Persona is a term that’s increasingly being used in conversations around digital identity, but it’s not one that I typically find to be well defined. The Wikipedia entry doesn’t help much, as it is about the more general definition of persona as ‘a social role’. When I checked the Identity Gang glossary (or Identipedia) the last time I was looking for help that didn’t help either, though I now see that there are a number of definitions there (I can’t decide whether this is better or worse than none at all). The discussion about Limited Liability Persona is getting some more traction in the aftermath of the Scoble/FaceBook debacle, but that concentrates on a proposed legal framework and the underlying definition of persona is somewhat implicit.
It is my contention that persona is an abstraction between an entity (usually a biological entity, or person) and a bundle of one or more digital identifiers, so that the entity can present themselves differently according to context. This is similar to using a role as an abstraction between a digital identifier and a bundle of privileges (though I’m increasingly leaning towards attribute based access control [ABAC] in favour of role based access control [RBAC] as role management is a deep and sticky tar pit).
At this stage it’s usually helpful to offer some examples:
‘Blogger’ – my persona of ‘blogger’ associates with my digital identity (OpenID) ‘thestateofme.wordpress.com’, which in turn places me in the role of ‘author’, which gives me the privilege to ‘post’, ‘approve comments’ etc.
‘Web surfer’ – my persona of ‘web surfer’ associates with a bundle of digital identities (OpenID, search engine company, web mail provider etc.), which in turn place me into roles like ’emailer’, ‘photo uploader’ that then let me have privileges like ‘send email’, ‘create new album’ etc.
‘Employee’ – my persona of ’employee’ gets me a bundle of digital identities that are mostly issues by my employer, some on internal systems, others on Internet connected system with different namespaces…
Hopefully you’re getting the drift by now, and this helps?
Filed under: security | 6 Comments
Tags: digital identity, idm, llp, persona, security, trust