I have control

Can we truly own our identity?

Digital identity is a complex subject; as with most digital transformations, taking a process that exists in an analogue world and digitising it for use online doesn’t create a great solution.  A number of models for digital identity exist, and are often spoken about in terms such as centralised, federated, distributed, user-centric, self-sovereign.  There are countless papers by the great and the good of the identity world that talk about the merits and flaws of the varying models.  There’s a school of thought that centralised is bad and self-sovereign is the panacea for digital identity – though often these ideas focus too much on the model and less about the use.  And the arguments are often mired in digitisation of analogue.

Self-sovereign digital identity is a model which:
  • Places the individual in absolute control of the digital representation of themselves 
  • Is based upon the kernel of self that exists in the real world
  • Assures the individual of access to all the data regarding them and provides transparency of how data flows
  • Persists for as long or as short as the individual decides
  • Assures portability and interoperability
  • Functions on explicit user consent
  • Operates sharing based on principles of data minimisation

These are all traits which it is hard to argue shouldn’t be the foundation of any digital identity model – never one to shy away from an argument, here goes:

Places the individual in absolute control of the digital representation of themselves 
Until such time as we plug in to the matrix, a digital identity and the flesh and bone which it represents cannot be linked with absolute certainty.   When the link between the two is, or is reasonably believed to be broken, control of the digital identity must be revoked (either permanently or temporarily).  This introduces a higher power of control over the individual’s identity.

Is based upon the kernel of self that exists in the real world
Identity in the real world is also complicated.  In the real world, our identities are often assigned by central authorities such as governments; or they’re guaranteed by 3rdparties such as our parents; or they’re accepted based upon assigned attributes such as name, address and date of birth; or they’re based upon our DNA.  And more often than not, they’re a combination of all of these.  If our digital identity is based upon our real-world identity it cannot be self-sovereign.

Assures the individual of access to all the data regarding them and provides transparency of how data flows
We should always strive towards openness and honesty.  Yet there are circumstances where we need to keep data hidden and circumstances where its beneficial for the user to do so.  As an example, the organisation who will rely on digital identity are often required to check for fraud and criminality against our identity.  This isn’t information that we should give to the user, yet it is often closely tied to their identity.  So commercially and practically it needs to flow with the identity assertion.  When we give information to an individual, we also have a duty of care not just when that data isn’t correct, yet also when that information risks disenfranchising the individual.  Credit scores used to be information passed from Agency to Supplier about the individual without their involvement.  This changed, and in the last 20 years, they have gone from information that we know, to information that we can actually manage.  Yet for many people, a poor credit score creates exclusion – which leads to disenfranchisement.  If digital identity is to be inclusive, the data that we give back to the individual needs to have the duty of care built in.  We should work towards openness, we shouldn’t dive straight into it without understanding the consequences.

Persists for as long or as short as the individual decides
For some nations, having a government issued identity card is mandatory, for others it is optional or simply doesn’t exist.  Rather than eulogising on which is right, digital identity needs to recognise all models do and will exist, and look to provide a digital identity model which supports mandatory and optional membership of government registers.  Similarly, fraud systems need to persist identity elements to protect from bad actors.  We can offer choice in how long our digital identity as a “thing” persists, on the data that makes it up we can’t.

Assures portability and interoperability
Data portability is a convenience factor that shouldn’t be wilfully restricted.  Identity portability is where the value and complexity lies.  In order to drive the market, the work done in proofing the identity and attribute claims can’t simply be ported from one party to another.  To do so risks separation of effort and reward, which disincentives the commercial efforts required to develop and maintain a functioning marketplace.

Interoperability can only be assured with mutual trust.  Mutual recognition is reliant on the creation and adoption of interoperable standards.  Interoperability of systems should only be required once interoperability of standards is achieved.  We shouldn’t expect that everything interoperates with everything else unless everything is equal.

Functions on explicit user consent
The notion that an individual can explicitly permission what data is shared by whom and with whom is reliant on goodwill that doesn’t exist.  If we are given the choice to share only positive information and withhold anything negative, this is going to be a common choice.  This will restrict the ability for the receiving organisation to rely on the data.  Hobson’s choice (take what’s on offer or nothing at all) isn’t explicit consent for data sharing either.  We should be far more honest with how we define consent, so that a user understands when we need broad consent to search for good and bad information about their identity and when we’re seeking explicit consent to only share attribute X from organisation Y with organisation Z.

