... from the desk of Roger Sullivan

Tuesday, August 08, 2006

Miles to go before we sleep …

I recently moved.
The good news is that we sold our home (by ourselves) in the middle of this uncertain market. We’re very grateful for that.
The bad news is that I got to experience first hand just how difficult personal identity management is for the average individual.
While most of my “cyber” identities don’t really care (much) where I’m physically located, the identities that I really care about (banks, insurance, investment accounts, DMV, tax authorities, etc.) are tied closely to my geographic location. But of course you all knew that. So what’s the point of this missive?
It is simply that we need to make more progress more quickly in deploying Identity Management solutions.
What I wouldn’t have given for a trusted one-stop Identity Provider to which I could have given my new address, the effective date of the change and been done with it! This Identity Provider would then have made this change available to all of the sites that I had pre-authorized. Read: As a consumer, I would have paid good money for the service!
Instead, I had to make dozens of web entries, logging onto each organization’s identity silo to re-enter the same information that I just typed at the last dozen sites – in a slightly different format in most of them. What a pain! It’s prone to error, and frustrating for the customer (me). [NOTE TO BROWSERS: There should be an advanced Copy/Paste function to allow one to Drag/Drop individual field contents from a source form to a destination form.]
I suppose that we have made some progress in the grand scheme of things. Not too long ago I would have burned through a roll of postage stamps and been subject to the vagaries of the postal system and assorted mail rooms to affect the necessary change. Instead, in a few days the properly addressed envelopes show up at my correct address. Life does provide its small satisfactions from time to time.
I did find a few curious practices however. One financial institution sent a confirmation letter to both the old and new address. Naturally, I received the confirmation sent to the new address first since it didn’t have to be forwarded by the USPS from the old location. It seems to me that this is a bit of a security catch twenty-two. Why not simply confirm to the email account through which I have been regularly banking for years? Does that mean that my on-line access is not really trusted by the bank?
Additionally, I discovered that one does “pay” for the identity change service in unexpected ways. Two financial institutions put a hold on the accounts ranging from one to two weeks. The purpose is clear, but the duration seems arbitrary. It’s a good thing that I didn’t need the funds to move!
Finally, I’ve discovered that the unexpected junction of cyber and physical will continue for a time while I remember to change all those on-line one-click shopping profiles where my billing address no longer matches my ship-to address.
By my way of thinking, this situation represents the union of "enterprise" and "user" -centric approaches to identity management. As an industry, we need to work on making this experience "Grandparent friendly."
There are well established as well as emerging standards to accomplish this from the OASIS SAML (of which my Oracle colleague, Prateek Mishra is co-chair) and WS-* family as well as the Liberty Alliance. Additionally there are rapidly emerging “user-centric” initiatives to provide the technology to solve this. We do need enterprise Service Providers to begin to deploy these Identity Provider services more rapidly.
I, for one would become a very loyal customer very quickly – whether or not I ever moved again.

2 Comments:

  • Hello Roger, the solution is already there, in concept.

    First, use a personal internet portal,like our HEARTBEAT-ID.
    Second, identificate or authenticate to your portal using OpenID, i-names or biometrics.
    Third, access the applications of your choice, provided by the ASP of your choice.

    Ready.

    To change your address, login
    with strong authentication and change your address. Just once.

    Have a look at the Adrian story
    http://www.thinsia.com/adrian.html
    for the future of computing

    Have a great day,
    Roland Sassen

    By Blogger roland sassen, at 6:03 AM  

  • Hello Roger, the solution is already there, in concept.

    First, use a personal internet portal,like our HEARTBEAT-ID.
    Second, identificate or authenticate to your portal using OpenID, i-names or biometrics.
    Third, access the applications of your choice, provided by the ASP of your choice.

    Ready.

    To change your address, login
    with strong authentication and change your address. Just once.

    Have a look at the Adrian story
    http://www.thinsia.com/adrian.html
    for the future of computing

    Have a great day,
    Roland Sassen

    By Blogger roland sassen, at 6:04 AM  

Post a Comment

<< Home