An Important Evolution for the Human-centric Internet
An online representation of you that you own and control
So, there was method in my madness in writing about ‘BYOI/ Bring Your Own Identifier’ in my last post. I knew what was being announced yesterday at Internet Identity Workshop 39 and wanted to think it through in advance as its implications are very large indeed.
A few months back Ben Curtis, our JLINC Labs CTO, came up with a proposed technical evolution that he had pondered on for a while as something very much needed on The Internet. It felt big to the rest of us; we kicked the tires and agreed we should bring it forward as an open source project; and here it is. FedID, and FedID Connect (FIDC), the new website and documentation is here.
Why is this a big deal? Quite simply because it enables people to be free, empowered actors in the digital realm. How so? That’s because it enables people to sign up for a powerful digital identifier that is on their side, prevents surveillance, and has no lock-in. It can run at massive scale on already proven technologies (Open ID Connect and ActivityPub), and is very easy to deploy (a few lines of code added into the existing means through which developers add ‘Social Log-in) to websites and applications.
That’s the good news, the technology works.
The ‘still to be proven’ news is what that means in terms of user experience, commercial implications, policy implications and societal implications. And not just proven; it would be fair to say that none of us currently understand the full ramifications of what FedID enables. I say that because none of us has ever had a digital representation that we own, we control, is portable over time - and therefore can be life long, spanning hundreds of supplier relationships. In UK the only entities that think in terms of life-long identifiers are the National Registers (birth certificate > death certificate), the National Health Service. Neither are digital, or able to be used outside of their specific contexts. Some of the central government departments have views over long periods, but typically not life long).
This is where I’m going to be calling on a bunch of people who can help shepherd this discussion. MyData Global will certainly have a perspective, so, I expect, will UK Smart Data Council, EU Policymakers and Customer Commons in USA.
Here’s my first stab at visualising the opportunity for the end user of digital services in a way that can enable the discussions we need to have. I’m using MyKey just as a potential name for this new thing. That’s because clearly an individual is not going to say to themselves ‘I must get myself a Federated ID, and use Fed ID Connect. This is almost identical to the current model in which ‘social log-in’ has a technical name (Open ID Connect), and then several end user facing name (‘Sign up with Google, Sign up with Facebook etc). FIDC will require the same, one or more market facing names and experiences underpinned by one technical approach and licence behind the scenes. The licence (MIT + No Surveillance) is important, it is open source but forbids surveillance - which is one of the two problems with the current social log-in approach. The other problem also addressed by FIDC is that in the current social log-in mode (i.e. the big tech players), a person may sign-up and sign-in to many services over time with that model only to find that their chosen sign-up/ sign-in model disappears. They could disappear simply through those social log in providers deciding to stop running such a service; or perhaps more likely they are forced to do so by regulators.
MyKey may or may not be the right name for this end user experience. It’s a decent start point in that under the hood the identifier the individual has is a standard decentralised identifier (DID), which in effect is a cryptographic key. And as a standard decentralised identifier that means the thing individual has can also be used to sign things (e.g. agreements), prove things, exchange data and send/ receive messages. That long list of capabilities is why this innovation is both disruptive to business as usual (surveillance) and empowering.
My own take on where this goes is that the current paradigm is broken because of the surveillance and lock-in issues above; but also because it assumes no capability on the side of the individual. The only option we have today as ‘end users’ is ‘sign up' for a digital service/ web site/ app; and the ‘sign in’ to those things. When people have strong capability on their side (their MyKey) then that ‘sign up and sign in’ extends to become ‘sign up, sign in and connect’ (to things on individual side like personal data stores, digital wallets etc.). That’s a two-way relationship rather than the current one way flow. That then extends to ‘sign up, sign in, connect and relate (i.e. genuine two-way relationship), and ultimately to ‘sign up, sign in, connect, relate and trust. Trust only comes through genuine two way, peer to peer, mutually respectful and enabling relationships that persist over time.
It’s not too big a leap to say that this then transforms many things. For example, digital advertising. For years the adtech industry has been looking to create ‘the one identifier to rule them all’ in the post-cookie world. I would contend that the identifier that works for the customer will be the one that works best for advertisers and publishers. MyKey plus Personal AI powered agents could go in that direction and marketing and advertising will become at least partly based on pull rather than push. Very interestingly the great advertising guru Rory Sutherland is already thinking along those lines.
Another business process that can be re-invented in ‘Know Your Customer’/ KYC. MyKey/ FIDC enables the individual to bring un-paralleled breadth, depth and brand new data to that process. Nobody knows the customer better than the customer; but precisely how that KYC upgrade happens is very much up for debate with the relevant regulators and the financial services industry.
I guess that’s enough to be going on with….; more on this next week. Back to the conference…