SAN FRANCISCO — There used to be a clear dividing line between personal identity and business identity. But the digital identity industry has obscured that divide.
That profound proclamation was made at the RSA Conference here yesterday ... not by one of the many expert speakers, but by a fellow at one of the attendee microphones.
Yesterday, the spotlight focused on human identity, from technical specification to human rights. From the perspective of its owner, digital identity represents her rights and privileges to use digital resources and conduct business online.
Digital customer experience is impossible without identity, just as atmosphere is irrelevant without air.
But from the perspective of businesses working to improve DX, digital identity is a database query. Retrieving those facts and attributes about a person allows businesses to personalize interactions with her.
Where does the online “you” stop and the real “you” start?
Identity As What’s Left
“Identity is what you end up with when you recognize that not everything is in your control,” said André Durand, CEO of Denver-based Ping Identity, during a high-level panel. The Identity Defined Security provider's Ping Identity Platform was named the “Best Identity Management Solution” in the Trust Award category at the SC Awards 2016 at the RSA Conference Tuesday night.
In the enterprise some years back, explained Durand [pictured above, center], assets pertaining to an employee that it could control were kept separate from assets it could not control. Cloud Software-as-a-Service obliterated that barrier as well, when applications that were critical to running the business suddenly found themselves in the consumer space: Dropbox, Evernote, Uber.
Those applications followed the employee into her personal space. Suddenly, the issue of identifying what belongs to any one user, from the digital perspective, took on a schizophrenic profile.
What is a user allowed to access, and what does her employer permit her to access?
“It’s fascinating to me that two worlds that are so intertwined could be so separate. I’ve come to appreciate that there is a DNA of people who think in a security mindset, and a DNA of people who think in an identity mindset. One is about wiring everything together, and the other is about protecting,” Durand continued.
“The role of identity management … is the steel thread that binds a user, through a device, through a network, to a service.”
Identity from the Soul
But from that foundation, Microsoft chief identity architect Kim Cameron extended that thought onto a genuinely philosophical train.
“To me, the biggest change that I see — and it’s probably a change in reality, and how we understand reality — is, fully understanding that identity proceeds, really, from the needs of the service provider,” said Cameron [shown above, seated left].
“In other words, digital identity. The true identity of us as humans proceeds from ourselves, from our souls. But digital identity requirements proceed from the point of view of the service providers, who are going to decide whether to provide somebody with a service.”
For DX to flow smoothly, vendors need to know a reasonable amount of data about their customers. The forms which that data takes provides a template for how that data can be exchanged from vendor to customer.
And it’s that template that sets a precedent for how digital identities are defined, acquired and stored. That’s the message that Cameron asserted, in no uncertain terms.
“We spend a lot of time in the industry thinking about identity providers, not identity consumers,” said Cameron. He said the discussion about how identity should work in a modern network is driven by the perspectives of providers, not consumers.
Identity As What Emerges
That point of view ended up putting Google’s identity project management director, Eric Sachs, on the defensive. He told the standing-room-only crowd yesterday that Google’s identity engineers, whom he leads, work diligently to maintain what they believe to be a customer interest focus.
That said, Sachs [shown above, seated right] conceded that some of Google’s identity management tools are only used by a small minority of users — as few as one percent.
“I remember I was interviewing twelve years ago with [then CEO] Larry Page,” Sachs related, “and he said, ‘Wow, that identity app you did was really awesome! By the way, that won’t be helpful here at Google. We only deal with the public Internet.’
“But fast-forward, and certainly in the consumer space, Google now has a lot more users’ private data, and the responsibility we have to take there on the security side and the identity side has shot through the roof.”
He went on to note that, in-between that job interview and today, the nature of “cloud identity” has changed. For some years, it was a separate concept unto itself, whereas today there are multiple cloud-based vendors who provide identity “as-a-service” throughout the data center, not just the part called “the cloud.”
As a result, digital identity permeates every app, including all the legacy client/server applications and services — all the CMS, business process management, enterprise resource planning, where “identity” is assumed by way of password. Identity services can attach resource privileges to applications that didn’t even know such services would ever exist.
This debate — which we’ll cover here at greater length and depth in forthcoming CMSWire stories — goes to the heart of customer experience.
Suppose your online service provides the most sophisticated workflow imaginable, with smooth-as-silk transitions and devilishly easy sign-up. When it comes time for you to leverage your customer’s data to ramp up the level of contact between you and your customer, it’s entirely possible that customer will perceive that experience – unfairly or not — as something sinister.
How you handle your customer’s most precious online resource will determine whether it’s possible for her to appreciate your brand.