Like many people in the web world I spend some portion of my time puzzling about identity. It seems to me there are a number of issues that are getting lost in the discussion.
For example: we spend a lot of time talking about single-sign-on, but sign-on does not exist in a vacuum. The parties (often quite a few) that adopt various roles in the sign on ritual are entangled in more durable relationships. We have lots of words for this. “Account” for example, but there are lots: marriage, profession, citizenship. The discussions on identity would be well served if people focused more on these relationships.
The discussion would be quite different if we the topic was single-relationship rather than single-sign-on.
In stark terms relationships are about roles. The language is rich in terms for blocking out these pairs: husband/wife, boss/employee, brother/sibling, friend/friend, client/server, buyer/seller. Much of the discussion about identity systems is about intermediating who will be allowed to adopt the rights and privileges of one of these given role. Most of the discussions of identity systems glosses over that both parties must be first class citizens in the discussion. For example that privacy is not just a concern of customers, but also a concern of firms.
The discussion would be quite different if we were discussing firm-privacy rather than customer-privacy.
While many relationships are colored by a dominate/subordinate dialectic modern relationships are significantly more respectful and so to speak peer to peer. The discussion would be quite different if we were focused on that trade-off.
It is traditional to point out that status is associated with the assumption of roles. People figure out who you are by what roles you occupy. All those role names: father, client, seller, sibling, employee are examples. So are all the various professionally certified roles like: Dr, PHD, high school grad, convicted felon. In traditional societies, almost by definition, labels are more highly durable than in modern society where you might be a car salesman one month and a high school teacher the next. American have a story we tell our selves about treating these labels lightly. Economists have a name for this, labor flexibity.
One way to improve our discussions of identity is to draw in the issues of how dynamic and pliable the roles are. That is, of course, deeply connected to issues of how sticky the business models are.
Assuming a role is rarely simple. You don’t get to lead unless others follow; in fact you can’t even follow if you can’t find somebody willing to lead. This creates plenty of ambiguity. One might say: “Yeah, let’s go out to lunch.” as a tentative ambiguous attempt to to capture, at least temporarily, the role of leader. Most relationships and most roles are extremely tentative, implicitly, and pliable. That flexible implicit nature creates freedom for the participants. A flexibility at a very small scale that is directly analogous to the American economy’s flexible labor pool on the large scale.
To me though the important thing about the nature of the flexibility is that the roles are always caught up in a fog of implicit vs explicit facts. If we tentatively allow somebody to adopt the role of leader for a period, and if we leave that implicit then that reduces assorted risks. The risk to him of being embarrassed when we tear down that role, for example. The risk to those who follow him: of the shame of disloyalty when we stop following. An highly implicit role assignment reduces the costs of backing it out when we will discover that he’s not effective. Overall the risk to the enclosing institution when it needs to flexibly re-balance who’s leading what where. Of course leaving implicit is likely to be less efficient than tightening up a clear hierarchy. Leaving things implicit is likely to have higher coordination costs.
Yet again, the discussion of identity systems would be different if it were framed in terms of how can we manage the balance between the implicit and the explicit in our many relationships. Remaining blind to how critical the implicit is in most relationships does huge damage to most discussions about the “identity problem”. Very few identity systems designs put any design effort toward this problem.
Few, if any of these relationships exist in a vacuum. For example my employee/employee relationship is a nest of Russian dolls with one relationship with my boss that has some implicit/explicit stuff going on, that nests inside one with my business, my firm, the legal institutions of various political states, and finally those of the culture. Russian dolls doesn’t begin to do it justice. There are overlapping sets: my profession, industry, local-economy, family traditions, … For example the role of self-employeed, entrepeuer, academic, politian, and many others tends to run in families. Presumably the craft knowledge and social capital get’s passed down.
That these standards or institutions intermediate all relationships and roles makes the whole system significantly richer. The identity standards movement is both focused only on the explicit, but also is naive in failing to grasp that it competes with and threats to displace these existing standards and institutions.
All in all it’s a messy problem and teasing out a solution will take time. It is becoming more common for people in the identity discussion to talk about data as a driver of value. That if we can achieve some standardization (i.e. overcome the social engineering problems outlined above) then we can capture some of the efficencies that letting data move about that is currently hard to get at.
For example I recently refinanced my home. This tedious task requires providing the lender with access to selected data from a dozen different roles I occupy: my citizenship/taxes, my wealth/bank, my income/employeer, etc. etc). In the fantasy world of the future, when the identity problem has been resolved, I will be able to do all that revealing with “the touch of a button”.
Hopefully the preceeding begins to help the reader see why the privacy problem is so subtle. When people talk about privacy they are talking about all the above. Privacy informs the single parties and the single relationship. My bank and I for example our private data. The relationship is not an open-book. I don’t tell my bank that I think their new branch office is lame. They don’t tell me that they think I’m a grade AA customer because my overdraft habits makes me highly profitable. Privacy also means that something about how data is allowed to flow, or leak, from one relationship to another. My bank tells a very selected amount of information to the governments I pay taxes too and to various associated industries (i.e. the credit rating firms).
More interesting, at least to me, is that privacy is also about the implicit/explicit nature of roles. That keeping information implicit is a form of privacy. That even when you make something explicit with a given relationship that keeping it private to that relationship is a key bit of privacy that allows it to be renegotiated over time. That privacy is intimately entangled with the flexiblity to adapt, and that flexiblity and locality helps to temper the loss of efficency that implicit suffers compaired to explicit.
To summarize there are a few aspects of the idenity problem that I think deserve a louder voice in the discussion:
- relationships
- roles
- standards and institutions of various kinds of roles and relationships
- the value the implicit vs explicit
- flexiblity vs efficency of relationships
- the different kinds of privacy
- overlapping of institutional frames, vs their nesting hierarchy
- the tension or competition between various institutions and standards
One single relationship? I doubt it.