Session Abstract: I closed my Identiverse 2022 speech with a discomfiting call to action: "If zero trust is a thing, then so is Zero Identity". What do I mean? Let's go as far as we can without identity. Let's see if we can design systems without putting identity first.
We've become obsessed with identity. We seem to begin the design process for each new system with identity. When a transaction is risky, we habitually pile on more identification, leading to too much identity data leaking, and too many opportunities for identity abuse. It is sheer madness that so much crime is enabled by simply assuming another person’s identity.
To turn around this race-to-the-bottom, let’s try something different. Let’s try to secure peoples' transactions with less reliance on their identity.
"Zero Trust" has achieved quasi standard status in cybersecurity but let’s remember it does not literally mean there is no trust. Rather, Zero Trust is an appeal for more discipline in security design. Much vaunted trustless systems make their security promises with less reliance on people and process.
Similarly, "Zero Identity" is my call to do more with less identification.