Luke Razzell and Nic BrisbourneThe story so far
This post is the second in a series that explores the strategic relevance of identity for startups (a full introduction to the series, and a link index of the posts, is here
In our previous post
, we identified a key challenge for any startup: to help users to personalise their experience according to their unique identity. We then looked at how while networked services are great at helping us to transcend the limitations of physical space and even time, they are not yet very good at helping us to integrate
the diverse aspects of our networked presence (identity)—let alone doing so without jeopardising our privacy
. And so long as these challenges of presence integration and privacy remain for networked services, we asserted that startups will struggle to deliver excellently personalised user experiences.
Exploring what a networked service ecosystem that did
enable true personalisation—a notional "Identity Web"—might look like, we came up with four key requirements:1) The Identity Web must allow us to integrate the various aspects of our presence
(rather than forcing us to re-make our presence anew for each service we use).2) The Identity Web must allow us to segment others' view of our presence
(although relaxing attitudes towards privacy may erode this requirement for some or many contexts and demographics).3) The Identity Web must support diverse, mutually-independent services
if it is to offer true choice and privacy-enablement (benefits that cannot be provided by a mere handful of megabrands).4) The user themselves must be the only unifying node in their presence network within the Identity Web
(no-one else should be able to put together all the pieces of information about that user).
Finally, we identified a potential benefit of the Identity Web for individuals and services that mediate their online experience:The individual should be able to monetise
(directly, or indirectly through discounted/free services) the value of their identity
by selling access to their identity information.
Where there's a successful startup, there's a great service and a successful business model: so just what might the business and service models that drive the evolution of an Identity Web look like?Piecing the Identity Web jigsaw
We want to acknowledge at this point that thousands of businesses are of course already delivering incredible and diverse innovations in service personalisation. Hats off to them! However, such innovations—while often highly valuable in their own right—are mostly confined to tactical, rather than strategic aspects of the identity problem space: a bilateral personal information sharing arrangement with a third-party service here; a useful topic-specific, personalised recommendation feature there; a special offer for sharing your opinions with marketers over there.
The big identity picture remains fragmented, like a partially pieced-together jigsaw.
Meanwhile, the big identity "walled gardens"—Google, Yahoo!, Facebook et al—continue their inexorable rise. One of the keys to success of these mega-networks is the way they tie each user into their suite of services (and partner services, in the case of Facebook) by integrating the presence of that user across those services (with a single login). These
jigsaws are much better pieced together—but at the cost of users not being able to choose their own pieces, or indeed shield the big identity picture they create within the service from the view of the service itself.
Unless startups can find ways to create a commercially-viable, distributed identity ecosystem—an Identity Web—to compete with and complement the big network's identity lock-in power plays, there seems to be real potential for innovation around identity to become stifled, thereby eroding both choice and privacy for the end user.
There is everything to play for!
Yet without a good map of the identity jungle with which to plan their route, startups are having to hack their way through its dense undergrowth.
So let's make a start towards plotting such a map by taking a look at the business and technological drivers, blockers and unknowns for two service types that seem likely to underpin the Identity Web (and can already be seen embodied in embryo in diverse web services): identity aggregation
and identity federation
In the remainder of this post, we will explore the identity aggregation service type.Identity aggregation—"lifestream" services
Identity aggregation or "lifestream" services help people to gather personal and personalised information from multiple sources. These services enable their users to integrate various pieces of their online presence into a more coherent whole—with a number of potential benefits detailed below.
So what are the business and technology drivers, blockers and unknowns for startups with regards to the identity aggregation service model?Business drivers+
Identity aggregation services allow users to re-aggregate the value of all their diverse fragments of presence, either for their own insight (e.g. Garlik
, which helps individuals track what information about them is "out there") and/or for showcasing them to their community/audience in order to enhance their personal brand (e.g. Wink
, which publishes aggregated information about individuals' presence across multiple services).+
Identity aggregation services also could enable users to personalise services via standardised preferences modules. This is the capability that Facebook is building with regards to third-party service integration into users' Facebook profiles (via Facebook Platform
Identity aggregation services can leverage the value to marketers of their users' attention, selling attention information with users' permission, and possibly directly sharing that value with their users (in real or virtual currency).+
Identity aggregation services have the potential to turn the advertising model on its head by enabling users to opt in to personalised offers, which they would be incentivised to do either by improved personalisation over push adverts, and/or by being paid.+
Startups may be able to be more transparent about revenue sharing arrangements with users than incumbents (c.f. Google's opacity around AdSense royalties), thereby gaining user trust. Furthermore, startups can avoid the conflicts of interest around revenue sharing transparency that established companies with legacy business relationships can suffer from.+
Startups within a distributed Identity Web may be in a better position to monetise users' presence information across a broad range of partner services than incumbents, who's identity lock-in approach effectively limits them to monetising their own properties (because they cannot track users' presence information beyond those properties).+
In the medium term, it seems likely that major advertisers will continue to target fairly broad demographics with their branding messages, so a critical volume of users will still be necessary for advertising platforms (witness the success of Google Ads, targeted across the entire web). Therefore, media properties, with their limited subscriber numbers, are likely to struggle to leverage their users' presence data (e.g. clickstreams) effectively on their own. ISPs may well be in a stronger position to leverage presence data, partnering with ad networks to offer personalised ad services to e.g. media properties. Facilitating this process would seem to represent an interesting opportunity for startups—an opportunity toturn the current ad model (and maybe the whole internet model!) on its head. In this scenario, instead of sites selling space on their pages, the control goes back to the owner
of the data “pipes”.Business blockers-
The GYM club (Google, Yahoo and Microsoft) and social network (MySpace, Facebook, Bebo) incumbents are busy building and/or acquiring their own identity aggregation capabilities—and it is not in their interests to share control of their users' presence information!-
Social networks and start page services (Netvibes etc.) can enable their users to integrate 3rd party services into their profiles (via widgets, Facebook Platform etc.), thereby potentially neutralising the competitive threat of a distributed identity ecosystem (on the other hand, this opportunity for exposure on the large networks does
give startups a platform upon which to grow their user base).-
The large networks have the potential to enable users to segment their presence (in the context of a single account and login) into various personae, each with their own page. In fact, Netvibes is already doing this, effectively, with its Tabs, which can each be publicly shared independently of one another.-
Large networks, with ownership of or advantageous relationships with ad networks, are in a stronger position than small startups to monetise value of user's identity information to marketers.-
Micropayments to and discounts for users for divulging their personal information to marketers seem unlikely to take off in a big way as a business model in its own right
: established services such as Pigsback
and Greasy Palm
have only seen relatively modest growth. It seems more likely that successful business models in this area will integrate cash incentives for personal information disclosure into a more rounded value proposition that includes personalised services and information provision that are useful in themselves.Business unknowns?
