Identity Futures

Next Step:
 * Call on Wednesday November 26th at 9AM Pacific
 * 1 (906) 481-2100 - Access Code 942276

Notes from IIW 2008b session

Scenario Proposal 1

Identity Futures Nov 26 08 Conf Call Identity Futures Dec 16 08 Conf Call

This is for the work of the Identity Futures working group. It was decided an organizing page was needed to share the work that came out of the "proto"scenario planning exercise for a panel on the Future of Convergence of Internet Scale Identity at Digital Identity World 2007. Phil Becker, Phil Windley, Johannes Ernst, Mary Ruddy, David Kearns, Mark Wahl, Drummond Reed and Charles Andres.

Kaliya Hamlin was asked to moderate this panel and decided that community thinking about the topic would be most interesting. She worked with John Kelly to develop the process. They surveyed the community for their thoughts on the future and then developed 31 events that could happen. At the Sunday afternoon exercise they wrote a further 20 events. The group of 7-9 folks clustered the events and then looked at the patterns and drivers. We found several key centers of gravity

A Strong Authentication

B Biometrics DNA

C Commercial Sector Role

D Physical Devices

G Role of Government - Legislative, Deployment

I Internet Itself

L New Legal Constructs and Implications

S Community/Social Role

Here are the events we used for our landscape. THEY ARE NOT PREDICTIONS. They are tools to help us think about the future. The events that have ** will be raised at our talk as discussion points - they were seen as interesting. * were just interesting.