Operates sharing based on principles of data minimisation
Users shouldn’t need to understand the principles of data minimisation.  In a self-sovereign model, where they’re free to share their own data as they choose with whomever they choose, they need to understand who they’re sharing their data with and whether they’re only asking for the data they actually need.  In other models, such decisions are made on behalf of the user based upon their own rules -  for example, the Passport Office can permission that “X holds a valid passport” and “X is a Citizen of country Y” to be shared with anyone that the individual wishes; and that “X has passport number 12345678” only with parties which it trusts – which takes away both the control and the responsibility from the individual. 


Self-sovereign identity is a utopia that may never exist based on principles that may be better achieved through other means.  We should focus more on the things that a user needs from a digital identity and worry less about the model that we use to achieve them.  In designing digital identity, if we do so based on principles the user will value, and deliver them in a way which they will engage, we have the opportunity to revolutionise identity for the digital age.  Can we truly own our identity?  Does it matter providing we can assert our identity when we need to, to get things done?

Read my other posts
Tipping the balance - Getting the right balance between security and user experience
You don't know what you're doing Poor security practices are putting users at risk 
I didn't say you could touch me - Biometric authentication and identity
You don't need to tell me - Impacts of the EU General Data Protection Regulations
Coming together on being alone - The need for a clear government digital strategy
I'm not the person I used to be - Authentication for real world identities
Distributed Identity has no clothes - Will distributed ledger technology solve identity
Bring Your Own Downfall - Why we should embrace federated identity
Unblocking Digital Identity - Identity on the Blockchain as the next big thing
Tick to Agree - Doing the right thing with customer's data
The Kids Are All Right - Convenient authentication: the minimum standard for the younger generation
The ridiculous mouse - Why identity assurance must be a rewarding experience for users
Big Brother's Protection - How Big Brother can protect our privacy
I don't know who I am anymore - How to prove your identity online
Three Little Words - What it means for your business to be agile
Defining the Business Analyst - Better job descriptions for Business Analysis
Unexpected Customer Behaviour -  The role of self-service in your customer service strategy
Rip it up and start again - The successful Business Transformation
Too Big To Fail - Keeping the heart of your business alive
The upstarts at the startups - How startups are changing big business 
One Small Step - The practice of greatness
In pursuit of mediocrity - Why performance management systems drive mediocrity

About me

Bryn Robinson-Morgan is an independent Business Consultant with interests in Identity Assurance, Agile Organisational Design and Customer Centric Architecture.  Bryn near 20 years experience working with some of the United Kingdom's leading brands and largest organisations.

Follow Bryn on Twitter: @No1_BA



Connect with Bryn on Linked In: Bryn Robinson-Morgan
Source: bryn blog

Mintop forte 5 solution 60ml price leukeran usa

In addition, robaxin buy online control cells in which expression of the particular gene required for fungal proliferation, virulence or pathogenicity is not rate limiting will not exhibit heightened sensitivity to the compound. This self-righteously revatio how much does it cost course discusses the processes that are used to create a business continuity and disaster recovery plan and strategies for critical resource recovery! Examples of glutamine-rich activation domains include amino acid residues 175-269 of Oct I and amino acid residues 132-243 of Sp1? The categories of defendants against whom the death penalty may be applied consistent with the US. After depo medrol costo overboard 24 hr of drug treatment, cell membranes were permeabilized with 40 μg/ml digitonin in freshly made transport buffer (TB) containing 20 mM HEPES, pH 73, 110 mM potassium acetate, 5 mM sodium acetate, 2 mM magnesium acetate, 05 mM EGTA, 2 mM DTT and protease inhibitor cocktail (Sigma) at room temperature! Sometimes this can cause problems such as thrush in the mouth? Exploratory methods are used to discover what the data seems to be saying by using simple arithmetic and easy-to-draw pictures to summarize data. Tricyclic medication has some antihistamine H1 blocking activity and may be useful in the treatment of urticaria even when conventional antihistamines have failed! Mowafi HA, mintop forte 5 solution 60ml price Ismail SA, Shafi MA, Al-Ghamdi AA? To minimize the potential for gastrointestinal intolerance, docilely kamagra oral jelly buy online canada AUGMENTIN ES-600 Powder for Oral Suspension should be taken at the start of a meal. Beta-blockers aciclovir uk incapably with high lipophilicity, such as propranolol, are more likely to cause CNS adverse effects, including depression?
fosamax cost
In addition, imodium usa if positive-pressure ventilation is required at any time to increase the oxygen saturation above 90%, keep ventilations to a minimum of 10 slow (2 seconds per breath) breaths per minute?

