Social Logons Will Blend Personal and Work Spaces, Ushering in a New Era of Hybrid Identity
There is nothing more personal than identity. But as much as we like to think we are the curators of our own identities, when it comes to digital identity, it’s a two-way street. Identity is the way you are known. The way that Service Providers (SPs) know you plays a big part in their risk management, and it varies, for example, from banks to airlines or from doctors to retailers. When it comes to knowing and showing who you are, you are not the only one with skin in the game. Nobody can force a Service Provider to accept someone else’s account of a user’s identity, if the provider’s risks arising from potential misidentification are not covered.
Businesses face spiraling pressures from consumerization. Ultimately, the benefits are turning out to be significant. Yet the medium-term disruption is significant, and in the midst of the turmoil, it’s difficult to see all the pros and cons clearly. Now, staff and customers are asking to bring their own identities (“BYOI”) as well as their own devices (BYOD) to work. But digital identity is not always what it seems. We’re at the very early stages of a society-wide “analog-to-digital conversion” and our intuitions are not always reliable in the new digital environment.
For over a decade, grand public-private identity federations have over-promised and under- delivered. It has proven to be fiendishly difficult to share identities across banking, healthcare and government circles. We also had a go with new general purpose OpenIDs, but they were unpopular with Service Providers (just as digital certificates were 15 years ago). And then along came social identities.
Social logons are compelling. With near-zero friction and near-zero cost, they have grown literally like weeds, and are already embedded in daily life online. They work like a dream in media, music and retail. However, parlaying a social handle up to serious transaction authorization is easier said than done. Social logon has yet to reach “business grade”. No social identity provider today offers serious liability allocation or any form of underwriting for identity attributes. However, it’s early days, and the big Internet brands are hungry to find ways to leverage the deep knowledge they have of their users. Some social identity providers enjoy high quality static data, while others have great depth in dynamic and behavioral data. A sustainable social identity business model will probably need to occupy both these dimensions. But Social Identity Providers (IDPs) will also need to address identity from the Service Provider’s point of view and perspective. Service Providers know their customers in order to manage risk and need to be convinced that third-party Social Identity Providers know those customers just as well.
This report aims to help decision makers deal with “consumerized identity”―especially social logon and “BYO Identity”―so as to not dilute their ability to control enterprise risk.