WRITTEN ON February 13th, 2005 BY Lance Piper AND STORED IN Identity
“Unique identifiers are unnecessary for identity management”
This statement contradicts the guidance coming from central government agencies, which all propound their own unique identifiers (UIDs). However, based on Kim Cameron’s laws of identity and the FAME national project, multiple identifiers are inescapable. People are unique but system identifiers are not. In a multi-agency environment, attempts to allocate national UIDs will continue to fail. So why waste more billions in doomed departmental projects before trying something new that has a chance of success?
The proffered solution lies in the acceptance of the status quo and the management of identity without UIDs, for at least a decade. See how traditional methods compare with a candidate architecture being promoted in one of the English regions:
The traditional solution, with unique ID, requires full up-frint data cleansing, explicit data matching, a central repository, elimination of duplicates, and structured design. It’s based on a presumption of correctness which presents risks. Quality will deteriorate with time and volume. The up-front cost is high.
A pragmatic solution with no unique ID is the opposite. There’s no up-front data cleansing. ID is continuously inferred, the system copes with duplicates, and structure is applied retrospectively. Ther’s a presumption of ambiguity which makes us proceed with appropriate caution. Quality increases with volume and over time. There’s little up-front cost.
Different characteristics of the two approaches are set out in the attached table: UID_v_MID.doc.
The pragmatic, multiple-identifier approach set out in the right hand column seems to ignore best practice from generations of computer systems developers, apart from one thing: Google. Google is undeniably useful, but look at its unpromising attributes. They are virtually identical to the solution in the right hand column. Google trawls the unstructured World Wide Web, makes asynchronous copies and retrospectively improves over time to provide an invaluable service. The human decides what is useful or true, not the machine.
While each department is pushing forward with their own improbably successful UID schemes, shouldn’t the government’s Chief Information Officer study the alternative serendipitous approach for managing identity? The latter could be piloted in a UK region within a year and expanded nationally with the appropriate investment in infrastructure.
Lance Piper
3 Responses to “Let’s live with multiple identifiers”
Nice one, Lance. This looks like a conceptual proposal which genuinely matches the way trust operates in the real world. Truly distributed identity processing. Everything of value connected to the network. Now where have I heard that before… ;^)
As far as I am concerned the Liberty Alliance is a key component of the solution. It exists, I have been working alongside an implementation of smartcards.
Regarding real-life multiple identity management across independent agencies, I am trying to raise interest (ie funding) for a proof of concept for my ideas. I am certain it is practical and could be developed for use by any public sector partner. The design is scalable to any regional or national grouping with metadata control of any data that an agency would like to share with another that has the correct Liberty Alliance authentication.
Oh dear! Does this mean that the hated ID cards could actually be made to work?
More seriously, where can I find more about actually using MIDs in practice please?