BYOI (Bring Your Own Identifier)

The next step for the human-centric Internet...

So, I guess many of you will have heard of BYOB, ‘Bring Your Own Bottle’. If not, that’s the option presented by cafes and restaurants that don’t have an alcohol licence to their customers inviting them to bring along their own alcohol.

That’s symbiotic. The cafe provides a meal; the customer brings something to enrich the experience that the cafe can’t provide, and both parties end up happier. A 2 + 2 = 5 scenario.

And then we have BYOD, ‘Bring Your Own Device’. That’s a bit more complex but the principles are the same. It emerged as a concept when corporate IT teams noticed that people in their organisations were increasingly bringing their own computing equipment to work; usually smartphones or laptop computers. That meant that people were often carrying their work equipment and their home equipment; a lot of hassle. And then it became clear that the two ‘life aspects’ inevitably blend together. People were sharing work details with personal devices, and vice versa. They did so mainly to get around the inevitable hassles of accessing things they needed from two or more places. It became obvious that a convergence was required. And in that case there would only be one winner - the personal devices as they had the greater coverage of what people needed on a daily basis. And they persist across roles and even organisations. To make that work, corporate IT and their providers had to do the technical work to establish a secure ‘profile’ on the individual’s device in which the organisations apps and data could operate. And individuals had to agree to give up a bit of their devices for organisational use.

But again, this was a 2 + 2 = 5 scenario.

So why am I telling you all of this? Pretty straightforward really. I am predicting that the same process will happen with digital identifiers. That is to say, before long the concept of ‘Bring Your Own Identifier’ (BYOI) will make perfect sense. It will be another 2 + 2 = 5 scenario. It might get a different name as it will be very common and with defined user experiences; but the principle of ‘individual brings something to the relationship that helps an organisation’ will be very normal.

Let me explain why I think that, and what the implications will be.

Before that let’s align on what I mean by digital identifiers. That’s easy at the high level, and then gets complicated. A digital identifier is the representation of a person or any kind of ‘thing’ in the digital realm.

Some of you might think that’s all a bit weird and will never happen. I would say, but it’s already happening. How many times per day do we use our email addresses to sign up for, or sign into something?

An email is just a digital identifier in a specific format that is understandable by various email related protocols. words @ domain with some characters. Other examples include government issued identifiers such as passport numbers, driving licence numbers or citizen ID. And then many private sector originated ones such as account numbers, loyalty card numbers, employee ID’s, patient ID’s, cookie IDs and many more.

So how does that become Bring Your Own Identifier; and why is that a good idea?

It’s really quite simple when you think about it:

- current approaches have resulted in massive duplication of record keeping, and many data silos that are out of date as soon as they are created. I estimate a trillion personal data records on a planet with 8.8 billion people. All attempts to improve those data quality issues within that current architecture make the issue worse not better.

- From the individual perspective we see this massive duplication all the time. I have some 843 online accounts according to my password manager. Some I use frequently; many I have long since forgotten (but still have an online account). All require that dreaded checkbox to be ticked and the use of email / user name and password. Which all goes wrong over time obviously as many of us now have multiple email addresses and have long since forgotten which password we used on any specific service. Password managers help; but certainly in my case they only seem to work about half the time (I suspect because I work across multiple devices and browsers).

- If we had robust, security-minded identifiers on the individual side that they own and control we have the opportunity to move beyond that mess. We can move out of the siloes, and into a network based model.

That’s a good idea because:

1. It allows us to move beyond the current broken, siloed model to a scalable, future proof one. In doing so we take vast amounts of cost out of current business processes.

2. We move beyond surveillance to a more equitable data and profile sharing mechanism on The Internet; and in doing so re-build online trust.

So how might BYOI surface in practice?

That process began with the work on and the publication of the W3C Decentralised Identifier specification. That built the core capability for people to have digital identifiers relating to themselves. It moves forward with DIDs being embedded within a range of services. That’s where we are now. Next those DIDs become used within organisation systems as pointers to records held by the individual. These are usually called ‘External Identifiers’. That means a system, for example a CRM system, will have their own internally generated identifier for the individual; but also store the identifier provided by the individual as a related (external) identifier. This is when the magic happens, the 2 + 2 = 5 is created. Now that the organisation has a identifier for the individual that is connected to a system controlled by the individual, the organisation can choose to place more reliance on that identifier versus those internal, system generated identifier which is only relevant in its own silo. This method succeeds because that individual/ customer/ citizen/ patient / employee provided identifier can be used to more tightly integrate the organisation within itself. Anyone who has worked within organisations trying to maintain and share across systems is the impossible task. It is impossible because each of the systems being connected is a dis-connected silo in its own right (from the individual). That is why despite billions being spent each year on data quality and related solutions the data the problem just keeps getting worse. And the explosion of ‘AI’ driven data will make that worse again. We cannot fix a broken, silo-based method by applying sticking plasters to those siloes. That fundamental switch to ‘BYOI’ is pretty much the only solution to this issue as The Internet evolves.

The visual below shows a ‘person controlled identifier surfacing inside two separate organisations via their CRM systems. That simple illustration signifies that the individual has an active connection to those CRM systems. And the only way that happens is when the individual agrees to the connection. That simple connection will mean and enable many things over time; but for now it can be simply as a ‘keep my core details up to date’ service run by the individual.

So that addresses the backwards looking side of things; enabling a move beyond siloed data to connected data. What then comes next? Well thankfully that new model also leads to many upsides. I probably need a separate post for each over time; but simplistically the BYOI > Connected Data > Network of Networks shift will enable:

- Vastly improved online privacy/ reduction in surveillance; when individuals are bringing more to the table then the current ‘train-wreck’ approaches to online life and balance will be moved beyond as part of the bargain

- Much more evolved personal experiences on The Internet for individuals because they have a point of control and data integration on their side that was not possible before. This will certainly include a whole range of personal AI powered agents that will help enable more jobs to be done with less effort, time and complexity.

- Much improved data quality, leading to more optimised business and personal processes and less wasteful expenditure on data quality solutions.

- Over time, the elimination of that Biggest Lie on The Internet. This happens because individuals and organisations now have more balanced relationships. And better models and legal bases for data exchange than consent emerge (such as the standard, machine readable data sharing agreements written from the individual perspective and being developed in IEEE7012). The shift to Contract as the legal basis for exchange of personally data is the sustainable and empowering choice going forward for all parties.

- Digital Advertising will be re-invented in that customer-pull of relevant offers will become a fair more efficient, effective and environmentally sustainable way to sell products and services.

- KYC (Know Your Customer) processes will be vastly improved as the customer can bring to bear many more, and more efficiently shared proof points than in the current models. This will have a knock on effect on fraud reduction.

- Much of the above implies and enables the elimination of waste, not least in the environmental context. A lot less data will be stored and move around than in the current model.

So lots to digest in the above I guess. A big shift; but an inevitable one. Current architectures around personal data gathering, management and use; and the regulations around that have their roots in the mid 1980’s. That’s pre-personal computing far less pre commercial internet.

I’m heading over to the ever-enjoyable Internet Identity Workshop (IIW) where these kinds of things and more are discussed. This is IIW number 39; it’s an incredible forum and the root of many of the positive developments in Internet technologies and methods that help enable the above vision. I’ll report in again later this week on the many announcements that will undoubtedly emerge.