Mark Wahl of Informed Control writes me saying:
I also see identity management for the benefit of semi-autonomous or autonomous computing elements, beyond merely security… a lot of people tend to think of ‘individuals’ as merely individual humans. Certainly many applications will be operating for the direct benefit of their human owners, but they may not be necessarily operating under their direct control (more an agent than a browser), or may be benefiting a third party or an ecosystem as a whole (e.g. a Seti@home screensaver, or virus-scanners)
Mark, of course you are right. On further thought, it appears to me that this subject is actually much broader: "Two RFID tags meet in a bar. The first says …" You get my drift. Ubiquitous, connected, particularly wireless, computing will need zillions of those "agents" and they absolutely got to have a digital (and secure) identity, otherwise those RFID tags won’t even know whether they are talking to the same RFID tag again.
Dave Kearns already turns the discussion towards the issue that I really wanted to get to, over some period of time, starting with this piece. He says:
[Johannes] claims that the discussion these days centers on the first four to the detriment of number five, yet then points to at least three people carrying on dialogs about the fifth area.
Sounds a little schizophrenic, doesn’t it, until one notices that the "digital identity discussion" and the vast majority of technologies being discussed for digital identities, and the people doing the discussing, do barely, if at all, intersect with those three examples and many others (see Mark’s comment above and others I’ll cover in the future). The as-of-now unanswered question by Julian Bond whether Marc Canter (one of the big InfoCard proponents) can actually use it for his Ourmedia.org project is a great example. Does something smell like Cool Aid here? (if not, I’m really puzzled…)
Finally, Burningbird aka Shelley Powers in a thoughtful piece (as usual) questions a lot of the unspoken assumptions that are often taken as a given in digital identity "insider" discussions. For example, she says that while she’d like the convenience of single-sign-on,
the farther from my machine I can store sensitive data, the happier I’ll be.
implying that a lot of potential automation may actually undesirable by users. She goes on:
I don’t think the power of the internet is based on the concept that eventually, everyone will know your name. I think it’s based on the fact that everyone doesn’t know your name.
Which is a neat way of saying: we got to have anonymous digital identities, i.e. digital identities that can facilitate a repeat interaction between parties A and B, without revealing any information about the owner of either of them. Yet again a reasonable requirement by somebody outside of the immediate "digital identity discussion" that somehow seems to be forgotten or least be marginalized.
More later when I get around to it…