Towards the end of 2019, I was invited to deliver a keynote at the OpenID Foundation Summit in Japan. At a very personal level, the January 2020 Summit was an opportunity to spend time with dear friends from around the world. It would be the last time I saw Kim Cameron in person. It would include a dinner with the late Vittorio Bertocci. And it was my last “big” trip before the COVID lock down.
At the Summit, I was asked to talk about the “Future of Identity.” It was a bit of a daunting topic since I am no real futurist and haven’t been an industry analyst for a long time. So I set about writing what I thought the next 10 years would look like from the view of a practitioner. You can read what I wrote as well as see a version of me presenting this.
A concept I put forward in that talk was one of “counselors”: software agents that act on one’s behalf to make introductions of the individual to a service and vice versa, perform recognition of these services and associated credentials, and prevent or at least inhibit risky behavior, such as dodgy data sharing. I provide an overview of these concepts in my Future of Identity talk at approximately minute 20.
Why even talk about counselors
That’s a reasonable question. I have noticed that there is a tendency in the digital identity space (and I am sure in others too) to marvel at problems. Too many pages spent talking about how something is a fantastically hard problem to solve and why we must do so… with scant pages of follow up on how we do so. Additionally, there’s another tendency to marvel at very technical products and services that “solve the problem.” Except they don’t. They solve a part of the problem or they are one of many tools needed to solve the problem. The challenges of digital identity management are legion and they manifest themselves in different ways to different industry sectors in different geographies. One can argue that while we have used magnificent tools to solve account management problems, we really haven’t begun to solve identity management ones. Counselors are a way to both humanize online interactions and make meaningful (as in meaningful and valuable to the individual) progress on solving the challenges of digital identity management.
Counselors in the Modern Era
Sitting through the sessions at Authenticate 2023, and being surrounded by a ton of super smart people, I realized that the tools to make counselors real are very much within our grasp. Among these tools, 4 are the keys to success:
- Interface layer powered by generative AI and LLMs
- Bilateral recognition tokens powered by passkeys
- Potentially verifiable data powered by Verified Credentials
- Safe browsing hints
Interface layer powered by generative AI and LLMs
At their core, counselors are active clients that run on a person’s device. Today we can think of these akin to personal digital assistants, password managers, and digital wallets. What is missing is a user interface layer that is more than a Teddy Ruxpin clone that only knows a few key phrases and actions accompanied by zero contextual awareness. What is needed is a meaningful conversational interface that is contextually aware. Generative AI and large language models (LLMs) are showing promise that they can power that layer. And these models are now running on form factors that could easily be mobile, wearable, and eventually implantable. This would enable the counselor to understand requests such as “Find me the best price for 2 premium economy seats to Tokyo for these dates in January” and “know” that I’ll be flying out of D.C. and am a Star Alliance flier.
Recognition tokens powered by passkeys
We have got to get out of the authentication business. It fails dramatically and spectacularly and seemingly on a daily basis. We have to move to the business of enabling service providers and consumers to recognise each other. Both the original talk and my more recent Ceremonies talk speak to this need. A crucial puzzle piece for recognition is the use of cryptography. Right now the easiest way a normal human being can use cryptography to “prove” who they are is WebAuthn and, more generally, passkeys. Armed with passkeys, a counselor can ensure that a service recognizes the person and that the counselor recognizes the service. To be clear, today, passkeys and the ceremonies and experiences surrounding them are in the early stages of global adoption… but it is amazing to see the progress that happened in the prior year and it bodes well for the future.
One thing to note is that passkeys as they work today provide a form of cryptographic proof that the thing interacting with a service is the same one you saw the day before, and notional there is the same human associated with the thing. There is no real reason why, in theory, this couldn’t be flipped around such that the service has to provide a form of cryptographic proof that the service is the same one with which the thing interacted the day before. A counselor could broker these kinds of flows to ensure that the service recognizes the person that the counselor is working on behalf of and the counselor can recognize the service.
Potentially verifiable data powered by verifiable credentials
One thing a counselor needs to do is to share data, on behalf of the individual, with a service. This data could be credit card information, home address, passport number, etc. Some of the data they would need to share are pieces of information about the individual from 3rd party authorities such as a local department of motor vehicles or employer. Ideally, the service would like a means to verify such information, and the individual, in some cases, would like the issuer of the information not to know where the information is shared. Here verified credentials (VCs) could play a role. Additionally, the service may want information about an individual that the individual provides and acts as the authority/issuer. Here too verified credentials could play a role. Standardized request and presentation patterns and technologies are crucially important and my hope is the VCs will provide them.
