Much editing for brevity.
On Tue, Nov 8, 2016, at 09:36 AM, Peter Cranstone wrote:
Joe Andrieu wrote:
>> My identity is how I am
seen and known by the world, and it exists, in its core, in the minds of those
who see and know me. All I can do is
influence it. I can neither control it nor represent it in bits. <<
If you can neither control it nor
represent it in bits, then by your own words, it cannot be coded. I don’t think
that’s what you meant to say. I think you meant to say my Identity is a
combination of my Identity and or Identifiers which are communicated as required by the
context that i'm interacting with.
This is the language gap. You *cannot* digitally encode an identity. That's my point. You can encode identifiers and attributes, but "identity" is more than the set of identifiers and attributes encoded in some system. Any system that treats identity as if it were things represented as bits is going to fail to meet the requirements of a real identity system, which *must* be based on the processes and mechanisms used to correlate individuals across contexts, including:
1. processes of correction when the bits are in error
2. processes of escalation when the system fails to perform as intended, i.e., when no interface addresses the failure
3. processes of elevation when correlation is ambiguous relative to the requested privileges
4. processes of evolution when the foundations of correlation shift
5. processes of bootstrapping new individuals into the system
6. processes of substitution when components of the system fail to provide services
7. mechanisms to prevent undesired correlations
Bits can be wrong. They can be falsified. They can be out-of-date. They can be of the wrong type. They can be unavailable because the subject isn't in the system or because part of the system is down. All of these failure modes don't change the nature and fact of one's identity, they only describe demands on a system that MUST be robust in the face of these failures.
Networking existed LONG before the Internet. What the Internet did, and the reason it has proliferated and become the dominant network in the world is because of its robustness in the face of failure.
If you're going to claim *any* technology provides an Internet identity layer, you'll need to demonstrate a similar robustness in the face of failure.
IMO, simply adding encrypted headers to HTTP doesn't do that.
>> What we can do is
describe how systems manage correlation, either enabling desired correlations
or preventing undesired correlation <<
Yes, you could. However, this
requires MY Identity/Identifier data in real time to make the correct decisions
based on local/regional/country laws and context.
>> If we do that, we don't
need to create "an identity layer" we can build systems that have
understandable and appropriate methods of correlation. <<
No you can’t – they need real
time Identity/Identifier information for correlation and local/regional/country
compliance and context.
This is the language gap. Identity is not identifiers. Treating it as such will lead to further confusion and poorly engineered, incomplete solutions.
Bottom line Joe – you’re going to transmit REAL-TIME bits (GDPR: Article 3, Clause 2) because neither Web servers or Human Observers are mind readers –
they need the appropriate data to be compliant. And that data is going on the wire somehow.
Yes. But these bits are not identity. They are at best credentials, sometimes just identifiers, and other times unverified attributes.
After that it will come down to
two things:
Execution/Adoption by the consumer (think behavioral change here)
Money
Either the VRM ecosystem creates
tangible P&L value or it doesn’t.
Pie is never free at the truck
stop no matter what anyone tells you.
I'm not talking about adoption or execution or the "VRM ecosystem".
I'm talking about whether or not any current or proposed Internet identity layer meets the requirements of "identity". I stand by my earlier assertion. Nothing I've seen to date has demonstrated it meets the needs for the constituencies who would depend on it.
-j
--
Joe Andrieu, PMP
+1(805)705-8651