In my last blog, I discussed how the adoption of manufacturing standards, which did not occur overnight, was driven by the realisation that component logistics were becoming so unmanageable, that the manufacturers were in danger of failing.
Today, the need for digital identity on an Internet-wide basis is bringing us to a similar crossroads. With so many identity protocols, standards, and specifications, will we be able to avoid digital chaos?
Is the digital identity problem really so complex?
Currently, each digital content package has its own media format and content with its own particular twist—no one has yet agreed what should one have as as a unique identifier. A unique identifier is a number or string that is used to identify a specific object. This number or string cannot be used to refer to any other object. For example, an ISBN can be considered a unique identifier for a book. Although a number of books might, for example, be titled Intellectual Property, they can still be differentiated by their unique ISBNs.
According to Wilbert Kraan, who is on staff at the Centre for Educational Technology Interoperability Standards (CETIS):
“The essence of the identifier problem is the reconciliation of the need for identifiers to be the same forever, for everyone, independent of where the resource is, who owns it and in what kind of system it resides in. Not an easy task when the resources—ithe learning objects—are themselves composed of multiple objects, can be changed, have alternative versions, copied and aggregated into, and disaggregated out of, larger learning objects.
Add to that the necessity of maintaining different sets of metadata (and thus metadata identifiers) about the same object for different groups, and you have quite a puzzle.”
The idea of using unique identifiers to manage and track learning objects is extremely attractive. Persistent identifiers, such as Handles, DOIs, and PURLs, offer a superior solution over URLs, which can change easily by being moved. However, the added time and effort needed for their initial development, despite their long-term benefits, seems to have hindered their usage. Economic and cultural factors in education that tend towards a short-term view will have to be overcome if persistent identifiers are to be adopted.
Why do so many identity protocols, standards, and specifications exist? In truth, manufacturers like things to be proprietary. Each wants its own standard. The publishing industry, for example, may require a very robust system with a central authority (e.g. DOI) that guarantees the one and only identifier for a specific object. Such functionality is necessary for the kind of rights management systems they would like to see.
Content and information: what do we want?
- Smart content with inherent information identity – Nine industry-leading organizations have agreed to be the anchor investors in a project, sponsored by the Common Cartridge Alliance, develop a Common Cartridge (CC) format, which defines a commonly supported content format, able to run on any compliant platforms. CC has enable end-users and learning delivery organisations to develop and share community source tools that allow cross platform support, content portability and more effective learning materials.
- Personal identity – The use of identity federationstandards can reduce cost by eliminating the need to scale one-off or proprietary solutions. It can:
- Increase security and lower rise by enabling an organisation to identify and authenticate a user once, and then use that identity information across multiple systems, including partner web sites.
- Improve privacy compliance by allowing the user to control what information is shared, or by limited the amount of information shared.
- Drastically improve the end-user experience by eliminating the need for new account registration through automatic “federated provisioning” or the need to redundantly log in through cross-domain single sign-on.
Leading enterprises around the world have already deployed proprietary identity federation to get closer with partners, improve customer service, accelerate execution of business partnerships and alliances, cut cost and complexity of integrating outsource services, and free themselves from vendor lock-in.But they DO NOT interconnect or federate to enable core value
My good friend Graham Sadd has argued for many years that Personal Identity Management is the critical objective which seems impossible to achieve. His latest posting on Graham’s Blog makes for interesting reading : Privacy & Trust in the Digital Age
We shouldn’t be surprised: these things always take longer than expected
The world of engineering took seventy-odd years to get to a steady state on some standards—even back then international agreement was poor, countries still competed, and events prevented unity. If commercial gain is part of the debate, it will take longer for countries to adopt digital identity standards. Industry resists de facto standards unless there is a compelling value for all involved. So what must those benefits be?
- Reliable and safe personal identity that the individual can manage and trust, and that the individual can use to access and link to services anytime, anywhere.
- Content that, because of its inherent identity, is digitally smart and can therefore connect you properly to the information you require.
To make progress toward achieving truly reliable personal identity, we must be able to:
- ID the person – The ID owner must be able to self-manage his or her own private and public information, and the managing intermediary must stringently validate (locally, nationally, and internationally) the user’s identity— all personal data must be encrypted and validated by an expert and trusted third party.
- ID the content – Content must be reliably identified. Each digital content package must have an assigned identifier that is unique, which enables us to search and inquire, to find out if the content is what we want, that we are entitled to have it, and that we agree, via an identified transaction, to hold a copy (no back door copies).
Bottom line: we already have the interoperability standards for content and what is needed for a true Internet-wide user identity system. The only hurdle that remains—and this is a big one—is adoption. And one of the key barriers to adoption that must be overcome is finding the kind of intermediary who will behave much like a Swiss bank—one who respects each person’s privacy and always acts on the person’s behalf.