User-centric identity is not a new concept. I met people that have been in this space for over 10 years, and certainly in the last 5 years there has been a lot of activity in this space, especially around developing new standards for identity. But all this time digital identity remained in the domain of a small community of specialists and evangelists.
But in the last year a few major developments took place, and in my view it represent a shift to the mainstream. First, the internet community started consolidating around a small number of standards that will enable interoperability – companies such as Google, Microsoft, Yahoo, Paypal and Verizon put their weight behind the core standards of the future identity ecosystem, and at the end of 2011 came up with “Open ID connect“, the standard that will hopefully make it all much easier.
And this activity is not limited to standards. Most of us already use the most successful identity provider so far – facebook. With “facebook connect”, you can now login to thousands of websites. Google, in the meantime, consolidated their users’ identity across all their (and others’) services, in a way that enables new uses of our personal data. Paypal, at the end of last year, launched the first identity service aimed at E-commerce services, “PayPal Access“.
Second, governments understood that the issue of trust in online identities is crucial, for both public service as well as the market in general. Therefore, the US government published the “National Strategy for Trusted Identities in Cyberspace“, and the UK put into motion its own “ID Assurance” program. Their objective is to create a market of identity providers that will cater for both government digital services as well as the private sector. In concurrence with this, the World Economic Forum started a working group titled “Rethinking Personal Data” that put identity at the heart of a huge new market for personal data, controlled by the consumer.
What about telecom operators? although many regard them as natural players in the identity game, they are quite behind at the moment, with a few exceptions. In the US, Verizon and AT&T are involved in the industry and launched initial services – Verizon for the healthcare sector (UID service) and AT&T for consumers, focusing on personal cloud services. In Europe, several operators launched in 2011 mobile identity services, mostly focused on mobilizing the national identity card and offering a verified, secure authentication via the mobile device. Such services were launched in Finland by all operators (see example from Elisa) and by Swisscom in Switzerland, joining to earlier services launched by operators in Turkey and the Baltics.
In the background for all this activity are the long-term trends that are dictating better identity – more online commerce, more digital services, switch to smartphones and tablets and more and more usage of personal data to provide better experience and better targeting. All those trends, along with mounting fraud and security risks (Sony…) are pushing the old service-centric, multiple usernames and passwords system to its end of life – our digital future needs a better solution, and it is starting to take form.