User-centric identity management: An oxymoron or the key to getting identity management right?

摘要

There are many drivers for strengthening identity management (IdM) in the digital environment. They include: countering identity fraud, identity theft or identity takeover, border control and traveler identification; individual convenience; or better customer service for individuals. A range of approaches are being considered in the public and private sector. Experience is showing that IdM succeeds best where it builds in two way trust and is not perceived by users as yet another policing action. The challenge is even greater if individuals believe that IdM will put all the powers and discretions in the hands of the institution to collect more personal information which is then linked, used, or disclosed. For IdM, the key to success is increasingly to understand and design with individual interests, as well as government or organisation interests, in mind. This paper looks at the concept of user-centric IdM and suggests some defining features. It will draw on experience and developments in Australia, New Zealand, the United Kingdom and Scandinavia to highlight issues that may help or hinder the delivery of effective user centric IdM. These include choices about centralised versus distributed identity, the impact of each country's culture and history, the approach taken to risk allocation and the importance of keeping agendas simple and transparent. Recognition of the importance of these issues is gathering pace. It has moved from the realm of the advocate, through academia and into mainstream, commercial development, even to the point of creating a unique effort at building interoperable ID management systems that respect user centric principles. User centric IdM is possible with the right mix of individual control, fair risk allocation and accountability.