I was warned that moving house is one of the most stressful things that you can do. I’m not a highly strung individual but moving has been a big chore and one that I will not be sad to see the back of. The most time consuming activities has been updating various accounts with my new details. This includes utilities providers, online stores, banks and even gym membership. Some providers have the ability to update this information online while others do not. One or two even required a signed letter to accept the change of address. Here’s the current model:
I’d estimate I’ve had to update my details with between 60-80 different accounts.
Personal data is a valuable commodity on the web. Many sites have a registration system to capture user information that can be used for marketing or business purposes. I have no issue with this. But each site creates a separate instance of your personal identity. This makes maintenance of your personal information a nightmare. Furthermore the security of your personal information becomes less secure simply by the fact that it exists in multiple locations and you are trusting the site to guard your information. This is a less than ideal solution.
This is not a problem that is going to go away. More and more services are being dematerialised and moving online. What unites this trend is that user credentials are required to access information or media. That user information will also need managed. The current model is inefficient and cannot continue.
A shift in the model of managing online identity is required. We need to move to something like this.
This allows users to update their information with one central provider and for all other accounts to be updated from that account.
In many ways it is not that different from how credit cards work. I don’t have a separate account with each vendor I buy something from. My credit card details are held centrally and my credentials are checked each time I purchase something. I am not going to get into minutiae here but it would seem that we already have an infrastructure for what we need. The credit card model works on a fee being charged to the vendor. I could see the same framework working for personal identity.
Yes it has. Simon Willison has worked tirelessly to raise awareness and usage of OpenID. You can read about OpenID here. It is a great start and you should start using it where you can.
This is not an overnight job. If we step back a moment and think of who has the scale and experience to provide a solution it must be Banking Institutions. They have the experience of managing and securing sensitive, dematerialised information. They allow multiple third parties to verify user information. They provide a sustainable model for the economics of creating an online system.
It seems odd to me that this situation exists. I just hope by the next time I move things have improved.
Have an update or suggestion for this article? You can edit it here and send me a pull request.
Using HashiCorp Vault with LDAP
How to use HashiCorp Vault to setup an LDAP backed secret store with read-only access for users in groups and read-write access for specific users
Linux and Unix xargs command tutorial with examples
Tutorial on using xargs, a UNIX and Linux command for building and executing command lines from standard input. Examples of cutting by character, byte position, cutting based on delimiter and how to modify the output delimiter.
Copy a file in Go
How to copy a file in Go. The ioutil package does not offer a shorthand way of copying a file. Instead the os package should be used.