Andre Durand:
While identity is indeed a complex and multi-faceted topic, I’ve come to appreciate one simple concept:

The right identity system will accomodate the needs of all participants.

As I contemplate the landscape of existing and potentially new identity-based applications, it appears to me that not all identities were created equal. There are in fact at least three different types of identities, each having different attributes and each likely to experience different adoption characteristics and market longevity.

For simplicity sake, think of these identities as falling into one of three tiers:

Tier 1: Personal Identity – T1 identities are both timeless & unconditional. They are your true personal digital identity and are owned and controlled entirely by you, for your sole benefit. T1 identities exist for people as well as for devices & programs, with the exception that a device or program T1 operates in AGENT mode only, meaning, it is controlled entirely by another Personal T1.

Tier 2: Corporate Identity – A T2 identity is both conditional & temporary in its issuance to you. We typically denote these identities as being assigned or issued to us, and they typically refer to us in the context of a business relationship. For example, nearly every ‘identity’ we have with a business is a T2 identity, our job title is a T2, our cell phone is a T2, our United Mileage Plus is a T2, our social security is a T2. T2’s comprise the bulk of our digital identities today.

Tier 3: Marketing Identity – A T3 identity is a marketing or abstracted identity. T3 identities speak to the way in which companies aggregate us into different marketing buckets for the purposes of advertising or communicating with us. For example, we’re either a ‘frequent buyer’ or a ‘one time customer’ etc. etc. T3’s are typically based upon our demographics or our behavior in our interactions with business. The entire CRM market caters to T3 identities.

Relationships between the Three Tiers of Identities

T2 and T3 identities constitute the bulk of today’s identity marketplace. The entire directory server industry (LDAP, Active Directory, NDS) today caters to the concept of ‘issuing’ or ‘assigning’ a T2 or T3 identity to employees and customers, controlled by the IT department of a company. The bulk of today’s “ID Management” industry is focused on aggregating (or placing an umbrella over) existing dispersed directory systems, unifying and centralizing the management of identies into centralized and unified management and administration interfaces. Consider this ‘back-office’ integration of identity within a corporation.

On the other hand, the concept of a T1 identity is not centered on a corporation or a relationship between an individual and a business, but instead focuses entirely and unconditionally on the individual. T1 identities can contain links to or copies of T2 identities, as permitted. Conversly, T2 identity infrastructure can and will have links to T1 identity infrastructure, allowing it to pull in real-time information that is T1 information. For example, when T1 ID’s do one day exist, our address and phone numbers will NEVER become outdated in T2 infrastructure, which will simply link to, or query in real-time, when needed, the most current address from the T1 infrastructure.

A T1 identity for devices or programs (web services) is identical in every respect to a T1 for an individual, with the exception that T1’s for devices, as they are always owned by someone, act as Agents for Personal T1’s. For example, my cell phone might have a T1 identity. However, my cell phone is beholden to me, and must do what I tell it to do. As I am the owner of the cell phone (it is my personal property), I have the right and capacity to have it do what I want, therefore, the cell phone acts as an agent to me. We refer to this as a T1-A. If I hand my cell phone to you, and allow you to use it, the cell phone is again acting as an agent for you, in this scenerio, we refer to it as a T1-a, (small a denotes an object acting as an agent to someone other than it’s ‘owner’).

While all three types of identities have their place and all three will one day seemlessly interact with one another, only T1 carries with it the promise of unleashing true network efficiencies by providing end-users with control over their personal information.

More here.