You know those people who dream big dreams? Change the world for the better and for all time dreams? Those are the people in Phoenix this week. They want to make the Internet better. Commerce better. Government better. School, entertainment, banking, and manufacturing better.
Their point of influence: digital identity.
What if, they ask, we could make "sign in with..." something everyone could trust? Something that worked across national borders, across cultures, across technologies, with all sorts of regulatory schemes? Could we make a way to identify ourselves and share personal information that thinks of our identities and data the way we do? Could we make it safe and secure, scalable and flexible?
Yes, they say.
The United States' National Strategy for Trusted Identities in Cyberspace
is a plan to make this come to life. And the folks making it happen call themselves the Identity Ecosystem.
Representing people and institutions from across the US and a few other countries, they're designing a decentralized accountability framework that blends technology, economic and legal relationships into a whole.
It's a vast undertaking that will affect everyone with access to electricity. Everywhere. For a generation or three.
And it could fail before it gets started.
In early 2011 and in late 2012 I led two groups of professional geeks, suits and wonks in brainstorming what could make NSTIC fail by 2016. We did a bang up Red Team job.
And again in October 2012...
A Personal Data Ecosystem Consortium (PDEC)
whitepaper summarizes their findings, the top two threats, the differences after 18 months, a few recommendations, and a note on how US federal budget cuts might affect the program in its infancy.
The teams ranked two threats as most serious:
- UX. A failed User Experience could stop adoption, stall rapid learning, burn user and institutional trust, and stimulate bad user behavior.
- Balance. Four forces have to be strong and aligned for an ecosystem of Identity Providers, relying parties, user agents, infomediaries, market makers, personal cloud providers, and governance services to thrive. Technology, economics, policy, and culture will tie the ecosystem together. If any one of those elements is weak or is out of alignment with another element, the whole ecosystem can fall apart.
Both of these are more directly influenced by the members of the Identity Ecosystem than by outside forces. So there's hope. They can take steps now.
I posted the slide deck to Quora as National Strategy for Trusted Identities in Cyberspace: What could kill NSTIC?
and you can find the PDEC paper itself at White Paper: What Could Kill NSTIC? A friendly threat assessment
The biggest fear? Leadership failures. Written in the past tense (from future 2016) was the risk that the participants did not rise, take charge, confront challenges, and bring this complex ecosystem to life.
There's a gap between dreams and reality, hopes and action. Here's to the IESG successfully closing those gaps.