For all the epistemologists in the audience

Jamie Lewis’ most recent post on “Laws” versus “Principles” has to be quoted in its entirety:

In an earlier post, I talked about how I see Kim Cameron’s “laws of identity” as a set of architecture principles. More recently, Craig Burton posted a response, wondering if I’m splitting hairs. He goes on to say that “if you look up the definition of a principle, you can't help but run into the word ‘law’.”

Perhaps I am splitting hairs. Wouldn’t be the first time, won’t be the last. But at least I’m not alone in doing so. Craig first pointed to comments by Chris Ceppi on the subject and then later posted a thoughtful response from Mark Wahl. Both make interesting points. And Craig is correct in saying that if you look up the word “principle,” the word “law” quickly surfaces. (The opposite is also true.) But if we’re going to start pulling out our dictionaries, then I feel compelled to point out that those very definitions underscore the point I was trying to make about connotation.

For example, here’s how The American Heritage Dictionary (Fourth Edition), defines the word “law”:

A rule of conduct or procedure established by custom, agreement, or authority; the body of rules and principles governing the affairs of a community and enforced by a political authority. . . A set of rules or principles dealing with a specific area of a legal system, such as tax law or criminal law . . . something, such as an order or dictum, having absolute or unquestioned authority.

One could argue that the word “law” would apply when and if Kim’s proposals become “rule or law” by “custom or agreement.” But are we there yet? I don’t think so, since we still seem to be in a period of debate and discussion. And in the above definition, the connotation of a legal system here is overwhelmingly clear, along with fun things like authority, governance, and enforcement. It was this strong legal connotation that spooked me a bit on the word “law.” That and the fact that Microsoft (or any other vendor) will have a hard time positioning itself as “the authority” capable of handing down laws in this matter.

The American Heritage Dictionary also offers alternative definitions of the word “law,” which are consistent with Mark Wahl’s usage of the term:

A statement describing a relationship observed to be invariable between or among phenomena for all cases in which the specified conditions are met, such as the law of gravity.

The connotation here is equally clear, and Mark Wahl said it well in his discussion of inherent properties. One can easily argue that Kim is trying to describe inherent properties, the “Newtonian physics” of identity.

But can Kim (or anyone else) say that these “laws” are “invariable for all cases”? As I said, these are issues over which reasonable people can (and probably will) disagree. In fact, I’m willing to bet that companies and people will build identity systems that violate Kim’s laws, even if those laws become widely accepted. While we may all wish them to be so, it’s hard for me to see them as absolutes.

That’s why we focus on architecture principles. Discussing architecture principles is a forcing function; it requires architects to reveal their biases and beliefs as to how systems should be constructed. Yes, it also helps that Burton Group has four working sets of architecture principles, so I have a pre-existing affinity (bias?) for the term. But we called them principles for a reason: We assume that different architects will take different positions with regard to core architectural principles. And that’s where The American Heritage Dictionary’s definition of “principle” comes in:

A basic truth, law, or assumption; a rule or standard, especially of good behavior; the collectivity of moral or ethical standards or judgments; a fixed or predetermined policy or mode of action; a basic or essential quality or element determining intrinsic nature or characteristic behavior; a rule or law concerning the functioning of natural phenomena or mechanical processes.

Here, the connotation isn’t a legal one, or necessarily one of an absolute. There are some great words and phrases here, such as “assumption,” “rule or standard,” “ethical standards or judgments,” “policy,” and “behavior.” These words and phrases speak directly to what (I think) we're trying to do: construct an identity system. These are things over which reasonable people can disagree, but have a huge impact on how systems are designed. Take for example the principle of democracy. Many hold that principle to be a sacred truth, but that doesn’t stop countries from using other forms of government. Simply put, there are no natural laws that prevent people from doing stupid things. Similarly, we may agree on Kim’s laws. And many folks may end up fervently believing in their truth, but that won’t stop others from building systems that violate them.

