Talk:Identity
From MashupCamp
This is an interesting topic that undoubtedly will require larger more ingenious minds than mine to address. In thinking about it, it occured to me that we might need to begin to think of the technology problem in terms of broader social/cultural constructs. Web users, either from benign neglect for the value of their own personal identity, or because they willingly accept the risk of "large numbers" seem willing to forego control of their identity when using web services. While they would never consider leaving their wallets lay on an unattended table in a crowded room, yet they seem almost incredulous when they discover the extent to which snippits of identity are integrated across the web to support marketing campaigns or worse. Have we abdicated responsibility for our own protection to the technorati?.
From a mashup perspective we seem to be rapidly moving past the "lite" flavors of personal data security that may or may not have existed in first generaton eyecandy mashups. At issue for the succes of second generation mashups is to protect the proprietary and business sensitive data of the enterprise as mashers integrate enterprise services with web services. In that regards do we need to look at the notion of identity in different terms - less technical and possibly based more on the notion of a multiple personality metaphor in which biologically the entity has one identity but poses different personas depending on the environment or situation?
In the session we only surfaced the notions of multi and parallel dimensions of identity. It seems clear there is much good work to be done in understanding how these different dimensions of identity will be created and maintained to effectively and securely support web service interactions and user relationships with others' web personas. Effectively the web services must have the ability to manage the many to many relationships caused by the proliferation of personas in order to provide a secure useable individual identity that persists across multiple personas (the multiple personality metaphor). Assuming such an environment, what would be the requirements or best means to: 1. effectively cross vector an indentity's multiple personas and provide conformed content and time currency for personal, business and anonymous relationships within the context of those relationships; and/or, 2. establish trust across fragmented extensions of identity from one site/application to another - (e.g. how do you secure identity within a federated system or even across federated systems)?
Since time is always a limiting factor, the session had only a superficial discussion of business drivers. It seemed clear there is a need to better understand what business drivers will allow/force us to move from autopopulation to data availability (i.e. get the data when I need it as opposed to aggregating the data for later reference). While I'm confident I'm not the first to recognize that the concept of data availability would certainly appear to have utility in terms of limiting risk exposure and liability management, there does not yet appear to be a compelling force that is moving web services in that direction.
As I said it was a thought provoking topic - and based on the discussion I was left to ask myself more questions far in excess of my ability to provide answers. e.g How do we impart limitations on trust within the framework of a largely anonymous service environment? It would seem we need to do this beyond merely time dimensions. There are less delimited dimensions (e.g. degrees of separation) that exist concurrent with extensions of identity across relationships by an individual's persona(s) as it/they interact with those relationships. If true, will this entail some type of selected/elected services authentication to address an individual's need for persona creation (e.g. currently we may just establish multiple fake accounts)?
