What is identity? What a boring question you might think? Hasn’t it been answered since centuries? Well, one might think so.

Considering the Gartner Hype cycle a couple of technologies and practices (Federated Identity Management, Microsoft Active Directory/Kerberos, User Provisioning, Metadirectories, Smart Tokens) are climbing out of the “Trough of Disillusionment”. Some (Enterprise Single Sign-On, Web Access Management, Hardware Tokens, Password Management) have happily reached the “Plateau of Productivity”. Identity Management as a whole is maturing it appears to us.

So what is identity after all? In philosophy is the sameness of two things. So if two things have the same identity they must be considered as one thing. In object-oriented programming we consistently apply this concept of Identity. Here it is defined as a property of objects that allows those objects to be distinguished from each other. In an OO-System the OID (Object Identifiers) is defined to be unique.

But within the very discipline which is built on top of the concept of identity our perception is not so clear. Looking up the first book on digital identity written by Phil Windley, we read sentences like: “We usually speak of identity in the singular, but in fact subjects have multiple identities.” or “These multiple identities or personas, as they are sometimes called, …”. Oops, persona, what is this? Obviously according to Phil Windleys definition it is the same like a digital identity.

Dave Kearns once asked the readers of his newsletter “And what’s the sum of all these personas?” As Andre Durand of PingID suggested that's the Identity. But not the digital one? Hmmm.

Coming bottom up we might argue, that several access rights may be bundled to a role. For example in my company the SiG I have the role of being ma own principal consultant, a role of being the president and well, that's true, the most important (and only) shareholder. The sum of all my business roles forms my business ”. But going further I have to admit, that I not only flesh out my business persona, but - rarely enough - my family persona, my globetrotter persona, etc.

So, what's the sum of all these Personas? Some kind of virtual unified identity or just “my identity”? And those personas are to be understood as its projection to the space of information demand in a specific context?

So if the Identity is not just the OID, the Object ID, a universal unique Identifier, which makes different individuals indisputably different, it could be this unification of all our digital identities.

By the way - in the context with certificates you can find the following statement in Phil Windleys same book: “Free certificates from Thawte are not very useful in establishing your identity, because Thawte doesn’t do anything to verify the identity of the requester”. He obviously has yet another kind of identity in mind while missing this verification – the real world physical identity.

So what is identity? First I thought the answer is easy – but it is not.

At least there is still one commonly understood term missing.

Wed March 7th, 2007 Posted by Horst Walther, SiG Software Integration to the GenericIAM Blog

Horst Walther, Hamburg