An interesting spin on user-centric identity
One of the issues I highlight in
our recent report on identity management is the need to bridge the gap between enterprise- and user-centric identity. This issue is at the heart of Kim Cameron's
7 laws and the
identity metasystem, and
IBM and Novell's embracing of the Eclipse Higgins initiative.
This morning I met with a
PAOGA (Disclosure: PAOGA is not a customer), a UK-based company (hardly a start-up as the company has been operating for 4 years but is nonetheless a possible example of
James Governor's much-sought-after British innovation and one moreover which is addressing a key issue at the heart of Web 2.0) which has already seen some success with the likes of BT, the UK National Health Service and UK local government.
The company's core offerings are the PAOGAplatform and the PAOGAnet service. These provide a runtime platform and development environment targetted at web-based service providers to allow them to develop and deploy user-managed identity solutions, incorporating automated workflow and compliance logging and auditing. Identity data is hosted by PAOGA, in what the company refers to as the PAOGAperson database, with identity data exposed to the service providers under the direct control of the user. It is this latter capability which is particularly innovative: PAOGAperson puts identity data in the direct control of the individual.
There are clearly some overlaps with the work of the
Liberty Alliance and Microsoft's
InfoCard but Graham Sadd, the CEO, recognises the need to interoperate. The company also needs to look at what is happening with the likes of
OpenID,
NetMesh's LID and
i-names (as well as the
YADIS interoperability work) in the world of user-centric identity, as well as
Opinity with its work on reputation.
Certainly interesting stuff but not without it's challenges, not least of which is the chicken-and-egg problem: how to get individuals to sign-up without a decent number of service providers and how to get service providers to sign-up without a decent number of subscribers.
PAOGA is also going to have to work hard to overcome the concerns of service providers and users alike when it comes to trusting a comparative unknown quantity to control and manage what is incredibly valuable data. Service providers will also have the same concerns regarding control of user data which lead to the downfall of Microsoft's
Hailstorm (which
Dare Obasanjo of Microsoft alludes to
here). Graham is under no illusion here either.
The company is definitely attempting to address what I, and I am certainly not alone, believe is a key issue going forward as individuals transition more and more of their day-to-day activities to an online world and, as they do so, begin to recognise the importance of taking control of their identity, rather than leaving it to a multitude of service providers (commercial or public sector).
