Day: January 28, 2005

Again, I need to quote Jamie verbatim:

Since Kim Cameron now has me “hovering” over the laws of identity, I figure I better get busy and find some new hairs to split. (I’ve never been compared to a starship before, and I'm not sure exactly what it means, but it's the best compliment I've had in weeks.)

And that's how it was meant. I was trying to conjure up the beautiful many-sidedness of Jamie's mind… Not to mention his teleportation beams and forcefields.

Once again, I have a general comment regarding semantics and the terms Kim’s using to describe the principles (or laws, if you prefer).

As you may have noticed, Kim has used the term “universal identity system” several times in defining the laws, and I’ve seen it crop up in a bunch of other blog postings. As I said in my previous post about architecture principles, terms (and connotation) are crucial. Loaded terms make it harder to understand and communicate how any complex system will evolve. And I’d be hard-pressed to come up with a more loaded term than “universal.” Maybe it’s just the way I’m hearing it. I’m certain that my reaction is due to some weariness over revisiting the same arguments so many times over so many years. But for my part, when anyone talks about a “universal identity system,” my first instinct is to put my money in my shoe.

Your shoe, Jamie?

The fifth, er, principle (the Law of Pluralism), demonstrates that Kim isn’t advocating one globally unique identifier, one single “uber” identity system. In fact, he's advocating just the opposite. (His thoughts on centralization are clear as well.) When Kim uses the term “universal identity system,” he means “universal” in the sense of a widely accepted, highly scalable approach, applicable and usable across the diverse and wide-ranging Internet. He’s talking about enabling a truly distributed system that can bind many different applications, use cases, and identity systems into a more meaningful (but logical) whole.

I whole-heartedly agree with the principle Kim has outlined in the fifth law. It’s crucial that we get this one right. If we can’t agree on the fifth law, we’ll forever be arguing over how to make the others work.

Because it is so crucial, I’m concerned that some folks will interpret “universal” to mean “uber,” as in one single identity system operating on a single standard, in spite of Kim’s intention. That’s precisely what X.500, X.509, and other attempts to solve this problem are and were about. And there are some folks who just seem genetically pre-disposed to approach the problem from a top-down, if-we-can-all-just-agree-on-one-single-identifier perspective.

That's right, and this is the very opposite of what we are trying to achieve.

The multiple previous attempts to build “global” and “universal” identity systems failed for multiple reasons. But if one thing seems clear, it’s that top-down, fully centralized systems don’t seem to work for identity, at least not on an Internet scale. We’ve been there, done that, and found that it didn’t work. Hopefully, we’ve learned these lessons and won’t have to re-learn them repeatedly.

To ensure clear agreement on this important principle, then, we need to do one of two things: either define more clearly what we mean by “universal” in this context, or create an alternative term that doesn’t connote the “uber” system.

You're right, Jamie.

In defining the fifth law, Kim also uses the term “metasystem.” On one hand, I like “metasystem” better because it connotes more of what we’re shooting for. On the other hand, the “meta” prefix has its own baggage (some of which I helped create). Some people may think the term “metasystem” implies the stateful synchronization that meta-directories strive for, which isn’t the case. Clearly, Kim based the laws on his extensive experience with meta-directories. So maybe we can reclaim the “meta” prefix, re-define it based on what we’ve learned. In any case, “metasystem” is better than “universal identity system,” at least for me, and for now. In my next post, I’ll drill down a little more on why.

I agree with everything you say (except the part about the shoe). For the time being, in my recent post on the developments in the UK, I used the word “unifying”. But sure. We should take back the term “Meta”.

I'm looking forward to the next chapter. And doing version 1.1 of the Laws.

Late-breaking news from William Heath of Ideal Government:

That list of companies you cite is serious evidence of the growing political risk in the UK of making the wrong choice on identity architecture. The list comes from an activist group whose brainstorm of ideas includes card burnings, occupations, targeting companies, electronic disruption / hacking, graffiti etc. It's called “Defy ID” and proposes a day of action today (28 Jan) so perhaps it's keeping police busy at this very moment.

It joins an established UK ID opposition group called No2ID. Both groups are antis.

The initial opposition is to a card, but on closer inspection it's the register that offends. I dont yet see either putting effort into proposing a better alternative. Personally I'm hardcore non-violent and against damage to property, but otherwise entirely in sympathy with the antis.

My “Ideal Government” blog is of course not ID focussed; it is about WIBBIs (=”wouldn't it be better if..”s)

Here we are seeing how disregard for the Laws of Identity leads to the unnecessary fracturing of social agreement. If this agreement cannot be reached, the system no longer embraces “the whole”. The ideological say they don't care. But those of us seeking to build a unifying internet identity system cover our eyes and wonder, much as we would if our neighbor were building an inverted pyramid with no structural support.

This whole situation is also an example of why the underlying dynamics we have been examining appear to me as laws, not simply design principles.

Here (thanks to Ideal Government) is a piece from the UK where Sarah Arnott advises forgetting about the proposed brick and mortar ID Card and instead concentrating on a government-issued electronic identity. Sarah thinks a single identity is sufficient for everything. She also says:

It is unlikely that ‘function creep’ will inaugurate a Big Brother state.

More probable is that the government will spend fantastic amounts of money on an inflexible and ineffective plan, conceived out of political expediency, achieving nothing more than a vague notion of improved security.

And a useless piece of plastic.

And another fiasco to be added to the already battered reputation of public sector IT.

Ideal Government has also published a list of companies which have announced their intentions to bid. A lot of smart people there – it will be interesting to see if the plan evolves to take advantage of advanced identity technology more in conformance with the Laws.