An identity should be the most personal and inviolable thing one can own—and yet, as e-commerce practices unfold, an electronic identity that is secure and under the control of its owner is far from a reality.
Microsofts early interest in the issue, in the form of its Passport identity management system, inspired industry dialogue from rival Liberty Alliance. But Microsofts head start, combined with its desktop dominance, has made some at the alliance willing to concede to Microsoft the role of pervasive provisioner of online identity, at least at the desktop. Were disappointed that Jonathan Schwartz, executive vice president at Suns software group, said the alliance standard cannot compete on the desktop but will seek to become dominant on devices such as cell phones.
We think its too soon to call the contest settled, and we certainly dont believe Passports track record inspires the required level of trust. From the start, Passport has raised questions about having too much information concentrated in the hands of a single company. The Federal Trade Commission has mandated that Microsoft be audited every two years, for the next 20 years, because the company misrepresented the amount of personal information it was collecting under Passport as well as the level of security it was providing for that information.
The important question of online identity standards needs more committed involvement at all levels, not the kind of retreat that results in Balkanized identity management standards on different devices. Conceding desktop identity to a single vendor whose probity is so questionable that it is subject to every-other-year audits is unacceptable. Liberty should keep the dialogue going. Were glad to see that some Liberty members other than Schwartz arent as ready to throw in the towel.
While the discussion of identity management standards continues, lawmakers should compose a succinct, enforceable code of requirements for gathering personal information—an electronic identity bill of rights, if you will. Essential to this code would be liabilities and penalties. With those rules in place, everyone from identity service providers to individual Web citizens would know where they stand. That sense of comfort regarding identity is critical to the growth of online commerce.