Multiplicity inevitable in a world full of choice
The Privacy and Consumer Advisory Group to the UK ID Assurance Programme have submitted Nine Identity Assurance Principles, in draft, as the basis of a framework to which Identity Assurance Service providers would subscribe to as part of the UK Identity Assurance Program. This post is in regards to the third of the 9 principles 'The Multiplicity Principle' and follows the first principle of Consumer Consent and the second of Transparency.
I can use and choose as many different identifiers or identity providers as I want to
It may seem counter intuitive for us, as a single identity service, to support such a principle but we do. There are two main reasons why this principle needs to be supported, and why in many ways it is inevitable anyway.
This principle is defined as:
"Service-User (individual) is free to use any number of identifiers that each uniquely identifies the individual or business concerned. Service-User can use any of his identities established with an Identity Assurance Provider with any Service Provider.
A Service-User shall not be obliged to use any Identity Assurance Provider or Service Provider not chosen by that Service-User; however, a Service Provider can require the Service-User to provide a specific level of Identity Assurance, appropriate to the Service-User’s request to a Service Provider.
A Service-User can terminate, suspend or change Identity Assurance and where possible can choose between Service Providers at any time. A Service Provider does not know the identity of the Identity Assurance Provider used by a Service-User to verify an identity in relation to a specific service."
Firstly, we are in a competitive environment where consumers will always have a choice and this is a good thing, it is essential. Competition is a catalyst, especially where consumers have a strong choice, for service providers such as us to offer the right service. Consumers need this choice to help drive the market to adopt what, in the end, is the best solution for them and it is this choice which leads to at least some fragmentation in the market.
But there is also a more fundamental reason why we will always need to be able to choose between a number of different identity providers. With the Internet now being so completely entangled in our everyday life and at every level, there are a lot of different things we do online. These different things may well require us to have different identities to do different things. Personally, I can easily see myself even still using my Twitter or Facebook identity for personal or casual access to services but my trusted miiCard identity to do more secure things.
Allowing ourselves to own and manage these different aspects in our lives provides a great deal of control - control that we are at risk of losing as more and more of our information gets shared without our consent. As individuals in control of our own identities and personal information I think we need to compartmentalise this information for different uses.
At miiCard we are acutely aware of this and have some very exciting functionality being released soon that provides our members with even more control in managing such a wide range of situations. But we understand that our members won't just have a miiCard for everything they do. As someone who uses the Internet every day what I really want is a couple of identities that I can use to access a range of services without having to manage dozens of passwords, setting them to the same ones to try and manage them, or putting them in a password safe that means I have to constantly copy and paste them into the service I want to access. What I want is two or three identities I can use in different situations, a personal one, a trusted one and one that I use without sharing any information.
It is why we are also a big supporter of the interoperability between identity services and work with a number of them ourselves such as Callcredit and Avoco Identity. At the end of the day it is our members that we need to support and provide the benefits to so that they can do the things they need to in our digital world. As an industry, without this convenience, choice and flexibility, how can we expect to get the adoption needed to truly create trust online?
Read about the other principles:
"Having a Digital Passport will let us travel the Internet with the trust, confidence and convenience that we need today. In many ways, it's the last frontier in Cyberspace."