Martin Kuppinger has a post up that brings us back to one of the very earliest - and thorniest - "identity problems." That of the "trusted identity provider."
As more and more of our business and personal lives move on-line, the need for not only identity, but identity that is assured and attested to becomes more and more valuable (especially as the value of the interaction rises). Most "identity thinkers" have argued for "trusted identity providers" -- or entities that can attest to that assured identity - much like companies like VISA attest to your ability to pay. The problem has always been: who will BE that trusted identity provider?
The most obvious answer -- the government -- isn't all that satisfying. And other possible answers have ranged from Microsoft (passport) to Google to the Postal Service to VISA. The flip side of that equation is that the trusted identity provider is going to have to assume risk in ways that aren't yet fully understood in a business sense. Imagine, if you will, that your business had to assume the risk of identity theft or fraud for all of your employees across ALL of their internet interactions. Are you game? I didn't think so.
Martin's main question, then, is who (if anyone) can step up to the "holy grail" of being a trusted internet provider? The underlying question is if the trusted identity provider should be *one* entity or multiple entities. I tend toward multiple, distributed entities that serve multiple, distributed functions, but the analogy of VISA and Mastercard certainly don't support that thesis.
What do you think?
Why not let "the trusted internet provider" be the users themselves.
That's where it should begin-that's where the "bang" is.
That's how I'm working digital identity-