in Identity Management

Identity vs. Reputation

Inspired by a post by Johannes Ernst, quoting Phil Windley:

“Identity is my story about me.

Reputation is your story about me.

Apart from being an excellent definition, it brings the concept of reputation back into the discussion.

On a personal identity basis, as in eBay or other online marketplaces, we all know how to judge reputation. It may not be 100% safe, as it documents the past, but it’s a good indication at least.

In a corporate environment, this may be even more important. We’ve been spending vast amounts of money making sure we have protocols to convey identity, mostly cryptographically securing that we know who’s on the other end of the line.

We now need to combine that with some kind of reputation information, i.e. how much access or capabilities will I be comfortable giving to a digital entity. CRM may be a way to do this on an individual basis, but where’s the conecpt for a centralised service?

This may even be extendable to the old ActiveX problem. Today, software installation requires you to trust the author. It may be comforting to know that it was a certain John Smith from Montana’s program that formatted your hard disk, but wouldn’t it be much nicer to be able to check back on other users’ feedback on the component instead?

Leave a Reply