Why you have a digital identity.
The fact is, you probably have a lot of digital identities. (1)
The people who provide all the information and services on the internet have good reasons to want to know some things about the people (you) who use them.
Sometimes a service provider only wants to know general things, like what countries their users are coming from. But when you want to use a service continuously, they need to recognise and remember you.
If your email provider couldn’t identify and remember you, it couldn’t deliver your emails. Facebook or Twitter couldn’t show you your posts if it couldn’t identify you. Dropbox would lose your files. Amazon couldn’t deliver your purchases if it didn’t know your address.
Many of the things you do online require trust. Money may change hands. You may have access to restricted material because of your job.
It may not be enough to just recognise and remember you. Another party may want to be assured they can trust you. Most of the ways to establish trust fall into one of three methods.
- Ask you to prove your identity.
This is what banks and employers do. They want to know your legal, or ‘civil’, identity. Civil identities are provided by governments and are usually proven with documents like birth certificates, driver’s license and passports.
- Ask another, already trusted, party to be a reference or an intermediary.
Often, this is what is happens when you shop online with your credit card. The seller doesn’t need to trust you, only the bank, who has already established your civil identity and can vouch for your ability to pay.
- Get to know you.
For many free services this is as simple as giving you a user name and password. That they gave them to you is enough to trust that it is you connecting. They may ask for additional information such as your age and sex. But many service providers do not need your civil identity. They let you pick your own username and you could easily choose something like Slartibardfast42 if you wanted too.
So, when you use the internet you are usually identified. How you are identified and in what way changes form services to service. But when you are identified it is because selling or giving you all those service usually depends on three things:
A service provider has to recognise you and maybe know something about who and what you are.
A service provider needs to remember you from last time; remember what happened, what you want and are entitled to, and where your stuff is.
A service provider needs to be assured that they can trust you.
We should also remember that these things work both ways. You also need ways of identifying, remembering and trusting service providers.
It is especially important that you can trust service providers will identify you only as far as they need to in order to provide their services. This is why many governments have enacted privacy legislation that controls just how much of your identifying information others can collect, use and share.
But you will understand the issues surrounding identity in the online world better if you understand that your digital identity, or identities, exist because most of the online services we use today could not be delivered without some way to provide identification, continuity and trust.
It is also worth noting that in every way that counts the way identity works the same way in today’s as it did before the internet.
In the next post in this series I will use some examples form the offline world to show how the three basic functions of identity – identification, continuity and trust – have been a part of our lives for thousands of years.
(1) I realise that most of the people who read this blog have a professional interest or connection to digital identity. Quite a few would wear the epithet ‘identity geek’ with pride. That cohort may find this series simplistic and uninformative. Still, I would offer the following comments for your consideration.
I am a firm believer that a hallmark of mastering a complex subject is being able to explain it to others in terms they can understand. So, in the first instance, I am writing this series as a kind of test for myself. Digital identity is a complex subject. Do I know it well enough to explain it clearly, without needing my readers to be proficient in the esoteric jargon of “IAM”? More importantly can I explain digital identity meaningfully without relying on a knowledge of computer science, and information technology? (Which, I may add, is different to an experience of information technology, which I do assume my readers have.)
The second reason I ask the identity experts to consider this series is that the “IAM space” is riddled with esoteric, ill-defined and contested jargon. Which, I hasten to add, is as should be expected for such a new field, and one in which there are so many interested and talented parties. There will eventually be, as there has been in all long lived disciplines, the codification of a body of shared knowledge and terminology. Some concepts we took to be foundational and essential will turn out to have been contingent and transitory. In these posts I have quite intentionally moved some common assumptions to the side in the hope of adding some original and useful thinking to the field.