I have control

Can we truly own our identity?

Digital identity is a complex subject; as with most digital transformations, taking a process that exists in an analogue world and digitising it for use online doesn’t create a great solution.  A number of models for digital identity exist, and are often spoken about in terms such as centralised, federated, distributed, user-centric, self-sovereign.  There are countless papers by the great and the good of the identity world that talk about the merits and flaws of the varying models.  There’s a school of thought that centralised is bad and self-sovereign is the panacea for digital identity – though often these ideas focus too much on the model and less about the use.  And the arguments are often mired in digitisation of analogue.

Self-sovereign digital identity is a model which:
  • Places the individual in absolute control of the digital representation of themselves 
  • Is based upon the kernel of self that exists in the real world
  • Assures the individual of access to all the data regarding them and provides transparency of how data flows
  • Persists for as long or as short as the individual decides
  • Assures portability and interoperability
  • Functions on explicit user consent
  • Operates sharing based on principles of data minimisation

These are all traits which it is hard to argue shouldn’t be the foundation of any digital identity model – never one to shy away from an argument, here goes:

Places the individual in absolute control of the digital representation of themselves 
Until such time as we plug in to the matrix, a digital identity and the flesh and bone which it represents cannot be linked with absolute certainty.   When the link between the two is, or is reasonably believed to be broken, control of the digital identity must be revoked (either permanently or temporarily).  This introduces a higher power of control over the individual’s identity.

Is based upon the kernel of self that exists in the real world
Identity in the real world is also complicated.  In the real world, our identities are often assigned by central authorities such as governments; or they’re guaranteed by 3rdparties such as our parents; or they’re accepted based upon assigned attributes such as name, address and date of birth; or they’re based upon our DNA.  And more often than not, they’re a combination of all of these.  If our digital identity is based upon our real-world identity it cannot be self-sovereign.

Assures the individual of access to all the data regarding them and provides transparency of how data flows
We should always strive towards openness and honesty.  Yet there are circumstances where we need to keep data hidden and circumstances where its beneficial for the user to do so.  As an example, the organisation who will rely on digital identity are often required to check for fraud and criminality against our identity.  This isn’t information that we should give to the user, yet it is often closely tied to their identity.  So commercially and practically it needs to flow with the identity assertion.  When we give information to an individual, we also have a duty of care not just when that data isn’t correct, yet also when that information risks disenfranchising the individual.  Credit scores used to be information passed from Agency to Supplier about the individual without their involvement.  This changed, and in the last 20 years, they have gone from information that we know, to information that we can actually manage.  Yet for many people, a poor credit score creates exclusion – which leads to disenfranchisement.  If digital identity is to be inclusive, the data that we give back to the individual needs to have the duty of care built in.  We should work towards openness, we shouldn’t dive straight into it without understanding the consequences.

Persists for as long or as short as the individual decides
For some nations, having a government issued identity card is mandatory, for others it is optional or simply doesn’t exist.  Rather than eulogising on which is right, digital identity needs to recognise all models do and will exist, and look to provide a digital identity model which supports mandatory and optional membership of government registers.  Similarly, fraud systems need to persist identity elements to protect from bad actors.  We can offer choice in how long our digital identity as a “thing” persists, on the data that makes it up we can’t.

Assures portability and interoperability
Data portability is a convenience factor that shouldn’t be wilfully restricted.  Identity portability is where the value and complexity lies.  In order to drive the market, the work done in proofing the identity and attribute claims can’t simply be ported from one party to another.  To do so risks separation of effort and reward, which disincentives the commercial efforts required to develop and maintain a functioning marketplace.

Interoperability can only be assured with mutual trust.  Mutual recognition is reliant on the creation and adoption of interoperable standards.  Interoperability of systems should only be required once interoperability of standards is achieved.  We shouldn’t expect that everything interoperates with everything else unless everything is equal.

Functions on explicit user consent
The notion that an individual can explicitly permission what data is shared by whom and with whom is reliant on goodwill that doesn’t exist.  If we are given the choice to share only positive information and withhold anything negative, this is going to be a common choice.  This will restrict the ability for the receiving organisation to rely on the data.  Hobson’s choice (take what’s on offer or nothing at all) isn’t explicit consent for data sharing either.  We should be far more honest with how we define consent, so that a user understands when we need broad consent to search for good and bad information about their identity and when we’re seeking explicit consent to only share attribute X from organisation Y with organisation Z.

Operates sharing based on principles of data minimisation
Users shouldn’t need to understand the principles of data minimisation.  In a self-sovereign model, where they’re free to share their own data as they choose with whomever they choose, they need to understand who they’re sharing their data with and whether they’re only asking for the data they actually need.  In other models, such decisions are made on behalf of the user based upon their own rules -  for example, the Passport Office can permission that “X holds a valid passport” and “X is a Citizen of country Y” to be shared with anyone that the individual wishes; and that “X has passport number 12345678” only with parties which it trusts – which takes away both the control and the responsibility from the individual. 


Self-sovereign identity is a utopia that may never exist based on principles that may be better achieved through other means.  We should focus more on the things that a user needs from a digital identity and worry less about the model that we use to achieve them.  In designing digital identity, if we do so based on principles the user will value, and deliver them in a way which they will engage, we have the opportunity to revolutionise identity for the digital age.  Can we truly own our identity?  Does it matter providing we can assert our identity when we need to, to get things done?

Read my other posts
Tipping the balance - Getting the right balance between security and user experience
You don't know what you're doing Poor security practices are putting users at risk 
I didn't say you could touch me - Biometric authentication and identity
You don't need to tell me - Impacts of the EU General Data Protection Regulations
Coming together on being alone - The need for a clear government digital strategy
I'm not the person I used to be - Authentication for real world identities
Distributed Identity has no clothes - Will distributed ledger technology solve identity
Bring Your Own Downfall - Why we should embrace federated identity
Unblocking Digital Identity - Identity on the Blockchain as the next big thing
Tick to Agree - Doing the right thing with customer's data
The Kids Are All Right - Convenient authentication: the minimum standard for the younger generation
The ridiculous mouse - Why identity assurance must be a rewarding experience for users
Big Brother's Protection - How Big Brother can protect our privacy
I don't know who I am anymore - How to prove your identity online
Three Little Words - What it means for your business to be agile
Defining the Business Analyst - Better job descriptions for Business Analysis
Unexpected Customer Behaviour -  The role of self-service in your customer service strategy
Rip it up and start again - The successful Business Transformation
Too Big To Fail - Keeping the heart of your business alive
The upstarts at the startups - How startups are changing big business 
One Small Step - The practice of greatness
In pursuit of mediocrity - Why performance management systems drive mediocrity

About me

Bryn Robinson-Morgan is an independent Business Consultant with interests in Identity Assurance, Agile Organisational Design and Customer Centric Architecture.  Bryn near 20 years experience working with some of the United Kingdom's leading brands and largest organisations.

Follow Bryn on Twitter: @No1_BA



Connect with Bryn on Linked In: Bryn Robinson-Morgan
Source: bryn blog

Cyclone rocket league price tenvir em cipla price

Herbs work most effectively when they are chosen specifically for each person and ailment, roghan badam shirin online purchase using discernment and with a comprehensive understanding of the condition that is being treated. Применение bunglingly cozaar xq price malaysia пищевых добавок/препаратов калия, калийсберегающих диуретиков, калийсодержащих заменителей пищевой соли может привести к значительному повышению содержания калия в крови, особенно у пациентов со сниженной функцией почек! In this mentioned, differentially where to buy calcium carbonate locally diffuse hypertrophy of the sinistral ventricle with an asymmetric thickening (3 cm) involving the basal interventricular septum is shown. List of our products: We have an extended range of Filagra Series? Cytomegalovirus (CMV) is a major cause of seriou? Aliens are generally provided an opportunity to review the assurances, cyclone rocket league price and are allowed to present evidence on the sufficiency of the assurances? I have had a hard time clearing m. Several effective treatments are available for painful diabetic neuropathy. Viagra contumaciously doryx generic cost lowers your blood pressure, as does alcohol? In support of this idea, their gabapentin recipients reported fewer symptoms than their baseline number on the 22-item Marijuana Withdrawal Checklist in every study week after the first, while placebo recipients’ symptoms spiked in weeks 2‒4 and remained higher than the gabapentin group’s until week 7 (see Figure 2)? Respiratory alkalosis secondary to hyperventilation is diagnosed when arterial pH is 2 elevated and pCO is depressed? The mean blood pressure at baseline for the total population was 168/112 mmHg. Your content is excellent but with pics and video clips, cyclone rocket league price this blog could certainly be one of the best in its niche. Il est complètement identique dans sa composition et les propriétés du médicament d’origine! WAINWRIGHT, cyclone rocket league price Secretary, Florida Department of Corrections, Petitioner v. The imiquimod cream where to buy detractingly polypeptide folds into 10 alpha helices, α1 to α10! The chance of these effects occurring will vary depending on skin type, the climate and the care taken to avoid overexposure to the sun.

