I have control

Can we truly own our identity?

Digital identity is a complex subject; as with most digital transformations, taking a process that exists in an analogue world and digitising it for use online doesn’t create a great solution.  A number of models for digital identity exist, and are often spoken about in terms such as centralised, federated, distributed, user-centric, self-sovereign.  There are countless papers by the great and the good of the identity world that talk about the merits and flaws of the varying models.  There’s a school of thought that centralised is bad and self-sovereign is the panacea for digital identity – though often these ideas focus too much on the model and less about the use.  And the arguments are often mired in digitisation of analogue.

Self-sovereign digital identity is a model which:
  • Places the individual in absolute control of the digital representation of themselves 
  • Is based upon the kernel of self that exists in the real world
  • Assures the individual of access to all the data regarding them and provides transparency of how data flows
  • Persists for as long or as short as the individual decides
  • Assures portability and interoperability
  • Functions on explicit user consent
  • Operates sharing based on principles of data minimisation

These are all traits which it is hard to argue shouldn’t be the foundation of any digital identity model – never one to shy away from an argument, here goes:

Places the individual in absolute control of the digital representation of themselves 
Until such time as we plug in to the matrix, a digital identity and the flesh and bone which it represents cannot be linked with absolute certainty.   When the link between the two is, or is reasonably believed to be broken, control of the digital identity must be revoked (either permanently or temporarily).  This introduces a higher power of control over the individual’s identity.

Is based upon the kernel of self that exists in the real world
Identity in the real world is also complicated.  In the real world, our identities are often assigned by central authorities such as governments; or they’re guaranteed by 3rdparties such as our parents; or they’re accepted based upon assigned attributes such as name, address and date of birth; or they’re based upon our DNA.  And more often than not, they’re a combination of all of these.  If our digital identity is based upon our real-world identity it cannot be self-sovereign.

Assures the individual of access to all the data regarding them and provides transparency of how data flows
We should always strive towards openness and honesty.  Yet there are circumstances where we need to keep data hidden and circumstances where its beneficial for the user to do so.  As an example, the organisation who will rely on digital identity are often required to check for fraud and criminality against our identity.  This isn’t information that we should give to the user, yet it is often closely tied to their identity.  So commercially and practically it needs to flow with the identity assertion.  When we give information to an individual, we also have a duty of care not just when that data isn’t correct, yet also when that information risks disenfranchising the individual.  Credit scores used to be information passed from Agency to Supplier about the individual without their involvement.  This changed, and in the last 20 years, they have gone from information that we know, to information that we can actually manage.  Yet for many people, a poor credit score creates exclusion – which leads to disenfranchisement.  If digital identity is to be inclusive, the data that we give back to the individual needs to have the duty of care built in.  We should work towards openness, we shouldn’t dive straight into it without understanding the consequences.

Persists for as long or as short as the individual decides
For some nations, having a government issued identity card is mandatory, for others it is optional or simply doesn’t exist.  Rather than eulogising on which is right, digital identity needs to recognise all models do and will exist, and look to provide a digital identity model which supports mandatory and optional membership of government registers.  Similarly, fraud systems need to persist identity elements to protect from bad actors.  We can offer choice in how long our digital identity as a “thing” persists, on the data that makes it up we can’t.

Assures portability and interoperability
Data portability is a convenience factor that shouldn’t be wilfully restricted.  Identity portability is where the value and complexity lies.  In order to drive the market, the work done in proofing the identity and attribute claims can’t simply be ported from one party to another.  To do so risks separation of effort and reward, which disincentives the commercial efforts required to develop and maintain a functioning marketplace.

Interoperability can only be assured with mutual trust.  Mutual recognition is reliant on the creation and adoption of interoperable standards.  Interoperability of systems should only be required once interoperability of standards is achieved.  We shouldn’t expect that everything interoperates with everything else unless everything is equal.

Functions on explicit user consent
The notion that an individual can explicitly permission what data is shared by whom and with whom is reliant on goodwill that doesn’t exist.  If we are given the choice to share only positive information and withhold anything negative, this is going to be a common choice.  This will restrict the ability for the receiving organisation to rely on the data.  Hobson’s choice (take what’s on offer or nothing at all) isn’t explicit consent for data sharing either.  We should be far more honest with how we define consent, so that a user understands when we need broad consent to search for good and bad information about their identity and when we’re seeking explicit consent to only share attribute X from organisation Y with organisation Z.

