Day: December 30, 2004

Doc Searls has written about a conversation he had where Dave Winer says:

Doc Searls, bless his heart, offered RSS and podcasting as examples of technologies that were simple, therefore successful, and suggests that identity, if it were to be approached the same way, might have similar success. Bzzzt. Wrong. RSS was not easy, it was hard, for exactly the same reasons identity is hard. Too many cooks spoil the broth. Two ways to do identity is one too many.

The problem is that – at the same time – one way to do identity is too few. And this is what explains why the creation of a universal system of identity is one of the greatest challenges blocking the evolution of technology and the virtual world.

If you think about the requirements for governmental identity as expressed, for example, by the authors of the British Identity Card Bill we have just been considering, it becomes pretty clear that what may fly in the United Kingdom might not be appropriate for use in the Netherlands or even the United States. How would imposition of a Chinese-designed identity system go over in Texas? (Or put another way, how would the hegemony of a Redmond-designed system be received in Brussels?)

Further, a system appropriate for use with any government would in general be unsuitable for use in identification of employees by an employer.

Customers and individuals browsing the web will in turn want different levels of privacy than is likely to be provided by any employer.

So when it comes to identity, it is not only a matter of having identity providers run by different parties (including individuals themselves), but of having identity systems that offer different (and potentially contradictory) features.

A universal system must therefore embrace differentiation, while recognizing that each of us is simultaneously – in different contexts – a citizen, an employee, a customer, a virtual persona.

Thus I would say to Doc and Dave that different identity systems need to be able to exist in a metasystem based on a simple encapsulating protocol and surfaced through a unified user experience that allows individuals and organizations to select the appropriate identity providers and features as they go about their daily activities.

To put all of this another way, the universal identity system must not be another monolith. It must be both polycentric (federation implies this) but also polymorphic (existing in different forms). Which leads directly to the fifth law:

The Law of Pluralism:

A universal identity system MUST channel and enable the interworking of multiple identity technologies run by multiple identity providers.

It is this which will allow an identity ecology to emerge, evolve and self-organize.

Dave Winer's RSS is so powerful because it vehicles any content. We need to see that identity itself will have several – perhaps many – contents, and yet these can be expressed in a metasystem.

William Heath from Ideal Government has responded to my previous post, saying:

I agree with your comment about the riskiness of the central register and I think your suggestion that identifiers be unidirectional is very sensible.

He goes on to make the sobering point that “… it may take ten years (and another massive IT project failure) for people to work out why doing ID in this way (omnidirectional identifier – Kim) is not such a good idea.” He continues:

I wish we could make people more motivated about this sooner, because we need a good outcome.

Thank you anyway for the laws of ID, and getting stuck in to this specific case study. From where I'm sitting this is far from academic.

Yes, we need a good outcome: systems that are beneficial to the individual and to to her society; and systems that are widely seen to be beneficial. Systems that are safe against attack over very long periods of time (should we say, practically forever?) Systems that are designed for minimal entropy, that are likely to leak as little as possible despite all the conspiring forces of time, overconfidence, incompetence and evil.

Now, please, tell me how we transform the discussion on identity from one in which brick and mortar politics are flung about to one in which we calmly come to grasp the practical matters involved in building new virtual social institutions that combine technology and social contract. William's comment that proponents of the current bill “call their critics intellectual pigmies” is indicative of how far we still need to go.

We need to move beyond moral imperative. We need a way to transform the tenets of the current debate to a pragmatic one based on maximizing social cohesiveness and minimizing system entropy and economic risk – as I have argued here and here. I'm starting to understand that the Laws of Identity must be accompanied with a systematic examination of the problems of long-lived technical systems.