An identity must have a data owner, with that owner having full control of what attributes it discloses to other services, with an explicit ability to revoke previously disclosed attribute data, whilst also knowing which systems currently hold identity data
A data owner occurs in computer science, to provide a definitive decision maker and sometimes legal rights owner, with respect to a piece of data within an ecosystem. The data owner can decide who can or can't have access, or perhaps represent the data in a court of law for copyright reasons and more.
The same should be applied to identity data. Whether that is focused just on immediate personal identity data such as a date of birth, social security number or biometric profiling, right through to extended data such as laptop make, model and location, social media connections and IP address.
That data requires an owner, in order to provide a termination point with respect to access requests, approvals and rejections. The owner should also have the ultimate say on data revocation and should have the ability to know which providers contain their identity data at any given time.
© Copyright 2016. All Rights Reserved.
8901 Marmora Road,
Glasgow, D04 89GR