Posted 10:57 PM (0) comments

Another violent agreement

Kim replied to my earlier post with a thoughtful piece. First, let me say, the allusion I made to the RIAA was that they wish to ban tools - it's so much easier than collecting evidence of illegal behavior.

And I took Kim at his word when he talked "about the need to prevent correlation handles and assembly of information across contexts..." That does sound like "banning the tools."

So I'm pleased to say I agree with his clarification of today:

"I agree that we must influence behaviors as well as develop tools... [but] there’s a huge gap between the kind of data correlation done at a person’s request as part of a relationship (VRM), and the data correlation I described in my post that is done without a person’s consent or knowledge." (emphasis added)

We need sophisticated data correlation tools, tools which can discern our real desires from our passing whims and organize our quest for knowledge, experience and - yes - material things in ways which we can only dream about now. By all means let's punish and abjure bad or anti-social behavior. But let's not stigmatize the tools that the miscreants pervert to their own unethical purposes.

And I think we can say that those who purchase barbells, and only barbells, at Canadian Tire are thoughtful, erudite gentlemen of the old school... :)

Labels: attention, DRM, Laws of Identity

Posted 1:52 PM (0) comments

Identity-centric

Pam Dingle has a bit of a rant today about the term "user-centric." Well, not about the term itself but about people's desire (e.g., the entire Burton Group) to get away from it.

"Sure, there are a few blind worshippers of the cult of user-centric out there, but I firmly believe that common sense has to win out in deployment scenarios, and that various technologies should and will be used where applicable to solve problems. "

"If, on the other hand, all this is about is finding a positive, all-encompassing touchy-feely name to give to the systems-formerly-known-as-user-centric so that isn’t all about conflict, fine — pick a new name already. I only ask that if you’re going to diss the current buzzword, can you please at least supply an alternative suggestion. Otherwise we end up in limbo where nobody wants to use the old term, but nobody has a new term either, making us all look like indecisive idiots."

I think it's about more than just a term, more than just a feel-good quality, Pam. The "User-centric" term was coined, initially, to try to differentiate internet-based individual identity protocols from those used within the enterprise. But it's really all identity, and there doesn't need to be a distinction. That's why I wrote, last month, "Why there's no 'user-centric' or 'enterprise-centric' identity," where I said:

"Enterprise-centric identity management, we postulated, is really all about tying together all the activities and attributes of a single entity into a readily accessible (and reportable and auditable) form; while user-centric identity is about keeping various parts of your online life totally separated so that they aren't accessible and no report can be drawn.
So how do we have a framework that allows for both tying together all of a user’s activities (enterprise-centric) while at the same time allowing distinct separation of activities as decided by the user?
We start by defining identity as a group of “personas” (see 'Defining identity, persona, role'). Any persona can be made up of a group of personas or roles. Each of those personas can be linked, or separated, as the entity identified by them wishes. One of those personas is (or, rather, could be) an 'enterprise persona.' That one brings together '…all the activities and attributes of a single entity' performed for or related to that enterprise '...into a readily accessible (and reportable and auditable) form.'
So there is no 'user-centric' or 'enterprise-centric' identity. There is just an entity with AN identity made up of various personas some of which may be controlled or limited in some way by an outside organization – not only by the enterprise but also by governments, social organizations, etc. The ability to keep these personas separate, where legally able to do so, must be a given. Each persona will have different identity needs and requirements, of course, but that’s what will drive the 'identity economy' as vendors seek to satisfy those needs and requirements in accordance with the laws. The government’s laws, the enterprise’s 'laws', the fraternal and social organization’s 'laws' and the Laws of Identity as laid down by [Kim] Cameron. "

Labels: Burton Group, digital identity, enterprise, identity, Laws of Identity, persona, roles, user centric

Posted 5:08 PM (0) comments

Dumbing down the laws

Kim Cameron has posted a "simplified" version of his Laws of Identity. Problem with simplifying, though, is that you often say something that isn't quite what you mean. Kim starts by saying:

"People using computers should be in control of giving out information about themselves, just as they are in the physical world."

I agree 100%. But one has to remember that "in the real world," people are not always in control of giving out information about themselves. Employers, teachers, medical professionals, government agencies, even social and fraternal organizations have rules governing which information can be shared and which can't (no matter how much you want to share it) as well as whose permission is needed (sometimes yours, sometimes a third party's and sometimes both) in order to release that information. So, yes, we should be able to do digitally exactly what we are able to do physically. And we should be able to do it more efficiently and, perhaps, in a more automated (and audited) manner.

Let me know when that's working.

Clayton Donley has also posted a good 'think' on the revisied Laws.

Labels: Laws of Identity