Over on his “Talking Identity” blog, Oracle’s Nishant Kaushik recently posed the question “Is a pseudonym the same thing as a persona?” – a question which Dave Kearns then wrote about in his column here.
Nishant quotes from the ID Commons definition of “persona” as follows:
[Comment 1]: “A Persona is something put forward by a user, but how it is perceived, recognized, accepted, rejected, trusted, used etc. by a Relying Party cannot be specified or in any way implied.”
I don’t disagree with that, but I draw slightly different conclusions from it (Nishant infers from the underscored phrase that a persona and a pseudonym are the same thing). The definition I tend to use for “persona” is: “that subset of personal information which an individual chooses to disclose in a given context”. The ID Commons definition, to be fair, does also refer to contextuality and user-selectability, but does so in terms (“agent”, “claims”) which reflect a particular technological stakeholder perspective.
I think it’s important to try and arrive at a definition which is as consistent as possible between ‘real’ and ‘virtual’ life. The idea of “choice” is important; for me, personas are a way in which people seek to manage the impression they create when interacting – and ‘management’ implies some degree of control. Thus – I may choose to appear to my employers as a serious, diligent technocrat, and to my children as a kind, loving parent. (And, arguably, the better those reflect my actual qualities, the more consistently I will be able to give that impression).
Dave Kearns uses the example of Clark Kent/’Superman’/Kal-El, and I think my apporach is consistent with his. The individual who sometimes exposes a Clark Kent persona and sometimes a Superman persona has the same set of attributes regardless (ability to fly faster than a speeding bullet leap tall buildings with a single bound, etc…), but exercises the choice to disclose them selectively depending on context. Thus, Superman is confident and assertive around Lois Lane (while Clark Kent chooses not to be), and Clark Kent tends not to hover disconcertingly above ground level even though he could if he chose.
Translated to the digital world, a persona is that subset of attributes which I disclose in a given context – and as Dave says, the subset may include an identifier. In fact, as Nishant points out, it may be nothing more – pesudonymous email addresses are a good example.
However, a persona can also consist of a number of attribute assertions (“I am male, single and over 20”), without containing either a ‘genuine’ identifier (Kal-El) or a pseudonymous one (Clark Kent) – therefore I maintain that personas and pseudonyms as distinct rather than identical.
One useful approach is to think of the distinction between a pseudonym and a persona as equivalent to the distinction between an identifier and a set of attributes. One (the pseudonym/identifier) is usually the “index” which allows you to find the other*. This is reflected in a couple of the models for Identity Data which we derived from the Liberty Alliance Privacy Summit series. The topic of “indices” and the special treatment they require (but do not always get) is covered in the report from the Brussles Privacy Summit (April 2007), a copy of which you can find here.
*An interesting by-product of this definition is that it clarifies that, while a persona is the set of attributes displayed by the individual, a pseudonym might well be attributed to that individual by a third party. Thus, a counter-terrorism officer scanning CCTV footage might label repeat appearances of “Suspect B” as such, without knowing “Suspect B”‘s real identity. Assigning a pseudonymous index to the individual (requiring neither their knowledge nor their consent) allows the officer to find successive recordings of their attribute data.