Why bad Identity drives out good identity

I am more and more concerned about the relentless expansion of what Kim Cameron ‘tongue in cheek’ dubbed the NASCAR approach to Relying Party Single Sign-On on the Web. And its not the inherent ‘phishability’ of the method that Kim alluded to in his blog.

Who will win the demolition derby?

Linking a User's Social Network Accounts to Relying Party Web Sites

Even big daily newspapers like the New York Times and Los Angeles Times have recently picked up on this phenomenon. I have often wondered what economic laws drive this rapid adoption and why isn’t there a huge backlash against the privacy implications in all of this?

I remembered Gresham’s Law from my business school days explaining why ‘bad’ money drives out good money. In essence when governments reduced the amount of copper in the pennies they produced, we learned that the public hoarded copper pennies and only spent the lightweight ones. It struck me that ever since FaceBook relentlessly started pushing their lightweight (in terms of security) solution to the perennial WEB single sign-on problem; it has been difficult to sell more solidly engineered solutions to our customers.
It seems bad identity, like bad money, drives out good identity.

Why am I concerned? David Recordon tells us in his blog: “We’ve finally convinced businesses – which serve normal people – that having their users sign in with existing accounts is better.” But I am thinking: “Where is informed user consent in all of this?”

It may be a cultural thing, but in Europe we seem to abhor the relentless invasion of our privacy, powered by OpenID connect. At the same time, in the USA,  companies like janrain are extolling the virtues of collecting a richer, more complete set of data and social graphs on users, claiming  they can link together information about us that we perhaps would rather keep separated within different Identity Providers’ compartiments.

What prompted me to blog this post? Maybe is was watching ‘Erasing David’ yesterday night on Belgium TV. I was rather disappointed, but at the same time the film reminded me how difficult it already was in 2009 to push this particular genie back in the bottle.

Building a better solution is what motivates me every day working for Verizon Business, working on a better ‘safer’ solution. Of course at the end of the day my company is not a charity and we will have to show additional business benefits for our customers besides enhanced security. I think this added value can be achieved by putting our users ‘in control’ of their identities; by sharing the rewards of their explicit consent in opening their personal profiles to Relying Party businesses and not by treating our users’ growing profile value as just another ‘product’ to sell.

Advertisements

About lasancmt

Passionate about Identity Management Disgusted at #ukip and #brexit
This entry was posted in Identity Providers, Privacy, Relying Parties and tagged , . Bookmark the permalink.

2 Responses to Why bad Identity drives out good identity

  1. Pingback: FaceBook, Google, Yahoo: Don’t shoot, we’re the good guys! | IdentitySpace

  2. Pingback: Identity Laws, Principles, Directives and Commandments: Which to Follow? | IdentitySpace

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s