Our latest white paper, Consent Is Dead: How Can We Revive User-Powered Permissions?, is yours if you introduce yourself.
Well, that was a cool experience. I trekked to SXSW this year (along with Venn Factory’s Jade Young) for a first-time1 opportunity to speak about a passion topic: why digital identity matters to both humans and businesses. I left with an impression that all of the event participants alike — both geek and nongeek — invested in both marketing rails and privacy protections — care about getting the connected world right.
I first wrote about this opportunity back in January. Since then, I’ve received a lot of interest in what it means to “build a healthy digital humanity.” But figuring out how to address an audience with such a wide range of interests and knowledge took some doing, even though it was tagged as an intermediate-level session. I decided to tackle things head-on…
Throughout the event, I saw participants with the same spirit of innovation on the one hand, and caution about where digital humanity is going on the other, that I was addressing through the lens of identity. Here’s a quick tour of some exhibitors and pitch participants that caught my eye…
In my session I mentioned a number of new-for-me topics, and I’ll share more about them in time. For now, I thought you might be interested in the topics that came up in the session Q&A. It was great to see how wide-ranging they were, and how well they demonstrate the concerns that are out there about where digital humanity is going.
Here’s a recounting, with a few added links…
Identity, like cybersecurity writ large, is full of cryptography, and so it’s susceptible to this risk all the way down to the roots of the technology. Quantum risk is like the “Y2K” challenge, only there’s no specific day when we know it will arrive. That makes it nerve-wracking.
There are standards, most particularly PQC standards from NIST, to help organizations get on a more mature footing. Becoming quantum resilient is a must, if not becoming fully quantum safe right away.
I don’t believe we’re only 3-5 years away, maybe 10 years (here’s a timeline that takes 10 years total). But who wants to take a chance? We’re in the singularity now, so start migrating as soon as you can!
There are pros and cons to doing this work server-side vs. on the edge. At the same time we’re seeing more options for bringing client-side power to the equation, which is good. An interesting organization is Kwaai.ai, which is building an open-source stack for RAG-based personal AI agents designed to empower humans.
A reasonable critique of decentralized identity is that for user experience reasons, often the digital wallet doesn’t live on our phone, it lives on the web — what’s called a custodial wallet. This brings us back to creating honeypots of the IdP sort.
Pernicious re-centralization of the architectural sort will always be with us, as well as insidious re-centralizationwhere business models make it easier to create bottlenecks such as we see in crypto exchanges.
Being able to orchestrate authentication user journeys in a responsive fashion is key to solving such problems. IAM platforms have some good technology for this, and there are point solutions as well. You can A/B test, you can segment your population, you can use different authentication methods suitable for different contexts: don’t use voice in noisy environments, don’t use fingerprint for emergency room surgeons with gloves on, and so on.
For apps with very diverse populations, it’s especially necessary to be adaptive. Biometric innovation is coming along to help in many cases. There may be a trust factor with biometrics, however; many people won’t turn on Face ID due to these concerns.
Thanks to Mike Schwartz of Gluu for hosting an impromptu IAM meetup in his WeWork offices during SXSW, and even doing a pigeon release off the roof! He’s doing his part to keep Austin wonderfully weird. 🤠
Make your impact irresistible with Venn Factory:
1Back in 2015, thanks to an invitation from identity pal Joni Brennan, I participated in a SXSW panel on identity in the Internet of Things. It was sponsored by the IEEE Technology for Humanity initiative — I sense an ongoing theme here!