6 Degrees of Identity Freedom

From IIW

Six Degrees of Freedom


Tuesday 2E

Convener: Darrell O’Donell

Notes-taker(s): Darrell O’Donell


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


I hosted a session at IIW 25 yesterday covering off Tim Bouma's "Digital Identity: Six Degrees of Freedom" (source: https://medium.com/@trbouma/digital-identity-six-degrees-of-freedom-4dbccbd8cd5)


  1. Freedom of Credential — I should have the ability to use whatever credential (login, etc.) that ensures that I am in control.
  2. Freedom of Identity Data — I should have the ability to decide what identity information to use to identify myself.
  3. Freedom of Authorities — I should have the ability to choose which authorities (or lack thereof) I require to vouch for me on my behalf.
  4. Freedom of Disclosure — I should be able to decide which identity information (or subset of information) I give to others.
  5. Freedom of Consent — I should be able to decide how and when my identity information can be used, including the ability to fully revoke its use, if so be.
  6. Freedom from Control — I should have full agency over the decisions relating to the above in the identity system I choose to use.


Tim closes with the idea that I likely won't have total freedom on all of these dimensions. The point of this is that there is a conscious starting point created. 


My premise for the discussion was that there is a continuum in each dimension. Depending on my use case I may have the freedoms I want but likely not in all dimensions. 


Example: I am paying cash for lunch at a taco truck. I have most of the freedoms under my control, but if a purchase is in USD, my Freedom of Authority has been picked for me - and I need to be ok with that or walk from the transaction (no taco for me). 


Some further reading was recommended during the fairly well attended session:


We bounced through multiple use cases and the 6 degrees concept held up quite well other than some relatively fine, and partly pedantic, disagreement. For my use Tim's 6 Degrees are a great starting point.


The use cases that we floated ranged:

  • Making a purchase from Amazon of something like a book. In theory very little freedom is lost here - Identity Data is currently constrained but that may be a relic of how things have always been done. Amazon creates the Credential.
  • Making a purchase from a vendor of a food product. There are needs to potentially share more information here in the event that there is an urgent need to contact the end user (e.g. food contamination issue).
  • Creating a bank account on a simple KYC basis.


Further I wanted to understand if the dimensions withstood debate. They did. 


Darrell

darrell.odonnell@continuumloop.com

@darrello

T2E.png