one view on making user-centric convienent

In his recent blog, Dave writes "Putting users in control of their own data, and needing to approve and verify it's dispersal, could cut a majority of this fraud."

The one thing I keep thinking of regarding Identity 2.0 and user-centric models is this:

* Any improvements to prevent identity theft have to be as user-friendly as credit cards ... you use it, others trust it, they track the use and distribution and notifies you of suspicious behaviour

Unless it's that easy, and that much a part of the infrastructure, people wont' be bothered unless they're a victim. I'm educated, but even I don't have time to manage my own information. I hire a financial advisor for my portfolio, so I don't have to track it daily. I use credit cards because they're convienent. I don't feel safe, but accept the risk as trade-off for the free-time to live my life.

The problem with large infrastructure is that it may become stagnant (inflexible), and thus subject to penetration (e.g. the current ATM and Credit Card industry today). Data Collectors and Identity Service Providers could be like Credit Card companies ... they might provide the convience required to make user-centric identity work, but are subject to stagnation if not managed properly.

---------------

Dave also writes: "Institutions seem powerless to prevent the fraud from happening. Or are simply reluctant to take the steps necessary. Users have a much bigger stake ... User-centric identity is an idea whose time has come, it's time that the corporate world recognized it."

Since I focus on IdM for the corporate world, it's not a matter of recognizing it, it's a matter of investment. As Jarrod Jasper said "there is no ROI, but companies are willing to pay to relieve pain ... redirecting money wasted manually cleaning-up information vs. permanently fixing the problem". Corporations are now IT-Value focused ... unless it's going to affect the bottom-line, it's not high priority.

User-centric identity will be a focus point only after it's realized to be tied to regulatory compliance and identity theft. The first corporate market will be retail ... they already focus on identity because they're incented to ... they want to know who's buying from them and that it's not fraudulant purchases.

Corporations are still wrestling with the fundamentals of user-registration, synchronizing and cleansing data, and sox compliance. They barely trust that the data they own is accurate, let alone trusting the user with owning the information. So it'll be a while before they care.