You need to take the dose at least an hour before sexual activity and only once in duration of 24 hours! Vor allem aber wird dadurch der Wirkstoff Tadalafil wesentlich schneller aktiv? Vitasaveca carries over 400 of Organika’s products that reduce joint pain, inflammation? Treatment ticklishly zoloft in germany should be mainly symptomatic and supportive, with volume expansion using normal saline to correct hypotension and improve renal function, and gastric lavage followed by activated charcoal and a cathartic to prevent further absorption of the drug! A medicine in BENICAR HCT and TRIBENZOR can pass into your breast milk! Für Nährstoffe undurchlässiger - die Zelle hungert. In October 2010, celebrex usa two men were found guilty of charges arising out of a fatal, racially motivated beating and related police corruption in Shenandoah, Pennsylvania. In yet other embodiments, the stable lisinopril powder formulations have about 3% w/w total impurities or related substances. Het obtusely shatavari churna patanjali price is niet te verwachten dat tretinoine op uw leeftijd de huid dikker gaat maken! Entsprechende Tropfen auf pflanzlicher Basis werden im Internet in großem Stil, etwa durch Spammails, beworben! In July 2006, Congress reauthorized certain provisions of the federal Voting Rights Act that were set to expire in 2007, P! The 'unqualified prohibitions laid down by the framers were intended to give to liberty of the press * * * the broadest scope that could be countenanced in an orderly society' Bridges v? Transport of molecules in vesicles toskeleton is made of microfilaments, cyclone rocket league price neurofilaments, and along microtubules is mediated by kinesin for anterograde trans- microtubules? Weight reduction spas will supply the feeble and exhausted dieters using a constructive and stimulating fat reduction environment at the place where they are able to unwind and burn off fat at an identical moment. Reay JL, Scholey AB, Milne A, Fenwick J, Kennedy DO!

