One of the issues (it seems) around identity is that there is a lack of highly trusted digital identity sources. Do I trust a (fairly anonymous) Yahoo ID or don’t I?
I would like to argue that if we had a reliable way of transfering real-world identity claims (like e.g. a Passport, a credit card, or a driver’s license) to the digital world, the trust in these identity sources would be fairly high. So the problem gets down to the point of transfering the real-world identity to the virtual world – with user consent. The technologies are pretty much all available: for example, a driver’s license authority could easily offer a web site that allows to generate a digital token (like a cert or a SAML assertion) based on information that is typically associated with the real-world token which would include the name, address, license number and SSN. The same place could also be used to revoke a particular token.
What would this do for the digital identity landscape? We would get a number of highly trusted “dTokens” that could easily be used for the same type of transactions that the corresponding real-world tokens are typically used for: dPassports (digital Passports) for aquiring Visas, dCreditCards for purchases and dDriversLicenses for age verification. With a user centric store for these dTokens, the users would be empowered to perform the same things in their digital life that tehy are accustomed to in the real world.