I’m writing this from the audience of Bob Blakley’s Data Sharing Summit session (which he also gave yesterday at the Internet Identity Workshop) on The Relationship Layer. It’s based on a paper he and his colleagues Gerry Gebel and Lori Rowland written for the Burton Group (but not published yet – Bob says look for his upcoming “world’s longest blog post”). This will be followed by a session the Higgins Project that will demonstrate a new form of information card called a relationship card (r-card).
The driving point of Bob’s session is that the ultimate purpose of identity technologies is to enable relationships. Bob’s thesis is that when you look at it this way, the current paradigms of Internet identity infrastructure — both the “federated” paradigm and the “user-centric” paradigm — need to evolve into a relationship paradigm.
In this paradigm:
- Relationships should be “nodes not edges” in the social graph, i.e., they should be first class objects in the graph rather than just arcs connecting the nodes representing people and organizations.
- Identity should always be in a relationship context.
There are two reasons for constraining this use of identity to a relationship context:
- To set the rules for the relationship.
- To provide accountability.
Bob makes several other key points:
- This approach shifts the privacy discussion from rights — which Bob says is “poorly supported by current law” (at least in the USA) — to contracts, which are voluntary obligations into which the parties to the relationship enter.
- Relationship objects provide a new form of protection and accountability because they “wrap” identity data inside a container that makes it much clearer who is authorized to do what with that data.
- This relationship container is a much easier way and more effective way to deal with data rights issues than DRM.
Bob goes as far as proposing the conceptual structure of a generic relationship object. The basic parts are:
- Participants, who make Consents and Promises and share Claims
Each participant to the relationship chooses the role(s) they will play, the consents they give, the promises they make, and the claims they share. (Those of use drinking the XDI koolaid will immediately recognize this as the essential ingredients of XDI link contracts, but more clearly articulated at the social level.)
Another consequence is how this shifts the role of identity providers in both the federated and user-centric models. For example, Bob asked a new identity provider in the latter space, “What are you selling?” The answer should NOT be “identity”. The answer should be, “relationships” – specifically high-quality relationships for low cost.
Eve Maler commented: “I’m really happy to see arrows pointing in both directions (i.e., to both parties in the relationship) so both parties participate in a relationship and both can ‘give and get’.” Bob gave a big high-five to this and it set him off on his “rant on user-centric identity”, which in a nutshell is that the “asset” that is a relationship is a joint property that benefits both parties. “Enterprise-centric” identity systems emphasize giving control to the enterprise. “User-centric” identity emphasizes giving control to the user. But both are, as Bob puts it, “forms of abuse”, i.e., neither one emphasize the relationship and therefore the mutual trust, which should really be the Sun at the center of an Internet identity system.
So instead of “Identity 2.0”, we should we call it “Relationship 2.0”.
Bob said is that there is a great instantion here of permission marketing. Comparing this to traditional email list marketing, he said: “What you want is not to have the world’s greatest collection of email addresses, but the world’s greatest collection of relationship contracts in which the users actually want to hear about whatever the vendor wants to communicate about.”
Another quote from Bob: “Sociability works much more from accountability than it does from authorization.” The example here was access control lists for social data on social networks. Bob argues that lengthy access control lists are not only a bother to users but don’t recognize the much more powerful “social contract” that is based on expectations and accountability, i.e., “a real friend of mine will not share my information in a way that might harm me, and if they did, they know how I will react”.
Net net: I think Bob’s thesis is the Copernican Revolution of the Internet identity industry. I’m sure it will a major theme of my posts in the months ahead.
But my very next post will be about the next session (once it’s over) that follows directly from Bob’s thesis: relationship cards.