Resolving the issues of data storage and security when implementing life management platforms, Credit: Free-Photos The concept of some component (usually software) that manages your personal data is not new. The idea is often associated with Doc Searls, who developed ProjectVRM, which advocates that customers take control of their data in the form of “Vendor Relationship Management” tools.In my dealings in the consumer IAM space, I’ve become increasingly aware that digital identity and its applications, needs to be opened up – to do “jobs.” That is, the identity that says, I am who I say I am is more of a conduit to transfer data between me and some entity I want something from, than a statement of my digital self. Our digital lives are now so much more than using login credentials; equating Facebook with a digital identity now seems naive. Instead, services that allow us to perform dynamic identity-based transactions are setting the stage for a new era in personal data.Doc Searls has been pushing this concept for many years, but I believe that the time is now because of improvements in technologies such as storage and security.Data doing jobsThe platforms that provide the mechanisms for data management and transactions are often called Life Management Platforms or sometimes Personal Data Stores – personally, I prefer Personal Data Transaction Tools (PDTT). These tools have the ability to build services that can create lasting relationships between the customer (identity data owner) and any service that taps into the platform. Transactions that are traditionally done offline, and that consequently take time to enact, can be done online. Some examples of the use of such platforms include: Online processes, such as applications for passports, driver’s licenses, etc. A customer could use their verified identity and use the data associated with that identity to go through an online application process. The process would allow the user to share relevant data, photos, and so on to complete the process.Relationship building and product offerings. The tools can create a two-way traffic between the customer and services. Companies can offer products to users in exchange for information. For example, a banking product could be made available to a customer if they can show they earn over $$ amount per year.Attribute enrichment can be handled using these platforms, building up user profiles, over time, improving their status and ability to perform online transactions that require higher levels of proof.The issues and the resolutionsThe hosting and management of these platforms is one area that needs to have thought and discussion applied. There is a massive amount of potential in utilizing these systems, but how they are used effectively and optimally requires the resolution of certain issues, namely:The costsThese platforms/services are for mass-adoption by consumers. And, big platforms need big storage. Although there is not a prerequisite to actually store data, you could call the data during a transfer, or use a blockchain registration – generally, there has to be a facility to do so. For example, such a platform may store basic attributes, like name, address, etc. But an advanced version, that handles more complex services, is likely to need to store images of passport photos, degree certificates, and so on. This creates a cost hurdle. Advances in storage solutions are lowering this hurdle but you have to balance this with availability and reliability of the storage choice. And, there are a lot of choices in storage now; storage options from Amazon and Azure, for example, can be daunting, so careful attention to design details is needed. The crucial thing to set out before even looking at which storage option to pick, is to understand what types of data you will be storing and what options there are in reducing the overhead of these data – can you call some data on-the-fly as needed? Without understanding your data needs you cannot do a return on investment analysis. Privacy and GDPRCollecting, storing, and sharing personal data, means lots of compliance headaches. Folks are still reeling from the impact of GDPR and now we hear murmurings from other places, such as California which is looking to bring the “California Consumer Privacy Act of 2018” into force later this year. A platform or app which is specifically designed to share personal data has to tick the privacy boxes in a most emphatic way. This means that such tools have to bake privacy right in from the design stage through to execution. The GDPR has the concept of “Privacy by Design and Default” as an underlying ethos. Building this ideology around personal data transactions is helped by ensuring you have incorporated consent models. The Kantara Initiative has been working on “Consent Receipts” for use in such scenarios. Also, look at methods that allow you to minimally disclose data when sharing with services.The securityUltimately, any service that manages a person’s personal data is like a golden carrot to a cybercriminal, so you need to apply robust security. Building on the work to determine what type of data you need to collect/store will help in minimizing data storage needs. This, in turn, reduces the security overhead in data storage security and encryption. Other considerations include API security, open source security, and credential options which are vital to harden. However, getting the balance between effective authentication and usability across a wide-demographic is not easy.The next evolution of Identity and Access Management (IAM) is data sharing. This move will breathe new life into our personal data and make it work for its living, doing jobs for us online, and building relationships with services. We must cross a number of hurdles in terms of return on investment, security, and privacy to prepare for this new world order. We also need to build new business models that can make these personal data transaction platforms central to a larger network of services. If we get this right, we will open up a multitude of services that can benefit from the streamlining and efficiency that sharing personal data online offers. Related content feature 4 authentication use cases: Which protocol to use? Choosing the wrong authentication protocol could undermine security and limit future expansion. These are the recommended protocols for common use cases. By Susan Morrow Dec 05, 2019 6 mins Authentication Identity Management Solutions Security opinion Deepfakes and synthetic identity: More reasons to worry about identity theft How can we maintain control over digital identity In a world where it is being blurred and abused by fraudsters? By Susan Morrow Oct 02, 2019 6 mins Authentication Fraud Identity Management Solutions opinion Is the digital identity layer missing or just misplaced? The orchestration of existing services and data could provide a digital identity layer that gives the internet a common way to handle identity for all consumers. By Susan Morrow Jun 28, 2019 6 mins Authentication Identity Management Solutions Security opinion Can the re-use of identity data be a silver bullet for industry? The ability to re-use identity data for individuals across different systems would greatly simplify authentication. Here's what it would take to make it happen. By Susan Morrow May 24, 2019 6 mins Authentication Identity Management Solutions Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe