From 'Sign Up and Sign In', to 'Connect, Relate and Trust'
.... a now possible, and very necessary, paradigm shift
I’ve mentioned the above title a few times to people and it seems to resonate; so let me un-pack it a bit more and explain what I think will become possible through 2025.
‘Sign Up and Sign In’. That’s the current paradigm around how we as individuals engage with organisations in the digital realm (i.e. web sites or mobile applications). That has been the norm for so long now that we tend to take it for granted as how things work online, even though it is clear to all that large parts of it are very broken:
Each relationship is managed one at a time even though they all share a common process (signing up). Or we sell one’s soul (data) to ‘social sign-in’ (i.e. sign in with Google, FaceBook etc) to gain the convenience of re-using an existing online presence; but in doing so enable ourselves and our sign-ups/ ins to be constantly watched and sold on to others
We merrily click through those cookie banners, haemorraghing more data in doing so. Or take the time to make selections which are quite possibly then ignored anyway.
Then we get to the farcical check box. How can we build a global economy based on having people check a box to say they have read, understood and agreed with the terms of service and the privacy policy when they have clearly not done so?
Next we give away our Email addresses to act as a ‘user name’, in the full knowledge that it will then join the data being sold out the back door. There is no need for the thing we use to sign up for services to be our email addresses; any digital identifier achieves the same without leaking that email address all over the place.
Then we do the password dance; balancing the convenience of re-use versus the psuedo-security of variations. All the while hoping that our password manager has remembered; but knowing full well it may not have and we’ll be signing in via password re-set yet again…
And to compound that misery, we get no useable record of what has happened, and what we have signed up for - are supposed to somehow remember it all for next time we need to access the service?
That very broken model, entrenched as it is, can be fixed in 2025 by changing one simple assumption. That most broken assumption embedded in the current model is that the individual cannot have relationship management capabilities of their own. And that they always be the ‘client’ that does only what the ‘server’ allows them to.
So where do we get to when we change that assumption, and provide the most basic of capabilities on the individual/ customer side?
That most basic of capabilities i’m referring to has the working name ‘MyKey’. Under the hood it’s more technical name is a FedID. This new open source technology protocol enables people to create their own strong digital identifiers that they own and control. This genuine ownership and control is critical to what comes next. In the current model, people sign-up for things and sign into things with identifiers that are ultimately not owned by themselves. Much as we might like to think we own our email addresses for example, we don’t. We rent them to some degree or other, as we do with our phone numbers, IP addresses and others.
So my suggestion is that ‘sign up/ sign in’ with MyKey has the potential to be move to a new model.
‘Connect, Relate and Trust’ is where I believe we then get to when we enable individuals come to form digital relationships with at least an identifier of their own. Let’s break that down a bit:
‘Connect’(to me) - is the real game-changer because it is what moves us beyond managing digital relationships one at a time. It reduces the power inbalance in digital relationships; and vastly upgrades what becomes possible in the context of the relationship. Data can move backwards and forwards rather than just one way, and audit logs become possible because both ends of the pipe are digitally enabled. Security is much improved versus the current model in that the identifiers being used to connect are actually cryptographic keys (which as well as being much more secure, go on to enable many other things down the track). You can thing of that as a bit like ‘my suppliers have an online account with me, just the same as I have one with them’.
‘Relate’ - that the parties are now connected and can interact means that the relationship evolves. I tend to think this leads to more balanced relationships such as happen in B2B contexts in which both parties have needs, and either can initiate activities the other can see and respond to. In other words, a genuine relationship rather than the current ‘you will do it our way’ approach that organisations are able to take.
‘Trust’ - this most valuable of commodities cannot be bought, or created instantly. It can only evolve over time through repeated, positive and predictable interaction. So when one experiences consistency of experience and capability in connecting to organisations then trust can build up.
If this is true, we can re-build trust in at least the parts of The Internet and Web in which such a model takes hold.
So how will this happen in practice? My take is that whilst there will inevitably be roles for wallets, verified credentials, personal fiduciary AI agents, personal data services and more, the start point is that we must control the identifiers we use at our end of digital relationships. Each of these downstream capabilities will require such fiduciary identifiers to work anyway.
And what will it look like? I would suggest that it will look something like the MyKey button below.
MyKey remains a working name for the capability as we continue to test and refine the precise user experience, build up a body of reference sites; and learn how to best explain the story. But what it is must be very clear, it is a strong ‘connect to me’ capability created, owned and controlled by individuals. And because it is independent of the service provider being used to underpin ‘sign-up and sign-in’ then it has the capability to be ‘life long’, just like your mobile phone number which you can move from one service provider to another.
There are clearly aspects of this that can only be finalised once deployments are up and running. For example, what is the relationship between ‘connect’ and the terms of service and privacy policies that organisations will continue to require. One thing is certain, when strong capability is on the individual side of the relationship then that prepares the ground for individuals asserting their own policies (such as those being developed in IEEE7012). I suspect real, ongoing trust in digital relationships will only emerge when we have eliminated 'contracts of adhesion’ and the consent check box/ biggest lie on The Internet.
So, that’s the plan - Sign up and Sign in changes over time to Connect, Relate and Trust… First MyKey availability and early sign up/ in options are scheduled for Feb 25. Any thoughts or questions on that just post in comments.