A few months ago I was filling out some forms for my children’s school. It’s a long and tedious process and I had a lot of time to think. I hate filling out forms. I really hate it. My great preference would be to have someone else do it. One of the advantages of having a wife was that she would usually fill out school forms. For many years now it’s been just me and my kids. And I really hate it filling out those damn forms.
My kids have some severe food allergies, asthma, and assorted other industrial diseases (as Mark Knopfler would say). Their school requires one form for each medication with name, address, dosage, and contact information for allergist, pediatrician, parent, and backup responsible adult. There are consent forms each for the doctor and the parent, per medication. Then there is a separate consent form for each child to give to the bus company for field trips — with name, address, medications, emergency and doctor contact information. With all the permutations, I filled out more than 20 pages, mostly redundant.
So what does all this whining have to do with online identity information?
It’s a rather long, round about answer, but I’ll get there…
I found that, as I filled out the forms, I wanted to introduce variations. For example, refer to a child by their nickname here, full name there. Say “Dr J. Jones” on this form and “Allergist Jack Jones” on that form. It broke up the boredom and allowed me a pathetically small vent for my displeasure. Of course, planning to go buy a cool all-in-one printer and copy machine would have been better, but that’s another issue.
I started to think about how I could encode information in the forms and yet still give accurate information. It’s like making up email addresses when registering for something online. I do this and I know many other folks do too. I have some domain names that I own that are configured so that any email address in that domain dumps into a single account, like firstname.lastname@example.org. So when I register for something at XYZ company, I can use an email address that encodes where I registered. I make up an email address like email@example.com. If I suddenly start getting spam addressed to xyz-registration, I know that XYZ company did not handle my registration information properly. I have, in a sense, modulated my identity information so that, while it still works for it’s intended purpose, I can also identify the initial recipient.
Maybe we could automate this technique with online identity information.
Many user centric identity systems deal with personas. I was recently playing with my openid account and saw that it supports personas to group attributes and selectively give out identity information. But I wonder if we could also encode extra information in the attributes associated with each persona when that information is given out, so that, if I see information about me used inappropriately, I might determine the source. Like my spam source detector system, I do not think of it as a rigorous system, just something that might be useful on occasion.
I think implementing such a system would be preferable to filling out forms. I hate forms.