So why include the word “potentially” in the title of this section? There are many scenarios in which the service neither needs nor cares to verify information provided by the individual. Said differently, not every use case is a high assurance use case (nor should it be) and not every use case is rooted in a regulated sector. Hopefully VCs will provide a standardized (or at least standardizable) means for data presentation that can span both use cases that require verification and those that do not. If not, we’ll always have CSV.
Safe interaction hints
While one’s street sense might warn you that walking down that dark alley or getting money from that shifty looking ATM isn’t a good idea, an online version of that same street sense isn’t as easily cultivated. Here we need to turn to outside sources. Signals such as suspect certificates, questionable privacy policies, and known malware drop sites can all be combined to inform the individual everything from “This isn’t the site you actually are looking for” to “I suggest you do not sign up on this service… here are 3 alternatives” to “I’ll generate a one-time credit card number for you here.” One can imagine multiple sources for such hints and services. From browser makers to government entities to privacy-oriented product companies and well beyond. This is where real differentiation and competition can and should occur. And this is where counselors move from being reasonably inert cold storage layers for secrets and data to real valuable tools for an online world.
The missing something: privacy
At this point, I felt like I had identified the critical ingredients for a counselor: interface layer, recognition tokens, potentially verifiable data, and safe browsing hints… and then I mentioned this to Nat Sakimura. Nat has a way of appearing at the critical moment, say 10 words, and disrupt your way of thinking. I joke that he’s from the future here to tell us what not to do in order to avoid catastrophe. And I have been lucky and privileged enough to have Nat appear from time to time.
This time he appeared to tell me that the four things I had identified were insufficient. There was something missing. Having safe browsing hints is not enough… what is missing are clear, processable and actionable statements about privacy and data use. A counselor can “read” these statements from a site or service, interpret them into something understandable for the individual, better informing them on how the service will behave, or at least how it ought to behave. Couple this with things like consent receipts, which the counselor can manage, and the individual has records of what the service provider said they would do and to what the individual agreed to. There is an opportunity here for counselors to focus the individual’s attention on what is material for the individual and learn their preferences, such as knowing the individual will not accept tracking cookies.
From where will these counselors come
One can easily imagine a variety of sources of counselors. The mobile operating system vendors are best-placed to extend their existing so-called smart assistants to become counselors by leveraging their existing abilities to manage passwords, passkeys, debit and credit cards, and along with other forms of credentials. 3rd parties also could build counselors much like we see with digital assistants, password managers, and digital wallets. I expect that there is a marketplace for services, especially safe browsing hints. Here, organizations from government entities to civil society organizations to privacy-oriented product companies could build modules, for lack of a better word, that would be leveraged by the counselor to enhance its value to the individual.
Regardless of where counselors originate, observability and auditability is key. An individual needs a means to examine the actions the automated counselor took and the reasons for the actions. They need a way to revoke past data sharing decisions and consents granted. And they need a means to “fire” their counselor and switch to a new one whilst retaining access, control, and history.
We, as an industry, have been working on identity management for quite some time. But, from some perspectives, we haven’t made progress. Pam Dingle once said something to me to the effect of, “We’ve built a lot of tools but we haven’t solved the problems. We are just at the point where we have the tools we need to do so.” We have solved many of the problems of user account management, but we have yet to solve the problems of identity management to the same extent. The magical future where I can put the supercomputer on my wrist to work in a way that delivers real value and not just interesting insights and alerts feels both disappointingly far away yet tantalizingly within our grasp. I believe that counselors are what is needed to extend our reach to that magical, and very achievable, future.
To do this I believe there are five things required:
- Ubiquitous devices, available to all regardless of geography and socio economic condition, in all manner of form factors, which can run privacy-preserving LLMs and thus the interface layer for counselors
- Maturation of passkey patterns including recovery use cases such that the era of shared secrets can be enshrined in history
- Standardization of request and presentation processes of potentially verifiable data, along with standardized data structures
- Trustable sources of safe interaction signals with known rules and standardized data formats
- Machine-readable and interpretable privacy and data use notices coupled with consent receipts
The tools we need to unlock the magical future are real… or certainly real enough for proof of concept purposes. Combining those five ingredients makes the magical future and much more magical present… and this is the present in which I want to be.
[I am indebted to Andi Hindle for his help with this post. Always have a proper English speaker check your work 😉 — IG 11/15/2023]