Earlier this week, <a href="http://bizcatalyst360.com/i-am-my-own-system-of-record/" target="_blank" rel="noopener noreferrer">Bizcatalyst posted my article 'I Am My Own System Of Record'</a> to their site. I then shared it with various people that I know that are interested in the topic (including Doc Searl's VRM list). For posterity - some of the responses that came back into the mail list follow ...<!--more-->
I’d like to bring two threads together, with what Adrian (Gropper) wrote here:
My authorization server will manage any number of persistent relationships at one central console so I don’t have to fly from silo to silo but that does not take care of the discovery aspect of marketing by a “new” vendor.
A “new” vendor will need to discover my authorization server somehow while preserving my anonymity until the point where my policies (as managed and exposed by my authorization server) decide to either automatically release identifying attributes or notify me somehow and impinge on my attention. Who will play the role of dating site in the broader economy by enabling my authorization server to hide some attributes even as it promotes the discovery of others?
It seems to me that we are missing a clear vision of the public space for discovery of my authorization server. Does it look like Google or like Apple or like blockchain?
Seems to me there’s not much daylight (if any) between being one’s own system of record and operating one’s own authorization server. Do I have that right?
The amount of air between the two depends on whether or not the Authorization Server and/or the personal System of Record allow me to manage multiple identities. If one or the other is just controlling selective attributes of a root unitary identity then you will still need to manage multiple systems to manage multiple identities.
Example use case would be a human rights worker in an authoritarian regime, who needs to maintain an anonymous social networking presence for their human rights work but an innocuous social networking presence for presentation to the authorities. The two must never be linkable. People with socially stigmatized medical conditions, unpopular political views or who just want to maintain a social life separate from their corporate life will all have similar requirements.
You can all beat into submission-or-at-least-try. We all only have one identity, it is based on all my data both private, public, and shared. We all have multiple personas we use at any one given time all day long. The amount and kind of identification data to each and every one of my personas are different and at the same time, the same depending on who or what one needs to identify them self’s to.
Identity and Identification are two separate entities depend on each other. While a person can be their own system of record managing multiple personas, the only true way to change my identity is by changing the data which it is complied of.
Based on the thinking above, an individual’s digital dashboard or even a PIMS, or what Jim here, calls a lifecycle mixing board and others like Adrian call an Authorization Server rightly so. Should and would be able to signal out a persons personas, I share much different and much more health data with… you can fill in the BLANK, than I would in comparison with a FMCG (Fast Moving Consumer Goods) who offers skin or hair care products one might be interested in.
What can I say other then I like to keep it simple.
It would be nice to believe that a dashboard to a personal authentication server would faithfully and perfectly keep separate those persona whose mixing would lead to problems, such as in John’s examples. The history of such technologies, however, lends one to believe that’s not likely to happen. Thus why people often have a separate cell phone, laptop or tablet for personal use and work – whether it’s cookies or simply our own blinkered brains, the already-leaky abstraction can become a life-threatening (or at least livelihood-threatening) problem all too quickly. Thus, I’m on the side of those saying that even with a semantic of “one identity”, my “personas” may need to physically and virtually reside in completely different places.
I agree with Brian. Trying to hide my Authorization Server behind Tor onion addresses makes my head hurt. For now, I prefer the simplicity of one AS per persona. I think we can keep identity off the table for now.
This still leaves open the question that Doc and I are asking about the nature of the “discovery” service that manages the transition from anonymity to the AS that represents my persona. Does that look like Google, Apple, blockchain, or something else?