In the UK the General Register Office has been operating the exact model since the late 18th century - with births, deaths and marriages being recorded in local registers, that issue certificates to the end user, that they control as the central authority.

Bitcoin and Blockchain are technology led solutions that have gained a niche use in financial payments.  The same technology will have a role to play in pure play identity and access management solutions and it may solve use cases within the citizen eID space - though doing this from a customer led perspective to find the technology solution will have a greater chance of success.

The core challenge for a successful citizen identity scheme is to hit the sweet spot between allowing the real person to claim and assert their identity and preventing anyone else from doing the same.  Balancing how easy you can make the former and how difficult you can make the latter comes above whether your solution is centralised, federated or distributed. 

So maybe centralisation isn't quite so Y2K after all.  Maybe federation will solve the issues.  Maybe the future is Blockchain or another distributed ledger model.  Though if you were looking for the best solution - maybe, just maybe, a model based on the best of all of them could be the real future? 

Read my other posts
Just in Case - From early adoption to maturity
I have control - Can we truly own our identity
Tipping the balance - Getting the right balance between security and user experience
You don't know what you're doing Poor security practices are putting users at risk 
I didn't say you could touch me - Biometric authentication and identity
You don't need to tell me - Impacts of the EU General Data Protection Regulations
Coming together on being alone - The need for a clear government digital strategy
I'm not the person I used to be - Authentication for real world identities
Distributed Identity has no clothes - Will distributed ledger technology solve identity
Bring Your Own Downfall - Why we should embrace federated identity
Tick to Agree - Doing the right thing with customer's data
The Kids Are All Right - Convenient authentication: the minimum standard for the younger generation
The ridiculous mouse - Why identity assurance must be a rewarding experience for users
Big Brother's Protection - How Big Brother can protect our privacy
I don't know who I am anymore - How to prove your identity online
Three Little Words - What it means for your business to be agile
Defining the Business Analyst - Better job descriptions for Business Analysis
Unexpected Customer Behaviour -  The role of self-service in your customer service strategy
Rip it up and start again - The successful Business Transformation
Too Big To Fail - Keeping the heart of your business alive
The upstarts at the startups - How startups are changing big business 
One Small Step - The practice of greatness
In pursuit of mediocrity - Why performance management systems drive mediocrity

About me

Bryn Robinson-Morgan is an independent Business Consultant with interests in Identity Assurance, Agile Organisational Design and Customer Centric Architecture.  Bryn has near 20 years experience working with some of the United Kingdom's leading brands and largest organisations.

Follow Bryn on Twitter: @No1_BA

Connect with Bryn on Linked In: Bryn Robinson-Morgan

No comments:

Post a Comment