Identity – how can you prove you are you?
Identity is an interesting subject. How can you prove you are you?
This is something that was a compulsive topic in the late 90’s but died down after the assumed solution of PKI was understood as too hard to implement.
Recently a colleague re-opened the topic. It was noted that Dave Birch has been on about identity recently too through his exploration of how Government mandated free provision of API services to be delivered by UK banks resulted in alternative business model thinking.
Dave has some interesting ideas particularly in the area of “attribute verification” whereby Banks could provide positive attribution to third parties on customers identity, creditability, positive bank account experience etc.
I took some time to reflect on what the Canadian Government have been saying. It is hard to keep up because the pace is so slow, but in 2009 they produced
Since that time the activities of SecureKey have dominated the discussion although they have largely moved south in their predominant efforts as witnessed by their home page featuring the US Congress building.
The focus in Canada has been on the limited space of identity in respect to Government of Canada and Provincial services.
This is very clear from this GoC page on Cyber Authentication.
All this to say that the UK government is particularly pro-active in this area with pressure on the banks, and the Canadian government is not. Directionally this probably arose from the particularly weak position that the UK Banks were in post 2007 vs the strong position that Canadian Banks found themselves at that time and despite the underlying risk merely being shifted off balance sheet.
Identity management services as a business model in Canada is up for grabs it would appear.