What is a "Virtual Personality"?

I'm a great adherent of Jaco Aizenmann's Virtual Rights Initiative, and have been working with Jaco and with Andy Dale to develop the technological aspects of the VRI strategy. VRI has the potential to become a forum for debate on online rights issues which brings together people from legal, governmental, business, social and tech sectors in an integrated and creative debate.

The is just one thing that puzzles me with the VRI agenda, however—it's the concept of a "Virtual Personality". It seems to me that this concept lacks a logical basis, although I'd be happy to be proven wrong.

A Virtual Personality is posited by VRI as an aggregate of all the Virtual Personas a person might have in their online life (their banking persona, blogging persona, online chat persona etc.).

But who says all the Virtual Personas belong to the same Virtual Personality?

The term "Virtual Personality" implies the objective existence of a single (albeit multi-faceted) virtual subject. However, the judgement of the existence and make-up of a Virtual Personality (in terms of constituent Virtual Personas) is dependent on attribution—of each Virtual Persona to a physical person, and of the various constituent Virtual Personas with one another. These acts of attribution are dependent on online-offline and cross-domain ("intra-online"?) acts of authentication, each of which itself depends on the subjective ontology of each relying party.

Specifically, a relying party must decide:

(a) does the Virtual Persona information from the asserting party sufficiently resemble a known Virtual Persona to correlate the two?

(b) is the asserting party trustworthy enough to attribute the Virtual Persona information it asserts to the physical person it purports to represent?

The answers to these questions will necessarily be determined by the nature of the relationship between the relying and asserting parties, as expressed in their data ontologies (their digital description of their world and all the entities in it). Therefore, the attribution of the existence and make-up of a Virtual Personality is inherently subjective and will vary from person to person and group to group.

What is the meaning, then, of creating a Virtual Personality legal entity, if we cannot hope to pin it down—not because of current shortcomings in technology, but because of a complete lack of a logical basis for the objective existence of such an entity?

Virtual Personas themselves, on the other hand, really do have a tangible (albeit psychological) existence in the context of the specific relationship between the relying party and the persona subject.

It's a crucial difference, for me.

Technorati Tags: identity, legislation, ontologies, subjectivity, virtual_persona, virtual_personality, VRI

Big questions

REST-ful YADIS is making great strides, Infocard is on the way, certain companies (oh ok, Microsoft and Credentica—Kim's already owned up ; ) are discussing how to put a missing piece of the Metasystem puzzle—multi-party transactional security and privacy—in place. The promise of technology solutions for truly distributed and human-centred information exchange is looking bright indeed.

Meanwhile, however, we're still not hearing from Liberty Alliance proponents how or if they intend to fix the trust-centralisation and "insider attack" vunerability that stems from Liberty's dependence on X.509 certificates. Even more worryingly, the British government seems set on plunging ahead with some kind of centralised, federated identity architecture (almost certainly Liberty) for their proposed Identity Register scheme.

So why is government deaf to the advice of hordes of industry specialists? Why is Liberty continuing to get strong take-up in the governmental and corporate worlds, despite its obviously fatal flaws with respect to the self-determination and privacy of its constituent individual and community constituents?

In short:

What motivates us to act collectively—in business, government and community—to limit people's freedom and privacy, even though we each individually purport to value and respect these things?

What do we fear, and what might we hope for, from the prospect of collectively granting people their freedom and privacy?

I feel we need to develop conceptual methodologies which address these questions if we are to hope not only to design and implement ethical technology, but also to succeed in effecting its rapid and widespread take-up across both social, business and government sectors.

I shall explore a few provisional thoughts on the topic in a follow-up post...

Technorati Tags: business, government, id_cards, identity, liberty, microsoft, phase_behaviour, privacy, metasystem, security

YADIS traction

Johannes bears good tidings from The YADIS Meeting (my emphasis):

This was a very encouraging meeting, and I'd very much like to thank everybody who participated and produced input for it for their help. Based on this experience and also the conversations on the mailing list so far, I'm very convinced now that URL-based, bottoms-up identity will become widespread, interoperable, highly innovative and very likely emanating from the YADIS community. There is little doubt in my mind any more that there will be a YADIS 1.0, that it will work for lots of different people and companies, and there is enough commitment by enough people to make it happen, and happen in a matter of weeks or few months, rather than years.

Interview podcast

Aldo Castañeda's interview with me for his podcast series on The Story of Digital Identity is now online. Aldo asks some great questions—I hope between us we managed to come up with a somewhat unusual take on "digital identity", if nothing else!

Technorati Tags: identity, podcast

Embrace and transform

John Maddelin of RSA Security writes about information asymmetry in the identity space:

For the majority of the recent history of identity management, most business models have had an active acknowledgement of the importance of "owning" the identity. This is true both of the platform vendors and the retail and information service providers who have long recognised the important place of information asymmetry (or in this case identity asymmetry).

[...]

The laws of identity happily outline the perfect world where people will manage delicate utilities of trust and information-sharing, and take control of their destinies by re-establishing informational and commercial symmetry in their relationships with providers. On the one hand I would like to subscribe to such a world; on the other hand I am concerned that it underestimates the immovable force of big corporate profit motive, and self-interest.

[...]

On the one hand we subscribe to the view that consumer-pull is becoming a central theme in establishing the concept and framework of an identity metasystem. On the other hand we must acknowledge the immovable force of political and economic power in creating distorting outcomes -- and representing a more realistic fabric and theme for the identity-centric world of tomorrow.

An interesting theme...

I feel it's helpful to untangle the discussion of technical architectures ("fabrics") on one hand, and data sharing relationships within those architectures on the other. An metasystem solution that does what the Identity Gang is saying they want it to do will permit the information asymmetry John aludes to, thus embracing existing data sharing practices in business; however, the architecture of the metasystem itself would not enforce the asymmetry.

Such an architectural flexibility allows for a gradual evolution of data sharing practices towards a comprehensive respect of the individual's right to autonomy. This evolution will surely be driven by the business benefits that accrue from having happier and more trusting customers, who will be motivated to provide fresher, more accurate and more comprehensive information to services which respect their rights to freedom and privacy.

Technorati Tags: asymmetry, identity

Mashup event

My British readers may be interested in attending this February 2006 "Mashup" event in London.

Technorati Tags: mashup

Hear From Your MP

1. Log your British postcode and your email address.
2. Have your MP periodically nagged to email about what they're up to to you and the increasing numbers of your fellow participating constituents.
3. Follow the link in their email to a discussion board where you can join a public debate about the topic.

Why not Hear From Your MP? : )