Future of online identification

Identification in the online world is still a mess in 2010. The average internet user manages more than 10 online identities. Each identity is disconnected from the other. The management of these online identities and especially the associated user accounts is getting a nightmare. Users use the same passwords for the same identities or write them down in agendas or digital textfiles. They simply are not capable of remembering so many username / password combination and worse the requirements for these identifications are different for many sites. Some sites take your email address as the username and others take any alphanumeric sequence. But you cannot always use your email address because the username is often also the online nickname and publicly visible to others. And some users would like to keep their email address private.

Some companies have tried or are trying to push their identification system to others. The most prominent example is Microsoft and their Microsoft Passport service. By tightly integrating this into their own services (think Hotmail.com) and at the same time delivering integration solutions with their IIS webserver software they tried to open this market.
Of course this failed for the several good reasons. The most important reason is that not one company in the world should maintain the major identification system. A commercial company can simply be not trusted to own and maintain that information.

At this moment Facebook is trying the same. You see their identification system being used on other sites like Digg.com. And although their push is less visible and maybe even more driven by a pull market strategy the reasons why it will not be omnipresent are the same.

There are also legal implications. Private information about people is protected by country laws. These laws are not designed to cope with this situation. Companies who use an external identification system which is located in a different country than their own service create a problem when legal issues arise around a user. Especially when commercial transactions are involved or (very) private information is leaked. When this is the case there is no other option for these services to build and use their own identification system.

The only solution is public governed system of online identification. A public governed system has the advantage of trust and public governance. At the same time privacy laws can be designed and maintained in line with the identification system since they are governed by the same entity. The system can be designed in the same way internet domains are governed. The responsibility to maintain the local internet domains like .nl for The Netherlands is delegated to a local Dutch institution. Through this delegation countries can implement and enforce local privacy laws and protect their citizens data. At the same time all citizens in the world only have to maintain one indentity and identification. Through a standardized system users can release information to commercial entities when they desire but at the same time also retract that information again when they want to.

Of course such a solution requires the cooperation of a major number of countries to gather enough strength in the market to push this solution to all internet service companies. The only option would be to involve a major alliance of countries like the European Union or United Nations to make an initiative like this happen. Up until now this has never an agenda topic. But such a system makes sense and it is only matter of time it will happen. It can of course take a decade or two.