Offline-Online Information Brokers

As Jamie Lewis writes in his excellent posts on Trust, distributed reputation mechanisms are surely going to be indispensable elements of an effective identity net. It seems to me that the possibility of people pseudonymously integrating their presence across identity net services is going to be key in facilitating such mechanisms. Presence integration will allow reputation to inform trust relationships (I make no apology for the "T" word!) between, variously, individuals, communities and services.

With this in mind, and following on from my piece about Authentication through triangulation, I have been giving some more thought to possible requirements for services that seek to provide assurance that a person is a particular and unique human being to third-party, online services without necessarily disclosing that person's name, address, or other offline identifiers.

Such a service must face, Janus-like, into both online and offline worlds simultaneously. In planting a foot solidly in each realm, an Offline-Online Information Broker (or OOIB, as I shall snappily dub such a service) undertakes to serve as a conduit between the two, making it their business (1) to know sufficient information to reliably identify as a unique human being the person about whom and on whose behalf they assert information* and (2) selectively to disclose that information, according to the wishes of the person, to third-party online services.

In fact, mobile phone networks already provide users with a protean OOIB service, issuing them with a SIM card that gives them access to a unique, and anonymous phone number, and verifying those users' physical identity by requiring the presentation of physicalised identity tokens such as utility bills or a bank card.

So what barriers to the creation of a distributed reputation network might remain? Well, there does remain at least one fly in our reputation ointment: the possibility of identity net services taking advantage of the integration between users' identity net service accounts illicitly to share those users' information without their permission. And this would seem to point to a need for an assertion trail within the identity net. In another post, I shall explore what that might entail both technically and, perhaps more crucially, in legal terms.

*Clearly, the judgement of information being sufficient or not to identify a person as unique is a subjective judgement.

[UPDATE (May 8): revised the first paragraph to make "mechanism" plural.]