Giving the user control of online identity
New Internet identity ecosystem forges a user-centric future
30 December, 2013
category: Corporate, Digital ID, Financial, Government
Ownership issues
When a consumer chooses a social login he doesn’t own the identity, Windley explains. If a consumer uses a Google login for different sites and wants to change something, or if Google decides to remove the user, all links to credentials on other sites are also removed. “I need to be able to move my credentials without losing all my connections,” he says.
Consumers enjoy the idea of using these federated accounts for ease of use, but they don’t know what data they’re giving up for that convenience. “Social login IDs such as accounts at Facebook, Twitter, and LinkedIn approach being user-centric because individuals choose to create them and then reuse them at participating third-party sites for personal data sharing,” Maler says. “But these and many of today’s digital identities or credentials operate on a business model that treats users as the data product.”
This model puts the user at a disadvantage and has led to discussions around “personal data stores” that are user-centric and give the consumer value, Maler says. These stores – sometimes referred to as personal clouds – can balance security, transaction value, user choice and broader privacy concerns. However, this model has thus far been difficult to achieve.
“There are minimal real world examples of this out there,” says Andy Land, vice president of marketing at Unbound ID. Some telecommunication companies are starting to move in this direction, as they want to become a trusted intermediary in the chain, he explains. To ultimately achieve this model, however, he notes it may take government regulation.
Pushes for better regulation of personal data are already driving this in the European Union, Land says. As U.S. companies are forced to make these changes overseas it will likely trickle down to consumers here.
Wither the marketers?
Marketers will be the ones to most oppose a user-centric identity model, Land says. The flood of marketing data will be slowed, but the data provided will be more valuable.
Instead of getting a small amount of data on 500,000 possible customers, the company will get a lot of information from 50,000 customers who opt in, Land says. “It’s the use of your data with consent and you’ll give up the data because there’s a benefit to you,” he says. “It offers users transparency, choice and control … which are all limited today.”
For example, a user in the market for a new car might request information from multiple auto dealers without giving up personal data, contact information or even a name. Additionally, the user could choose to provide a credit score to help the dealer accurately price the vehicle and loan options … all while maintaining anonymity.
Land cites the example of a user opting in to a hotel loyalty program. When the guest enters the hotel a message pops up on his mobile, welcoming him and offering mobile check in. The handset can then become the room key enabling the guest to skip the front desk.
Since the user has shared information with the hotel, it knows what television channel the guest wants on and can also set the thermostat to the preferred temperature. “All of the data is given with consent and the hotel can only use it for their own purposes,” Land says.
Ultimately the data will be better for the marketer because they will be serving those customers who are interested in hearing from them, Land says.
Enter the personal cloud
A user’s control of the data is important but so is portability, says Drummond Reed, chief technology officer at Respect Network.
Respect Network is introducing the idea of a personal cloud for individuals that would enable control of the identity and remove any third-party intermediaries. There should be something that is easy to use, such as Facebook Connect, but without Facebook in the middle, he explains. “Click on a button and the next step should be served by your personal cloud. It will detail what information you can share and what attributes you decided to share.”
The relationship with the personal cloud should also be lifelong, Reed says. “You shouldn’t be subject to losing those relationships if you lose your social networking account,” he adds.
Respect Network is forging its own type of social, federated login called Respect Connect. As with Google, Facebook and others Respect Connect will be an option for users when choosing a federated login, Reed says.
Respect Connect will link with an individual’s personal cloud and enable the user to pick and choose which information to share. It will also offer the user higher levels of identity assurance and the ability to use multi-factor authentication technologies, Reed explains. Respect Network has partnered with identity verification companies to offer higher-level identity vetting.
There will also be a peer-to-peer sharing aspect to the personal cloud, Reed explains. Individuals will be able to share personal data based on their profession, hobbies and other common interests.
Neustar is working with Respect Networks, engineering external authentication aspects of the personal cloud, says John Kelly, vice president of technology strategy at Neustar. There will be other functionality of the personal cloud too, such as storage. “It’s a complete platform in the sky that gives you storage and contains information about you,” he adds. “What you have now is multiple identities across the Web.”
Respect Networks is going with a business model similar to the ones used by the credit card market, Reed says. The difference is that with the credit card networks, businesses pay an interchange fee based on the value of the transaction. On the Respect Network, businesses pay a relationship fee based on the value of the relationship – the value to the business of having a trusted connection to that individual’s personal cloud.
Windley, founder and CTO at Kynetx, hopes to add another component to the personal cloud. He wants to enable a consumer to receive notifications and information related to things – data, requests, interactions – in their personal cloud.
“This is the kind of utility that makes it personal. Its not just that I have an identity but the personal cloud starts serving as a catch point … and I’m seeing interactions around it and interesting things that didn’t happen before,” Windley explains.
For example, an individual can tag their car and mileage in their personal cloud and when the car gets close to requiring an oil change, notification can be sent as a reminder. In addition, the personal cloud could request information from local auto shops about oil change specials and availability in an anonymous manner such that personal details and contact information are not disclosed.
Adding this aspect to the personal cloud will offer more value to the consumer. “The theoretical benefits of user-centric identity are only marginally interesting to people,” Windley says. “But there’s a lot of reasons why people will care.”
The key, he stresses, is to focus on the tangible, real world benefits these solutions can deliver.