Laws as Gestalt

Cool Don Box has called the Laws a Gestalt: a structure, arrangement, or pattern of physical, biological, or psychological phenomena so integrated as to constitute a functional unit with properties not derivable by summation of its parts. An interesting observation as usual.

The Seventh Law

Many participants in this discussion have talked about how “identity is contextual”. The extreme argument is made by Scott C. Lemon, who posits in his second axiom that “identity does not exist outside the context of a community”. And Jamie Lewis has said “Context is Everything” when rapping on the Fourth Law (er Principle) of Identity. He gives some good examples, too:

I’m an audio/video enthusiast (my wife would say freak), so I’m a member of the Audio Visual Sciences Forum. I self-asserted my identity when I signed up, and that’s fine for the AVSForum. As long as I play by the forum’s rules, the folks that run the forum are fine with me being around using whatever identity I’ve established for myself. The reputation system inherent in the AVSForum takes care of many governance problems. The forum’s moderators and administrators step in with full authority when they have to.

But will self-assertion alone work for my bank? Hopefully not (or I need to change banks). Yes, the AVS Forum could rely on the identity my bank issues, but I might not want to use such an unambiguous (and valuable) identity in that social context. And why should AVSForum do that anyway? The cost could well outweigh any benefits it may gain. Once you get past registration, you get to the differences in policies (credential type and strength), attributes, and the management systems necessary to propagate and use identity in each of these very different contexts. In large part, these things must be need-driven, and one size will not fit all…

In other words, identity is the most contextual element you can possibly imagine; in fact, all social interaction is highly contextual, especially online. Who we choose to be, what of ourselves we choose to share, what faces we choose to show, depend entirely on the context in which we’re operating.

It stands to reason, then, that domains of activity will emerge, and they will have their own identity mechanisms, probably their own identifier, which will be unique and appropriate within the context of that given domain.

Several of the Laws of Identity capture the objective constraints implied by these observations. The Third Law talks about limiting the disclosure of identifying information to “parties having a necessary and justifiable place in a given identity relationship.” That relationship is clearly a context. The Fourth Law explains why a metasystem should be able to support “unidirectional identitifiers” for use in private relationships, which again are specific contexts. And the Fifth Law states the need for a pluralistic metasystem in which different technical systems run by different parties must coexist, again for use in appropriate contexts.

But now let's get a bit more concrete. Let's project ourselves into a future where we have a bunch of contextual identities. I'll carry on where Jamie left off and pick an arbitrary set of identities that seems pretty convenient:

  • browsing: a self-asserted identity for exploring the web (giving away no real data)
  • personal: a self-asserted identity for sites with which I want an ongoing but private relationship (including my name and a long-term email address)
  • community: a public identity for collaborating with others and bloggling (includes my community name and its long-term email address)
  • professional: a public identity for collaborating issued by my employer
  • credit card: an identity issued by my bank
  • citizen: an identity issued by my government

Things might be pretty simple if everyone chose the same set of identities that I use. But of course they don't. Jamie doesn't use a self-asserted personal identity. My brother's employer doesn't issue professional identities. Marc hasn't applied for a citizen identity, and doesn't plan to. So we have a mishmash of possibilities for identifying ourselves.

Now, you are not going to believe this, but this mishmash is good. It is in accordance with our diversity. We don't need to freak out about it. We need to accept it.

How do you deal with diversity?

Let's begin by assuming that diversity does not present a technical problem. I know this will be a stretch at first, but bear with me until “tomorrow”: let's look at the other issues.

The answer to which types of identity are acceptable then lies in the hands of each “relying party”. In other words, each given web site decides what kind of identities it will accept. Again, some examples will help, so I'll ofer some.

Let's start with “Kim Cameron's Identity Weblog”. What kind of identities will Kim's weblog accept? You name it – I'll accept it. Anything that works for you is fine with me – I want to get a discussion going.

On the other hand, let's say you go to a site like eBay. It may allow you to use any identity (or no identity) to window shop. But it will likely expect to see a credit card identity when you make a purchase. And if you want to post things for sale, the site may well expect you to present a community identity, something to which a reputation is attached.

