Thursday, May 06, 2010

A Fourth Value for an Identity Pattern in Three Parts

I was on a thread today regarding the use of screen name or username as a way of identifying a user. Clearly there are patterns, or maybe one pattern with variations, in web application design that revolve around user identity management.

This confusion is compounded by using online services, such as Google, Yahoo!, eBay and other services who have established their identity models based on engineering-centric requirements.

I came across a great post in the Habitat Chronicles that essentially documents the historical belief that lead to conjoining the requirements of engineering (establishing sessions, retrieving database records, etc.) with the users requirements of recognizability and self-expression. But, this approach can actually discourage participation due to the fear of exposing personal data.

Yahoo! where I used to work found that users consistently listed that the fear of spammers farming their e-mail address was the number one reason they gave for abandoning the creation of user created content. This feedback ultimately led to the very expensive and radical re-engineering of the Yahoo identity model.

The author, Randy Farmer, found that a tripartite identity model would describe the needs expressed by most online services and more importantly, would be forward compatible with current identity sharing methods and future proposals.

He diagrams this most efficiently as:

Randy Farmer's Tripartite Identity Pattern postulates that the three components of user identity are: the account identifier, the login identifier, and the public identifier.

Read more about each of the elements and some interesting feedback on the pattern here.

Another interesting pattern in this regard is the use of a claims-based identity model. This revolves around the idea of claims i.e. a piece of information about an individual that is in doubt and must therefore be proved. Using an identity model based around claims allows individual identities to hold many disparate roles which can relate to different organisations as part of a wider ID metasystem. The way in which these claims are asserted and proven can be handled by a variety of technical solutions and services.

Microsoft's (where I also used to work) ASP.NET team documented the Geneva Framework as used for building claims-based applications and services for ASP.NET applications. Features include:

  • Security Token Services (STS)
  • Federated authentication from ASP.NET applications
  • Object Model that facilitates claims-based authorization form ASP.NET applications

The above definition was taken from the below URL, this webpage also gives a more in-depth look at what is a claims based system is and how the Geneva framework fits in.

Microsoft's Passport service which I worked on for a few years at Microsoft is a good example how this can work to provide identity services between applications.

Who Cares? Where is this going?

Federated and open identity systems ultimately lend themselves to a new identity pattern that I have yet to see documented, but I actually think I see it in use quite frequently, mostly when I comment on blogs. Frequently the comment I post is able to retrieve information such as username or real name and an avatar without ever exposing personally identifiable information that could be used for rude behavior such as spamming or harassing someone. However, what strikes me as the untapped potential in this emerging pattern is the concept of 'ownership' of my contributions as it relates to the persistence and distribution of that identity.

Activity as a function of Identity

If there were a fourth element to the tripartate identity that was activity this would complete the social pattern. I could consume or represent that identity in the context of contribution, content or context as appropriate and as subscribed to by the user who owns the activity and identity.

This would enable a double-click on an identity that could perform interesting new social functions:

  • Aggregate user output in the context of an experience essentially allowing me to view contributions of an individual expressed as an identity
  • Assimilate interest and behavior and express this as a contextual metaphor (e.g. a score, a weighting, etc)
This is actually already taking place in emerging social networks and leading edge news/blog sites and in my opinion brings new value to the definition of identity. be continued.

No comments: