More on (limited liability) persona
16Jan08
Despite the lack of comments (yet) the post on persona has resulted in some good behind the scenes debate.
Something that came out of this is that I agreed to post an illustration of how a legal entity fits into the persona illustration in order to effect the LLP concept:
Sadly this still leaves us with a missing mechanism for creating the appropriate legal entities. Companies (e.g. Ltd in the UK or LLC in the US) could be used, but seem a bit cumbersome and therefore unfit for purpose. I’m not a lawyer, but I do find myself wondering if trusts could be used in this context (e.g. legal trust meets IT trust)?
Filed under: security | 5 Comments
Tags: identity, idm, llp, persona, security, trust
Subscribe
Recent Comments
Tim Coote on Ross Anderson RIP iain on Skiing in Espace Killy (Val… Chris Swan on Getting more from a British Ga… Murray Cowell on Getting more from a British Ga… JL on AI MacGuffin 
Pinboard.in bookmarks- Zombie: Middleboxes that Don’t Snoop
- Thousands protest against Canary islands’ ‘unsustainable’ tourism model
- Commission proposes youth mobility between EU and UK
- DEA fuels moral panic over ADHD meds to justify its failed drug war
- Meta.ai Oh My!
- Looking for AI use-cases — Benedict Evans
- the biggest threat facing your team
- Why has Hugh Grant settled his phone hacking claim against the Sun?
- Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects
- AI isn't useless. But is it worth it?
Chris Swan's Weblog 
maybe the value of this graph can explored by considering an analogy?
persona => product
digital IDs => technology
role => use case
privilege => market
then LLP => Ltd Co.
(but maybe one would want to swap technology with product in the above)
One of the problems with this is that any newcomer to this market is going to have a hard time building both brand and trust with the general public. I mean, how many people outside of our industry have the slightest idea who Verisign is, for example?
I am making a big assumption that at some point governments will step in and start talking about government-issued electronic ID, but given the debacle around ID cards in the UK, and RealID in the USA, I don’t expect it to be a helpful intervention, at least in the next 10 years or so.
On the other hand, this could be an interesting new business for some of the big banks. After all, banking is pretty much the ultimate trust relationship involving consumers and businesses. If I trust a big bank with my money, why not trust it with managing my identity with third parties? The problems involved are exactly the same as with online banking and eCommerce, so it seems like a good fit technically, and the average person is going to feel a lot more comfortable with HSBC or Bank of America than with XYZ Trust Corp Ltd…..
Then again, I have had four cups of coffee this morning, so I may just be insane…
Hugh (and Alexis) – I don’t think that Persona is a product, though I think more could be done in the product (and standards) space to facilitate the concept. As I mentioned in a comment to the original post – the information cards part of the identity metasystem can be made to look like persona – particularly when coupled to other federated identity providers like OpenID.
The government issued IDs are just that – digital IDS. If we think about this in terms of persona then labels that spring to mind are ‘taxpayer’, ‘citizen’, ‘public service consumer’ or ‘cattle stuck in another airport line’. The key point here is that people will want to make use of alternative persona that are not associated with these types of ID.
Most of the LLP use cases really tie back to the fact that credit card numbers are just another type of digital ID, but like telephone numbers (which I intend to blog about shortly) they were never designed for the online world. One issue is the limited name space you get with 16 digits, but that’s just the start. Clearly the banks could have done more in this space (and still could), though so far it seems that new services (e.g. using the email name space for payments) have emerged from startups.
more clarity on 1-1 and 1-n / n-1 mappings might help me visualise this better. Assuming you have overlaps between the sets of digital IDs defined per persona, and you may want specific slices of available roles covered by different legal entities – not certain having legal entities as an umbrella over all else is quite right?