Who are you?
What are you?
If the answers come from you, they speak of your sovereign identity: that which is yours and you control.
If the answers come from your employer, your doctor, the Department of Motor Vehicles, Apple, Facebook, Google or Twitter, they speak of your administrative identity: that which is theirs and they control.
For as long as we’ve had identifiers in computer and network system namespaces, we have been talking about administrative identities, not sovereign ones.
All administrative identities are silo’d: isolated inside systems and their namespaces. The Internet, which cyber-utopians (me included) cheer for its decentralized peer-to-peer and end-to-end architectural graces, has become a vast forest of centralized systems, each a silo. This Great Silo Forest is a hall of administrative mirrors. Your reflection in each is not you, but an administrative version of you.
Want a sense of how bad this is? Go into your browser prefs and hunt down the place where your logins and passwords are kept. Every one of those login/password combinations is for a different you, that each different system knows separately, owns separately and controls separately.
Multiple silos can “federate” identifiers for their convenience, and sometimes that’s cool. But the problem that falls on you — coping with countless different administrative silos — is not relieved by administrative federation, because it’s an administrative solution for an administrative problem. Not a solution for you.
See, the main problem with administrative identity is centralization. And every centralized approach to the problem of centralization causes more centralization and worsens the problem.
Even “user-centric” identity (with its “identity providers” and “relying parties”) are framed in administrative terms. They do not start with the sovereign individual, and are not driven by that individual.
Even the term “user” implies something less than sovereign control.
What we need ares personal systems for managing our sovereign identities, and for doing our own federation to the administrative systems of the world.
Devon Loffreto (@NZN) has done the most thinking-out-loud about this issue. A compendium of posts:
- The Identity Problem (which responds to my post here)
- What is Sovereign Source Authority?
- Administrative Precedence
- Identity = Industrial Control
- Heterarchy (which cites Adriana Lukas‘s pioneering work)
All this is right up the alleys of IIW — the Internet Identity Workshop, which is coming up next week. And this is the first in what I hope will be a series of posts that will provoke conversation and forward movement at IIW.
“Even “user-centric” identity (with its “identity providers” and “relying parties”) are framed in administrative terms. They do not start with the sovereign individual, and are not driven by that individual.”
That’s not true, at least not of OpenID.
Well, I suppose it would depend on how you use it. But if I have my own domain, I can authenticate off of it, and then I can change OpenID providers freely (without my ID changing) – including running my own, if I want. I suppose many people just point directly to the providers url for them – yahoo or google or whomever.
Anyway, if you run it as was really intended, with your domain, I would say it is sovereign. If you also run a provider server (more involved, certainly, than a snippet of HTML, but not terribly hard), then it is certainly sovereign.
Comments are now closed.