No-one really knows how the issue of privacy will play out across diverse online demographics. Will people come to accept it is unviable to stop others viewing "their" information? Or will they demand ways of protecting it? Or will both the above be true, but in differing contexts? The answers to these questions may play a large role in determining the true potential of the information aggregation market.?
Could a few high-profile abuses of users' trust (such as the debacle over AOL's inadvertant exposure of its users' search history data last year) set back the identity aggregation service market significantly?Technology drivers+
The maturation of mobile web technologies will open up the "location" dimension of personal identity for innovation in identity aggregation services (although, given the lock-in on handset-generated location information that mobile network providers enjoy, startup business models in this area are unclear).+
Widget platforms (Netvibes, Spring Widgets
etc.) and distribution ecosystem (Netvibes, Snipperoo
, Facebook etc.) are beginning to provide a springboard for startup identity aggregation services.+ OpenID
looks set to enable a distributed jigsaw approach to user authentication management across the web if
adoption by services and then (more importantly) users reaches a critical mass.+ Microformats
are beginning to enable a degree of automated rich-content discovery and exchange across services.+ APML
(Attention Profiling Mark-up Language) promises to enable the automated exchange between services of various kinds of personal attention data (information about what someone pays attention to—in other words, their implicit
publishing protocol has become established as a standard "wrapper" for rich content exchange;+ Windows Cardspace
looks set to provide desktop-based secure assertion management in forthcoming versions of Windows Vista, providing a degree of protection against identity phishing (a topic whose in-depth coverage is beyond the scope of this post—look out for a future post in this post series on the subject of identity assurance!).Technology blockers- People don't think or communicate according to "data standards"!
We humans understand the meaning of information in a hugely complex and semantically and socially contextualised way—not according to a patchwork of standard, fragmented data types.
In this light, the standards-dependency of both Microformat and API-based data exchange (not to mention SOAP
Web Services, the RDF
-based Semantic Web
and a host of other standards-dependent data exchange technolgies and data models, many of which have quietly fallen by the wayside over the years) appears to be a severely limiting factor for their potential applicability for the distributed exchange of rich and complex personal and personalised information.
It seems likely that we will have to evolve semantic, distributed data exchange technologies that reflect our innate, human ways of understanding and communicating information if we are to evolve an effective Identity Web. Yet progress in this area is at a very early stage—the data integration problem remains a massive and largely intractable one.Technology unknowns
Ease of use questions over OpenID:?
How easy is it for anyone with a less-than-unique name or pseudonym to find a memorable, simple and appropriate personal URL? This issue alone may prove to be something of a stumbling block for OpenID in the mass market of non-geeks.?
Even if they can
find an appropriate URL, it is currently far from easy for a non-geek to navigate the domain registration and hosting process. Will ISPs begin to be much more proactive in assisting their users to do this kind of thing in a pain-free way??
Will the open-source aspects of Cardspace get implemented on the other major operating systems (Mac OS X and Linux), thereby creating a consistent cross-platform user experience for handling identity assertions?A final question?
And finally, perhaps the most important question of all, and one that is relevant to both technological and business aspects of the problem space: will identity aggregation services in general become easy and useful enough to garner mass adoption, and if so, when? Clearly, execution is key here—many innovations at the user experience level will be necessary to get us to the point of having truly compelling and accessible identity aggregation services.Conclusion
There are massive opportunities, sobering challenges and unknown factors, at both business and technological levels for startups who venture into the world of personal identity aggregation. After all, there has been a widespread recognition of the potential value of the market for personal identity aggregation services in the tech business world for some time now—and many, many more companies than we have space to mention above are striving to seize a share of that market.
But we are not yet finished with our survey of the problem space: identity aggregation only represents one side of a coin whose flip side turns out to be identity federation
. In our next post, we will look at the opportunities, threats and unknowns for this service model—a model that represents the natural complement to that of identity aggregation.