The other day Lynne called me up and asked a seemingly innocuous question: “how do I share this video?” Ten years ago, the answer would have been easy: copy the URL and send it to them. Now…not so much. In order to answer that question I first had to determine which app she was using. And, since I wasn’t that familiar with it, open it and search through the user interface to find the share button.
One of the features of web browsers that we don’t appreciate as much as we should is the consistent user experience that the browser provides. Tabs, address bars, the back button, reloading and other features are largely the same regardless of which browser you use. There’s a reason why don’t break the back button!
was a common tip for web designers over the years. People depend on the web’s consistent user experience.
Alas, apps have changed all that. Apps freed developers from the strictures of the web. No doubt there’s been some excellent uses of this freedom, but what we’ve lost is consistency in core user experiences. That’s unfortunate.
The web, and the internet for that matter, never had a consistent user experience for authentication. At least not one that caught on. Consequently, the user experience is very fragmented. Even so, Kim Cameron’s Seven Laws of Identity
speaks for consistent user experience in Law 7: Consistent Experience Across Contexts. Kim says:
The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.
Think about logging into various websites and apps throughout your day. You probably do it way too often. But it’s also made much more complex because it’s slightly different everywhere. Different locations and modalities, different rules for passwords, different methods for 2FA, and so on. It’s maddening.
There’s a saying in security: “Don’t roll your own crypto.” I think we need a corollary in identity: “don’t roll your own interface.” But how do we do that? And what should the interface be? One answer is to adopt the user experience people already understand from the physical world: connections and credentials.
Kim Cameron gave us a model back in 2005 when he introduced Information Cards
. Information cards are digital analogs of the credentials we all carry around in the physical world. People understand credentials. Information cards worked on a protocol-mediated identity metasystem so that anyone could use them and write software for them.
Information cards didn’t make it, but the ideas underlying information cards live on in modern self-sovereign identity (SSI) systems. The user experience in SSI springs from the protocol embodied in the identity metasystem
. In an SSI system, people use wallets that manage connections and credentials. They can create relationships with other people, organizations, and things. And they receive credentials from other participants and present those credentials to transfer information about themselves in a trustworthy manner. They don’t see keys, passwords, authentication codes, and other artifacts of the ad hoc identity systems in widespread use today. Rather they use familiar artifacts to interact with others in ways that feel familiar because they are similar to how identity works in the physical world.
This idea feels simple and obvious, but I think that conceals its incredible power. Having a wallet I control where I manage digital relationships and credentials gives me a place to stand in the digital world and operationalize my digital life
. I think of it as digital embodiment. An SSI wallet gives me an interoperable way to connect and interact with others online as me. I can create both rich, long-lived relationships and service short-lived, ephemeral relationships with whatever degree of trustworthy data is appropriate for the relationship and its context.