As the things that happen in virtual worlds become more and more integrated with our offline lives, having a real identity in such places will become more and more important. The good news is some of the tools being discussed in the distributed conversation that landed at Harvard in early February may do a great deal to address these kinds of issues. Taken together, they could lead to a much broader range of available choices as to who we want to be in online worlds.
Perhaps surprisingly, two of the most interesting solutions are being developed by companies most of us think of as nameless, faceless behemoths of the technology industry: Microsoft and IBM. The "Identity Metasystem," a project developed by an avuncular technologist named Kim Cameron at Microsoft, aims to bring a kind of "identity protocol" to the internet, not unlike the Internet Protocol (the IP in TCP/IP) that allows the various types of networks that make up the internet to talk to each other.
Under the Identity Metasystem, it won't matter whether you're paying a bill, signing on to a virtual world or buying gold on eBay: Any identity management application written to use the Metasystem's open standards will be able to interact with them all. Your various identities (i.e., your username and password in various contexts, plus whatever other information you want to include) will be stored in a kind of secure online wallet. Microsoft's InfoCard application, which should be available this year, uses the same metaphor to represent each identity as a graphical ID card. When you sign onto eBay, you simply choose your eBay identity card, and the InfoCard system - or whatever other application you prefer - first verifies the site is what it says it is (i.e., you're not being phished), and then sends over the information. There's no need for you to store your password in a company database, as you can simply point and click to sign on.
While the Identity Metasystem is a long way from becoming the internet standard for identity transactions, it is gaining traction among various development communities, and marks a big step for Microsoft toward a contribution to the metaverse that need not be tied to Microsoft products at all.
What IBM contributed to the Harvard meeting, though, is perhaps of more immediate interest to the denizens of virtual worlds. If you've ever met a World of Warcraft toon named Vlasic, chances are it was being played by a "Web Theorist" in IBM's Emerging Technologies group named Andrew Donoho. Donoho is currently implementing what's being called the Papillon system - which doesn't want to know anything about your real-world identity at all.
Papillon will give users the power of "persistent anonymity." Those of us who inhabit virtual worlds already enjoy this power, to a certain extent. In one sense, it's nothing more than the identity of your avatar: Those who know the avatar Walker Spaight count on the fact that the same person (me) is behind him each time he appears in Second Life. What's important, here, is merely that it's the same person, not which particular person it is. Walker's identity is persistent, but at the same time it's anonymous in real-world terms.
The problem is, how can you know for sure? Passwords aren't the most secure pieces of information in the world. Of course, not many people are too concerned about who's at the controls of Walker Spaight. But if Walker were up to anything interesting - like selling Second Life currency on eBay, for example, or developing a project for someone in the virtual world - you'd at least want to know Walker was always Walker, and you'd probably want to know Walker was always me.