Technorati's identity tag page is really cool. I'm certainly adding it to my feeds. I still don't have a very complete understanding of how Technorati works or what it is. Other beginning bloggers are probably in the same boat. Can anyone send us a link to an explanation?
Kim Camerons Laws of identity reminded me to two things. First it reminded by of the This American Life episode on superpowers. One of the segments in that episode involves asking people which superpower they would pick: invisibility or flying. That implodes into a discussion of what the choice tells you about the person. My frivolous brain then meandered into thinking what superpower would I pick if I wanted to solve the identity problem; since Kim took maker of laws”; I think I might pick shaper of markets.
The reason the Passport stumbled was that Microsoft hadnt admitted that the shape of market power in their industry had changed. Prior to the Passport experience nobody in their ecology had aggregated enough market share (and in this case we are speaking of share of the identity market) to both care and decline to their leadership. Prior to that time frame Microsoft, on their bad days, could keep the puppies living in their ecology chasing tail lights.
What changes in the shape of the market was three fold. First the scope of the market blew wide open. Just to pick one example the Internet market included all the telephone companies where the jungle where Microsoft was king of the forest didnt. Second the internet had already created a huge bloom of new players. Some of those were already really large; e.g. Yahoo, AOL, Amazon, eBay, etc. etc. Of those only eBay chose to follow Microsofts leadership. The third aspect was how critical this functionality was to the business models of some of the players.
Kim recently said that Passport failed because it broke one of his design constraints, i.e. that identity architecture will be more stable its designed to assure that the fewest parties are involved. That is absolutely a key constraint. Not because its more stable in the long run. No. In fact its probably much more stable in the long run. Consider eBay; eBay is a very very stable business architecture; because it inserts a nominally unnecessary party – a middleman – into every single transaction.
That constraint is desirable because it makes your offering less threatening. It accelerates adoption, it isnt a long term stabilizing force its a short term driver of growth. The kind of thing firms often, intentionally or not, use as the fulcrum of a bait and switch. Have you noticed that the email announcing you have made a purchse at eBay now includes a link that hands you off to Paypal thru DoubleClick!
Yes, Passport failed because it broke that constraint; but it would be a hell of a lot more straight forward to say that Passport failed because it fundamentally threatened the customers businesses and Microsoft lacked the market power to get away with that.
The second thing the use of the word laws rather than say first draft design constraints was the drawing on the right taken from here. When the software industry was defined by the desktop Microsoft could thrive as a business on the lowest rungs of that ladder. For example when it would Consult would be done at arms length thru market research or ad-hoc conversations at developer conferences. Placation was a job for PR. Partnership was an occasional activity to be engaged in with Intel, IBM, possibly Apple or Sony. The bottom three rungs where the job, for example, of the developer network.
Marc Canter wrote recently that solving the Identity problem is 98% political. Absolutely. But, damn it. For most of the vast majority of the leaders in this industry their model of politics was framed the crimes of Nixon and Vietnam. Their model of the industry is small startups and the wonderful empowering of small players enabled by the PC and Moores law. The word politics is right up there with necrophilia on the list of ethical activities. An attitudes make it very difficult to work constructively on the top rungs of that ladder. Notice, the guy that drew that ladder couldnt bring himself to label the top rungs politics.
The bag of of governance models for working on problems is huge. The standards process around Atom is a very modern example. But, I do not believe that Microsoft know how to work at these levels; 25 years of habit arent easily changed. I do not see any sign they have made significant progress in learning how since the Hailstorm debacle. I dont think they even know what kind of debacle Hailstorm was. Look at how hard they fought to keep Sun out of WS.
If you want think seriously about working at that level there are two groups trying to do that. WS and Liberty. I was involved in Liberty (and Ive taken money from other players in this market) but it appears to me that only Liberty is actually trying to work on the political problem of solving the identity puzzle. Much higher on that ladder than any other group, by far. Not high enough; but much higher.
I love the way Jamie articluates the fact that exchange of identity is organic, and related to and interwoven with other meaningful activities. It's not some abstract problem. This idea of the connectedness between parties through relationships transcending technology is one of the most important ideas in the current discussion – I'll come back to it in future posts.
Kim Cameron responded to my post regarding the connotation of universal identity systems, agreeing with my concerns and saying that hes more recently been using the term unifying identity system. Thats a great term, certainly more straightforward and clear. It clearly communicates precisely the intention of the fifth law.
Speaking of the fifth law, like Scott Lemon, I was a bit surprised when there wasnt more of a collective hallelujah in response to its posting. That surprise motivated me, at least in part, to post my comments on the term universal in the first place. And as I said in that post, I have more to say on the subject, so here goes.
Simply put, the concept behind the unifying or meta system for identity is crucial. While we certainly need structure and standards for an Internet identity system, the notion of a wholly top-down, centralized and universal system flies in the face of experience. On several occasions, Ive said that such a system will grow organically. These organic (and contextual) elements of identity systems are both important and hard to grok due to their intangible nature.
Think of it like any social structure. Most social structures evolve organically, based on the emergent needs and properties of the social systems they support, leveraging the virtuous cycle of need, invention, and formalization. (Many business structures follow a similar path.) And its rare that all of us humans agree on one way of doing anything. If were trying to instantiate social structure in a virtual space (the Internet), why would we think it will be any different in how it evolves?
Organic growth implies a level of self-organization that the Internet identity system mustnt just accommodate; it must encourage it. Given the right tools, ad hoc groups, formal communties, social structures, and, yes, even large companies will implement and manage identity in a fashion that suits their needs. The digital identity systems that American Express needs for its employees wont work for social networking software. Thats why things like FOAF, SxIP and LID are coming to fore. (While FOAF, SxIP, and LID are interesting developments, its unclear at this juncture which of these, if any, will succeed.) But the inverse is also true. These different communities must be free to self-organize, using identity systems that meet their needs.
