Full Title or Meme
Making sure that any computer identity experience is designed to be beneficial and cuase no harm.
AKA Human-centric Approach
ContextThe ideas around this subject are available in this paper on Equity by Design.
The objective for this project is not to lecture product team members on what they must do. Rather, we focus here on the role that people and human-centered approaches can play, and hope this report and our subsequent recommendations and observations will add to the conversation on integrating equity into product design. We believe it is critical to incorporate perspectives from people with diverse backgrounds and lived experience, and encourage product teams to think intentionally about how they can rely on these approaches to achieve equitable outcomes. Ultimately, teams should be able to see the influence of human decisions and the power of human-centered solutions. Further, developing technological products and tools with an equity lens also elevates the goal of optimal and safe user experiences across different demographics. Achieving this means building a better product.
Ideas on User-centric Design from Mattr
As end users have often found themselves the casualty of the information systems used by the modern web, there has been little opportunity to allow users to directly manage their data and negotiate what data they wish to withhold or disclose to certain parties. Under the new web of trust paradigm, the rights of the data subject are codified in standards, processes, and protocols guaranteeing the user the power to exercise agency. The interjection of the wallet to support end-users as data subjects on equal footing with issuers of identity information and relying parties provides an indispensable conduit and control point for this information that enables new opportunities for user-centric design.
The innovation in this area is only just beginning and there is no limit to the kinds of new experiences application developers can design and deliver to users. Some examples include:
- Allowing users to synchronize their data across multiple applications
- Allowing users to self-attest to a piece of data or attest to data self-asserted by peers
- Allowing a user to explicitly give consent around how their data may be used
- Allowing users to revoke their consent for access to the continued use of and/or persistence of a particular piece of data
- Allowing users to opt-in to be discoverable to other verified users, provided they can mutually verify particular claims and attributes about themselves
- Allowing users to opt-in to be discoverable to certain service providers and relying parties, provided they can mutually verify particular claims and attributes about themselves
Safety is similar to Security, but with a focus on the human user.
At a high level the problem is automation of the Identity Management functions.