maandag 27 juli 2015

The business case for Identity providers (part 2)

In my previous post I wrote about about the costs of identity provisioning. Yes, a digital identity doesn't come for free, although you may experience otherwise. Lots of digital identities you get are free. For you, as a consumer or citizen. But the costs connected with your identity can be quite high. As I showed in my previous posts, costs of compliance and governance are high. And depending on the trust model that comes with the identity, the value of an identity can be high too. An identity is valuable if you can use it often en reuse it as well. The better the reuse potential, the higher the value of the digital identity that you may experience. And the higher the value that you experience, the more you will be inclined to use it.
But not every identity is equally valuable for us as citizens or consumers. In my opinion there are two major factors that impact the value: Trustworthiness and Reusability. Let me expand on this:

Trustworthiness is an interesting concept. In my country, The Netherlands, a few digital identities are trusted by almost everyone. A good example is a banking account. I can use my banking account at almost every webshop to perform transactions, limited only by the balance of my bank account. The banks in our country created a strong trust framework. They have to, of course, as they have to comply with lots of (international) rules and regulations. They made agreements with several trust brokers, so that even small shops could be part of the trust framework. Yet, the reuse potential of my bank ID is very low. I cannot use by bank ID to login to other sites, or webshops, or to login to a governmental site. Banks don't want you to reuse the identity. In fact, it is just an authorization ID, it only let's you perform a financial transaction... Don; t ask me why...
Interestingly: the bank ID may look free, but we have to pay a subscription fee every year in order to be able to use it.

The Dutch digital government identity is less trustworthy. Mostly because the provisioning takes place without a visual verification of the identity of the citizen. But although the trust level is quite low, the reuse potential is better than the bank ID, because the government want the citizens to use the citizen ID to perform transactions with all kinds of governmental sites and even some external parties can be accessed with 'DigID'.
The best part of this ID is that it's free... Until you remember that it is free because you, as a citizen, perform several tasks that, until a few years ago, were performed by civil servants. The cost savings for the govenrment must be enormous. That more than pays for the costs of ID compliance and ID governance.

There are other free digital identities. Just look at this account, a Google account, or Facebook or Twitter. These accounts can be reused. But reuse is limited to parties within the Trust framework of the identity providers. I can use my Gmail account to create posts on Blogger, but not to post a Twitter status update. Although Oauth kind of obfuscates the reuse bouderies, thank you OAuth ;)

Strangely I cannot recall a paid trustworthy digital identity that can be reused. Could that be a feasible option? I feel that there could well be a paid model. Of course there should be a trust model and of course that will be expensive. But perhaps there could be a business case for such a proposition.

To sum it up:
  • We do have free digital ID's that we can reuse, but with little trust
  • We do have paid trustworthy digital ID's that we cannot reuse

So, there may be room for
  • Free trustworthy ID's that we can reuse
  • Paid ID's that we can reuse

But... do we need all that?
I will try to answer this question in my next post.
(this post is a translated version of my earlier Dutch language post)
Een reactie plaatsen