Identity management is crucial on the net and I reckon it’s evolved into a pretty horrid cruft of silos and vulnerabilities. We have the opportunity to make identity a native property of the new internet. What should that be like? Some of my thoughts:
Identity Management per app / service
- Autofill metadata when creating an account (username, password, contact details, password, confirmation, other metadata like phone number and shipping addresses)
- Modify account (unsubscribe from notifications, change password, change payment options, change shipping options)
- Manage account (forgot password, restore from backup, remove completely)
- Close account (give subjective feedback to service, confirmation)
- cross platform, safe browser, safe apps, web, mobile, native (eg it may just act as a glorified password manager in many instances)
- backup management (create and restore, import and export)
- use on public devices
- use from removable media or from brain memory
- manage new identities
- one-time / anonymous / disposable identites
- api identities, including permissions and revocation
- identity hierarchy, some identities should be totally separated, some should be derived from an existing identity
- access to history of identity usage
- alerts when identities are used
- digital signatures (I can’t believe how poor most current implementations are, this should be a huge and important thing, pgp could be so useful but it’s hardly used)
- simple disaster recovery mechanism
- web of trust features
- businesses need to manage access to shared resources
- people may want to have a group identity used by many people
- search for people or organisations
- partial sharing of details with others (eg name and phone but not address)
- verified real meatspace identity vs online personas
- services can automatically communicate policies to users (eg password requirements)
- Automatically lock identities between certain times
- Automated stylometric analysis / correction on all content passing through each identity
- Schedule jobs for identities
- Custom outgoing content filters / modifiers
- Custom PRNG and entropy sources
Payments and budgeting
- Wallet and fund management
- Recurring and scheduled payments
- Budget tracking
- Alerts and warnings
- Multisig coordination mechanisms
- Incoming payment / invoice management
This is a lot of stuff for a user to manage! I think it would be easy to make a really complex UI that does all this (and it would still be better than what we have today) but hopefully we can make a simple UX. If SAFE can get identity management right it will be a massive drawcard to bring people across from the oldnet.
One thing I would like to see is single secret access - each user has one very strong key and all other secrets are managed automatically and securely. By reducing the cognitive load to one secret it can be extremely strong. The problem is when users have lots of different cognitive load they have to simplify each one to be able to manage.
Do you have any examples of good identity management software or features?
I came across auth0 today and it looks pretty amazing.
Think about how important email is for managing all your identities. Let’s aim to be that pervasive, but better.
What do you think is missing from the identity management list?