I spent part of a couple of days this week at the Identity North conference here in Toronto and there was a lot of really interesting discussions. I was struck by the mix of people from a range of sectors coming together to discuss identity and the role it is playing in the development of online services. Of particular interest were these presentations.
Digital Identity in EstoniaEstonia’s experience of using strong digital identity as a building block for providing services. They’ve made the technology broadly available, affordable and convenient to use and paired it with fairly strong identity verification at issuance. The combination makes it reasonable to build scalable services on top of that trust framework. Three thousand services(!!) already deployed, definitely shows the power of an agreed on identity service as a platform. One service that I thought was both useful and part of a decent business case was the use of electronic signatures on documents without any shared tools or alignment between the parties. As someone who has to interact with investors and other third parties to collect signatures on a range of documents this would save me a ton of time!
The Commercialization of Biometrics
Bionym gave a great presentation on their biometric identity and authentication product, the Nymi. Very cool piece of tech that uses the unique signature of each person’s cardiac rhythm to provide reliable identification. Some interesting potential for devices like that to remove the need for remembering hackable and forgettable passwords.
Forgerock and Identity Relationship Management
An interesting presentation, with an ecclectic range of super-heroes, presented by Allan Foster of Forgerock. Allan is a good speaker who really clarified for me the changes that they’re seeing in Identity. Having a slightly longer view is often helpful to provide some perspective and Allan has been working in the identity field for a while through OpenSSO when it was part of Sun, the Liberty Alliance helping to define SAML, helping found Forgerock after the fork of OpenSSO and working with Kantara.
Allan’s perspective is that as identity has moved from internal corporate use out to broader circles of interaction it has fundamentally changed. The scale is larger, borders are less well defined, velocity needs to be higher, static enforcement is no longer sufficient among other changes. These add up not just to new technical challenges but to a fundamentally different challenge. I hadn’t put all of these pieces together in this way before, interesting ideas.