Information and Identity Governance – Identity Ecosystems

Much debate on the need for new and/or rationalised electronic identities ignores lessons from the wealth of identity products and services (from seals, thumb prints and letters of introduction through cable authentication to credit cards and passports) that have grown over several millennia of national and international trade between persons who have never met.


Questions to consider...

  • 16. What is the scale and nature of the markets?
  • 17. Who is willing to pay how much and for what?
  • 18. How do the various components fit together in competing systems or “ecosystems” (because most involve interoperability and sharing across different products and services)?
  • 19. What are the components of identity ecosystems (from the types of participant, their identification, registration and linkage to participants through processes for authentication and authorisation to routines for revocation)?
  • 20. What are the “cost to trust” ratios of the components already in common use (e.g. processes for identification and registration from scriveners and positive vetting through notaries and credit reference agencies to self-assertion and transaction track record)?
  • a. How are they combined in current identity ecosystems and what are consequent strengths, weaknesses and overall ratios of cost (of operation and of insurance to underwrite liabilities accepted, if any) to trust (including risk of loss)
  • 21. What are the benefits and limitations of Proprietary vs National, vs Global solutions? Who would have the remit and authority to build a global or national solution and should one be built by national interest or market forces and trust?
  • 22. What are the key principles for “building” identity ecosystems?
  • a. What are the barriers and solutions for adoption outside of a silo (i.e. closed end points) ecosystem?
  • 23. What threats exist to Identity Ecosystems from criminal, civil disobedience or terrorist groups, including those not yet known for engaging in cyber attacks?
  • 24. Correlation and linking (corroboration) of identity attributes from different sources can result in disclosure of more information than a subject intends. Aggregation and association of attributes can lead to inference and deduction. Some schemes (such as the Austrian Identity Card scheme) provide techniques to make it difficult to link such information. How effective are such techniques in practice?
  • 25. Should there be legal measures to control such linking, or are market forces and technological measures adequate?