Centralized Identity Systems
Identity systems provide organizations with tools to manage relationships with individuals. The identity tools for a single organization are well known and work well. These identity systems are centralized around organizations. A way to provide identity management across organizations is to extend the scope of an identity. This means taking an existing identity service and making it usable across organizations.
This approach takes many forms. Some names are federated identity, single signon, an identity trust framework, user managed access, personal clouds, and openid.
The approach has proven to be problematic, difficult and expensive to deploy.
Why it is hard to integrate identity
A single identity across organizations means organizations have to cooperate. Organizations have difficulty cooperating on identity because relationships are central to organizations. Organizations exist to allow individuals to cooperate to achieve tasks. An organization becomes the sum of its relationships with individuals. By using the same identity the relationships across organizations become one. This means combining identities leads to combining organizations. Combining organizations is difficult. It takes effort and the end result is normally one organization absorbs the other. Until this happens both organizations become less effective and costs increase. After it happens economies of scale become less pronounced.
Economies of scale is the justification for combining organizations because it combines functions. Providing common functions across organizations is the justification for centralization of services.
Economies of scale do exist; and they exist around specific functions. Generally the production of any goods or service shows the experience curve effect. Each time cumulative volume doubles, costs fall by a constant percentage. The experience curve effect is a learning effect over time. It is does not come from combining existing services.
Combining two organizations does not combine the two learning effects for a given service. Rather it is the opposite. The two organizations have to learn to work together. The cost of combining the output through integration is considerable. Once completed the rate of productivity improvement through learning drops. This happens because the starting volume is greater.
Centralizing services has the same effect. Instead of reducing costs it increases costs. This happens because the centralized service creates a new service. This new service has to integrate with or replace existing services. It now costs extra to do the same task. The rate of future improvement through learning drops because of the greater starting volume.
An alternative is to keep existing decentralized services and encourage the experience curve effect. This happens by giving existing services a way of incorporating learning from other services.
Decentralized identity Services
There is an alternative to a centralized identity system. This is to keep existing decentralized identity systems intact and unchanged and reuse the best parts of existing services. An identity service consists of many micro services. We can make the micro services in one organization available to other organizations. We do this by allowing an individual to access a micro service no matter where it resides.
Improvements and learning happens through the increase in volume of service use. Superior micro services will gain volume and increase their superiority.
For example one organization introduces voice verification. They make it available to individuals as a second factor for a given application through a micro service. The same individual can now use voice verification with all participating organizations. It does not matter what organization requires the application nor what organization hosts the service. From the point of view of the individual it appears the same. The best voice verification service of participating organizations will get increased volume and the learning curve effect improves the service.
The most common example of a shared micro service is data capture. Organizations capture data about a person. Capturing data is a micro service. It is now available to any approved application. It becomes available to any other organization through the same application. This applies to all data, to all applications and to all organizations. This removes the need for an individual to provide data many times. This eliminates costs and makes systems consistent and easy to use.
Existing identity systems consist of many identity micro services. By making them available to an individual allows consistent services to an individual. This reduces costs to the individual. It reduces the cost to organizations because they can use other organization's micro services. It increases the value of the best micro services because the learning effect lowers cost.
Making micro services available requires no change to existing decentralised identity systems. It achieves the goals of centralizing services without the costs of centralization.