We could give the example of using a citizen identity to access information about your social security contributions. Or of using a professional identity to get into a professional conference.

So two things become clear.

  1. A single relying party will often want to accept more than one kind of identity; and
  2. A user will want to understand his or her options and select the best identity for the context

Now it is necessary to consider the Sixth Law – the Law of Human Integration. This means that the request, the selection and the proffering of identity information must be done such that the channel between the relying party (e.g. the web site) and the user who is releasing information (in accordance with the First and Second Laws) is safe – and that the options are consistent and clear. Taking all of these constraints into account simultaneously (the head almost explodes) we are faced with the Seventh Law:

The Law of Harmonious Contextual Autonomy

The unifying identity metasystem MUST facilitate negotiation between relying party and user of the specific identity and its associated encoding such that the unifying system presents a harmonious technical and human interface while permitting the autonomy of identity in different contexts.

Does this sound too hard? It's hard, but I think, as you will see in upcoming postings, that our industry has the tools we need to do this. Meanwhile the cost of not having a unifying identity metasystem will continue to grow exponentially.

It was probably eight years ago now that Doc Searls took a deep look at my work on metadirectory, which I was having trouble explaining (you can see that little changes), and said:

“Kim. It's simple. We have multiple identities on multiple systems but there's no way for us to integrate them. If this were happening in the physical world, we'd have multiple personality disorder. The internet is still psychotic.”

A thought like this never leaves you. Certainly I am convinced that as users, we need to see our various identities as part of an integrated world which none the less respects our need for independent contexts.

Martin's equation

Not long ago, Jamie Lewis suggested a course correction regarding our use of the word “universal”:

When anyone talks about a “universal identity system,” my first instinct is to put my money in my shoe.

Jamie went on to point out that when I have used the term “universal identity system,” I have meant:

“… universal” in the sense of a widely accepted, highly scalable approach, applicable and usable across the diverse and wide-ranging Internet. He’s talking about enabling a truly distributed system that can bind many different applications, use cases, and identity systems into a more meaningful (but logical) whole…

Because it is so crucial, I’m concerned that some folks will interpret “universal” to mean “uber,” as in one single identity system operating on a single standard, in spite of Kim’s intention. That’s precisely what X.500, X.509, and other attempts to solve this problem are and were about. And there are some folks who just seem genetically pre-disposed to approach the problem from a top-down, if-we-can-all-just-agree-on-one-single-identifier perspective.

And sure enough, as Jamie predicted, some good people have already been thrown off by the ‘U‘ word.

Here's a comment I received from Martin Taylor. Martin is a knowledgeable thinker who says:

I am curious… as to why there is nothing in the laws that really considers the motivation (or de-motivation) to an individual or to an organisation to make use of an identity system – to the collective point where the system could reasonably be said to be universal.

The need for identity mechanisms is clear. The need for a universal identity system is not.

The point at which a given identity system is able to grow sufficiently for it to be deemed universal has to show some benefit somewhere. If participation is expected to be voluntary (i.e. assuming that there will not be a single government able to mandate identity upon enough individuals for it to be deemed universal) then, the individuals involved must perceive a net benefit to themselves.

Where: net benefit = total benefit perceived – perceived disbenefit (from difficulty of use, perceived trust in providers, etc.)

This net benefit then is a limiting factor to the size/growth of the system.

I like the simplicity of Martin's “net benefit” equation. Yet the sentence beginning “If participation is expected…”, makes me fear he is taking the word ‘universal’ in precisely the way Jamie predicted would happen… And this unfortunately and unnecessarily complicates what is otherwise an interesting discussion.

Let's try substituting the word “unifying” and see if things get any better. Martin would then be saying:

The need for identity mechanisms is clear. The need for a unifying identity system is not.

That might not lead him to the same worries about bullying national or supernational governments…

Martin's equation is a proposition which applies to almost any computer system. But it certainly provides the framework for judging the success of systems designed according to the laws of identity.

Now let's look at how a unifying identity system would provide net benefit… Which takes us to the Seventh Law.

