[Log In] []

Exploring the science and magic of Identity and Access Management
Wednesday, June 26, 2019
 

Emerging Identity Oracles

Identity
Author: Mark Dixon
Thursday, March 3, 2011
7:20 pm

imageOracle: “In Classical Antiquity, an oracle was a person or agency considered to be a source of wise counsel or prophetic opinion, predictions or precognition of the future, inspired by the gods.”

Thanks to Nishant Kaushik for pointing out Anil John’s thought-provoking article, Identity Oracles and their role in the Identity Eco-System.” In his introductory tweet, Nishant suggested, “Some thing for @trulyverified to think about.”

Since I recently signed up for the Tru.ly service, I thought Nishant’s advice was timely.

It was interesting to review the four characteristics of an Identity Oracle outlined by Bob Blakley, currently the Gartner Research VP for Identity and Privacy

  • An organization which derives all of its profit from collection & use of your private information…
  • And therefore treats your information as an asset…
  • And therefore protects your information by answering questions (i.e. providing meta-identity information) based on your information without disclosing your information…
  • Thus keeping both the Relying Party and you happy, while making money.

Some emerging companies fit part of this definition.  Certainly Tru.ly relies on information I provide and they verify, as an asset, and have based their business plan on such assets.

However, others come at it from different direction:  Axciom and LexisNexis offer Identity Verification and Authentication services based on publicly-available information.  Neither company has asked me whether they can use my information, but Axciom claims, “Acxiom’s identification platform utilizes demographic and geographic data in challenge questions with nearly 900 data elements for more than 300 million individuals.” LexisNexis claims, “Access to vast data resources – more than 20 billion public and proprietary records.”

Axciom and LexisNexis customers pay for the privilege of tapping into those vast stores of personal information to provide authentication and validation services.

Does this make Axciom and LexisNexis Identity Oracles?  What about Tru.ly or Trufina, or similar companies? Do the the three major credit bureaus qualify?  Perhaps none are complete Identity Oracles in the true sense of Bob Blakley’s definition.  But they are getting close.

 

3 Responses to “Emerging Identity Oracles”

    Mark.. One of the primary characteristics of an Identity Oracle is that it has a privacy preserving contractual relationship with *you* directly. AFAIK, that takes Axciom and LexisNexis out of the picture given that their primary driver is to monetize the information that they have gathered on you without asking me “… whether they can use my information” (as you noted)

    Comment by Anil John on March 3, 2011 at 8:06 pm

    I would draw a strong distinction between Identity Verification services and Identity Oracles. Identity Verification services fit the bill in quite a few areas (data aggregation from multiple data sources, exposing a service that can answer identity related questions), but they exist to serve the RP, not the person – thereby failing the privacy protection requirement (as Anil points out).

    And at this point Tru.ly sounds like it is more in the Identity Verification business than the Identity Oracle business – just that the RP in this case is users of social and ecommerce sites. Also, I don’t understand how they plan to make money. Clearly they are not charging me (the user) yet, so I cannot assume that they will have my interest at heart when it comes down to it.

    Comment by Nishant Kaushik on March 3, 2011 at 10:57 pm

    I agree that the examples I gave aren’t completely Identity Oracles, but they are probably as close as we have yet.

    Comment by Mark Dixon on March 4, 2011 at 4:45 am

Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.