 * 1) * Database Owners Fined For Security Breaches Whether Or Not There Is Provable Theft Or Damage. 2009±  After hearings on the financial and personal losses following release of key data about individuals, Congress passed a law subjecting database owners to fines if they release or fail to adequately protect data about private individuals.
 * 2) ** Networks of Trusted Individuals Compete with Corporations as Players in Identity Dependent Transactions. 2012±  A vigorous minority (>11% of US consumers, more or less in other countries) have disowned managed ID products and continue to use social networks operating over open, cooperative software technology to provide whatever degree of verification and authorization is legitimately required.  Many forgo widely adopted consumer conveniences to maintain their relative privacy and personal values.
 * 3) ** Personal Data On US Citizens Must Be Tied To An Anchor Trustee/Purpose If It Could Be Used In EU Transactions. 2011±  Businesses with strong ties to both the EU and US economies have pressured vendors to develop products and procedures that respect tighter EU regulations. These companies have evolved customer relationship policies that require opt in and restrict some of widely used techniques for data mining.
 * 4)  “URL” Based Identity Widely Accepted for Social Network Applications. 2008±  Transactions that are primarily about social networking (in some cases triggering secondary or derivative commerce) tend to rely on URL or XRI based identity (example OpenID).
 * 5)  Physical Object (e.g. Phone or Card-based) ID Used in >80% of US non-cash Financial Transactions. 2012±   Managed ID systems (e.g. enhanced credit cards issued by a supplier to a customer or mobile phones) dominate financial transactions.  Use of these devices creates, transmits and retains substancial metadata about users in the US.
 * 6)  Proprietary ID Islands Choose to “Think Different” to Minimize Hacker Risk. 2013±   Proprietary islands of ID technology persist.  Busines-to-business vertical networks have evolved proprietary technology optimized for their industries. Shifting to proposed, more open consumer technology is seen as unnecessarily risky, giving up the protection afforded by being different, a strategy that long served Apple.
 * 7)  Consumers Seduced By Heavily Promoted "Closed" ID Networks. 2013±  The advantages of a "closed" next generation network for a wide range of major businesses (e.g. telcos, banks) and security–haunted governments) creates tremendous lobbying pressure to bring about widespread adoption. Consumers are seduced by the convenience of what are initially mobile phone-only systems, but these are gradually expanded till they encompass >90% of ID applications.
 * 8)  ~8% Discount Leads ~90% Of US Consumers To Opt In To Continuous Data Gathering on Their Purchases and Net Activities. 2012±  Government mandated ID turns out to be redundant. The overwhelming majority of citizens voluntarily adopt commercial IDs that provide in-depth tracking of their location, purchases and behavior.
 * 9)  Apple ID-Phone Creates Broad Acceptance Of A "Cool" Convenient But Proprietary Portable ID. 2011±  After 2010, carrying your Apple iPhone meant not needing your wallet.  Fear of theft was alleviated by fast deactivation, optionally triggered by separation from the registered owner.  The value of the data from tracking use of an ID phone is greater than the phone and phone service, now be offered free to most middle class 15-to-35 year olds.
 * 10)  "Impersonal" Object ID Supersedes Personal ID As The Focus For Meta-data That Is Ultimately About People. 2012±  Ubiquitous RFID tags and universal protocols allow widespread tracking of the motion of objects and their likely owners or users at any point in time.  Governments find this accomplishes the purpose of revealing who is doing what, where, when, with whom even though multiple forms of non-government issued digital ID are in use.
 * 11)  Seven Countries Including China Have Outlawed Identity Providers Not Licensed By The Government. 2009±  Several national governments are concerned about the proliferation of diverse identity technologies that would permit secret discussions that might be critical of their authority.  Several have banned the use of any identity service not licensed by (and presumably accessible by) government officials.
 * 12)  Transaction Histories Preferred over Reputation Systems by Experienced Users. 2009±      Reputation systems including those based on inferences such as the Wiki editor rating by longevity of edits have proliferated.  Despite improvements, they still rely to heavily on opaque generalization from events to ratings.  Serious reputation evaluators, such as top employers, now want to see the raw transaction data on which the reputation inferences are based and draw their own context-dependent conclusions.
 * 13)  Can Billie’s Identity Come Out to Play?  2009±  A group of activists have published a proposed identity meta-system for minors that would block transactions that would reveal personal information about the minor while gathering and storing information about the requesters of such information so the minor’s legal guardian can review it.
 * 14)  Trust Groups Establish Limited Claims About Members. 2009±  Groups of ‘desirable’ consumers – substantial income, credit rating – have formed Trust Groups.  Their cell phones are programmed to not reveal who they are in casual transactions.  Rather, their Trust Group certifies that the group will back up their purchases. Later matching to an individual is done by and for the group members and is not unconditionally available to their transaction partners.
 * 15)  Leading edge ID Brokers Shift From Vendor to Consumer-Centric. 2009±  Identity brokers validate information about parties to transactions.  To be successful, they must at least partially meet the needs of both sides.  As the economy has become more customer-centric, a few leading edge Identity brokers have established vendor-management software that makes vendors more transparent to consumers.
 * 16)  At Least 38 States Have Digital Drivers License. 2011±  More than 2/3rds of the states have adopted a digital driver’s license.  Many incorporate biometrics and are tied into state databases with additional information including driving records, criminal histories and census data.
 * 17)  Display Ads Based on User’s Social Network. 2011±  Given the prevalence of digital IDs and open access to social network data, many commercial websites use both individual and social network data in selecting and composing ads directed at individual users. [lots of green dots]
 * 18)  Users of Biometric IDs Have Lower Transaction Risks/Fees Than Users of Limited Revelation IDs. 2010±  Users of biometrically verified IDs get slightly faster access and are offered lower transaction fees relative to users of IDs that limit the availability of data about themselves.
 * 19)  The Digital Fugitive Becomes a Hit TV/Web Show.  2010±  Audiences can “identify” with a hero wrongly blacklisted with employers and wanted by police because of incorrect data and inferences listed in national databases.  In each episode, ‘white-listed’ strangers must decide whether or not to help the hero disguise himself and/or work under the protection of their identity.
 * 20)  Voluntary Healthy Behavior Tracking Games are Popular with Employees of Sponsoring Companies. 2010±  Google, HP, and Starbucks are among the companies offering incentives to employees to increase healthy behaviors (e.g. walking more, eating less).  To participate in these employer-sponsored contests, employees must allow their mobile phones to track not only their location but also many of their daily activities.
 * 21)  Multi-Session, Multi-Provider ID Tracking Services Enter Market. 2011±  Services that collect session information from the relying party and correlate it to the subject’s identifier to analyze information across the identity’s sessions with multiple identity providers for that relying party enter the market for financial applications.
 * 22)  Celebs and A-listers Blaze Limited Liability Persona Trail.  2010±  A major law firm and wealth management firm are offering Limited Liability Personas to their clients in California and New York.  Though not generally available yet, the experience gained from transactions and the inevitable court cases may permit a more general Persona to be offered in the future.
 * 23)  New Personas Seen As Partial Remedy for Leaked Identity. 2012±  Unwilling victims of overexposure (public or relying parties already know too much about them – at least some of which is arguably false) are seeking or being offered Limited Liability Personas as a partial remedy.  Links between their real identity and persona can be revealed only by permission of the owner or a court-issued warrant – roughly equivalent to a subpoena or search warrant.
 * 24)  >50% of Avatars Regularly Visit More than One Virtual World. 2010±  Standards for interoperability of identity and the avatars associated with them have allowed millions of players in hundreds of virtual worlds to move freely among them.
 * 25) ** Long Established Virtual World “Addresses” are Accepted by Commercial Entities as Billing Addresses. 2009±   Owners of “land” in worlds like Second Life for more than 2 years who regularly participate “in world” are able to assert their virtual world address as a billing address for commercial transactions.
 * 26)  Gaming Guilds are the First Form of Community Issued Digital Identifiers to Gain ”Market Recognition” 2008±  Employers are beginning to recognize community issued digital identifiers from gaming guilds as indicators of trustworthiness because of long-term participation of gamers in their community.
 * 27) ** Anonymity in even indoor “public” places (coffee shops) has been destroyed by cheap and portable face recognition tools. 2011±  Passive identity voyeurism has become widespread as laptop or phone based cameras and software with a net connection can identify via face recognition most of the people in a room.
 * 28)  The Older Posts By And About People Appear More ‘Aged’ When Viewed. 2010±  It is now the norm for ‘digital aging’ to be visually displayed on documents as they age.  Usenet posts from 20 years ago although still viewable have a grey age spots and cracks by default when first viewing them. Myspace posts from 2 years ago are yellow tinged.
 * 29)  Project Teams in >50 Leading Corporations are Empowered to do Their Own Provisioning and Termination for Their Team. 2009±   Project teams often cross-organizational boundaries.  Central provisioning and termination was a bottleneck to productivity.  Fast moving project teams had moved their work outside the compliance zone in order to communicate with team members.  This new provisioning innovation finally addressed this problem.
 * 30)  >40% of the Transactions at the Ten Top Retail Sites are Done with “Managed Cards” via a Card Selector for Payment. 2010±   Card Space and Higgins clients are widely used by consumers to make payments.  Discounts are offered because of these systems reduce fraud.
 * 31) >40% of US Population Have Digital Medical Records Accessible by Medical Professionals in Emergency Situations.  2009±  Vulnerable populations have been persuaded to allow their digital medical record to be accessed in an emergency by medical professionals.  Common standards for recording access history have been adopted.  Strong credentialing of medical professionals maintains system integrity.

