A persona can be defined as a social role, a mask that a person presents to the world. In a federated identity environment should a person be allowed to have multiple personas or just one?
Steve the Christian. Steve the son. Steve the brother. Steve the husband. Steve the father. Steve the Software Architect. Steve the martial artist. Steve the missionary. In the real world we have many different facets, personae if you will.
I've been doing a lot of thinking about identity issues for the last eight years. I found myself with a personal identity crisis when I first got involved in the social Web, e.g., Facebook, Twitter, etc. Which persona should I put forward in these different venues? For the last eight months I've been working on the development of a federation to support federated identity across a large number of organizations. As part of this effort I have been reflecting more closely on issues of persona, both in the real and digital worlds.
We all have various relationships, affiliations, affinities, interests, skills, credentials, preferences and other bits of information attached to us. All of these attributes combine to make us unique in the world. The fact is, no other person can authentically claim to have exactly the same complete set of identity attributes as anyone else. And yet, with all these attributes, we are constantly controlling the release of them. In each venue that we operate a certain set of attributes naturally get exposed, some get explicitly exposed, while others are suppressed either by default or purposefully.
Someone once told me that PR is the discipline of limiting the details that get shared about an institution and/or situation according to a set of values for the purpose of giving an impression that is favorable to the one managing the PR. PR is like a specially crafted filter. I guess in some sense we could say that we are all PR people when it comes to sharing information about ourselves. Some people have a very developed PR sense, some don't. There are some venues where we want to fit in, some where we want to stand out, and some where we want to disappear.
Clark Kent or Superman
When I go into the Karate dojo the people in the dojo will notice certain things about me through simple observation. They'll notice that I'm a certain height and weight. They'll notice that while I still have a lot to learn, I'm not a newbie. If they watch long enough they'll notice some things about my personality. When they talk with me or hear me speak they would learn some more about me. But there are an lot of things they would not know about me if the dojo is the only place they'd interacted with me. I suppose if all they had ever known of me was what they saw in the dojo they might be in for a surprise if they suddenly found themselves sitting across from me in a technical meeting. I would hope they would find their new experience on me in a new venue to be congruent with their past experience. But it's not an uncommon thing to be surprised when we witness someone in a new light.
I remember bumping into a dojo buddy with his wife in a local store. He seemed so different; almost like a different, but somehow familiar, person. Then it hit me, I had only ever seen him at the dojo, wearing a bandana and a Karate gi. This was the first time I saw him in street clothes, with glasses, and gray hair. It was the first time I realized that Clark Kent's seemingly simple disguise could actually work.
One or Many?
The reality is that no matter how transparent I want to be there is no way practical way to present a single view, one persona, of Steve in all venues. Nor do I think I'd want to. In life, just like digital life, we want a choice. We want to be able to control the flow of information about us. We like the ability to share information as long as we can limit it if we choose.
In the digital world we have an opportunity to be even more deliberate about the release of identity attributes. Whether it's our Facebook profiles, Twitter profiles, or even our e-mail signatures, we have opportunities to provide information that reveals things about us. The question that I've been grappling with whether people in a federation should be allowed to have multiple personae. Expressed another way: should multiple identity providers be allowed to provide identity services for the same person? Should a person have a choice of identity provider if they have bona fide credentials at more than one identity provider. Quite frankly, there is no practical way to prevent this situation. The only thing that can be done is to educate the user community. Tell them they have a choice and give them help in making the choice.