• United States

Reputation as the new currency of identity

Mar 13, 20063 mins
Access ControlNetworking

* Reputation will replace so-called 'trust' in identity transactions

I was in San Diego last week for the Tim O’Reilly’s Emerging Technology conference (a.k.a. “eTech”). There wasn’t a lot specific to identity management at the show this year, but Dick Hardt, founder and CEO of Sxip Identity was there with what could be called “presentation 2.0”.

If you’ve never seen his “You don’t know Dick” session, head over to last year’s Open Source Conference Web site and watch it. I don’t yet have a link to this year’s presentation, called “Who’s the Dick on my website?”, but it should show up here – and may be there by the time you read this.

The rapid-fire presentation ranged over many points but most had to do with identifying someone posting to a Web site (blog, wiki, what have you) in both the traditional way (e.g., Dick Hardt, CEO of Sxip, Canadian, over 21) as well as by reputation. This latter point brings up Sxip’s newest technology – Sxore.

Sxore has three purposes, or raison d’etre:

* Stop Comment Spam – Make sure that only real people engage in the blog conversation.

* Preserve Blog Quality – Use reputation to deepen the conversation and weed out the crap.

* Authentic Conversations – Get a reputable peer-generated digital identity.

Reputation is going to be the new currency of identity in the not too distant future. Reputation will replace so-called “trust” in identity transactions. Sxore is simply a preview, a brief look at what might be possible with reputation-based identity.

Today, mainstream identity relies on large-scale identity providers, PKI, certificates and a large, well-financed infrastructure supporting this system. Corporations buy into it because the U.S. tax laws allow them to write off the investment. Well, and because there’s been nothing better available. Also, it hasn’t really been about identity or trust but about liability and how to reduce it – or pawn it off on someone else.

Still, as user-centric identity gains strength, the whole PKI certificate structure will become irrelevant. Individuals haven’t the money to support such a system, the time to try to understand how it works and how to implement it or the desire to push off liability to the next guy. Individuals looking for identity transaction partners will choose them in much the same way they choose vendors and service providers in the non-virtual world – through the recommendations of people whose opinions they value.

Think of it. When you’re looking for a new doctor, you might well be interested in her certifications (diplomas, boards, organizations, etc.) but what really matters is what others think of the doctor. You ask your family, your friends your neighbors and your co-workers for recommendations. You’re looking for someone who is not only competent but who also will interact with you in a way that’s comfortable to you. The doctor’s reputation counts as much, maybe even more, than the doctor’s certification. The same can be said for choosing a florist, a plumber, an insurance broker, or any of the myriad of people we transact business with.

So how will it work in practice and is reputation useful in a corporate environment? Come back for the next issue and find out. In the meantime, watch Dick Hardt’s presentations – if only for the entertainment value.