Having said all of that, I agree that the discussion is, at least to some degree, hairsplitting. So, as to whether Kim needs to call these things “laws” or “principles,” I’m not sure it matters that much. I was simply saying that’s how I see them. Still do, and so to each his own. (That, and sometimes I enjoy hairsplitting as much as the next person.)

UPDATE: It seems as if P. T. Ong agrees with me, calling the laws “design principles.” As P. T. says, the term “principles” may not “sound as cool,” but is more accurate. One has to consider the marketing value of calling them laws, however, a thought that I'm sure hasn't escaped Kim's mind.

Naughty Jamie for implying I might have used the word “Laws” just to turn the level of this discussion up to the maximum! But I love him anyway. Just like I love (loud) rock ‘n roll.

Just so people know what my intentions were, I did in fact propose the word “law” in the sense of a scientific law, meaning something that models the structure and behavior of some aspect of objective reality. And here I fear the American Heritage Dictionary betrays its need for a bit of modernization. Newtonian “invariability”, after all, gave way to thinking that embraced concepts like probability. Classical mechanics led to quantum mechanics. Today our scientific laws tend to include the concept of “tendency”. It is such tendencies which must be understood in the case of identity, and which I have been attempting to understand with specific regard to the properties and behaviors that define the contours of any identity system that can extend across the Internet.

More imporantly, Jamie, Craig, Chris, P. T. Ong, and Mark Wahl all make good points.

Thanks for signalling the danger that someone might interpret our work as positing the way “people ought to be”. Nothing could be further from our intentions, and I am sobered by the possibility.

As Usual, Truth Is Stranger Than Fiction

My colleague Stuart Kwan, who perfectly embodies the union of car freak and identity geek, sent me to this mind-boggling “story of how a virus was transmitted from an infected mobile phone to the OS of a Lexus car, via Bluetooth. A whole new meaning to the word contagious.”

The story, by David Quainton in SC Magazine, begins this way:

Lexus cars may be vulnerable to viruses that infect them via mobile phones. Landcruiser 100 models LX470 and LS430 have been discovered with infected operating systems that transfer within a range of 15 feet.

“If infected mobile devices are scary, just thinking about an infected onboard computer..,” said Eugene Kaspersky, head of anti-virus research at Russian firm Kaspersky. “We do know that car manufacturers are integrating existing operating systems into their onboard computers (take the Fiat and Microsoft deal, for instance).”

It is understood the virus could affect the navigation system of the Lexus models, it transfers onto them via a Bluetooth mobile phone connection. It is still unclear which operating system the cars in question use.

“At this stage it's still early but it just goes to show that technology has consequences,” said David Emm, senior technology consultant at Kaspersky. “It's scary stuff.”

It is the cross-technology nature of this exploit which blows the mind. The writing is on the wall. We need to come together as an industry and act in a concerted way.

Beyond the Enterprise

William Heath, his perceptions heightened by the governmental identity discussion going on in the UK, makes an interesting comment about Jamie Lewis’ post on architectural principles:

It's a thoughtful contribution from Jamie. I'd just observe that he talks of principles based on “the values, organizational culture, and business goals of the enterprise”. That's a logical way to approach business, which is important when you're selling something to earn a living. And no-one is better at business than the US IT industry.

But there's far more to life than business. The identity architecture proposed for the UK will become a defining part of the architecture for social, civil and political life. It will affect how we feel about ourselves, others and the state as well as how well the economy works and our role as consumers in it.

So, Jamie, can we consciously broaden the basis you use for “Reference Architecture” to include the full panoply of the human condition. As we discuss the Laws let us remember we need principles that work for all. Imagine having to explain or justify them to artists, religious leaders, people caring for the needy or elderly . It doesnt make it easier, but that's the scale of the problem we face. If anyone doubts this please look at what is happening in the UK

William is right – to be successful for anyone, the identity system must embrace and provide benefit to everyone – implying great diversity. This in turn means we need architectural principles that reach well beyond the enterprise. I know Jamie will be the first to agree, so it will be interesting to see if he thinks he has already built counterbalancing recognition for digital life of the consumer into his reference architecture.

