More and more, the things we do online require us to provide some kind of authentication. Sometimes that authentication is explicit (in the form of, say, logging in to a service); most of us are familiar with this model of identity, which is based on the idea that you are given a trusted credential, and you present that credential later when you want to authenticate.
But the world of identity and authentication is changing, and in addition to the traditional “present your credentials” model, it’s increasingly likely that we will be identified implicitly – perhaps even without being aware of it. These implicit forms of online recognition include:
- Your browser “fingerprint”
- The unique serial number of your phone and/or its SIM
- Your network address (IP, MAC)
- Your social graphs
- Patterns of online behaviour
- Patterns of physical behaviour, such as location and biometric data
As the world of digital identity changes, it’s important that we try to understand the implications. To help, the Internet Society has produced a white paper called “Have you chosen an Identity Provider lately?” looking at some of the issues concerning Identity Providers (IDPs), the extent to which you, as a consumer/citizen, can chose your IDP, and the implications of that choice (or lack of it).
Please take a look at the white paper – it’s only four pages long – and let us know what you think. These changes affect all of us, and ISOC’s work on this topic will be all the more useful if we have your input. Thank you!