Giving the user control of online identity
New Internet identity ecosystem forges a user-centric future
30 December, 2013
category: Corporate, Digital ID, Financial, Government
The personal cloud business model
Would a retailer or enterprise pay to have some certainty of whom they’re dealing with online? Respect Network is betting the answer is yes.
The company is working to set up personal clouds that consumers can use for multiple purposes, including user-centric identification and controlling what personal information they share with various online entities.
A basic personal cloud would be free to the consumer but Respect Network would charge the online business for the service, says Drummond Reed, chief technology officer at the company. The business model is similar to that of the payment card world where the accepting business pays a fee for each transaction.
“We don’t know exactly how much the relationship fees will be yet, but as with credit card interchange fees, we expect them to be a relatively small percentage of the value and therefore very attractive to businesses,” Reed says.
Respect Network is pitching its benefit to businesses as:
- Lower cost of customer acquisition
- Lower cost of customer data – direct instead of from third parties
- Lower cost of customer retention – Respect Network personal channels will last for the lifetime of the customer, even if the customer changes address or service provider
- Lower cost in secure communications
- Higher amount of customer self-service
He anticipates that certain services would be free to the consumer, but cloud service providers would likely offer additional service at an additional fee.
“We expect most cloud service providers will also follow the same ‘freemium’ model used by Dropbox, Google Drive, and others. A base level of personal cloud service will be free but consumers will pay for higher levels of storage and other value-added services,” Reed explains.
Putting a dollar value on identities
Online identities have a value to social networks that could fetch more than $100 each. UnboundID released research that helps define the value of a consumer’s digital identity. The report “Valuing Identity in Today’s Digital World,” compares the value of aggregated, anonymous data to real identity data. It estimates that real data increases a user’s profile value by as much as 100 times, creating a value of up to $124 per identity.
The study was conducted by Compass Intelligence, and surveyed more than 1,000 U.S., Canadian and UK adults with a prior understanding of digital identity. The study defines digital identity as comprised of elements such as identifiers (name, address and age), connections (social networks), behavior (viewing or usage), preferences and more. The study found that 51% of respondents want their digital identity data to improve the experience provided to them.
In addition to streamlining user experience, there are real cost benefits as well. Corporations could use digital identity data to lower the cost of identifying their customers – a cost that Compass Intelligence’s research suggests can run as high of $12.4 billion annually. The research also posits that corporations stand to create new revenue streams by making data the product itself – providing high-quality identity information to enterprise customers as a service and offering customers a way to manage and control their own identity information.
These business models offer promise, but are only feasible when the user is allotted transparency, choice and control over their data and when there is an established trust with the company that it will honor the user’s choices. In an effort to better evaluate the identity data, the survey asked respondents to assign a value to their digital identity data.
Respondents rated the value of their info shared on social media like Facebook and Google+ between $62.79 and $106.40. Executives participating in the survey listed the price they would pay for real identity data as high as $124 per user.
Designing a user-centric identity system
Susan Morrow, Head of Research and Development, Avoco Identity
The goal of user centricity is a key design tenet of a workable consumer identity platform, but designing user-centric consumer identity systems is a unique and challenging task.
To paint a picture of user-centric identity, imagine a human being at the center of a large ecosystem – to the scale of a solar system. From this, designers are faced with the challenge of planning a way to make that person central, whilst retaining the integrity of the expanded ecosystem, ultimately creating a fluid communication network that gives all parties what they need to transact.
User centricity needs to be part of a holistic design approach, incorporating security, usability, privacy and trust, all of which impact on user centricity.
Until now, corporations or government agencies have largely controlled digital identity. As an example, many companies use a directory, such as Microsoft’s Active Directory, to control employee access to company networks. The administrator of the system, not the employee, is effectively in control of that identity.
Perhaps “identity” is the wrong word to describe a method to access computer resources. But directory systems like Active Directory not only log employees into computers, they also carry information, like name, employee number, etc. This is all well and good when used within a closed system, like a corporate network, but in an expanding, disparate world of online services and applications, there needs something that still can proffer information about individuals but that isn’t controlled by some “Big Brother” entity who can use this information in different ways.
These systems are perceived to watch everything consumers are doing; block access to services, or force them to use only others; form a (misinformed) view of consumers and then share it without a shred of accountability. The identifying method must be autonomous, independent, transparent and – most of all – under your control.
But the Internet is a two way street. There needs to be a way identify individuals online so it’s under their control, but at the same time the service requesting this information needs to be certain the identity is valid and has been verified.
Thinking along these lines, a digital identity must be made up of claims about an individual that can be verified by some entity, potentially increasing trust. This entity could be almost anyone or any organization. For example, my bank knows my monthly salary and a credit file agency will have a fairly certain knowledge of my date of birth and current address. But similarly, reputation based sites like eBay or Etsy could verify that I am a trustworthy person who can buy and sell items. Social graph information held on social networking sites like Facebook, Twitter or LinkedIn could also be used to verify an individual to a certain level of assurance or be used in conjunction with other methods.
An online identity system needs certain pre-requisites:
- It needs to be accessible and understood by the services and applications relying on it by using industry standards.
- It needs to be under the control of the identity owner.
- It needs to be able to show the service or application pieces of information to prove certain aspects of an individual.
- It needs to be able to do this in a way that says, this is true, i.e. verifiable.
- It needs to be really easy to get at and use – maybe accessed using a pre-existing social network login accounts.
- It needs to have privacy designed into it from the outset.
- It needs to be as secure as possible without making it onerous to use.
Most of all, however, the online identity needs to belong to and be controlled by the individual. Identity needs to become personal again – not co-opted by corporations or governments. How to get there technically isn’t the issue, it’s an attitude, or rather the wider Web’s attitude to what those identities are, that needs to be addressed and debated.