Interoperability slides off the tongue as a must-have in identity systems but is it really self-evidently a good thing? It might seem politically incorrect but I think the answer is no, not in all circumstances. Too often the term “interoperate” is used casually, without any finesse or qualification.
Imagine an inventor going to a bank with a gadget that would enable the bank’s plastic cards to “interoperate” with a range of third party services, so that cardholders could avail themselves of new services, all based on the bank’s identification of those individuals. How would the bank respond? The first task would be to carefully examine new risks created by the cardholders accessing new (and only loosely specified) services. If a bank’s relationship with its customers was going to be parlayed into new arrangements with additional parties, the bank would want the details. This is not to mention the legal nitty gritty of working out how extant cardholder agreements could be modified to accommodate all sorts of new usage, and overcoming the constraints in today’s cardholder agreements which expressly limit how “identity” is used.
These un constrained analysis tasks don’t seem doable; the risks of the unknown cannot be characterised. And therein lies the fatal flaw of so many federated identity proposals: they take us into uncharted risk management waters. Some proposals hold out the promise of new revenue streams for banks if they recast themselves as “Identity Providers”, but throw money into the mix and the legal issues only get more fraught.
Those much derided identity “silos” that so many instinctively want to bust open are actually carefully construed risk management arrangements. They represent closed business relationships, not simple “identities” (elsewhere I have argued that identity silos have actually evolved in real world business ecosystems, such that risk management arrangements are a close fit for threats and risk appetites in particular circumstances). Breaking open these silos is an incredibly complex exercise, and is probably unbounded.
It’s not for nothing that we call identity domains “silos”. I wonder when and why silo became a dirty word in our business. Grain silos are wonderful things: architecturally elegant, strong, and protective. They are critical infrastructure for farmers, and much admired landmarks on many a rural landscape.
Let’s follow the “silo” metaphor a little further with a thought experiment about real silos. Imagine a wheat farmer being approached one day by their corn-growing neighbour with the following proposition: In the name of efficiency, let us break open, connect and share our grain silos.
No farmer would give this idea a moment’s thought; they would reject it out of hand. If the corn grower needs more capacity, it seems very obvious to me that instead of re-engineering the entire storage and handling system, and striking up new arrangements with all customers in anticipation of the new risks, it would be simpler, cheaper and quicker to just build another silo!
See also “Breaking down identity silos is harder than it looks”.