Last month, I joined a team from Gigya at the Internet Identity Workshop in Mountain View, California. This event has a long history of online identity thought leadership. In fact, it started in 2005, well before internet identity was a “thing.”
Thanks in large part to this pedigree, IIW attracts top-level decision-makers. It also generates top-level discussion on:
- How internet identities have developed
- The current “hotspots” surrounding the field
- Where online identities may be headed
Since IIW prides itself on being an “unconference” with no learning tracks or keynote speaking sessions, I attended multiple breakout conversations. Here are my three top takeaways.
1. User-Centric Identity Has Progressed… but There’s a Long Way to Go
Event participants spent time analyzing the question “How have we gotten here?”
Digital identities have evolved from centralized (think certificate authorities) into federated, (single-sign on systems, like social media logins) and, finally, into user-centric systems (OpenID Connect, for example).
Now, user-centric identities are challenged by several factors, including:
- The exponential growth of data generated by people online
- Businesses realizing the value of personal data
- The growing number of personal data hacks that constantly put people and organizations at risk
- Evolving data privacy laws like the European Union’s upcoming General Data Protection Regulation (GDPR) that are making companies rethink their positions on personal data
In addition, user-centric identity still has a lot of room to grow. Most people are familiar with social media sign-on systems from Facebook, LinkedIn or Google, for example. While these systems include some user-centric control over the identity, they are still tied fast to the companies supplying the platform.
The general sentiment at the conference is that user-centric identity will continue to grow while “platform-centric” identity will start to drop off. With our focus on providing online consumers more control over their data, Gigya is in a prime leadership position as this trend evolves.
2. The GDPR Is On Many People’s Minds
As noted above, GDPR is a main driver of user-centric identity. With enforcement of the regulation starting in May 2018, companies could find themselves at risk of painful noncompliance penalties if they don’t address their customer data strategies and operations now.
At IIW, one of the most intriguing GDPR-related discussions focused on what “identity freedom” would look like from a consumer’s point-of-view. Attendees discussed the six degrees of identity freedom proposed by Tim Bouma in a recent Medium article:
- Freedom of Credential — I should have the ability to use whatever credential (login, etc.) that ensures that I am in control.
- Freedom of Identity Data — I should have the ability to decide what information to use to identify myself.
- Freedom of Authorities — I should have the ability to choose which authorities (or lack thereof) I require to vouch for me on my behalf.
- Freedom of Disclosure — I should be able to decide which identity information (or subset of information) I give to others.
- Freedom of Consent — I should be able to decide how and when my identity information can be used, including the ability to fully revoke its use, if need be.
- Freedom from Control — I should have full agency over the decisions relating to the above in the identity system I choose to use.
Many of these freedoms will get a major boost when GDPR enforcement begins. And on the flipside of the coin, many businesses need to make major changes to ensure they respect these freedoms.
In one of the conference conversations, attendees estimated 75 percent of the ways most companies use personal data will be illegal after GDPR goes into effect. As a result, they called 2018 “the year of the big data flush” since so many companies will need to rework their customer data systems.
3. Working on the Future of Digital Identities
A hallmark of the IIW is discussion on the future of digital identities. At this event, attendees worked on the concept of “functional identity” as a helpful foundation for studying and improving the identity field.
This approach focuses on “how” internet identities work and attempts to strip away the sometimes passionate political, philosophical or cultural aspects of “why” they work the way they do.
According to the Functional Identity Primer, the goal of this approach is to help make the internet a more valuable, trusted part of human life. “With a better understanding of how identity functions, we will be able to build systems that enhance privacy and human dignity, while improving identity assurance and security,” the primer says.
In this era of massive personal data security breaches, I found it heartening to participate with talented engineers and system designers to solve problems proactively, rather than get side-tracked by why they happened.
Additional Food for Thought
If you want to hear more perspectives on the past, present and future of digital identities, listen to our webinar with Doc Searls. In this conversation, we dive deep into GDPR and how it will impact marketers around the globe.
Also, you can learn what’s going on in the customer identity marketplace – and why Gigya leads its competitors both in current offerings and future strategy – by downloading this Forrester Wave report.
By Oren Evron