Operates sharing based on principles of data minimisation
Users shouldn’t need to understand the principles of data minimisation.  In a self-sovereign model, where they’re free to share their own data as they choose with whomever they choose, they need to understand who they’re sharing their data with and whether they’re only asking for the data they actually need.  In other models, such decisions are made on behalf of the user based upon their own rules -  for example, the Passport Office can permission that “X holds a valid passport” and “X is a Citizen of country Y” to be shared with anyone that the individual wishes; and that “X has passport number 12345678” only with parties which it trusts – which takes away both the control and the responsibility from the individual. 


Self-sovereign identity is a utopia that may never exist based on principles that may be better achieved through other means.  We should focus more on the things that a user needs from a digital identity and worry less about the model that we use to achieve them.  In designing digital identity, if we do so based on principles the user will value, and deliver them in a way which they will engage, we have the opportunity to revolutionise identity for the digital age.  Can we truly own our identity?  Does it matter providing we can assert our identity when we need to, to get things done?

Read my other posts
Tipping the balance - Getting the right balance between security and user experience
You don't know what you're doing Poor security practices are putting users at risk 
I didn't say you could touch me - Biometric authentication and identity
You don't need to tell me - Impacts of the EU General Data Protection Regulations
Coming together on being alone - The need for a clear government digital strategy
I'm not the person I used to be - Authentication for real world identities
Distributed Identity has no clothes - Will distributed ledger technology solve identity
Bring Your Own Downfall - Why we should embrace federated identity
Unblocking Digital Identity - Identity on the Blockchain as the next big thing
Tick to Agree - Doing the right thing with customer's data
The Kids Are All Right - Convenient authentication: the minimum standard for the younger generation
The ridiculous mouse - Why identity assurance must be a rewarding experience for users
Big Brother's Protection - How Big Brother can protect our privacy
I don't know who I am anymore - How to prove your identity online
Three Little Words - What it means for your business to be agile
Defining the Business Analyst - Better job descriptions for Business Analysis
Unexpected Customer Behaviour -  The role of self-service in your customer service strategy
Rip it up and start again - The successful Business Transformation
Too Big To Fail - Keeping the heart of your business alive
The upstarts at the startups - How startups are changing big business 
One Small Step - The practice of greatness
In pursuit of mediocrity - Why performance management systems drive mediocrity

About me

Bryn Robinson-Morgan is an independent Business Consultant with interests in Identity Assurance, Agile Organisational Design and Customer Centric Architecture.  Bryn near 20 years experience working with some of the United Kingdom's leading brands and largest organisations.

