Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Identities are brittle but crystal clear - update

A year after the demise of Cardspace, and there is still no consensus as to why it failed. In fact I'm not sure that the IdM community even acknowledges there's a real question there. My politically incorrect position is that the problem lies in the very idea of an Identity Metasystem. Do we really need such a thing?

The Identity Metasystem tries to solve stranger-to-stranger "trust" (as did Big Fat PKI in the 1990s) and seeks to allow parties to confirm one another's unanticipated identity assertions.

These are almost academic problems. By far the most economically important transactions on the Internet occur between parties that have in fact anticipated the assertions of interest and have put risk management systems in place. What's more they already have a "metasystem" too -- it's called the law.

Payments, health care, share trading, employment etc. all take place within overarching risk management arrangements, with specific enrollment, credentials, terms & conditions, and liability allocations established in each community of interest, either under contract or under sector-specific laws and regulations. The analysis and design of business transaction systems anticipates the risks peculiar to the environment concerned, and puts in place protocols and rules for participating. Parties in these different transaction contexts know precisely where they stand. They know their roles & responsibilities before they transact, even before they've installed whatever software and authentication devices are stipulated by the transaction service provider.

The price we pay for this crystalline certainty is that our different identities are brittle. They are highly context dependent, which is actually what the Laws of Identity teach us.

On the other hand, the more utopian federated identity initiatives try to bend those identities, in the hope that a smaller number of IDs will suffice across multiple contexts. But form follows function, and the more specialised an identity, the more it will resist being bent to fit another purpose.

Posted in Identity