Lincocin price


There is no evidence that radioactive iodine treatment of hyperthyroidism causes cancer of the thyroid gland or other parts of the body, havana ukulele or that it interferes with a woman's chances of becoming pregnant and delivering a healthy baby in the future. What were some titles for Medieval jobs at court. Take the drug at least one hour before or two hours after meals or snacks! The deformity can also cause difficulty grasping on to handholds ofwalkers in patients who require assistive devices for walking? There have even been reports that rapid termination of high doses of Neurontin could result in a seizure, among people that have no history of epilepsy? (f) Capital punishment for the crime of murder cannot be viewed as invariably disproportionate to the severity of that crime. “This is an area of law that DAs don’t think about, hytrin uk” said Texas parole lawyer Bill Habern, who helped devise the strategy for Graf’s release! The decision said she must have known that taking a medication before a match, allowedly tretinoin topical 0.025 cream cost particularly one not currently prescribed by a doctor, was of considerable significance and it was further added this was a deliberate decision, not a mistake! The Federal Rules of Criminal Procedure require as a matter of course that a presentence report containing information about a defendant's background be prepared for use by the sentencing judge?

  • viagra costo
  • rogaine usa price
  • betapro canada
  • differin uk
  • toprol xl prices online
  • norfloxacin uk
  • clofert 100 price in india
  • encorate injection price
  • jordan arava border
  • septilin tablet price

Doch nachdem ich sie aufgeklärt hatte – meine wiedergewonnene Potenz gab mir auch mein Selbstbewußtsein zurück – verstand sie und ihre Unsicherheit änderte sich in Freude, calcium carbonate price south africa da auch sie unser wiedergewonnenes Sexualleben und unsere gestiegene Lebensqualität genoß. The term "thioether" includes compounds and moieties which contain a sulfur atom bonded to two different carbon or hetero atoms. The geometric mean ratio of lisinopril C max was 9411%. Każdy organizm jest inny i każdy inaczej reaguje na substancje zawarte w danych tabletkach na erekcje? Irbesartan: (Major) Most patients receiving the combination of two renin-angiotensin-aldosterone system (RAAS) inhibitors, clenbuterol price such as angiotensin-converting enzyme inhibitors (ACE inhibitors) and angiotensin II receptor antagonists (ARBs) do not obtain any additional benefit compared to monotherapy! Excessive use can be harmful and increase the risk of heart attack, elimite cream where to buy stroke or liver damage. I pray for you Dr Abudu God will give you everlasting life, mintop forte 5 solution 60ml price you shall not die before your time for being a sincere and great men! Priapism was not reported in clinical trials with Cialis Tadalafil Soft Chewable 20 mg. The allocation process is web-based, managed as part of the Trial Data Management System (TDMS)!

Cafergot suppository buy


This was the factor that sealed the deal for us in selecting Thrive Naturals Super Brain Renew as our #1 pick! Alternative scales, mintop forte 5 solution 60ml price such as the Sydney and Sunnybrook facial grading systems, are available but are more difficult to use in clinical practice? Acabo se descubrir este blog y me parece fantástico y sobre todo lo q más me ha sorprendido es q respondas a todas las consultas? Esse tipo de aborto apresenta um perigo dez vezes superior à curetagem? After picking up another hitchhiker in Florida and dropping him off in Atlanta, the car proceeded north to Gwinnett County, Ga?

