Speaking Engagements & Private Workshops - Get Dean Bubley to present or chair your event

Need an experienced, provocative & influential telecoms keynote speaker, moderator/chair or workshop facilitator?
To see recent presentations, and discuss Dean Bubley's appearance at a specific event, click here

Wednesday, January 07, 2015

WebRTC, telcos, phone numbers and identity - there won't be one ID to rule them all

Earlier this week, I spoke at AT&T's Developer Summit event in Las Vegas, presenting an overview of WebRTC market trends (which I'll upload to my Slideshare in the next few days), and also appearing on a panel with longstanding WebRTC luminaries like Cullen Jenning (Cisco), Dan Druta (AT&T), Eric Rescorla (Mozilla) & Daniel Enstrom (Ericsson).

This tied in with AT&T's launch of its new WebRTC API and platform offer, which is now in public beta and which was one of a variety of API areas it covered yesterday - others interesting from a service-creation standpoint were around M2M/IoT, connected home and car sectors and various others.

One aspect of the AT&T WebRTC offer to developers that is different to that seen from other platforms is a choice of identity enabled via its gateway - either using:
  • The user's AT&T mobile phone number, if they have one
  • A "guest" virtual number, which can also support SMS and other functions
  • A web domain-linked identity for the WebRTC service, user@domain.com or similar
This prompted a round of discussions about how far E.164 phone numbers are likely to go as Web/WebRTC identities. It is not a new concept for operators - especially in mobile - to look to reuse phone numbers and their subscriber databases as a platform for identity management. It's also worth recognising that a number of apps like Whatsapp already do use phone numbers as a way to plot social graphs and as (essentially) persistent virtual identities even when decoupled from a SIM card. (I wrote about this here).

As always, there is a broad spectrum of opinion, ranging from some within operators who assert that phone numbers could be a "universal identifier" spanning payments, communications, personal data, and even linked to citizen databases and government ID scheme. At the other end, there are people who regularly pronounce "the death of the phone number" and think we'll all just have a personal WebRTC URL or SIP URI or Google ID or similar.

The reality is likely to be more nuanced - as well as probably varying by demographic and geographic groups. I suspect that most people will end up with 3-6 "primary" online identities, and then a bunch of others linked to those or standalone for niche purposes.

I think phone numbers intersect with WebRTC for some use-cases, especially for voice- rather than video, and in instances where:

a) Primary use of a given application is through a phone, with secondary access via WebRTC on another device
b) Where there are regulatory stipulations involved, eg mandatory records of identity, need for 911-type functions etc
c) National rather than international usage predominates
d) The application provider has an existing relationship with the user based on phone numbers

So for example, many people have their caller-IDs registered in their favourite food takeaway's CRM system, so that they can recognise your number and ask if you want your usual pizza when you call. There is some sense in having a WebRTC front-end emulate your number and ID, so they can link your new form of ordering with their existing database profile. Other B2C instances - banks, airlines, tax offices etc - may want the same.

On the other hand, if you're a developer creating a global karaoke app with WebRTC, it's probably not really useful to drive it from a phone-number ID. Your users might prefer to login with Facebook, so their friends can laugh at their awful drunken choice of music displayed on their timeline the next morning.

A WebRTC video job-interview on LinkedIn would probably use its own identity space. A realtime voice debate around a contentious blog post might be best-suited to your Twitter handle. Web advertising-triggered customer service interactions might use a Google ID, and so on. An enterprise internal extension number - or email address - might be appropriate for UC or an comms-embedded vertical app. We will also likely see completely separate personal-administered identities, for those who are wary of relying on 3rd-party owned and controlled ID.

I think it's good that AT&T (and also 3GPP in some of its WebRTC standards work) seems to recognise that non-E.164 numbers have relevant roles to play. Also within the phone number space, there is potential for both your "real" phone number, and a secondary/temporary one. It's quite possible that some telcos will be able to monetise their number ranges here, as well as in other online areas such as commerce and privacy. I've seen a couple of presentations by Ericsson about GSMA's Mobile Connect approach recently, and I can see some interesting uses - although there are also some pitfalls such as full support of number portability with E.164-triggered ID, or how you deal with people with multiple (or shared) phone numbers.

We need to be realistic - there is not going to be "one ID to rule them all", at least for most of us. But having the flexibility to pick-and-choose on a use-case basis is beneficial to all. For me, a combination of phone, Facebook and Twitter handle probably cover 60-70% of my needs, but I still also want LinkedIn, Skype, Yahoo, email and various others as well. Everyone is going to be different here.

That said, there are also questions about whether it is right for companies and especially government bodies to insist on phone numbers as ID for communications, as they are not free for the user. I think there needs to be concerted action to make businesses give users a choice of online and "phone" identity options. I already make a point of entering my Skype ID or a WebRTC URL in web-forms if they don't force a numerical response, and I'm tempted to get an obscure international or premium-rate number to use if I'm forced to provide E.164 when I don't want to. But at the same time, there are instances where I'm happy to provide a +44 mobile or fixed number, especially if I trust a company not to send spam SMS. Offering that capability in WebRTC platforms is a positive option.


Moshe Maeir said...

Very interesting. I have been saying for years that there is a business case for aggregating identities since no one will have only one.

Dean Bubley said...

Hmm - I'm not sure identities *need* to be aggregated anywhere except in the user's skull.

Otherwise you have to trust the aggregator to not abuse the role, not do unwanted analytics or make cross-ID inferences etc.

In particular, I want absolutely no aggregation of my personal and business identities. I may well even want to use pseudonyms to prevent my very-recognisable name facilitating links.

Anonymous said...

I wrote something like this in 2011:

Unknown said...

There is certainly a case for a "wallet" of trusted identities, rather like credit cards in a physical wallet. Each one has its own level of trust and access rights, a validated MSISDN or SIM is more trusted than a FB login or email address, for example. It's essentially oAuth behind the scenes managing each identity and its scope.