Identification is a critical component of Web 2.0. Electronic communication between parties cannot take place unless both parties can be certain of the identity of the other party.
The current model of identification on the Internet is identification by data. We identify people by what we call them, whether it is a given name or an identifier like an id number.
However, in real life we are not identified by name but the relationships we have both with other people, organisations, or things within our nvironment. Our identities are us and our relationships with other objects – not our labels. Another way of describing it is that we are identified by our presence in space and time.
Edentiti is an approach that models real life in the electronic world. Edentiti allows us to create an electronic presence. It is a presence not a name and we call it an edentiti. It has relationships of differing types with other electronic presences on the Web.
In real life we have many identities and we take on different roles for different circumstances. We have an identity for our relationship with our family and friends, when we represent an organisation or when we want to identify ourselves. Whenever we want to interact with others in real life we “announce” our identity by our presence in some form or other. Edentiti gives us a way to announce our presence in electronic space and announce the role we are taking be it family member, or policeman, or teacher, or financial advisor, or member of a P&C.
Each edentiti has a one to one mapping with an identity in “the real world”. The real world identity has control over the online edentiti.
The edentiti we have first implemented is an edentiti to help us identify ourselves so that organisations in Australia can comply with the Australian anti-money laundering/ Counter Terrorism Finance legislation (AML/CTF). We have called this edentiti GreenID.
The AML/CTF legislation was written with the model of identification by name in the mind of the framers of the legislation. The legislation is written so that it says an organisation can electronically identify a person if the organisation can show that person being identified has two existing relationships with independent organisations who know us by name and address and another organisation who knows us by name and date of birth. If an organisation can show that they have established these name based relationships then the organisation has “safe harbour”. Safe harbour means that the organisation cannot be sued for a misidentification resulting in disclosing suspicious transactions to the Austrac authority.
greenID works within these rules.
How does the greenID edentiti verify whose presence it represents? It does this by verifying that it has electronic relationships with organisations or people. It asserts that there is a record in the tax office about the identity it represents. It proves it by asking the tax office electronically – I have a tax file number of x, a name of y, and a date of birth z. Do you have a record of me? The tax office, like all organisations in Australia is required by the privacy principles to say yes or no for no cost – except in some very exceptional circumstances.
greenID gives the real person the ability to ask these questions and to securely record the result of the question. The data used to obtain this verification is discarded and only the verified relationship stored.
As individuals we keep control of our own edentiti by establishing ways we can prove we are the real person the edentiti represents. We do this by leaving biometrics with our edentiti that identifies us. This could be passwords, secret questions, voice prints, iris scans, pictures of ourselves, phone numbers from which we call, computers from which we communicate. When we return to use our edentiti we establish who we are to the edentiti and we then ask the edentiti to do things for us.
This model allows us create many edentities for different purposes. We may have our scholastic record edentiti. This asks all the organisations with whom we have studied to verify that we have a particular qualification. Once we establish the link with an organisation then our edentiti can ask for a copy of the record to be delivered securely to say an employer.
We might establish our health edentiti. Our health edentiti keeps track of the all health relationships we have and where we can find information about our health. It does not keep any health records but it keeps where health records are kept and keeps the authority for our edentiti to access those records and deliver them to others when requested.
We might establish a guardian edentiti who watches over our other edentities and sees if anything unexpected happens.
Any sort of electronic presence we want for any purpose can be established.
For this model to be deployed for Government 2.0 the government only has to enforce existing laws that allow an individual to ask any organisation that might hold records about them a simple yes or no question. Do you hold any information about me?
This model can be implemented tomorrow for a very low cost. Instead of the government spending a reported $400M establishing and deploying a health id card all the government has to do to allow an individual to consolidate their health records and supply them on demand in a medical emergency is to enforce its own regulations.
I do not have time within my five minutes to explore the ramifications of this model. Suffice it say that it will stop identity theft, make Government 2.0 easy and cheap to implement, do it all in a privacy friendly way and do it without any legislation, new regulations or new government bodies.