There are many situations, just like the above, across many sectors, where being able to share identity data to perform a job could be done in a quicker, more efficient, and ultimately cheaper way, if we have the right digital methods in place.
The mutual benefit of the personal identity data store
Regulation like the GDPR is attempting to make the portability of all this identity data allowable but under user control and consent. Companies like Gigya are offering advice for building Privacy by Design into identity platforms, as this is a crucial area of control.
Control and privacy are a fundamental aspect of sharing identity data. Using an identity provider (IDP) to control access to web resources, doesn’t really address the portability and accessibility of data. This is where using an ‘identity data store’ comes in.
Identity data needs a home. I have myriad accounts, some containing verified data, that I can’t access in a usable manner to send my child the deposit for a house. It is siloed. If identity data, instead, has a centralized home, identity data can be used, reused, updated, verified, shared, and made to work for its living.
The GDPR and wannabes like the UK’s Online Privacy Protection Act 2016, place the data subject, squarely in the middle of the data sharing process. This actually makes sense. This was always the hope of Kim Cameron when he developed the ‘Laws of Identity’ - user control and consent being the first law. Identity provisioning services, such as IDPs don’t usually do this, they tend to just assert identity, along with some basic attributes. IDPs have a place in the ecosystem, but their job is constrained.
Let’s go back to that mortgage deposit use case. Imagine this, if instead of having to traipse to a post office 10 miles away, the mother was able to go online and in a few clicks share with the law firm, all of her identification and financial requirements, digitally signed, consented to, and encrypted. That is identity data, being used proactively, between consenting parties to make life easier - isn’t that what technology is all about?
Changes like the Open Banking Initiative are opening up the capabilities of customer data stores. Others such as digital healthcare open up further use cases. The pivot upon which all of this swings, is that the data store must be based on a verifiable identity. Without that as the mainstay of the system, the rest of the data is meaningless.
Sharing identity data should be under the control of the user, but it is also, often, a two-way process. Just like in real life, sharing information is usually done on a ‘you scratch my back, and I’ll scratch yours’ basis. Giving both the user and the service, tools to communicate using verified data, is the real definition of identity online.
Sign up for CIO Asia eNewsletters.