I just found Marco's blog the other day, and I'm glad I did.
Marco writes about something he believes will grow in importance in 2008 in the world of identity management - "consent management." Consent Management is, "the active management and enforcement of users' consent when collecting, storing, accessing, processing and disclosing personal data."
Now, in the circles of the identirati, ownership and control of personal identity data has been the subject of debate since the beginning of identity technology. But in a larger realm, that has not been the case, with individuals often willing to give up their sensitive information for a free coffee or candy bar.
The recent kerfluffle with Robert Scoble and Facebook has got the alpha geek-sphere buzzing with the "who owns my data?" question. Despite the fact that their asking the wrong question (its not about ownership, its about control), their collective attention will, over time, translate into a workforce that is concerned about issues of -- you guessed it -- consent.
One of the big ideas that I was kicking around a couple of years ago when Kim Cameron first wrote his "laws of identity" was how "user-centric identity" would someday alter the architecture of identity management within the enterprise. Its now beginning to look like social networking may be the vehicle that drives us toward that alteration. Notice too, that as "social networking" drives us toward consent management, we find ourselves with *another* critical piece in identity that is suddenly very related to collaboration (the other, I argue, is federation). Could it be a larger wave occurring? Is identity ultimately to be driven more by "collaboration" than "security?"
Hmmmm....
No matter, in the meantime, its time for architects and CIOs everywhere to start thinking about how their going to deal with the issue of consent when their workforce rises up and demands it.
--Eric Norlin





