Operations // Identity & Access Management
09:06 AM
Mark Bregman
Mark Bregman

Can We Control Our Digital Identities?

The web and cloud need an identity layer for people to give us more control over our sprawling digital identities.

There was a time when you were identified by two pieces of information: your phone number and your address. But with the rise of social apps, mobile, and big data, your identity -- now your digital identity -- is far more complex.

Your digital identity encompasses a staggering amount of information. Every credit card transaction, uploaded photo, shared social post, social login, sent email, and site cookie shapes our digital identity. It's all out there somewhere in the cloud.

Much of this gets linked and correlated (often through social logins or other identifiers such as phone numbers and email addresses), and the aggregate effectively represents you online -- that's your digital identity -- and gives you wonderfully personalized services and precisely targeted ads. But you don't own your digital identity -- or at least you don't manage or control it.

[In the next five years, expect vendors to roll out digital-self services. Read How Will You Manage Your Digital Self?]

As our digital identity becomes more useful and more accurate, there are both concerns and excitement about the new value it creates. The British research firm Quocirca published a report last year detailing BYOID, or Bring Your Own Identity, discussing how employers are using social and third-party SaaS logins to replace or augment enterprise identity, and how identity brokers -- meaning companies that establish the holistic view of the customer through insights and analytics -- add degrees of verification through social graphs and digital information.

In other words, who you are is increasingly cross-linked across multiple domains, in multiple dimensions, and even across your real-life persona.

Closer to home, the National Strategy for Trusted Identities in Cyberspace (NSTIC) calls for what it dubbed the Identity Ecosystem, a digital environment built on clearly defined guidelines for the use/access of personal data by individuals and corporations. The Identity Ecosystem will be defined as a success so long as it is enhances privacy and is voluntary, secure, resilient, interoperable, cost-effective, and easy to use.

That's all well and good, but what does that mean for consumers and organizations?

First, though no service provider is yet able to have a holistic view of your digital identity, the potential for the linkages are technically there, and that is the overall direction we are headed -- like it or not.

Second, it means that individuals need more control over their digital identities. The NSTIC may spark some paradigms for this. And the online industry, as well as regulators, are debating the right ways to ensure security, privacy, and personal data control. At the same time, they are allowing the personalization of online services and the economy that drives the availability of those services, which to a great extent is fueled by the very data that makes up our digital identity.

But none of this addresses the core question of ownership and control of one's digital identity. And, really, it can't. Our digital identities are not something integral that reside in one place. Rather, they are spread across our online data and identifiers, and most of that belongs to the services we use.

It's possible that the web and the cloud need a new layer -- an identity layer for people and organizations -- similar to the identity layer for web sites (DNS) that built the web as we know it. Today, we don't have an analogous service that allows us to discover people and organizations (or things, for that matter). We can do this within a social app or a proprietary web app, but we can't do this across the whole web.

Such a layer would help us get control over our digital identities. For example, it would allow us to link and share our various cloud identities (such as social identities, SaaS logins, and other identifiers such as phone numbers) and data. Through federation and other delegation, we can assert control over our identities and data via a graph. Those familiar with gateways, DNS, and RDF graphs will see how these concepts can be joined together, so that a discoverable identity could act as an authorization manager for all of the cloud-based assets related to our identity.

As our lives move online and our digital identities achieve a kind of power they never had before, we need to own our digital identities. The best way to achieve this is through a web infrastructure that rides above the applications we consume on the web. We will finally have durable digital identities, and because we control access to our personal clouds via these identities, we'll be able to control our own privacy threshold.

Interop Las Vegas, March 31 to April 4, brings together thousands of technology professionals to discover the most current and cutting-edge technology innovations and strategies to drive their organizations' success, including BYOD security, the latest cloud and virtualization technologies, SDN, the Internet of things, and more. Attend educational sessions in eight tracks and visit an Expo Floor more than 350 top vendors. Register with Discount Code MPIWK for $200 off Total Access and Conference Passes. Early Bird Rates end Feb. 21. Find out more about Interop and register now.

Dr. Bregman is responsible for Neustar's product technology strategy and product development efforts. Prior to joining Neustar in 2011, he was Executive Vice President and Chief Technology Officer of Symantec since 2006, where he developed the company's technology strategy ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
David F. Carr
David F. Carr,
User Rank: Strategist
3/12/2014 | 5:51:02 PM
Re: Can we own our own identities?
Love the comparison with banks.
Eddie Mayan
Eddie Mayan,
User Rank: Apprentice
3/12/2014 | 6:54:54 AM
Re: Can we own our own identities?
Madhava verma dantuluri
Madhava verma dantuluri,
User Rank: Apprentice
3/11/2014 | 11:21:27 PM
Very good article and spot on. Very true that our digital identiry dimensions changed a lot.
Charlie Babcock
Charlie Babcock,
User Rank: Moderator
3/11/2014 | 5:48:36 PM
Can we own our own identities?
That's a great, forward looking way to think about digital identies and a way for each of us to own them, Mark. Thanks for posting these thoughts. Ownership of identies is now shared. Facebook, Google, Microsoft, Yahoo all think they own a piece of our identity because we conduct interactions and transactions there. By that standard, the banks would own most of our retirement funds. There must be a better way, and you're pointing toward it.
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio