Personal Digital Transformation and Holistic Digital Identity Kim

Personal Digital Transformation and Holistic Digital Identity Kim Cameron kim@identityblog. com

By way of introduction… https: //www. identityblog. com/stories/2005/05/13/The. Laws. Of. Identity. pdf

What I’m trying to do • Help turn the Internet “Right Side Up” • Fix Internet Identity so it serves individuals just as well as it serves enterprises • Help today’s identity innovators learn from and win over the world of identity professionals

Time to change the Big Picture

What have we actually achieved as identity professionals?

Satisfied the top requirements of enterprises in their digital transformation Streamlined and professionalized the technology for distinguishing between users Transitioned the world from raw authentication to exchanges of claims Enabled a reliable identity dial tone and interoperability between diverse systems Increased the security of the internet

And how have we failed?

We have failed to recognize that the digital transformation of enterprises inevitably causes digital transformation of individuals as well. We haven’t recognized and responded to the new needs this creates in people Personal Digital Transformation (PDT) • The need to cope with scale when using an ever-increasing number of digital services • The need to cope with intensity – using devices to do more and from morning to night • The need to use multiple devices adapted to different surroundings and tasks • The growing need for protection from profiling and loss of privacy • The need for technological longevity • Changing and upgrading devices over time • Changing service providers as they wane and ebb • Accommodating aging, memory loss, and the problems of digital inheritance

Why have we failed to perceive and respond? • In PDT changes in quantity become a change in quality very gradually • People slowly develop digital life relationships with more and more entities (scale) • They gradually do more digitally with each of them (intensity) • They progressively need more devices to remain digital in different circumstances (devices) • They barely perceive tracking and profiling until one day it hits them in the face • PDT has made digital identification the gate controlling entry to digital life, But people only perceive the gate when one day it begins to close on them (longevity) • There has been no emergency - and we have been busy. Gradualness desensitized us. We have been oblivious to the impending disjuncture.

Yet PDT’s gradual changes will eventually make current systems unsustainable • Todayr oganizations do not understand the coming social disjuncture implicit in Personal Digital Transformation. • Only those of us with expertise in identity have the ability to perceive the underlying dynamics, sound the warning bell and adjust course • Only we can take leadership - recognizing and addressing the emergent realities The dynamics here a superset of those we have experienced around privacy and security, where enterprise failure to sufficiently protect users created ongoing social and technical upheaval and costs

PDT requires us to transpose human identity, evolved in the physical world, into the digital realm • In the physical world, people have been expertly handling human identity for millenia. • But there has been no attempt to replicate those abilities in the digital world • Instead, the creators of digital services – enterprises and governments – have scoped their efforts to creating authentication systems solving their own immediate problems: controlling access to their digital and physical resources. • Such systems are the most primitive systems of digital identification: • An enterprise associates a person with a secret and then uses that person’s knowledge of the secret to grant them access to resources or associate them with various claims. • Such systems cause – rather than solve – the problems which the Personal Digital Transformation brings to the forefront. Warning: The short-term pragmatic approach of the past has exceeded its shelf-life

Transposing from physical to digital realms Same process – multiple areas of application Understand the phenomenon • Science • Analysis • Experience Deep Understanding of phenomenon Innovate • Technology for transposition Innovation Holistic digital equivalent • Same human experience but in digital realm Transposition Holistic digital equivalent

Transposing from physical to digital realms Digital Audio – sound enters the digital realm 0, 4, 9, 7, 5, … -9, -8, -2. 0 Deep Understanding of sound as waves Innovation: Sampling waves 0010110100111001 01011100101 010001011101011010 1101101. . Transposition Holistic digital equivalent

Transposing from physical to digital realms Digital banking – banking enters the digital realm Deep Understanding of phenomenon Innovation Transposition Holistic digital equivalent

Transposing from physical to digital realms Digital identity – human identity enters the digital realm ? ? ? Deep Understanding of phenomenon Innovation Transposition Holistic digital equivalent

Deeply understanding what human identity is… • I have been unable to find equivalent scientists or psychologists or analysts who have a crisp understanding of human identity (as opposed to identification) in the physical world. • But when we talk about concepts that have arisen in the physical world, let’s use the actual meanings of words rather than simply making them up to be whatever we want them to be. . • There are tools that can help us. To cite Wikipedia, • The Oxford English Dictionary (OED) is the principal historical dictionary of the English language, published by Oxford University Press. It traces the historical development of the English language, providing a comprehensive resource to scholars and academic researchers, as well as describing usage in its many variations throughout the world. The second edition, comprising 21, 728 pages in 20 volumes, was published in 1989.

Example: part of OED’s definition of “Identity” • • The sameness of a person or thing at all times or in all circumstances; the condition of being a single individual; the fact that a person or thing is itself and not something else; individuality, personality. Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others; a set of characteristics or a description that distinguishes a person or thing from others.

I distill this into “Selfness” and “Whoness” 1 Selfness Whoness • The sameness of a person or thing at all times or in all circumstances • The condition of being a single individual • The fact that a person or thing is itself and not something else • Individuality, personality. • Who or what a person or thing is • A distinct impression of a single person or thing presented to or perceived by others • A set of characteristics or a description that distinguishes a person or thing from others. 1. These words date from 1574 and 1611

Selfness All are known to the self The aggregate of ALL the attributes and experiences of a person throughout their life Whonesses Others Context Holistic and complete

Privacy Selfness Whonesses Specific attributes or experiences Friends from school Colleagues at work Aggregate of attributes and experiences over time Online store Social network Government

How do these concepts map to current digital identity technology?

“Digital identification” has given us basic whoness Privacy Selfness Whonesses School Work Aggregate Store Network Government

But PDT requires both new construction and a major renovation Selfness Aggregate New construction Privacy Whonesses Must be made compatibility with Selfness Major renovation MVP for PDT

Basically, the Self needs its own technology • A service and associated application(s) enabling the Self to • Remember and manage its relationships with an everincreasing number of digital services (handle the scale of Personal Digital Transformation) • Be recognized by (and recognize) digital services – and other people – without needing to take any action or be aware of how recognition works (handle increased intensity without fatigue) • Move between devices from any manufacturer – and use new devices – without perceiving any change in how the Self’s technology manifests itself • Protect its privacy by ensuring its whonesses don’t contain clues allowing observers to assemble them into a facsimile of the self (a profile) • Use the service to fill in its memory rather than being barred from the digital world when its memory weakens • Put all that it knows at the service of its heirs should it cease living.

Digital whoness must evolve to embrace selfness • Current digital whoness is a set of claims issued by an observer • characteristics that distinguishes a person or thing from others • But it conflates its claims with the mechanism for recognition • The observer assigns identifiers, secrets and keys that people must learn and use rather than recognizing them from what they emanate • This creates the problems of scale and intensity • The new technology for the Self allows it to create the identifiers and keys through which it is recognized • The claims that constitute whoness can be then be provided to the Self for presentation – solving the problems of privacy (e. g. verified credentials)

Precursors of Holistic Digital Identity - Whoness Characteristics All of Whoness Recognition and Distinct Impression OIDC Aggregated and Distributed Claims and Verified Credentials DIDs, Open. ID SIOP and Hub-compatible FIDO 2

Precursors of Holistic Digital Identity - Selfness Apps Authenticators Wallets Selfness Service DIF Hub and Hyperledger Aries Agents

1. 2. My conclusions 3. 4. A bullet train is headed straight for us in the form of PDT – we need to see it coming and get out of its way by evolving to Holistic Digital Identity OIDC – the most promising deployed identification technology – should be triaged to determine how it can fit into Holistic Digital Identity SSI/DID, OIDC, SIOP, and FIDO should be rethought so they fit together to solve the problems of PDT – or they will just make things worse, wasting everyone’s time and money Keep focused on the big questions raised by PDT and how existing infrastructure can be incrementally transformed to the new world

There is much detailed thought needed. I would love to be part of that conversation kim@identityblog. com