The Fifth Law — Sun-Spot-Hot

What an image from Craig Burton. Sun-spot-hot. Let's get this meta mojo moma backplane together so everyone can get on board and chill. Craig doesn't hesitate:

On the 30th of January, Scott Lemon posted some comments about Kim Cameron's Fifth Law of Identity:

Kim Cameron posted his Fifth Law of Identity, and I was surprised that more people didn't just jump in and agree. I was really surprised that Craig Burton didn't jump for joy as the entire law parallels some of the work that Craig led at Novell years ago.

My response to the Fifth Law was a jump for joy:

A cross platfrom identity metasystem is sun-spot hot and–with the other laws being discussed here–changes everything.

Jamie Lewis went into a big explanation on his thoughts about the fourth and fifth laws. I also noted that he goes back an forth between using term “laws” and “principles.” I will just stick with the use of “laws.”

Scott, I know this parallels work I have done before. It is in line with what I have been working on for 20 years. I don't know how I can be more vocal than I have been. To be honest, one of my first reactions was just to keep quiet. But then I realized, in another post it would take a “act-of-Gates” to stop this thing.

Go Kim.

Chris Ceppi and Rule Sets

Chris Ceppi of Ping proposes the idea of a “Rule Set” to describe the Laws of Identity. The term was invented by Thomas Barnett, a strategist who has developed “a widely respected interpretation for the underlying dynamics of globalization and the way globalization causes and resolves conflict around the world.”

In his (Barnett's) view, conflicts and breakdowns occur when activity races ahead of the Rule Sets that govern that activity. This is a pattern that can be seen in the current situation with digital identity on the Internet. Many systems and practices for dealing with identity have developed organically and tactically and the resulting breakdowns include mass inefficiencies, risk to privacy, barriers to developing new systems, etc.

What Kim is developing is a language for discussing a Rule Set that can govern the ways Identity is handled on the Internet – this is an incredibly generous and ambitious endeavor. That said, I can understand the built in suspicious reaction to his use of the term Laws.

I think Rule Set works for me – and we do need Rule Sets in this area, so in my little world…Identity Rule Set it is.

Craig Burton tells us to stick with the word “Laws”. Referring to “Rule Set”, Craig says:

Not bad. I think it is weaker than laws though.

The naming of these things is crucial. I can't emphasize the importance of the use of words and developing lexicon. I still think they work best as laws.

I think it's important to seize Chris’ uber-point: that the conflicts and breakdowns which have occured in the realm of identity have resulted from activity racing ahead of an understanding and acceptance of the laws that govern it.

Simon Grice and Midentity

Simon Grice, from Midentity in the UK, now has a blog going – and promises that February is the month that he “will focus on spending a little more time actively taking part in the conversation – rather than simply listening in.” I'm making a note of that here so he can't back out!

Simon is working on “social computing” aspects of identity. Midentity recently concluded a deal with British Telecom to resell its personal identity collaboration product. And Simon is putting together a Personal Identity Summit in the UK later this month.

Technical versus Social

Archie Reed is a well known guy from HP in the enterprise identity space. Here's a post he did a while ago on the first four laws:

These seem well focused on the individual, however the laws so far ignore some of the fundamental requirements for establishing identity, being able to challenge the system and so forth. I will try to add to the discourse.

I am drawn to this discussion because there is an core of privacy management in each of these laws and I am keen to promote better privacy management in private and public organizations. Having spent many years living and working outside the US I am continually amazed at the freedom with which many US companies (and individuals) utilize what I feel should be private information for the purposes of marketing and solicitation. This is constantly reinforced by companies that require me to “opt-out” of marketing efforts (and other nefarious things), rather than choosing to “opt-in” is one example that shows the laws of identity as defined are idealistic and not aligned with business thinking (certainly in the US).

The challenge is the classic battle between business and security, or the principles of open vs. least access.

Worse, the exchange of private information is already occurring today, where organizations are gathering and exchanging information about individuals, based on unclear usage models and privacy policies. This is not something that identity management technology can easily deal with, and the overall business processes again become the focus of the discussion, not the “Technical” aspects that Kim is focused on… more specifically, Kim's ideal laws are not aligned with the real world – as much as many of us would like them to be!

