An interesting spin on user-centric identity
One of the issues I highlight in our recent report
on identity management is the need to bridge the gap between enterprise- and user-centric identity. This issue is at the heart of Kim Cameron's 7 laws
and the identity metasystem
, and IBM and Novell's embracing of the Eclipse Higgins initiative
This morning I met with a PAOGA
(Disclosure: PAOGA is not a customer), a UK-based company (hardly a start-up as the company has been operating for 4 years but is nonetheless a possible example of James Governor's much-sought-after British innovation
and one moreover which is addressing a key issue at the heart of Web 2.0) which has already seen some success with the likes of BT, the UK National Health Service and UK local government.
The company's core offerings are the PAOGAplatform and the PAOGAnet service. These provide a runtime platform and development environment targetted at web-based service providers to allow them to develop and deploy user-managed identity solutions, incorporating automated workflow and compliance logging and auditing. Identity data is hosted by PAOGA, in what the company refers to as the PAOGAperson database, with identity data exposed to the service providers under the direct control of the user. It is this latter capability which is particularly innovative: PAOGAperson puts identity data in the direct control of the individual.
There are clearly some overlaps with the work of the Liberty Alliance
and Microsoft's InfoCard
but Graham Sadd, the CEO, recognises the need to interoperate. The company also needs to look at what is happening with the likes of OpenID
, NetMesh's LID
(as well as the YADIS
interoperability work) in the world of user-centric identity, as well as Opinity
with its work on reputation.
Certainly interesting stuff but not without it's challenges, not least of which is the chicken-and-egg problem: how to get individuals to sign-up without a decent number of service providers and how to get service providers to sign-up without a decent number of subscribers.
PAOGA is also going to have to work hard to overcome the concerns of service providers and users alike when it comes to trusting a comparative unknown quantity to control and manage what is incredibly valuable data. Service providers will also have the same concerns regarding control of user data which lead to the downfall of Microsoft's Hailstorm
(which Dare Obasanjo
of Microsoft alludes to here
). Graham is under no illusion here either.
The company is definitely attempting to address what I, and I am certainly not alone, believe is a key issue going forward as individuals transition more and more of their day-to-day activities to an online world and, as they do so, begin to recognise the importance of taking control of their identity, rather than leaving it to a multitude of service providers (commercial or public sector).