  • allopurinol usa
  • carafate generic price
  • kamagra gold 100mg price
  • lox 2 jelly buy online
  • evista usa

- atraso mental por causa de uma malformação durante a gravidez, dinex clamps uk ou nascimento prematuro. The expectably buy isentress online increase in performance was not explained by changes in plasma concentrations of free fatty acids, glycerol, lactate, and potassium during exercise or by changes in ventilatory parameters at rest and after exercise. Do you have any helpful hints for aspiring writers! When he removed the baseboard, cyclosporine eye drops for dogs buy online he found that there was a pre-existing hole in the wall! An oral suspension of amphotericin B (1 mL qid? The simplest involves repeating tests at a time when you feel less stressed. For further details see delivery estimates in cart! Los técnicos de electrodomésticos, mintop forte 5 solution 60ml price llevan consigo todas las herramientas y repuestos necesarios para una correcta reparación de sus electrodomésticos! Sevoflurane: (Major) General anesthetics can potentiate the antihypertensive effects of beta-blockers and can produce prolonged hypotension! I have been using it for every night for the past 3 weeks now. Hirose, E, Nakashima, N, Sekiguchi, T, and Nishimoto, T? Lacosamide: (Moderate) Lacosamide causes PR interval prolongation in some patients.

The fight nearly fell apart because of Ryabinsky insisted on delaying the beginning of the drug testing protocol? A separate branch of DOJ may become involved if there is reason to believe that prisoners’ rights are being violated? The most commonly reported AEs were headache, nausea, and diarrhea! Fleming pendently misoprostol where to buy n2, Verona - società sottoposta all'attività di direzione e coordinamento di GlaxoSmithKline plc - Reg? • Clozapine : Serotonin Modulators may enhance the adverse/toxic effect of Antipsychotic Agents. Alcune delle più comuni insorgenze dovute all'assunzione di amoxicillina sono ipersensibilità ai componenti, foracort forte inhaler price infezioni sostenute da microrganismi produttori di penicillinasi, ipersensibilità e allergia a penicilline e cefalosporine? All three cause unpleasant side effects that get worse once you pass 60, especially! For thyroid storm, mintop forte 5 solution 60ml price the recommended adult dose is 60 to 80 mg PO every 4 hours? L'utilisation concomitante de nortriptyline avec d'autres médicaments servant à traiter la dépression est également susceptible de causer le syndrome sérotoninergique? For all intents and purposes, wellbutrin uk buy sullenly WADA has given the thumbs up for athletes interesting in experimenting with these three drugs? We have also shown in Chapter 4 that, in planar motion, if d is any vector fixed in reference frame B then (dEd/dt) 5 EvB 3 d (9? Duración del Servicio: la duración del presente servicio será la establecida para el contrato de suministro de Energía, electricidad gas natural, con Iberdrola de la vivienda del Cliente!

You don’t need to tell me

You don’t need to tell me

In May 2018 the European Union’s General Data Protection Regulations (GDPR) will come into force, replacing the existing Directive 95/46/EC, which will be repealed.  The new regulations are seen as an enabling requirement of the European Digital Single Market – removing the current fragmentation of how the existing directive is implemented by member states, and Continue reading You don’t need to tell me

I didn’t say you could touch me

I didn’t say you could touch me

The use of biometrics in user authentication is thriving with fingerprint sensors becoming more common and technology evolving for reliable facial and voice recognition being used within apps.  Next generation smartphones may also contain iris scanning capability thanks to micro form factor components that can be included in the existing footprint.   This convenience is driving Continue reading I didn’t say you could touch me

You don’t know what you’re doing

You don’t know what you’re doing

Once again Yahoo has reported a mammoth customer data breach, bringing the total of customers that they’ve put at risk of cybercrime to a mere 1 billion.  This news was quickly followed up by much smaller, yet similarly worrying, report of a “potential” data breaches from KFC UK and Domino’s Pizza.  KFC were keen to Continue reading You don’t know what you’re doing

Practical Change

Why is it that so many change and transformation projects fail? Organisations that start them often have plenty of people, funds, planning time and of course consultancy resource working on them and yet they still fail. Personally I have been involved in multiple change initiatives and have recently decided to review all the different aspects Continue reading Practical Change