The Unifying Metasystem

I can't help it – I find Jamie Lewis‘s most recent discussion of the Laws so cogent I am just going to let it rip.

I love the way Jamie articluates the fact that exchange of identity is organic, and related to and interwoven with other meaningful activities. It's not some abstract problem. This idea of the connectedness between parties through relationships transcending technology is one of the most important ideas in the current discussion – I'll come back to it in future posts.

Kim Cameron responded to my post regarding the connotation of “universal” identity systems, agreeing with my concerns and saying that he’s more recently been using the term “unifying identity system.” That’s a great term, certainly more straightforward and clear. It clearly communicates precisely the intention of the fifth law.

Speaking of the fifth law, like Scott Lemon, I was a bit surprised when there wasn’t more of a collective “hallelujah” in response to its posting. That surprise motivated me, at least in part, to post my comments on the term “universal” in the first place. And as I said in that post, I have more to say on the subject, so here goes.

Simply put, the concept behind the unifying or “meta” system for identity is crucial. While we certainly need structure and standards for an Internet identity system, the notion of a wholly top-down, centralized and “universal” system flies in the face of experience. On several occasions, I’ve said that such a system will grow organically. These organic (and contextual) elements of identity systems are both important and hard to grok due to their intangible nature.

Think of it like any social structure. Most social structures evolve organically, based on the emergent needs and properties of the social systems they support, leveraging the virtuous cycle of need, invention, and formalization. (Many business structures follow a similar path.) And it’s rare that all of us humans agree on one way of doing anything. If we’re trying to instantiate social structure in a virtual space (the Internet), why would we think it will be any different in how it evolves?

Organic growth implies a level of self-organization that the Internet identity system mustn’t just accommodate; it must encourage it. Given the right tools, ad hoc groups, formal communties, social structures, and, yes, even large companies will implement and manage identity in a fashion that suits their needs. The digital identity systems that American Express needs for its employees won’t work for social networking software. That’s why things like FOAF, SxIP and LID are coming to fore. (While FOAF, SxIP, and LID are interesting developments, it’s unclear at this juncture which of these, if any, will succeed.) But the inverse is also true. These different communities must be free to self-organize, using identity systems that meet their needs.

Different IDs for Different Needs

Kim addresses this reality in the fourth law, the Law of Directed Identity. While somewhat inscrutable at first glance, his idea of omnidirectional and unidirectional identities encompasses the reality that one ID won’t get me access to everything. I will have multiple identities, especially in different social contexts. I’ll probably have identities that are applicable only to very private relationships. This isn’t to say we don’t need standards; we obviously do. But getting agreement now on one single standard that works for to all needs is highly unlikely. These different scenarios all have different requirements, and thus systems must be free to adopt standards that work for them, or we’ll wait forever for the one “uber” system that works for everything.

To illustrate the point, let’s take something like the registration process, which is where the digital identity train first leaves the station. I’m an audio/video enthusiast (my wife would say freak), so I’m a member of the Audio Visual Sciences Forum. I self-asserted my identity when I signed up, and that’s fine for the AVSForum. As long as I play by the forum’s rules, the folks that run the forum are fine with me being around using whatever identity I’ve established for myself. The reputation system inherent in the AVSForum takes care of many governance problems. The forum’s moderators and administrators step in with full authority when they have to.

But will self-assertion alone work for my bank? Hopefully not (or I need to change banks). Yes, the AVS Forum could rely on the identity my bank issues, but I might not want to use such an unambiguous (and valuable) identity in that social context. And why should AVSForum do that anyway? The cost could well outweigh any benefits it may gain. Once you get past registration, you get to the differences in policies (credential type and strength), attributes, and the management systems necessary to propagate and use identity in each of these very different contexts. In large part, these things must be need-driven, and one size will not fit all.

Context Is Everything

In other words, identity is the most contextual element you can possibly imagine; in fact, all social interaction is highly contextual, especially online. Who we choose to be, what of ourselves we choose to share, what faces we choose to show, depend entirely on the context in which we’re operating. Sherry Turkle did a great job of examining this dynamic in her book Life on the Screen, Identity in the Age of the Internet, which is even more amazing considering the fact it was published nearly 10 years ago. (It should be noted that this book is not about technology, but about human psychology. It’s easy for identity technologists to forget that we are talking about representing human behavior, not machine behavior.)

It stands to reason, then, that domains of activity will emerge, and they will have their own identity mechanisms, probably their own identifier, which will be unique and appropriate within the context of that given domain.

Federation is Not a Four-Letter Word

It’s when these different domains (or communities) need to interact that things get really interesting. It will happen, but it will happen organically. Identity connections between communities will not form just because we have an uber-GUID and a registry that have been blessed by a committee, for example. Such connections will form because individuals, groups, organizations, companies, and other forms of human endeavor will need those connections.

In other words, the requirement to plug in to a larger system (and context), exchanging identity information with other communities, will be an emergent property of a given domain of activity (or community). Some potential for value and substance must necessarily precede identity connections; otherwise, there isn’t any point in making the connections. When the need to connect does emerge, those domains will need to federate with other domains. Remember: small pieces loosely coupled. (For me, this concept is largely consistent with and is reinforced by some of the other laws.)

To return to my example of the AVSForum, my self-asserted ID is fine for basic information gathering, posting, and communication. But if my activities on the forum move from to commerce, my (theoretical) bank-issued ID suddenly becomes more relevant. But it will be much better (and safer) for the bank to vouch for (or assert) my identity (without having to reveal the identifier that gives me access to my money) via a federated mechanism. We can call this function into play when we need it, instead of waiting for everyone to agree to use bank IDs before we can do anything.

Instead of one massive uber identity system to bind them all, we need the backplane that Kim, Craig Burton, Doc Searls, and others discussed on the Gilmore Gang. We need infrastructure that acknowledges the reality that there will be many different identifiers, and many different identity domains. Simply put, an identity system can be “universal” (connoting wide acceptance and applicability) only if it’s based on the principle that one universal system to rule us all is simply not a good idea.

If we agree on that principle, then the most important discussion we can have is about the interoperable infrastructure that will connect (or unify) identity systems, not how to construct the one uber identity system that everyone will use. So it’s important to differentiate between identity systems and standards that can support one or more activities (that’s how I see LID, FOAF, et al) and the metasystem, which will truly universalize digital identity by enabling interoperability through federated mechanisms (the backplane). In combination with the users (people), all of these things comprise the identity metasystem, or the unifying identity system, if that’s the term you prefer.

Summing Up

Kim sums this up in a breathless reply to Doc Searls and others in his introduction to the fifth law (it’s a long sentence, and you may need to open a window after parsing it). He says,

“Different identity systems need to be able to exist in a metasystem based on a simple encapsulating protocol and surfaced through a unified user experience that allows individuals and organizations to select the appropriate identity providers and features as they go about their daily activities.”

More to the point, he goes on to say,

“The universal identity system must not be another monolith. It must be both polycentric (federation implies this) but also polymorphic (existing in different forms).”

It’s polycentric because it’s comprised of multiple, federated systems, not a single system. It’s polymorphic because those connected systems must be free to contextualize identity in a fashion that suits the needs of the communities they serve.

So, as I said in my earlier post, the fifth law is a fundamental architecture principle. If we can’t agree on that one, we’ll forever be arguing over how to make the other six work. Getting there won’t be easy, and I’m not entirely convinced that the idealism inherent in this thinking will in the day. But I’m willing to work for it. But that and the other laws are topics for other posts.