top of page
jshamah

Are we asking the right questions about identity?

Alan Mitchell, Chairman of The Mydex Community Interest Company has blogged this view of the Economics of Identity as an alternative to that provided by Heiko Rossnagel and Michael Kubach from Fraunhofer IAO. I am happy that these different ideas can be debated. I am not even sure if just one solution is possible, and if that is the case, can different concepts co-exist? - Jon Shamah



Are we asking the right questions about identity?

As the old saying goes, if you ask a silly question expect a silly answer. For

example, if you ask the question “how to reach the pot of gold at the end of the

rainbow?” you could waste a lot of time and effort in your quest for that gold.

A few weeks back, Michael Kubach and Heiko Rossnagel from Fraunhofer IAO

laid down a gauntlet to the identity community with an article asking whether

economically viable ID ecosystems can be built. The problem is simple: most of

the main actors in identity so far see it as a way to capture a pot of gold for

themselves at the end of the identity rainbow. But not enough people are

prepared to hand this gold over.


Result? A stalemate where, the authors suggest, the only solution may be for the

necessary infrastructures to be permanently subsidised by the state.


An alternative question

There is, however, a different way of thinking about digital identity. It asks

different questions which quickly lead us to some very different answers.

When push comes to shove, identities are assured when enough verified

attributes about an individual can be presented. An identity, then, is not a

separate ‘thing’ in itself - a product to be packaged and sold. It is actually

generated as a by-product of the ability to share verified attributes.


Depending on the situation and context, including who is attempting to verify

the identity for what purpose, the verified attributes in question may vary. In

some cases, more such attributes may be needed with higher levels of security

surrounding them. In others, maybe less are needed. Which means that this

ability to share verified attributes needs to be flexible: customisable, capable of

dealing with a wide range of different requirements.


An alternative answer

As it so happens, the means of delivering such flexible, customisable data

sharing has already been built in answer not to this question of identity but

another question entirely: how to eliminate the huge amounts of friction, effort,

risk and cost that service providers and customers currently incur when trying to

find, present and use the data they need to access and provide the services in

question?


One way of doing this is to provide individuals with their own personal data

stores (PDSs), and to enable service providers to deposit cryptographically

secure verified attributes in these PDSs, so that individuals can reuse them as

and when needed.


It turns out that provision of this safe, neutral, enabling data logistics

infrastructure works just as well for the sharing of verified attributes for the

purposes of identity assurance as for service access and delivery. Which means

that the problem of identity assurance can be solved, not by vast complicated

attempts to create a new ‘identity industry’ but by solving a different problem

instead: how to enable data sharing for the purposes of efficient, effective

service delivery.


The value capture logjam

In their article, Michael Kubach and Heiko Rossnagel rightly point out that the

identity industry’s current commercial logjam boils down to the issue of value

capture. This is how they sum it up: “It is largely unclear how opportunities for

value capture can be realised through various fees without creating adoption

barriers that are too high in view of limited willingness to pay by the other

actors”.


But this value capture logjam only arises if those involved insist on treating

identity as a product to be sold in a market for a profit. In the context of data

sharing for the purposes of improved service provision this isn’t necessary. A

completely different set of economic considerations kick in instead.


Data is shared between individuals and service providers as extensions of their

existing relationships, the legal basis being the data portability provisions of

GDPR (Article 20 in particular). No prices are set for this data, no money changes

hands, and no margins (profits) are made on the sale of any items.


Yet huge amounts of time, effort and money are saved because improved data

sharing eliminates the multiple layers of friction, duplicated and unnecessary

effort, risk and cost that are generated by today’s data systems - data systems

that are organised around separate, isolated organisation-centric data silos that

are designed to hold data close to the organisation’s chest and NOT to share it.


In other words, when identities are assured as a by-product of the sharing of

verified attributes (made possible by the use of neutral, enabling data logistics /

personal data store infrastructure), the ‘value capture’ dilemma is replaced by

the new win-wins of improved data sharing.


A way forward?

We at Mydex CIC first began to realise all this over a decade ago, when we were

chosen by the UK Government to be one of just five companies to pioneer its

‘Verify’ identity assurance programme. It was our experiences in this programme

- including the huge cost savings we saw once we made it possible to easily and

safely share the building blocks of identity (verified attributes) - that led us to

these conclusions.


This is what led us to build our existing personal data platform which is now up,

running and operational 24/7/365, specifically to provide the safe neutral

enabling data logistics infrastructure that this approach needs.


That doesn’t mean all obstacles and challenges are simply waved away. To

ensure its ongoing integrity, a huge amount of thought and effort needs to go

into the design and operation of this infrastructure and its operation. Many

technical interoperability issues need to be overcome.


Collective action problems don’t simply disappear either. While it is in every

service provider’s interests to be able to tap into a system where the data they

need can be provided by individuals instantly and safely, it is in none of these

service providers’ interests to start the systemic ball rolling by populating an

individual’s personal data store with their data. In the short term, all that does is

help other organisations improve their operations while they pay the costs.


So, as Kubach and Rossnagel conclude, some Government intervention may be

necessary. But this intervention doesn’t have to take the form of a permanent

subsidy. All it needs is some initial pump-priming to establish the critical mass

for a system that would quickly do more than pay for itself.


In short, an economically viable ID ecosystem is indeed possible. But it only

becomes possible when we start asking a different set of questions to find a

different set of answers.


Alan Mitchell

Chairman, Mydex Community Interest Company


Komentáře


bottom of page