Interesting Research from the Ponemon Institute

Governor James sent this link to consumer advocate Jordana Beebe's advice for companies that collect information from customers.

Which reminds me about an interesting article by Larry Ponemon for Computerworld on the “Top 5 privacy issues for 2005“.

The Ponemon Institute has surveyed “thousands of individuals on a variety of issues affecting their privacy, from a universal credentialing system to Internet ads that use personal information to target prospective customers.” I think this type of work is very important – it helps us ground our thinking in real qualitative and quantitative analysis. I'm going to learn more about Larry's research.

Larry reports:

  • most people are willing to use biometrics because of convenience
  • three quarters of those interviewed think a single verification system (from a bank or the post office) would simplify login
  • people are worried about unauthorized access to their data
  • people who fly are willing to trade privacy for safety

I take these readings as gauging present thinking among the American population, and therefore consider it to be important. But I also know that most people know a lot more about some of these issues than others.

People who fly understand the tradeoff with privacy. But most people haven't really thought about what the implications of a single verification system would be. So to really predict what they will think about such a system in practise, it is necessary to establish their opinions on a whole series of related issues. I don't know if Larry has done this, but I would like to find out.

Larry achieves this additional depth in the final page of his article, where he shows convincingly that consumer trust has a dollar value. He analyzes consumer willingness to share data as a function of their rating of the trustworthiness of the entity they are dealing with – and looks at these dynamics over time. He then posits a hypothetical marketing campaign and demonstrates that a top-rated organization in terms of its approach to privacy could achieve significantly higher results for a given investment. This attention to the evolution of his subjects’ thought over time, in conjunction with stratification of privacy reputation, is a great example of the kind of thinking that could help people who only casually think about identity issues understand the deeper dynamics.

Laws versus Principles

It is also fascinating to see Craig Burton discussing with Jamie Lewis on the question of whether we should be using the word “Principles” rather than “Laws” to understand the dynamics that bound the design of the mega meta mojo moma backplane (“mojo” thanks to Eric Norlin). Craig responds:

I think that Kim rasing his discussion to one of a set of defining laws instead of arcitecture principles is totally apporpriate.

Later, discussing Chris Ceppi‘s comments on a “Rule Set” (Chris is a thoughtful person from Ping) he concludes that “Laws Rule“.

I defer to Jamie and Craig – watching them discuss something like this is like sitting in the front row at a tennis match between consummate professionals. They are both helping me understand the issues.

Over the top

Craig Burton has been turning up the volume recently. His recent comment on the sixth law struck me as “right on”:

My take on this law is that Kim is proposing an identity system that transcends the boundaries that we normally think about when considering any service-based system. According to the sixth law, it needs to include both the channel of communications between two machines and between the user and machine. In essence a dual channel identity sytem.

A dual channel identity system is over the top. It is hard to think about let alone concieve and create.

Yes, it is hard. It's hard to conceive what it means. And it is hard to create. But if we want to get to the identity Big Bang, we have to go for it. I mean as an industry.

Craig continues:

Now I am also really curious on how this system will actually work. It would be tough enough to be a dual channel system in a single environment. But proposing that this system be cross-platform (see law number five) is almost too much. The technical and political issues to be overcome with this 7-point-system seem overwhelming. I have concerns about how all this is going to happen. But my concerns are probably unfounded.

Yeah. That's what makes this exciting.

This call is being recorded for recalibration purposes

I have long been fascinated by the way information technology is distorted by the economics governing its dissemination and commoditization. For example, I think our concepts of digital identity are profoundly affected by the fact that the mainframe era, in which organizations could afford computers while individuals couldn't, preceded the era of personal computers. The result was that the initial paradigms of digital identity (which permeated the thinking both of organizations and of individuals) emanated from the point of view of the organization, not the individual. It will take… a while… to reach a “recalibration” – in which there is a more balanced relationship between individual and organizational identity.

