Moving your online identity
I have recently moved house. Updating my online identity has been a tedious and time consuming task. A change in approach to managing online identity is desperately required.
I have moved!
I was warned that moving house is one of the most stressful things that you can do. I'm not a highly strung individual but moving has been a big chore and one that I will not be sad to see the back of. The most time consuming activities has been updating various accounts with my new details. This includes utilities providers, online stores, banks and even gym membership. Some providers have the ability to update this information online while others do not. One or two even required a signed letter to accept the change of address. Here's the current model:
I'd estimate I've had to update my details with between 60-80 different accounts.
The data gold rush
Personal data is a valuable commodity on the web. Many sites have a registration system to capture user information that can be used for marketing or business purposes. I have no issue with this. But each site creates a separate instance of your personal identity. This makes maintenance of your personal information a nightmare. Furthermore the security of your personal information becomes less secure simply by the fact that it exists in multiple locations and you are trusting the site to guard your information. This is a less than ideal solution.
A growing problem
This is not a problem that is going to go away. More and more services are being dematerialised and moving online. What unites this trend is that user credentials are required to access information or media. That user information will also need managed. The current model is inefficient and cannot continue.
The model we need
A shift in the model of managing online identity is required. We need to move to something like this.
This allows users to update their information with one central provider and for all other accounts to be updated from that account.
In many ways it is not that different from how credit cards work. I don't have a separate account with each vendor I buy something from. My credit card details are held centrally and my credentials are checked each time I purchase something. I am not going to get into minutiae here but it would seem that we already have an infrastructure for what we need. The credit card model works on a fee being charged to the vendor. I could see the same framework working for personal identity.
Has anything been done?
Yes it has. Simon Willison has worked tirelessly to raise awareness and usage of OpenID. You can read about OpenID here. It is a great start and you should start using it where you can.
Who can solve this?
This is not an overnight job. If we step back a moment and think of who has the scale and experience to provide a solution it must be Banking Institutions. They have the experience of managing and securing sensitive, dematerialised information. They allow multiple third parties to verify user information. They provide a sustainable model for the economics of creating an online system.
It seems odd to me that this situation exists. I just hope by the next time I move things have improved.