This year’s Digital ID World was in Anaheim California, and ran from September 8-10. I really enjoyed this conference — the feel for me wasn’t the usual sense of a “broadcast medium”, it wasn’t so much a big show as a big conversation. I know that attendance was lower than usual, and perhaps if you were an Identity implementer/manager looking to find peers in the same verticals, etc, this might have been a problem – but with respect to access to the speakers, and access to vendors, you could not beat this conference.
Of course, given that I was a speaker myself I could be biased, but I thought that the agenda was comprehensive and well put together, and that each speaker taught me something that I hadn’t known before (thanks to Eric for giving me the opportunity to be part of it all).
On Tuesday I participated in a panel with Dale Olds, Denise Tayloe, Bob Blakley, and Paul Trevithick on Open Source Projects and their contribution to User-Centric Identity, and the conversation was lively, with lots of participation from the audience as well.
One of the debates we jumped into during the panel was around the term “user-centric”.  A central theme in Jamie Lewis’ keynote was that ‘centric’ in general is bad, but I can honestly say that I didn’t understand the justification for this opinion — the speech talked about moving away from “ours” and “theirs”… but what does that mean?  In the panel, Bob stated that he didn’t like user-centric because it personified the “male mafia” conflict model (hopefully I paraphrased that correctly), which confused me even further.  Did they think that by changing the names that somehow the essentials of the negotiations would change?
I accosted Bob after the panel to get to the bottom of it, and the point eventually came out to be that in his mind centrism is all about getting what you want at cost to everyone else.   His opinion of user-centrism is that it’s all about the user holding all the other parties hostage, and that a model that strives for mutual benefit between all parties is a better thing to pursue. This could very well be the case, but — holy cow some specifics might be useful here. Who should be pursuing what at which level? Protocol design? Deployment design?  Product design? I am left with only a vague idea that I am somehow doing something wrong but with no sense of what right might be.
Sure, there are a few blind worshippers of the cult of user-centric out there, but I firmly believe that common sense has to win out in deployment scenarios, and that various technologies should and will be used where applicable to solve problems. I myself am perfectly aware that if information cards are a hammer, not everything out there is a nail – is that what Bob is worried about? Either way, saying that centrism is bad does not help me to know what is good, and to be honest, it isn’t going to change how I put things together either.  If the intention is to change how I put things together, I will need a rationale. If somebody wants to argue with the way I’m looking at this technology, I am more than open to it, but I want a debate, not a smear campaign.
If, on the other hand, all this is about is finding a positive, all-encompassing touchy-feely name to give to the systems-formerly-known-as-user-centric so that isn’t all about conflict, fine — pick a new name already.    I only ask that if you’re going to diss the current buzzword, can you please at least supply an alternative suggestion. Otherwise we end up in limbo where nobody wants to use the old term, but nobody has a new term either, making us all look like indecisive idiots.
So let’s just decide, mmm’kay? If there is a conversation to be had, let’s have it so that we can move forward. There is important work to be done that I’d like to see branded with a simple, clear message in the next little while. Anything that stands in the way needs to be dealt with, and soon.
Unified messaging is becoming nearer and dearer to my heart as time goes on, as you’ll see when I get to my next blog entry, summarizing the talk I gave at DIDW:Â Â The Plot to Kill Identity.
I attended DIDW and was also perplexed by Jamie’s claim that identity is NOT center and have been thinking about it ever since. I have been trying to make sense of various terms or “buzzwords” that have been in various discussions but seldom, if ever, in the same conversation. The following are the ones that stand out to me.
IDENTITY
– the individual
– I CLAIM to be who I say I am
– How can one TRUST this claim?
RELATIONSHIP
– with a connection to another individual or other individuals
– I CLAIM to want something or to be able to provide something
– How can one TRUST this claim?
CONTEXT
– at a given time and place
– my CLAIMS are true in this environment at this point in time
– How long and to what extent can I TRUST this claim?
REPUTATION
– the outcomes of which can be subjectively valued
– my CLAIMS may or may not be validated
– Can my TRUST be corroborated?
What do we do with these? Are any of these center? Do we need a center? I have no idea.
Far be it from me to accuse you of being in league with the “male mafia”! What I did say was that the “mine” vs. “yours” argument is an example of a “Western Cartesian rationalist male military mindset” (whereas resolving the argument via a Hegelian synthesis requires introducing “ours” as an addition to “mine” and “yours”). I’ll write more soon…
I likewise got much out of this year’s DIDW and was a bit puzzled at the user-centrism backlash. Bob, Pam, and Peter’s comments shed light on this and so I suggest we shift the focus away from ME and to US instead.
My proposal is that usage of one’s identity, claims, etc is inherently contextual and based on the relationship between ALL of the parties participating in claims. This is consistent with real world examples ranging from human discourse to management theory to programming by contract. The central idea is to unambiguously articulate (and codify) the expectations of all interacting parties. This addresses such questions as What can you do with my claims? and What’s in it for you and for me?
For example, If I give you my account number and a request for a transaction, will you honor the request and not give my account number to anyone else? When we bring in an Identity Provider, what are expectations of the Principal and Relying Party and how are these met?
Nothing comes for free so I feel it’s appropriate to address the value to both Relying Parties and Principals. Let’s define the “win-win” for both sides of the relationship and shift from you-centrism and me-centrism to US instead.
Higher order questions of transitive trust can also be addressed in this way (e.g., with explicit claims of whether or not I trust those whom you trust and for what).
Now all we need is a name for the US-centric approach (or should I say the NON-centric approach)… .
Note there are lots of research papers on Speech Act Theory that could be inspirational eg http://openebxml.sourceforge.net/methodology/SAT/sat.html. It was also good to hear some mention of ontologies and logical formalisms at DIDW although the (growing) pragmatist in me recognizes tradeoffs in deep theoretical underpinnings (i.e., boiling the ocean).