Who vs. Where

I recently wrote a blog – The Power of Location – about Quova (one of the companies I work with) and the idea of “place” on the Internet.  In response, Dimitar Vesselinov (who has a great blog) dropped a couple of comments to the post. My sense is that not everyone pays attention to the comments section of blogs, so I thought I’d post the links he suggests here. I also want to be sure I’m clear on the differences between digital identity (the subject of Dimitar’s comments) and geolocation (the subject of my post) as well as how the two ideas overlap.

First the comments. Below are some sites that Dimitar sent over for those interested in learning more about digital identity:

Schneier on Security

The Identity Corner

Identity Woman

Kim Cameron’s Identity Weblog

Presentations & Audio :: Digital ID World 2004 Conference

I’ve seen a couple of these sites in my travels on the Internet and checked the rest out after he sent along the comment – there’s good information here that’s worth checking out. The notion of digital identity, which seemed to lurk in the shadows for the past few years, is really starting to take off – especially now that the ever-feared Microsoft has given up on Passport (I don’t think I know anyone who actually used this service for anything close to what Microsoft intended; signing up for messenger or MSN through passport doesn’t count).

There’s clearly overlap with the world of geolocation – particularly in the realm of security and authentication (just as your digital id can be used to confirm that you are who you say you are, so can geolocation data be used to support your claim of who you are). There are important differences, however and the markets really aren’t heading in the same direction. Who you are is different from where you are. While its important at times to know who is involved in a transaction, its often just important (or more important) to know where they are (for example in validating taxes in an on-line transaction – in the off-line analogy, I don’t get charged Boulder taxes when I buy something in San Francisco just because I’m from Boulder – where I am is more important in that case than who I am).

Also, digital id is great for people who want other people to know who they are, but only works when they are part of the equation. Put it another way, digital id is for the most part an active technology – you (or your administrator) needs to actively participate in creating your digital identity. Very useful if for when you are trying to validate on a network or manage access to an array of applications. Its not useful at all if the user wants to remain anonymous or for whatever reason doesn’t want to participate in actively identifying who they are. Geolocation is passive – it doesn’t involve cookies or user defined parameters, just a look-up on an IP address. And while you can run your address through an anonomyzer service to mask your address, you ultimately have an IP address assigned to you (which may mean that a service like Quova can only tell that you are trying to hide where you are vs. telling where you are). This makes the potential universe of traceable events much higher – since every transaction on the Internet involves an IP address (even if its attempted to be masked or anonomyzed in some way) but clearly there will be only a small subset of events that involve digital id (and they will be easier to mask). I imagine that Damitar gets all this, however I wanted to add some context with which to look at the two markets.