Holy grail or another false start for identity
Something that is holding up ecommerce and development of serious commercial actiivty online is the matter of identity. There are many proposed solutions but the fact remains that they are disparate and all fail in the sense that you cannot have one identity online and choose which parts to share with those sites you visit.
So at first glance this identity exchange proposed by Paypal, Google and Equifax has merit. the involvement of Equifax is key because they are a repository of personal information which is known in total only to the person.
Finextra verdict It’s what the world’s been waiting for. The creation of a workable federated identity standard will provide a major boost to the digital economy. But let’s not get too excited. Don’t forget, we’ve all been here before.
I share Finextra’s skepticism. The basis of the identity sharing is OIX [OpenID Foundation (OIDF) and Information Card Foundation (ICF)]. OIX was announced today at the RSA conference by Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton. There is a website at http://openidentityexchange.org/
OIX has been accepted by the US government for access to personal records. This is a step. When we look at the model and the participants, though the first question I have is ‘who are the identity providers. Equifax, Google and Paypal each know something about people, but do each know enough to identify people? I have a Google identity but they have never met me, and cannot associate what they know about me sufficiently to entrust private government records to that identity.
Equifax know a completely different set of data about me. Is that enough in and of itself?
The White Paper recognises the issue and lays out a framework, summarised here as ‘assessor qualifications’.
Assessor qualifications — the professional credentials, experience, and other requirements assessors must fulfill perform certifications
All in all a good framework but the devil will be in the details.