Identity on the Internet
Available digital services are growing quickly but they are often strangled by a lack of a trusted digital identity which would be available for everyone and everywhere. In daily activities, people cannot enjoy seamless service experience because a suitable digital identity infrastructure is not in place. Identity is broken on the Internet.
Why is Identity broken on the Internet?
The problem of identity on the Internet can be attributed with several factors including the following:
- Fragmented and inconsistent solutions
In the absence of a standard ubiquitous digital identity framework, the identification processes used for different services on the Internet have evolved independently, leading to fragmented and inconsistent solutions with variable levels of security, assurance and usability.
- Vague Identity solution marketing
Corporate Single Sign-On products are increasing and most of the solution providers consider that the same solution fits for the internet. It means that today, we have lots of incompatible competing products that are being marketed as a suitable identity solution on the Internet. These identity federation / SSO is sold as an authentication technology for the Internet but the level of assurance, identity, registration and authentication are bound together so that they work only in service provider silos.
- Lack of modern business model
Banks for example, still want to bind users to a special service technology within silos and no cooperation with other line of businesses is possible. This was the business model in the last century and it is hard to fit with the Internet age.
- Usability and user experience
A uniform and simple user experience helps services to advice their users when assistance is needed. Currently we are far from this. Even the simplest authentication flow can be made far too complicated.
- Technical limitations
Various authentication methods provide only web session authentication technology. It means that Fintech transaction approval or legal signatures are still hard to implement.
- Inadequate Strong regulation
Although, Regulators wants to fix the problems of identity, at least from a consumer’s security and privacy perspective. Regulations such as the EU’s GDPR means that the consequences of poor security are now high. Similarly, PSD2 requires payment transactions to use strong authentication.
However, solution providers still provide options and opportunities and they can define their solution scope as they want. No need to support GDPR or PSD2 regulations.
From our point of view, the key problem is in the identity schemes used on the Internet. The following figure depicts typical identity schemes (i.e. how identity and services are related). There are three schemes:
- Siloed – each service defines their users’ identity
- Centralized – centralized entity defines users’ identity
- Mesh – independent entity defines users’ identity
What is the solution?
Given what we know, the question is how do we address the problem of broken identity on the Internet?
We think that siloed and centralized identity schemes are unnatural on the internet. The only scheme which fits the internet is the mesh scheme which allows free form relations between each party without restricting usage of the identity.
…..to be continued.