Bob Blakley on the Identity Oracle

As you can read here, Bob Blakley thrashes me for my characterization of an Identity Oracle as “his sexy name for the claims transformer generating “minimal disclosure tokens”.   He thinks I'm being geeky, and I probably am, but hey, geeks are people too.

He puts it this way:

 This statement is utterly and completely wrong.  An Identity Oracle is NOT a “claims transformer generating minimal disclosure tokens”.  It’s not even a claims transformer.  It’s not even a server.  It’s not even technology.

“It's not even technology.”  I guess it “just happens”.  Reminds me of how Bentley Motorcars describe what others would call a factory:

This isn’t a factory visit. It’s the Bentley Experience.

But let's not turn our backs on Bob's pain:

I’ve said twenty times from various stages and in writing on my personal blog and here that as long as we continue to try to solve privacy problems using technology, we are going to continue to fail, and the Internet will continue to lack an identity layer, and it will continue to be a privacy hazard.  Identity and privacy are not technology problems – they’re social, legal, and economic problems – and no technology can solve these problems.

Of course I agree that technology can't solve problems, only its design and usage can.  Although identity and privacy are social, legal and economic problems, they are technical ones too.

It's paradoxical that I have to be the person to suggest that The Burton Group take in a bit of lawyer Lawrence Lessig's thinking about these matters, nicely summarized here:

Lessig… addresses the two forms of code that dominate the Internet: legal code (law) and machine code (the technology supporting the Internet).  As Lessig points out, the influence of both must be understood, as both will determine the shape of the future.

That has become a bit of a mantra for me, and one of the reasons why, when I see interesting policy ideas, I try to understand how they relate to “code”.

Anyway, let's get to all the good points Bob makes.  Here's the basic dialog a service has with the Identity Oracle:

“I am allowed to extend service to Bob only if he is above the legal age for this service in the jurisdiction in which he lives. [Policy – ed.]  Am I allowed to extend service to Bob? [Claim request – ed.]”

And the Identity Oracle’s response looks like this:

“Yes.” [Claim response – ed.]

And here's what makes this dialog [transformer – ed.] interesting:

The Identity Oracle, in normal operation, acts as a trusted agent for the user and does not disclose any personal information whatsoever; it just answers questions based on GiCorp’s stated policies (that is, it distributes only metadata about its users – not the underlying data). 

The Identity Oracle charges GiCorp and other relying-party customers money for its services.  The asset on the basis of which the Identity Oracle is able to charge money is its database of personal information.  Because personal information is its only business asset, the Identity Oracle guards personal information very carefully.

Because disclosing personal information to relying-party customers like GiCorp would be giving away its only asset for free, it strongly resists disclosing personal information to its relying-party customers.  In the rare cases in which relying parties need to receive actual personal data (not just metadata) to do their jobs, the Identity Oracle requires its relying-party customers to sign a legally binding contract stating what they are and are not allowed to do with the information.  This contract contains indemnity clauses – if GiCorp signs the contract and then misuses or improperly discloses the personal information it receives from the Identity Oracle about Bob, the contract requires GiCorp to pay a large amount of cash money to the Identity Oracle, which then turns around and reimburses Bob for his loss.

This system provides Bob with much stronger protection than he receives under national privacy laws, which generally do not provide monetary damages for breaches of privacy.  Contract law, however, can provide any penalty the parties (the Identity Oracle and its relying party customers like GiCorp) agree on.  In order to obtain good liability terms for Bob, the Identity Oracle needs to have a valuable asset, to which GiCorp strongly desires access.  This asset is the big database of personal data, belonging to the Identity Oracle, which enables GiCorp to do its business. And allows the Identity Oracle to charge for its services.

Demonstrating that it is in the interests of information providers to monetize information by NOT giving it away is important.  Showing how this improves privacy and security of transactions makes it a double whammy.  I'm a big supporter, and I don't mean to in any way minimize Bob's contribution or uber point.  However I consider it key that this service can be provided within the same architectural framework as other identity services – that it can run on the tracks we are currently laying down.  I would think Bob would see that as positive.

But he continues:

As long as we keep talking about “claims transformers” (which are computers) instead of “identity providers” and “identity oracles” (which are businesses) we are going to continue to build products nobody uses. 

Actually, people use a lot of the identity products we work on.  More than 87% of large enterprises last time I looked – one reason why a wide, open discussion of identity technology is so important.  I expect that when we build claims transformers into products they will be used too.  Everything is in the application.

But back to the main point.  Bob is right in terms of commercial consumer identity providers:

It’s not an accident that there are no commercial consumer identity providers today – no one is paying any attention to how such an entity would make money, and until investors know how they’re going to get paid, nobody is going to go into the Identity business.