Authentication, Identity, and Data Portability
I attended Zero Linden's office hours today, and there was a very interesting discussion about identity in Second Life. Maybe it's better to say there was a large discussion about a whole host of things related to virtual world interoperability, which began (and continued to loop back to) talks about identity. I'm not trying to be too wordy with my description here, but really, everyone returned to identity as if that was the central issue of the discussion -- and in some ways, I can see that it was -- but it other ways, there was a lot being discussed and certain areas being lumped together with others. I would like to go over some of the things that came up today, just to clarify my own thinking on these things, and also to separate out issue into distinct domains. So let's look at authentication, identity, and data portability all of which came up today.
Authentication
Authentication and identity were lumped together pretty heavily today, especially when we got around to talking about OpenID. The two are tied together in a system, there's no doubt, but to equate one with the other is inaccurate. Authentication is the act of securing permission for an identity, but not the identity itself. Usually, this means giving a token (a cookie on the web) to someone, or something more accurately, to allow that agent to act on behalf of a given identity. Or to act as that identity. But authenticating an identity is not the same thing as presenting the identity, or describing the identity. (And this point will make more sense down the page, I hope.)
I get the confusion or the conflagration of the two, especially where OpenID is concerned. OpenID even defines itself as "a place to store your digital identity." While this may be the goal of OpenID, that's not how it's used today. OpenID is used in authentication as a means of matching an end user, or an end user's computer, with an online identity. OpenID is not the identity itself.
Don't believe me? I can log into ma.gnolia with an OpenID of my choosing. I am known as deryck on ma.gnolia. Most people would identify me by that profile link. That is more closely my identity than the OpenID. In fact, I can drop the current OpenID I have with ma.gnolia, authenticate another one, and now I have a new means by which to authenticate. OpenID is just authentication, at least at this point in the game. It is just the means by which one system is matched with another (the me sitting, typing at this computer with the virtual me stored on a server). The authentication system is wholly separate from my identity itself.
Identity
So what is identity?
This is a great philosophical question, and really was the question at the heart of our discussion at Zero's office today. How we answer that question -- i.e. who am I? -- is a tough one. Clearly with social networks, or web sites more generally even, and with virtual worlds like Second Life, we invest a lot of time in carefully crafting an identity. For Second Life, the identity and login name are synonymous, but for other systems this might not be true. See the OpenID discussion above, or how we can use an email for login at ma.gnolia or Facebook. So our identity is that which projects ourself through the system. In Second Life, this is very "physical" in nature, even if a virtual physicality. We have a body, a shape, wear certain clothes, call ourselves by a certain name, where certain group tags. All of these things taken together identify us.
In some ways, we are the things we collect virtually. In SL, these are virtual things, like real life stuff. On ma.gnolia, the things I present to represent myself are the few bits of data I write about myself on the profile and my collection of links. Take a look at my top tags, and you'll learn a bit about me. These things are not really me, so we'll leave that really large discussion behind, but they do -- when taken together -- identify me, at least on the given system.
Which brings us to....
Data Portability
If I could take a few basic things with me from web site to web site, or a few basic "objects" in Second Life from one server to the next, I can recreate the identity I've made for myself. This is the real issue, and the tougher to solve because it involves multiple entities working together for a single end. I'm optimistic -- based on what I read is happening at Linden Lab, IBM, Google, and other places -- that companies these days are more interested in keeping you as a user than keeping your data. There are still those who don't feel this way, though, and as much as I dig Facebook and think the people working there are smart and wonderful, Facebook is one of the worst about locking up my data. (And trust me, I know the FB platform very well! For all the good things that it is, and all its coolness, it ain't about data portability.)
I like that Linden Lab is working hard to make data portability a real possibility. My understanding from what Zero said today is that ultimately that is the real goal. That's what he means by "interoperability" -- the ability to carry my data about myself from place to place virtually. Sure, we all have to worry about the mechanics like authentication and usernames, but these aren't really identity. Just logging in to play WoW with my Second Life account -- if all I do is create my identity new on WoW -- isn't really interoperability or my identity or data portability. It's the data that matters, not the mechanics of authentication or establishing a user name. This point seemed lost today, and may be why people got bogged down and needlessly worried about UUIDs and RFIDs, which really seem irrelevant to a system that allows me to take my data with me. Of course, I don't have to take my data if I want to create a new account each time for each system, but right now, I have no option of carrying data with me.
So returning to my optimism about the very real discussion going on around this in virtual worlds... my gut (and experience building for/on the web) says Second Life and other virtual worlds can get to this point quicker than the web. This is likely the path to the 3D space supplanting the 2D web. If for no other reason than that the system is being built (or rebuilt) at these early stages with data portability in mind.
Posted by deryck on February 7, 2008
Comments