These were events written by the community on Sept 23 as part of the exercise.


 * 1) XRI's (inames) used to 'dai" >15% of all phone calls. 2010±Enough phones support text dialing and enough people have inames to make iname phone dialing practical. Universal XRI resolution is transparent and built into name resolution libraries.
 * 2) Device Agnostic low payment transactions the norm. 2012± vehical transponder vs. mobile phone vs smartcard payment card when paying at drive thru - they're as interchangeable as credit vs. debit card for > 50% of US population according to surve.
 * 3) More than half of US Stats have statutes establishing and regulating digital notaries. 2011±  Digital notary services such as verifying the veracity of online claims (I'm employed by "sun") are useful and used. State statutes create an atmosphere/environment that supports this by training, certifying and accepting the work of digital notaries.
 * 4) Mass Disease outbreak accelerates identity on Net. 2010± Birdflu strikes causing people to be quarantined in their homes, accelerating the adoption of strong internet identity practices for social and business transaction.
 * 5) All telephony IP-based, phone numbers portable across services. 2015± Can more phone numbers across any of landline, mobile phone, VoIP services - right regulated in US Law.
 * 6) Identity providers turn a profit providing value added services such as supporting strong authentication methods. 2009± IdP's have created profitable businesses by offering authentication services that use strong authentication services that use strong authentication methods such as tokens or biometrics. While basic authentication (password) remains free, relying parties have outsourced authentication services and are willing to pay for value added through strong authentication.
 * 7) ** No ISP anonymity 2014± US W. European countries and China all regulate that non anonoymous interent connectivity allowed. Wireless access points must authenticate users, so rely on T-Mobile, AT&T, etc to perform authentication. Wifi no longer 'free'.
 * 8) The OpenID movement splits into two groups. 2008± 1) pursues strong security and authentication. 2) Reverts to "are you human" text.
 * 9) Celphone as Wallet creates market for disposable, anonymous cel phones. 2012±
 * 10) Biometric Cel phones get significant Adoption. 2009± Nokia a makes available biometric cel phones (voice and fingerprint recognition.) Within a year these devices are 25% of new phone sales.  [lots of green dots]
 * 11) Internet back bones blockout entire countries (like the Congo) that do not regulate connectivity. 2012± Due to a combination of government and commercial forces to reduce the impact of Botnets, spam, P2P licenced content file sharing on "legitimate" internet use, majore interconnect points implement peering agreements that block out networks unless downstream ISP's have stronger authentication (eg. Trusted Computing)
 * 12) * DNA on Dating sites prevents potentially bad genetic matches before you start dating. 2025± DNA profiles are routinely included in online dating profiles to facilitate identifying potentially adverse partners (eg. both carriers of sickle cell anemia).
 * 13) Largest independent IdP files for bankruptcy, roiling stockmarket. 2012± The boom in IdP's is coming to a halt. Consolidation among the 1000's of independent IdP's (which began last year) reached peak this week. IdP++ biz wins.
 * 14) Dominant Player Emerges. 2011± IdP Inc. annouces that third quarter, they facilitated 80% of ID transactions on the public internet.
 * 15) ** Government-issued becomes meaningless as millions of fake ids circulate - illegal immigrants driver forgery market. 2020± Mass "illegal"" migration by millions of tech-savvy individuals escaping environmental / infrastructure failures causes a breatkdown in trust in "government" inssued authn/authz credentials, as their is far to high a % of forgeries, and gov-issued credentials can't be updated quickly enough.
 * 16) * Phil Becker annouces at DIDW that "nothing is new" and hasn't for years. 2017± The adoption of ID Technology in 2017 is the same as 2007.
 * 17) * Walgreens annouces IdP profit center, expecting substantial profit margin contribution. 2012± This follows the publication of numbers from eBay and Amazon that indicate that these companies generate substantial profits from asserting the identities of their existing users to others.
 * 18) User-centric quarentine 2009± Mobile devices offer warnings about environment, nearby individuals for ostensible health reasons, services depoloyed in Asian countries.
 * 19) Google proposes international standards for privacy. 2007±
 * 20) Major shift in adds to social networks. 2008± 40% of online commerce shifts 30% of advertsitng and marketing to account for social networks emerging as 3rd party in consumer-merchant transactions.