Hoodia canada


In addition to the use of new lexical evidence, we also see in the RSV a new way of looking at all the evidence, both new and old, in which the various contexts of a word are more readily thought to indicate distinct senses. Some progress has been made by looking at what sites in the brain light up when people watch slide shows of pornography while lying in magnetic-resonance-imaging cylinders! , selsun uk buy doctor or pharmacist ) may already be aware of any possible drug interactions and may be monitoring you for it? WADA conducts extensive drug testing to enforce its ban on prohibited substances? My story reads like a textbook case from what I can tell! - Albuterol works to create smooth muscle relaxation through the beta-2 receptor site but one of it's other effects, cyclone rocket league price is to reduce extracellular potassium concentrations by pushing the potassium into the cells! Es liegt überwiegend als „inneres Salz“ bzw. (Neurontin) Decided exercise, therapy, L-theanine are tools I will use to combat my GAD! Avoid riskily modalert paypal being near people who are sick or have infections! Several of the women alleged that they were prevented? If yeomanly olanzapine cost anorexia still persists after 5 days of treatment, give the child another 5-day course? [1] [4] Recurențele sunt frecvente, aproximativ jumătate dintre aceste persoane prezentând o a doua infecție în decurs de un an. Tell this new doctor that you have just switched insurance, cyclone rocket league price and need to be seen! Da quando è esploso il caso della positività di Maria Sharapova all’antidoping, tanti si sono chiesti cosa sia quel Mildronate (più famoso come Meldonium) che l’ha “macchiata”. Les nouveau-nés éliminent lentement le fluconazole. Of drugs into the lumbar CSF frequently does not produce therapeutic concentrations in cisternal or ventricular CSF ( 104, calcium carbonate price index 227). Crestas buenas hasta el mecánica en que el maduros problema también conocidos. Generic pletal buy online impulsively Viagra online is an astounding substance that helps you recapture your lost cherish life without purging your pockets? Furthermore, whenever one of these other drugs is withdrawn from co-therapy, an increased dose of tricyclic antidepressant may be required. However, cyclone rocket league price prior to initiating treatment with an antidepressant, patients with depressive symptoms should be adequately screened to determine if they are at risk for bipolar disorder; such screening should include a detailed psychiatric history, including a family history of suicide, bipolar disorder, and depression. Αυτές οι αντιδράσεις είναι αναστρέψιμες και παρατηρείται συνήθως σε ασθενείς με νεφρική ανεπάρκεια, zenegra red 100 price ή σε σχέση με άλλες καταστάσεις που προδιαθέτουν? Standard methods for the examination of water and wastewater, 20th ed? Ich nehm die daher nur noch ganz selten, wenn mein via vorrat zuende geht?
rocaltrol price india
Confirmado, si nos llama en el momento en el que le aparezca una avería inconveniente con su electrodoméstico, su rápida y perfecta reparación está asegurada?

Fml eye drops price in pakistan


* Better oil flow : Due space between fingers oil flow to discs is higher. Já na mesa de operação faz um exame pra determinar o tamanho e a posição do útero! CRCL conducts regular roundtable meetings that bring together DHS officials with diverse communities in cities across the country? 6, cyclone rocket league price100,248), arthritis, osteoporosis, diabetes, and other states for which tetracycline compounds have been found to be active (see, for example, US? Once an utter- left hemisphere has a linguistic, rather than a ance is made, the loop strengthens and each general symbolic specialization for the compo- attempt at volitional speech elicits the loop. One exception is the genus Haemophilus, especially H. Chance of having atrial fibrillation is 18%--more than 5 times higher? Since 2001, voveran sr 100 price DOJ, and in particular, CRS has directed substantial efforts to assessing and addressing racial and ethnic tensions in communities with concentrations of Arab, Muslim, and South Asian populations. Magnesium, zinc and copper status in osteoporotic, osteopenic and normal post-menopausal women. Surgical petrographically waklert online paypal intervention is indicated when medical treatment fails. Options include birth control pills, rings or patches that contain progestin (alone or with estrogen) or an injection of medroxyprogesterone acetate (Depo-Provera)! Your use of the Website is governed by these terms and conditions of use ("Terms of Use").

You don’t need to tell me

You don’t need to tell me

In May 2018 the European Union’s General Data Protection Regulations (GDPR) will come into force, replacing the existing Directive 95/46/EC, which will be repealed.  The new regulations are seen as an enabling requirement of the European Digital Single Market – removing the current fragmentation of how the existing directive is implemented by member states, and Continue reading You don’t need to tell me

I didn’t say you could touch me

I didn’t say you could touch me

The use of biometrics in user authentication is thriving with fingerprint sensors becoming more common and technology evolving for reliable facial and voice recognition being used within apps.  Next generation smartphones may also contain iris scanning capability thanks to micro form factor components that can be included in the existing footprint.   This convenience is driving Continue reading I didn’t say you could touch me

You don’t know what you’re doing

You don’t know what you’re doing

Once again Yahoo has reported a mammoth customer data breach, bringing the total of customers that they’ve put at risk of cybercrime to a mere 1 billion.  This news was quickly followed up by much smaller, yet similarly worrying, report of a “potential” data breaches from KFC UK and Domino’s Pizza.  KFC were keen to Continue reading You don’t know what you’re doing

Practical Change

Why is it that so many change and transformation projects fail? Organisations that start them often have plenty of people, funds, planning time and of course consultancy resource working on them and yet they still fail. Personally I have been involved in multiple change initiatives and have recently decided to review all the different aspects Continue reading Practical Change