William Heath reports a fascinating example of potential recalibration of technology relations between customer and commercial entities:

Tom S points out a new service which might further help restore the balance of power between Winston Smith and the forces of darkness….it's called Registered Call. The founder, David Hume, says

Six months ago I launched Registered Call Ltd, a call recording service and
an online Consumer Complaints Resolution Mechanisms (CCRM) developed
primarily to assist consumers experiencing redress difficulties: Users dial
an access number and then, when prompted, the number they want to call. A
message notifies the called party the call is being recorded.
Users can later access their recording from the website and unite with
others who dial the same number.

I feel this service could be offered as an open source middleware technology
to all intermediaries within the consumer feedback/complaints industry…

Sounds pretty cool. Could Registered Call bridge the “digital divide” issue which UKFeedback will inevitably face? Is it appropriate to use direct recordings of calls to prove service quality points in a constructive way that leads to change?

Quite probably.

Is unambiguous communication possible?

Eric Norlin‘s post about the sixth law asks an interesting question. For those with more than one thing to think about in life, let me restate the law for you:

The Law of Human Integration

The universal identity system MUST define the human user to be a component of the distributed system, integrated through unambiguous human-machine communications mechanisms offering protection against identity attacks.

Eric says:

Of course, being “unambiguous” in that context would be a little tough. Which leads me to my question: i guess i'm hesitating at “unambiguous” – kim how are we supposed to get “unambiguous” about the ceremony of human-machine interaction? Isn't it the ambiguity that has always led to the creativity of unexpected consequences? (the internet, podcasting, nascar, napster, etc) By mapping out ambiguity, aren't we also putting rigidity into a relationship that -by its very history and nature – should be a little ambiguous?

or am i missing something?

I should have made it clear that I'm not commenting about machine-human interfaces in general. I am talking specifically about human-machine communication with respect to the identity system. I totally agree that ambiguity has sometimes led to creativity and unexpected consequences. But we don't need unexpected consequences when figuring out who we are talking to or when revealing personal identification information.

So now the question becomes one of whether we can achieve very high levels of reliability in the communication between the system and its human users.

Last night, flying to the Open Group conference on Identity Management, United Airlines gave me a set of headphones, and I stumbled onto channel 9 – which carried the conversation between the cockpit and air traffic control. Now the conversation on this channel is very important. And technical. And focussed. Participants don't talk about their love affairs or political beliefs – all parties know precisely what to expect from the tower and the airplane – and as a result, even though there is a lot of radio noise and static, it is easy for the pilot and controller to pick out the exact content of the communication. And when things go wrong, the broken predictability of the channel marks the urgency of the situation and draws upon every human faculty to understand and respond to the danger. The limited semiotics of the channel mean there is very high reliability in communications.

And that is exactly what must happen in the human-machine identity interface. We'll come back to this.

Laws of Identity in Korean

ChangHee Lee has written to say he has translated the Laws of Identity so Korean bloggers can participate in this discussion. I think the idea of making the Laws available in as many languages as possible is a great idea.

To build a universal identity system our conversation has to cross all cultural boundaries. So ChangHee's contribution in this regard is really great news.

Motherhood principle

By the way, I forgot to say that I thought Jamie Lewis’ idea of a “motherhood test” for architectural principles was amazingly sensible. By this he means something cannot be an architectural principle if a reasonable person cannot suggest and defend a contrary position. Imagine how many bits will be saved by removing principles that fail this test from slide presentations and planning documents on a world-wide basis! Go forward, my ecological hero!

Parenthetically, this is a wonderful example of something which is unambiguously a principle, rather than a law. It doesn't represent a real-world dynamic bounding a system design. It is more a statement of fundamental intellectual hygiene – like Einstein's principle that things should be made as simple as possiblebut no simpler.