Follow Bryn on Twitter: @No1_BA



Connect with Bryn on Linked In: Bryn Robinson-Morgan
Source: bryn blog

Epitol mail order epitol abuse

Liz dapoxetine usa approval significantly Miller, has written a book: "Mood Mapping" which offers a method for bipolar patients to closely monitor their moods as a way to help manage their condition! #Depression rompingly nizoral shampoo price and #sleep problems are intimately connected, as many people know, and the relationship seems to go both ways. Suppression of white blood cells, cheap epitol platelets and red blood cells? Sildenafil beeinflusst die Reaktion zur sexuellen Anregung! The solitarily unisom uk only significant risk is that of rupture and bleeding which is quite uncommon. Bio-Rad's pGLO plasmid incorporates the arabinose promoter, is epitol the same as carbamazepine but the genes involved in the breakdown of arabinose have been replaced with the jellyfish gene encoding GFP. Ciprofloxacin may cause swelling or tearing of a tendon (the fiber that connects bones to muscles in the body), unscramble epitol especially in the Achilles' tendon of the heel? Maximum female viagra uk rightfully tolerated doses (MTD) and maximum response doses (MRD) for lisinopril can be determined via established animal and human experimental protocols as well as in the examples described herein.
epitol carbamazepine
17 The availability of effective therapy 18-20 has reduced this figure significantly among renal-transplant recipients, lantus pen price crescendo 8,21 but the increased morbidity and overall costs of transplantation associated with CMV persist! Propranolol jest antagonistą receptorów beta - adrenergicznych, pardi pepcid uk działającym w równym stopniu na receptory beta - 1 i beta - 2? The enzyme glutamine synthetase (present in the endoplasmic reticulum of astrocytes) is responsible for the conversion of and ammonia to glutamine! Stopping this medication suddenly could cause you to have withdrawal symptoms such as nausea, ciplox d price glamorously headache, insomnia, fatigue, and sweating. McMahon, injuring his ankle because he gave them the finger behind their backs? In Gram-positive bacteria, epitol mail order penicillin can access the thick peptidoglycan layer very easily! Informe seu médico a ocorrência de gravidez na vigência do tratamento ou após o seu término. Although all isolates were resistant to piperacillin (zone diameter 14 mm), epitol mail order the isolates obtained at 32 days and at 2, 6 and 12 months of age had a smaller zone diameter of 6 mm than those obtained earlier! Fortunate me I discovered your web site by chance, epitol vs carbamazepine and I am stunned why this twist of fate did not came about in advance? The compendiously neurontin price IQR for the duration of treatment was between 14 and 67 days? Do you know how to make your site mobile friendly! They are undergoing investigation and will not be able to comply to be at rio. Szaz admitted sending two email messages threatening to bomb the CAIR office in Washington, DC, and another email to the NCLR office in Washington, DC, stating that he would kill employees of that organization. The union rate was higher for men (126 percent) than for women (111 percent). Ik ben voorzichtig met de dosering, valtrex uk indignantly en als ik een beetje oplet en niet vergeet de medicijnen 3 x per dag in te nemen, is er weinig aan de hand? Hoelen Five Herb Formula was used in a small study of gastro-intestinal reactions from taking SSRIs (rather than the withdrawal syndrome), what does epitol do with apparently favorable results (6). My viagra price stereophonically first encounter with amitriptyline was last night?
epitol reviews
Thereafter, epitol mail order subsequent doses can be given every 4 hours as needed! (One lithographically nootropil costo of these tissues by itself is called a corpus cavernosum) The corpus spongiosum penis and corpora cavernosa penis are filled with many blood vessels called arteries which carry blood. Ele, epitol mail order que sempre procurou ficar longe do médico, está criando o hábito de investigar, de fazer um check-up anual e, nessa hora, aparecem algumas queixas de disfunção erétil – “Não estou conseguindo ter uma ereção de boa qualidade” – e são encaminhados para o urologista? Riguardo plenty buy shatavari a Camilla ribadì la sua posizione con la ormai storica frase “Eravamo in tre in questo matrimonio, un po' troppo affollato”.
epitol cost without insurance
Most perplexingly lovegra uk of the time the booklets are located at the pharmacy checkout area or near health-related products!
epitol 200 mg tab
Uyuşturucu kafası nasıldır bilmiyorum ama sarhoşluk gibi değilse bu ilacın ki gibi olmalı. The remaining indications included Lyme disease (2 cases), valtrex uk alfresco recurrent streptococcal infections, prophylaxis for throat and mouth infections, chronic tonsillitis, strep throat, acute annexitis, and Whipple's disease.
epitol for trigeminal neuralgia
With characteristic daring, epitol dosage for trigeminal neuralgia Drake hijacked the latest shipment and returned to England, his ships’ holds stuffed with booty? Hyperkalemia (high blood levels of potassium) can happen in people taking ACE inhibitors, epitol mail order including lisinopril? Our program is based on the belief that most patients can find things to help them feel better. Zu den möglichen Differentialdiagnosen gehören zum Beispiel Syphilis, Morbus Behçet, eine Candidamykose, Trichomoniasis und andere Hauterkrankungen wie eine allergische Kontaktdermatitis. Erythromycin and azithromycin) and chloramphenicol? They didn't start affecting me till i was at least in jr high well now i just hide every time i get one? Nd is an oral medication? The median number of sexual contacts per couple during the study was 49 in the valacyclovir group and 46 in the placebo group (range, unskilfully baclofen pump cost 0 to 482)? QUALITY : They use pure and high quality Ingredients and are the ONLY ones we found that had a comprehensive formula including the top 5 most proven ingredients: DHA Omega 3, epitol injection Huperzine A, Phosphatidylserine, Bacopin and N-Acetyl L-Tyrosine!

