become the room key enabling the guest to skip the front desk. Since the user has shared information with the hotel, it knows what television channel the guest wants on and can also set the thermostat to the preferred temperature. “All of the data is given with consent and the hotel can only use it for their own purposes,” Land says. Ultimately the data will be better for the marketer because they will be serving those customers who are interested in hearing from them, Land says.
Respect Network is introducing the idea of a personal cloud for individuals that would enable control of the identity and remove any third-party intermediaries. There should be something that is easy to use, such as Facebook Connect, but without Facebook in the middle, he explains. “Click on a button and the next step should be served by your personal cloud. It will detail what information you can share and what attributes you decided to share.”
SOCIAL LOGINS APPROACH USER CENTRICITY BECAUSE INDIVIDUALS CHOOSE TO REUSE THEM, BUT THEY TREAT USERS AS THE DATA PRODUCT
ENTER THE PERSONAL CLOUD A user’s control of the data is important but so is portability, says Drummond Reed, chief technology officer at Respect Network.
services, or force them to use only others; form a (misinformed) view of consumers and then share it without a shred of accountability. The identifying method must be autonomous, independent, transparent and – most of all – under your control. But the Internet is a two way street. There needs to be a way identify individuals online so it’s under their control, but at the same time the service requesting this information needs to be certain the identity is valid and has been verified. Thinking along these lines, a digital identity must be made up of claims about an individu-
al that can be verified by some entity, potentially increasing trust. This entity could be almost anyone or any organization. For example, my bank knows my monthly salary and a credit file agency will have a fairly certain knowledge of my date of birth and current address. But similarly, reputation based sites like eBay or Etsy could verify that I am a trustworthy person who can buy and sell items. Social graph information held on social networking sites like Facebook, Twitter or LinkedIn could also be used to verify an individual to a certain level of assurance
or be used in conjunction with other methods. An online identity system needs certain pre-requisites: 1. It needs to be accessible and understood by the services and applications relying on it by using industry standards. 2. It needs to be under the control of the identity owner. 3. It needs to be able to show the service or application pieces of information to prove certain aspects of an individual. 4. It needs to be able to do this in a way that says, this is true, i.e. verifiable. 5. It needs to be really easy to get at and use – maybe ac-
cessed using a pre-existing social network login accounts. 6. It needs to have privacy designed into it from the outset. 7. It needs to be as secure as possible without making it onerous to use. Most of all, however, the online identity needs to belong to and be controlled by the individual. Identity needs to become personal again – not co-opted by corporations or governments. How to get there technically isn’t the issue, it’s an attitude, or rather the wider Web’s attitude to what those identities are, that needs to be addressed and debated.
Fall 2013
31