Greg here.

Here's part 2 of the blog about the issues that Glynx is trying to address and our approach to the solutions. This part discusses the issues surrounding online identity management. You can also read part 1 of this story.

The online identity crisis

We started Glynx to address the problem of managing the proliferation of user online communications (and other) identities and, in particular, to return control of electronic identities and communications to subscribers. As Brough Turner describes it

"…The advent of the Internet has enabled many new communications services - email, instant messaging, blogging, social networking - and, so far, each new service comes with its own, new, centrally managed, addressing scheme…[It's] now clear we're moving to rich identities with dozens of context-dependent identifiers per person…"

To date, service providers have taken one of several approaches to managing identity proliferation. The first approach is to ignore it, hoping that their service, being so compelling, will surmount all others and that subscribers will need no other identifier than one of theirs. The second approach is to allocate a new identifier to the subscriber and provide some sort of identity mapping or mediation service - for example to allocate a 'global' telephone number from which calls will be redirected to one or more other numbers. Most implementations of the emergent OpenID standard fall into this category. I'll talk more about our implementation of OpenID later in this article.

Both of these approaches fail to recognise that an individual's identities and communications channels are an expression of self, communicating a 'personal brand'.. On the web and elsewhere people normally have several, sometimes mutually exclusive, personal brands (personas) which they seek to maintain separately. No single identifier suffices as a universal 'personal brand' for all contexts - no matter how compelling the service that is offered along with the identifier. Solutions based on yet-another-identifier simply add to the problem.

While much effort has been spent interconnecting networks, unfortunately the same can't be said for in-network directory services. The ENUM initiative, while laudable, is moving slowly and may never catch up with emerging paradigms due to the inherent conflict it represents to network businesses. The VoIP, Email and IM industries still haven't figured out a way to do a SPAM/SPIT/SPIM-free directory and have only formed uneasy alliances. Most telling though is that, as the marginal cost of carriage drops, service providers are trying to wring value from their directories - and they're not going to willingly share that information with others. A PSTN, mobile, or conventional VoIP carrier directory is not easily going to inform a caller that the B-Party is available on Skype as well as their own network.

And none of these approaches leads to any insight or facility which would enable individuals to manage their sets of context-sensitive identities in a coherent manner.

Identity proliferation or rather, the dearth of any tool with which to manage user identities across multiple usage contexts is currently a topic of much discussion. For example, Tim O'Reilly lamenting the lack of Address Book 2.0, which would address exactly these issues, has even gone so far as to co-chair a conference at which debated these issues. And despite all the talk, conference presentations and protestations to the contrary, no incumbent service provider satisfactorily addresses this complexity.

Our approach to identity management

We recognise that attempts to impose a one-number-per-person paradigm are futile. The real requirement is to allow people or organisations to manage all of their identities in a consistent manner - irrespective of the in-network constraints of associated networks or services.

This can only be done using a directory controlled at the end device - i.e. using peer-to-peer (P2P) technology.

The Glynx platform has a decentralized P2P directory and communications architecture which uses the existing, deterministic IDs of subscribers and employs cryptographic functions to protect the privacy of users. It is opaque to enquirers who do not have a priori knowledge of subscribers' identities or who do not have sufficient credentials to yield a response from queried entries. We call the Glynx directory the Glynx Blackpages (as compared to 'Whitepages' or 'Yellowpages') due to its property of being browsable but non-searchable - meaning that it cannot be harvested for SPAM, SPIT or SPIM.

Any and all of a subscriber's identity information can be used within Glynx - both as lookup keys and as returned values. Glynx does not impose a requirement for additional identity information (such as a Glynx ID). More formally, identity claims within Blackpages are defined with reference to an arbitrarily extensible schema and Glynx uses a plug-in architecture to handle integration of emerging or unforeseen directories and services.

A major goal of the Glynx Blackpages directory is to enable subscribers to maintain sets of identity information that may be disclosed to particular “Audiences”. We call these sets of identities “Personas” and they may contain any information which is relevant to the application under consideration. Of particular interest are those Persona elements which relate to social communication. For example, a subscriber may have a business Persona which contains different identity information to a Friends-and-Family Persona, or a Tennis-Club Persona.

Glynx allows subscribers to maintain their contacts in groups of arbitrary Audiences to which one or more Personas may be disclosed. For example members of a work Audience may receive only a business Persona but members of a family Audience may receive both the  business and a friends-and-family Persona.

The private directory component of the Glynx Blackpages ascertains the Audience to which an enquirer belongs and discloses the correct Persona(s) (if any) to the enquirer. Glynx users typically list themselves in the Glynx Blackpages under many different identities - the identities by which they desire that their various Personas be known.

Once Personas have been exchanged the two parties accept each other's identities with some level of confidence, negotiate a level of trust based on their respective Audiences and are considered to have formed a Glynx relationship. They typically connect whenever they come online and update each other with changed information relevant to the Audience categorisation. Updates can be both of the information which changes infrequently or that which changes frequently or in real time.

Glynx also has a superior implementation of OpenID. The main problem with existing implementations of OpenID is that they are another form of constraint on a user's identity management. Why should web site login credentials be limited to only those of another web site?

Glynx OpenID allows Glynx subscribers to use any verified identity as an OpenID credential. The Glynx OpenID gateway uses the Glynx Blackpages to direct the authorisation check to the subscriber's own Glynx instance. In this way, for example, a Glynx subscriber can be known to one website via their Skype ID, and to another via an email-address. This is a natural use of existing identities for identification into new contexts.

Glynx and a new age of identity management

We see a user's chosen identities and communications channels as an expression of self - i.e. communicating a user's 'personal brand'. We are confident that Glynx, being the first and only P2P directory platform, and which is independent of networks and services, will bring about a paradigm shift in identity management and unleash innovation. We too are excited about bringing about a revolution in online identity management.

 To go to the next instalment click here.