Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

The evolution and ecology of digital identity - PhD proposal

This is the abstract of my PhD proposal, recently confirmed, in the Australian Centre for Cyber Security, at the School of Engineering and IT, UNSW Canberra (ADFA).

Abstract

More details are available on request.
Identity Management (IdM) is a fully-fledged subdivision of the information security industry, concerned with the authentication and authorization of people, organisations and objects as they transact online. Broadly speaking, it is important to know who and/or what an entity is before allowing it access to online resources, or accepting transactions from it. As online services have mushroomed in the past twenty-five years or so, digital identities have too, creating significant difficulties of usability, serviceability, security, privacy and cost. It is not uncommon now for individuals to exercise dozens of different accounts and virtual identities, each dedicated to usually just one service.

For many years, the IdM industry’s dominant response to these problems has been “federated identity” – an attempt to re-use identities (or identity information) across different domains, in an effort to streamline IdM processes and reduce the number of virtual identities. Unfortunately, despite many well-resourced government, industry and private-public partnerships, there are few examples of successful identity federations operating across different domains. Nevertheless, significant efforts continue on identity federation though standardization, “identity frameworks” and government policy initiatives.

It is possible that this work is largely in vain, for fundamental reasons. It is possible that digital identities are inherently resistant to federation, and that alternative approaches are needed to improve Identity Management.

This PhD project will investigate the properties of digital identity through a new theoretical framework, drawing on biological, anthropological and ecological principles. It appears that insufficient attention was paid to the nature of digital identity before the IdM industry settled on federation as the preferred way to engineer improvements. As with speciation of organisms in nature, the sheer diversity of digital identities suggests a biological sort of explanation for how identities might have evolved over time to suit different requirements in the digital environment. The term “ecosystem” is often used casually in technology discourse, yet the concept may be more literally accurate than many realise. If digital identities have indeed evolved to fit specific ecosystem niches, then that would go a long way to explaining the practical difficulty experienced transferring identities and relying on identity information between domains.

Memetics is a new and increasingly formalised study of cultural evolution in terms of heritable units of human behaviour, referred to as memes. A range of tools and demonstrations have emerged in the past 20 years to explain the detailed evolution of many cultural phenomena, including technologies such as programming languages. This PhD project will evaluate memetics principles and tools with the objective of revealing the systematic evolution and speciation of digital identities.

If the method is successful and memetic evolution demonstrated empirically, then we will cast a fresh light on several important issues in Identity Management and the broader digital economy:

  • legitimise the role of identity attributes in IdM practice
  • save future efforts otherwise wasted on infeasible federation models
  • show more effective alternative ways to re-use component identity data
  • show how national-scale identity infrastructure might be better organised for the benefit of digital economies.