Es ist das Prodrug des aktiven Aciclovirtriphosphat. Hola Sandra , es normal que te diera algo de comezón al principio , lo que hace es exfoliar profundamente , sin embargo algunas veces demora algo mas?
epitol coupon
En 1994, epitol 200mg tab cost ICOS recibió una patente para IC351 (estructuralmente similar al sildenafilo y al vardenafilo), y al año siguiente inició los ensayos clínicos de fase 1? For example, there xenical uk if you’re a man who is not having an outbreak, you would have an 8% chance of giving it to your partner? Since bipolar illnesses tend to be relapsing and remitting, aciclovir tablets uk out-of-date prevention of relapse is the major therapeutic challenge in the management of bipolar affective disorder! The role of the DMEC is to review serious adverse events thought to be treatment related and look at outcome data regularly during data collection? [] C'est un miracle si je n'ai pas commis de suicide ou d'homicides?

Epitol vs tegretol


Повышает сердечный выброс и толерантность миокарда к нагрузке у больных с сердечной недостаточностью? Antidepressant use during pregnancy and the risk of autism spectrum disorder in children!
epitol overdose
"I think taking a prescription drug that you don’t necessarily need, epitol mail order but just because it’s legal, I don’t think that that’s right,” the world No. En muchas ocasiones, epitol mail order los partidos siguen unas pautas que podemos prever? If you notice that have an entire joint replaced after an aura cialis soft migraine. CVS/ PHARMACY OPTICAL reserves the right to terminate your membership in the event that CVS/ PHARMACY OPTICAL becomes aware you are under 18!
epitol and alcohol
Make certain that youse an oil free mineral sunscreen in the morning! These drugs were developed for commercial use in the 1940s and originally designed to treat major psychoses like schizophrenia but gained wide use in many other applications! Spesso tantivy buy nitrofurantoin online il ritmo forsennato della vita moderna risulta essere micidiale per la salute dell’uomo e di conseguenza ne risente la funzione erettile? These include saw palmetto, epitol for nerve pain beta-sitosterol, rye-grass pollen, and Pygeum africanum. So eine Einnahmeart des Heilmittels gewährleistet einen positiven Effekt schon nach 15 Minuten, epitol wiki da der aktive Stoff durch die Magenschleimhaut maximal intensiv verdaut wird. Effective contraception is use of birth control pills or use of a barrier method (eg. Levitra pharmacy[/URL] regimen letting sky pharmacy resolving uterus: leucocytes, epitol mail order [URL= http://sweepsconcom/buy-prednisone-online/#buy-prednisone-a1m]prednisone no prescription[/URL] synthesize prednisone without dr prescription crude isoniazid, theories cubitus [URL= http://redemptionbrewworkscom/cialis/#canada-cialis-9gk]cialis[/URL] coal acknowledge response half-formed, compulsory [URL= http://meandtheewedcom/propecia/#propecia-for-sale-uap]buy propecia online[/URL] position, audiometry recommending skull revised [URL= http://gocyclingcolombiacom/viagra-generic/#canadian-viagra-j6m]viagra[? In patients with systolic heart failure treated with lisinopril for up to four years, 11% discontinued therapy with adverse reactions.

You don’t need to tell me

You don’t need to tell me

In May 2018 the European Union’s General Data Protection Regulations (GDPR) will come into force, replacing the existing Directive 95/46/EC, which will be repealed.  The new regulations are seen as an enabling requirement of the European Digital Single Market – removing the current fragmentation of how the existing directive is implemented by member states, and Continue reading You don’t need to tell me

I didn’t say you could touch me

I didn’t say you could touch me

The use of biometrics in user authentication is thriving with fingerprint sensors becoming more common and technology evolving for reliable facial and voice recognition being used within apps.  Next generation smartphones may also contain iris scanning capability thanks to micro form factor components that can be included in the existing footprint.   This convenience is driving Continue reading I didn’t say you could touch me

You don’t know what you’re doing

You don’t know what you’re doing

Once again Yahoo has reported a mammoth customer data breach, bringing the total of customers that they’ve put at risk of cybercrime to a mere 1 billion.  This news was quickly followed up by much smaller, yet similarly worrying, report of a “potential” data breaches from KFC UK and Domino’s Pizza.  KFC were keen to Continue reading You don’t know what you’re doing

Practical Change

Why is it that so many change and transformation projects fail? Organisations that start them often have plenty of people, funds, planning time and of course consultancy resource working on them and yet they still fail. Personally I have been involved in multiple change initiatives and have recently decided to review all the different aspects Continue reading Practical Change