Is it ‘insipid’ to not require uniqueness??

Dave Kearns likely speaks for several in his response to my proposed definition of digital identity:

According to Cameron:

A digital identity is a set of claims made by one digital subject about itself or another digital subject.

That may well be true, but it's so insipid as to serve as a definition of nothing. Kim goes on to prove this by excerpting others’ definitions and alleging that his definition can stretch to cover.

Being able to “stretch to cover” doesn't have any value in itself. I was making the deeper point that we need a definition of digital identity which is suitable for more than a closed system. It needs to work for a metasystem embracing multiple implementations and ways of doing things. One way to explore this was by seeing whether our proposal embraced the definitions employed by some existing implementations.

To be sure, a rigorous definition of digital identity is going to conflict with some of the definitions used in existing systems. That is because many such definitions purposely or inadvertently limit the scenarios to which they apply. Such is the case for the example put forward by Dave:

Even in a single digital context (one instance of a web site, say) an identity also needs to be unique.


What does it mean to say a digital identity needs to be unique? Is Dave saying that each digital subject always requires a unique identifier?

Many systems have been built with that assumption, and identity based on unique identifiers is an important model. But that doesn't mean such systems are the only ones required in the emerging world of identity!

Non-unique digital identity

Let me take the case, for example, of a relationship between a company like Microsoft and an analyst service that we will call the Kearn Corporation. Let's suppose Microsoft pays the Kearn Corporation K dollars so anyone from Microsoft can read its reports on industry trends. Let's say also that Microsoft doesn't want the Kearn Corporation to know exactly who at Microsoft has what interests or reads what reports.

In this scenario we actually do not want to employ unique individual identifiers for the digital identities of Microsoft users consuming the service. Kearn Corporation still needs a way to ensure that only valid customers get to its reports. But in this example, digital identity would best be expressed by a claim – the claim that the digital subject currently accessing the site is a Microsoft employee. A forward-looking definition needs to address this requirement.

Our definition succeeds in this regard. It defines the claim made by one digital subject (Microsoft Corporation) about another digital subject (the particular unidentified and non-unique employee accessing the site at a moment in time).

Is this unidentified subject in need of a unique identifier? No.

Is his or her identity unique? Not in the sense Dave intended. There is a whole set of users about which the claim may be made. Such subjects have a digital identity defined by the claim.

Non-uniqueness reduces complexity in many scenarios

I know Dave is one of the first to embrace reduction of complexity, and I hope to win him over by showing how this applies. I can give many examples of scenarios in which non-unique claims reduce complexity because so many customers have talked about their needs in this regard.

Let me choose one at random. To protect the innocient I'll concoct a specific example based on the Navy, which I choose because its size, dynamics and distribution around the globe make the argument unassailable.

Let's suppose there is a site containing information which should be viewable by members of the Navy but no one else. Does that mean everyone in the Navy must present their individual identifier to that site in order to gain access, and that the site then has to look it up and determine the identity's current validity? This is what current systems require, and people running them don't like it one bit.

To make things more real-world, let's also suppose there are various sites, on different continents and at sea, each offering access to the same information. Do all of them need to be provisioned with complete and up-to-date directories of every member of the Navy (as well as those who have left or may be unaccounted for or even in enemy hands)? Experience has shown this isn't possible – and that if it were, it would inadvertently leak important information.

I argue that we must allow for scenarios like these, in which a user could just go to a Navy identity provider to get a claim that she is a member of the Navy, and then present this claim – along with cryptographic proof that she is the legitimate bearer – to the site being accessed. This is very much an example of both increased simplicity, and reduced risk. These benefits accrue through application of the second law, dramatically reducing disclosure of information about the composition of the Navy to all the relying sites.

I can say with total confidence that the architecture of an encompassing identity metasystem should allow the subject to be unique – or not – depending on the requirements of the scenario, and that there is nothing insipid about making this a requirement.

Published by

Kim Cameron

Work on identity.