Different IDs for Different Needs
Kim addresses this reality in the fourth law, the Law of Directed Identity. While somewhat inscrutable at first glance, his idea of omnidirectional and unidirectional identities encompasses the reality that one ID wont get me access to everything. I will have multiple identities, especially in different social contexts. Ill probably have identities that are applicable only to very private relationships. This isnt to say we dont need standards; we obviously do. But getting agreement now on one single standard that works for to all needs is highly unlikely. These different scenarios all have different requirements, and thus systems must be free to adopt standards that work for them, or well wait forever for the one “uber” system that works for everything.
To illustrate the point, lets take something like the registration process, which is where the digital identity train first leaves the station. Im an audio/video enthusiast (my wife would say freak), so Im a member of the Audio Visual Sciences Forum. I self-asserted my identity when I signed up, and thats fine for the AVSForum. As long as I play by the forums rules, the folks that run the forum are fine with me being around using whatever identity Ive established for myself. The reputation system inherent in the AVSForum takes care of many governance problems. The forums moderators and administrators step in with full authority when they have to.
But will self-assertion alone work for my bank? Hopefully not (or I need to change banks). Yes, the AVS Forum could rely on the identity my bank issues, but I might not want to use such an unambiguous (and valuable) identity in that social context. And why should AVSForum do that anyway? The cost could well outweigh any benefits it may gain. Once you get past registration, you get to the differences in policies (credential type and strength), attributes, and the management systems necessary to propagate and use identity in each of these very different contexts. In large part, these things must be need-driven, and one size will not fit all.
Context Is Everything
In other words, identity is the most contextual element you can possibly imagine; in fact, all social interaction is highly contextual, especially online. Who we choose to be, what of ourselves we choose to share, what faces we choose to show, depend entirely on the context in which were operating. Sherry Turkle did a great job of examining this dynamic in her book Life on the Screen, Identity in the Age of the Internet, which is even more amazing considering the fact it was published nearly 10 years ago. (It should be noted that this book is not about technology, but about human psychology. Its easy for identity technologists to forget that we are talking about representing human behavior, not machine behavior.)
It stands to reason, then, that domains of activity will emerge, and they will have their own identity mechanisms, probably their own identifier, which will be unique and appropriate within the context of that given domain.
Federation is Not a Four-Letter Word
Its when these different domains (or communities) need to interact that things get really interesting. It will happen, but it will happen organically. Identity connections between communities will not form just because we have an uber-GUID and a registry that have been blessed by a committee, for example. Such connections will form because individuals, groups, organizations, companies, and other forms of human endeavor will need those connections.
In other words, the requirement to plug in to a larger system (and context), exchanging identity information with other communities, will be an emergent property of a given domain of activity (or community). Some potential for value and substance must necessarily precede identity connections; otherwise, there isnt any point in making the connections. When the need to connect does emerge, those domains will need to federate with other domains. Remember: small pieces loosely coupled. (For me, this concept is largely consistent with and is reinforced by some of the other laws.)
To return to my example of the AVSForum, my self-asserted ID is fine for basic information gathering, posting, and communication. But if my activities on the forum move from to commerce, my (theoretical) bank-issued ID suddenly becomes more relevant. But it will be much better (and safer) for the bank to vouch for (or assert) my identity (without having to reveal the identifier that gives me access to my money) via a federated mechanism. We can call this function into play when we need it, instead of waiting for everyone to agree to use bank IDs before we can do anything.
Instead of one massive uber identity system to bind them all, we need the backplane that Kim, Craig Burton, Doc Searls, and others discussed on the Gilmore Gang. We need infrastructure that acknowledges the reality that there will be many different identifiers, and many different identity domains. Simply put, an identity system can be universal (connoting wide acceptance and applicability) only if its based on the principle that one universal system to rule us all is simply not a good idea.
If we agree on that principle, then the most important discussion we can have is about the interoperable infrastructure that will connect (or unify) identity systems, not how to construct the one uber identity system that everyone will use. So its important to differentiate between identity systems and standards that can support one or more activities (thats how I see LID, FOAF, et al) and the metasystem, which will truly universalize digital identity by enabling interoperability through federated mechanisms (the backplane). In combination with the users (people), all of these things comprise the identity metasystem, or the unifying identity system, if thats the term you prefer.
Kim sums this up in a breathless reply to Doc Searls and others in his introduction to the fifth law (its a long sentence, and you may need to open a window after parsing it). He says,
Different identity systems need to be able to exist in a metasystem based on a simple encapsulating protocol and surfaced through a unified user experience that allows individuals and organizations to select the appropriate identity providers and features as they go about their daily activities.
More to the point, he goes on to say,
The universal identity system must not be another monolith. It must be both polycentric (federation implies this) but also polymorphic (existing in different forms).
Its polycentric because its comprised of multiple, federated systems, not a single system. Its polymorphic because those connected systems must be free to contextualize identity in a fashion that suits the needs of the communities they serve.
So, as I said in my earlier post, the fifth law is a fundamental architecture principle. If we cant agree on that one, well forever be arguing over how to make the other six work. Getting there wont be easy, and Im not entirely convinced that the idealism inherent in this thinking will in the day. But Im willing to work for it. But that and the other laws are topics for other posts.
|Scott Lemon has done a very nice posting where he reviews the Law of Pluralism from the point of view of his experience at Novell. He begins by recalling the fifth law:
Then this – and here's a secret – I think I have a sealed box of Novell FTAM too: