Re: [projectvrm] Bots for VRM

[Peter Cranstone < >]

Joe.

>> You *cannot* digitally encode an identity. That's my point.

Ok. 

>>  You can encode identifiers and attributes,

OK. Then please supply an example. Exactly what data are you going to supply a vendor when you intent cast? And exactly how are you going to communicate that data? Is this a JSON file over JLINK?

>> Bits can be wrong. They can be falsified. They can be out-of-date. They can be of the wrong type.

Really - so you can falsify my bio data in real time. My fingerprint is no longer my fingerprint? Then whose fingerprint is it? How can they be the wrong type when you supplied it? How can my fingerprint be out of date? There are hundreds of millions of smartphones out there that use bio information to conclude a sale or access a bank account. Are you saying that this approach is no longer viable?

Next set of questions - what is your description of Identity, what is your description of an Identifier, what is your description of an attribute. Is this all 'digital' or something else.

>> Nothing I've seen to date has demonstrated it meets the needs for the constituencies who would depend on it.

What have you see and where does it fall short?

Now take all of the above and relate it Ian's post on JLINK yesterday. Specifically Slide 11 where I transmit intent data - exactly who is the vendor interacting with? Here's a link to the PDF...http://www.jlinclabs.com/wp-content/uploads/2016/11/Customer-Driven-Leads-VRM-Day-Demo-24th-Oct-2016.pdf

Are you going to be using the schema in Slide 9. Supposedly this is where you can completely remove the vendor from knowing who you are but you have to supply the general location of where you are? (And where does that data come from?)

And finally how does this beat all of the established e-commerce sites where you simply login, and buy what you want. I simply can't imagine rebuilding all that infrastructure to support a sale when there's a perfectly good system already in place. 

Peter Cranstone

Sent with ProtonMail Secure Email.

-------- Original Message --------

Subject: Re: [projectvrm] Bots for VRM

Local Time: November 8, 2016 1:45 PM

UTC Time: November 8, 2016 8:45 PM

From:

To: Peter Cranstone < >

Much editing for brevity.

On Tue, Nov 8, 2016, at 09:36 AM, Peter Cranstone wrote:

Joe Andrieu wrote:

>> My identity is how I am seen and known by the world, and it exists, in its core, in the minds of those who see and know me.  All I can do is influence it. I can neither control it nor represent it in bits. <<

 

If you can neither control it nor represent it in bits, then by your own words, it cannot be coded. I don’t think that’s what you meant to say. I think you meant to say my Identity is a combination of my Identity and or Identifiers which are communicated as required by the context that i'm interacting with.

This is the language gap. You *cannot* digitally encode an identity. That's my point.  You can encode identifiers and attributes, but "identity" is more than the set of identifiers and attributes encoded in some system. Any system that treats identity as if it were things represented as bits is going to fail to meet the requirements of a real identity system, which *must* be based on the processes and mechanisms used to correlate individuals across contexts, including:

1. processes of correction when the bits are in error

2. processes of escalation when the system fails to perform as intended, i.e., when no interface addresses the failure

3. processes of elevation when correlation is ambiguous relative to the requested privileges

4. processes of evolution when the foundations of correlation shift

5. processes of bootstrapping new individuals into the system

6. processes of substitution when components of the system fail to provide services

7. mechanisms to prevent undesired correlations

Bits can be wrong. They can be falsified. They can be out-of-date. They can be of the wrong type. They can be unavailable because the subject isn't in the system or because part of the system is down.  All of these failure modes don't change the nature and fact of one's identity, they only describe demands on a system that MUST be robust in the face of these failures.

Networking existed LONG before the Internet. What the Internet did, and the reason it has proliferated and become the dominant network in the world is because of its robustness in the face of failure.

If you're going to claim *any* technology provides an Internet identity layer, you'll need to demonstrate a similar robustness in the face of failure.

IMO, simply adding encrypted headers to HTTP doesn't do that.

>> What we can do is describe how systems manage correlation, either enabling desired correlations or preventing undesired correlation <<

 

Yes, you could. However, this requires MY Identity/Identifier data in real time to make the correct decisions based on local/regional/country laws and context.

 

>> If we do that, we don't need to create "an identity layer" we can build systems that have understandable and appropriate methods of correlation. <<

 

No you can’t – they need real time Identity/Identifier information for correlation and local/regional/country compliance and context.

This is the language gap. Identity is not identifiers.  Treating it as such will lead to further confusion and poorly engineered, incomplete solutions.

 

Bottom line Joe – you’re going to transmit REAL-TIME bits (GDPR: Article 3, Clause 2) because neither Web servers or Human Observers are mind readers – they need the appropriate data to be compliant. And that data is going on the wire somehow.

Yes. But these bits are not identity. They are at best credentials, sometimes just identifiers, and other times unverified attributes.

 

After that it will come down to two things:

1. Execution/Adoption by the consumer (think behavioral change here)
   
2. Money
   

Either the VRM ecosystem creates tangible P&L value or it doesn’t. 

Pie is never free at the truck stop no matter what anyone tells you.

I'm not talking about adoption or execution or the "VRM ecosystem". 

I'm talking about whether or not any current or proposed Internet identity layer meets the requirements of "identity". I stand by my earlier assertion. Nothing I've seen to date has demonstrated it meets the needs for the constituencies who would depend on it.

-j

--

Joe Andrieu, PMP

">

+1(805)705-8651

http://blog.joeandrieu.com