Ever since Adam Smith we generally understand the benefits of division of labor (and higher level of specialization). We now have our professions as a narrowly defined specialties, – so small and often irrelevant to what we directly consume. Remember there was a time when a poor fellow human being was himself producing nearly everything he was consuming. Now is obviously different, – i am consuming literally nothing from what i am producing. I am producing something that even my village is not interested in buying from me. Much later we have discovered a similar benefit of high degree of specialization in software architecture and came up with SOA (service-oriented architecture). Works same way as a division of labor and helps immensely for these who understand. Now…. we are discovering (to our amazement!) the multifacetedness and dynamism of our own identities. Me as a father, me as a patient, me as blogger, me as a bar goer (very reputable chap there!), me as a LinkedIn member, me as a card holder .. me-me-me-me-….- me, again. And how my Driving License depicts it all? I am not answering it. As well as I am not going into counterfeiting and security aspects of my Driving License plastic thingy.
Instead, lets think of this – should not my IDs specialize (rather highly) in divulging a ‘right’ information about me. Hey! Call my own ‘bar API’ and (instead of whats on a counterfeit-able DL: my name, address, hight, weigh as of 4 years ago, color of my hear (another joke), my DL number, other info and date of birth) get strictly my age with the response. Or rather an approval from trusted ID manager to let me enter the drinking palace.
Why do I fill out same info on so many application forms… if all I should do is click on ‘identity’ button on the web application form of entity X (identity requestor) and my trusted ID manager will (after authenticating a request) share right information about me? It is like e-Commerce transaction. I submit a token (my PAN + zip, CVV..) and a trusted manager (issuing bank) will share something that belongs to me – my money – with a requestor (a merchant). Why can not I do the same to share my identity over SSL? In many cases if an application form is required singularly to comply with KYC/AML a trusted ID manager can respond with an ‘approval’ of some agreed type that will satisfy KYC obligations of a caller. If a caller requires some other level of information about me – say my address to ship goods or my email to communicate with me, then the initial ‘authorization’ will follow with clearing and settlement of an approved information to a requestor. Like credit card processing. ‘Just’ replace messaging from money movement to identity divulging.. And then comes Apple with its SE solution and Google with its HCE. Identity – any requested and approved level – over NFC, BLE… Via card rails or bitcoin protocol. Here is your online and offline passporting. No, – this world will repeat itself in a spiral!
No, really. Why can not I share with an entity X my certain cryptographic certificate issued by trusted CA to satisfy this entity ID requirement(s), like age for a bar or KYC for a mobile service contract?
Anyway – identity pointers are many and what they are pointing at is dynamic. My reputation is changing with every line of this blog. The task of capturing the dynamic essence of me (e2e reputation, including credit worthiness), issuing and sharing right ID pointers (tokens) with multiple requesting entities in a way that preserves my privacy but fully and legally describes me according to a situation is a task of a new age passporting that suits the public interest and fits our tech capabilities.
This irresistible move to a higher degree of specialization! I will have one day multiple IDs (pointers to my indescribable essence) that represent specific facets of my being and divulge them to others in accordance with their request and my consent. And here we are talking about ID wallet. IDPal? Mh.