On a related note, Phil Windley adds his comments to the mix at Laws of Identity and Symmetric Relationship Treatment

I believe that much of our talk about identity, and about privacy, is confounded by our collective myopia concerning relationships, or data about how identities are linked. When we look at it from just one side, we're likely to mistakenly build systems that asymmetrically protect relationship data. These systems are inherently unfair and thus prone to controversy. So, I'll add something that I think needs to be in Kim's laws:

  • Treat Relationship Data SymmetricallyRelationship records (i.e. records that link one or more parties) MUST be treated symmetrically for the identity system to be fair.

I do not believe this is correct.

What is missing in both these threads is context, both in terms of the conversation and the assumptions made about how identity data is used. In fact, Phil's examples allude to context, but miss the follow-through in logic when Phil talks about how a transaction is _jointly owned_. The reality is that while the transaction may be jointly owned, there are different expectations, policies and ultimately “context” for each party of the transaction similar to any supply chain model. Specifically the challenge I see is that jointly owned does not translate to common expectations or understanding – that being another one of the challenges.

Phil talks about the need for both parties to be treated symmetrically, essentially basing their usage on the same principles. This is not the way the real world works, nor is it a reasonable expectation. What is real-world is that context defines how these relationships work, and context is different for each party. While it may make sense for B2B type trusts to be symmetrical, it is not the same for a B2C, C2C, B2E or any other X2Y type of trust. That relationship is only one part of the context. Other data points that improve and clarify the context include the data each party has on the other, including how the relationship was created, who has agreed to what and for how long (e.g. terms of usage, privacy policies, customer service agreements), social conventions and expectations . My point here is that while there are numerous technical aspects to the relationships, there are also many parts of the relationship based on agreements, expectations and experiences, something rarely captured in identity management systems.

So I would say that what is really missing is the political or social aspects of identity. Kim talks a great deal about technology, however as anyone involved in identity knows, identity management is one of those disciplines where technology is less then half the challenge – we can argue what the percentages are later…

ACLU Pizza Memeflow

Everyone has has been telling me about Jon Udell – and how cool he is. Well, today I came across his amazing weblog:

A couple of days ago my sister cc'd me on the ACLU Pizza movie — a digital identity nightmare done as a Flash animation. “Very interesting,” she wrote to her friends, “and probably not too far from the truth.” I'd seen this movie a while back, so I pondered for a moment about the ongoing effect it might be having and then moved on. Then today it came back to me, via Phil Windley, via Kim Cameron, via Future Salon. I wondered how this particular meme has been flowing through the collective mind. So I took a picture of that:

The chart measures the number of citations per day on and bloglines, omitting the (majority of) days on which there were none. I'm curious to see what the new spike will look like.

More generally, I'm interested in how visualization of memeflow will affect memeflow. From the ACLU's perspective, charts like this will doubtless become part of the dashboard used to measure the performance of campaigns — if they aren't already. But the memeflow data will also matter to folks like Kim Cameron, who is Microsoft's identity architect. He writes:

This is a battering ram for knocking over any system embodying disrespect for identity's laws. That might prompt some to just take it “as propaganda”. But anyone who did that would be missing the point. Micah's piece is a harbinger of what is to come should we, technologists, not succeed in understanding our own subject matter. [Kim Cameron]

Exactly. But going forward, it won't be enough to simply possess that understanding. The would-be architects of our digital identity future will also have to communicate their understanding in compelling ways.

Jon is right. Memeflow data will matter to folks like Kim Cameron. Wow. I'm just trying to get my head around this.

In terms of Jon's comment about communication, I'll go a little further than he does.

A couple of days ago Jamie Lewis had me rolling with this parenthetical comment – executed with unassailable “en passant” perfection:

Kim sums this up in a breathless reply to Doc Searls and others in his introduction to the fifth law (it’s a long sentence, and you may need to open a window after parsing it)

So funny and so true. After all, as a technology architect I spend a lot of my day in an internal conversation where there aren't even words yet. And sometimes this shows.

That's why to do something like a unifying identity system that is respectful of the people who use it, we need not just architects, but a whole bunch of creative thinkers with a wide range of talents – especially communication – people like Jon Udell. To pick up Marc Canter's term (he seems to come out with some good ones), we need a lot of talented people riding the identity “avalanche”.