TR: There are benefits to our identities being so mobile, such as remote communication and automated commerce. What are the challenges with mobile identities?
BB: We as an industry have implemented identity technology for a long time. We assigned people an online identity, and, in fact, we did that so successfully that people had a lot of them. Now the next generation of identity technology is trying to allow individuals to get a handle on the complexity that’s created by them having all these different identities. They have these different identities not because they want so many, but because each organization they do business with has their own identification system and they don’t talk to each other because they bought them from different vendors. So we’re trying to reduce the complexity for the individual of managing identity technology.
TR: How do you do that?
BB: We recently announced Tivoli Access Manager Enterprise Single Sign On [a software application]. This allows people to simplify their management of log-on credentials if they have a lot. There’s a much older technology that you probably have, that lets you do the same thing – it’s called a wallet. That’s a credential management technology. It works in a physical world, but we are building credential management that works in an online world. If you look at Microsoft and their initiative aimed around “InfoCards,” it’s aimed at a similar problem.
TR: What other problems involving personal identity can software help to solve?
BB: The other thing we’re trying to do as an industry is to reduce the overall expense that a business has to dedicate to managing identity. And the way that we’re trying to do that is to allow people to share identities that are owned by other organizations. The general term for this kind of technology is “federation.” But what it basically means is if I’m a customer of Citibank, and you’re a merchant, but your bank is Bank of America, Citibank can manage my identification, but you and Bank of America can recognize it without having to create an identity record for me yourselves. That’s a really big deal because managing an identity is expensive. If I have an identity, an account, a PIN number and password, the cost per year of me having to call the help desk every time I forget my password is really, really high. It’s in the tens of dollars and sometimes as much as hundreds of dollars for one account per year. So if you can consume my identity without having to manage it, that saves you an enormous amount of money.
TR: People generally don’t consistently think of themselves in terms of their digital identity. Should they?
BB: Yes and no. People need to establish accounts, and they do need to have a level of vigilance to insure that the identities used in those accounts aren’t being used by other people and they haven’t been contaminated by identity theft. You need to do that. But if you say that you’re worried about identity, it seems to me that what you’re really worried about is one of a variety of other things. You might be worried about your behavior. You might be worried about privacy, which is not exactly about identity. You might be worried that your establishing an identity is in some sense going to compromise privacy that you previously had before you established that identity. In which case what you’re really worried about the behavior of the organization you’re doing business with.