4. firstName
lastName
email
mobile
ou
nickname
title
…
firstName
lastName
email
mobile
ou
nickname
title
…
firstName
lastName
email
mobile
ou
nickname
title
…
firstName
lastName
email
mobile
ou
nickname
title
…
14. Reports To
Controls
Reports To
Reports To
Owns
Owns
Owns
Paired
Owns
Gets data
from
Sends data
to
Uses
Works with
15. Reports To
Controls
Reports To
Reports To
Owns
Owns
Owns
Paired
Owns
Gets data
from
Sends data
to
Uses
Drives
Works with
Uses
Constrains
Choice Of
Uses
16. Reports To
Controls
Reports To
Reports To
Owns
Owns
Owns
Paired
Owns
Gets data
from
Sends data
to
Uses
Drives
Works with
Uses
Constrains
Choice Of
Uses
Can send
data to
Riden In
Riden In
17. Unreasonably large number
of relationships between
unreasonably large numbers
of people and things, each
with attributes?
19. • Inform our designs
Test existing solutions
Identify gaps
20. Laws of Identity
(2004)
1. User Control and Consent
2. Minimal Disclosure for a
Constrained Use
3. Justifiable Parties
4. Directed Identity
5. Pluralism of Operators and
Technologies
6. Human Integration
7. Consistent Experience Across
Contexts
37. With my
permission, it
can report its
location
It can constantly
report energy use
to my power
company
It can only used
by customers
with active
licenses
38. Consent
It can constantly
report energy use
to my power
company
It can only used
by customers
with active
licenses
43. Inactive relationships
• None of the parties “use” the
relationship until a condition is
satisfied.
• The set of driver, car, insurer
relationships isn’t “used” until there is
a claim.
• Inert, inactive relationships are
still important because they
provide context
• This widget was made by Yoyodyne.
Drives
Insures
Manufactured by
44. Active Relationships
• Context toggles a relationship
into a usable state
Customer
Owns
Owns
Possesses
45. Context is a requirement
• Related Research:
– Death of authentication and rise of recognition
– Relationship context metadata and the need for durable metadata
62. Questions that need answers
• Can either party revoke a relationship?
• If I sever a relationship should any party who was part of the
relationship still have access and use of what was shared in the
course of the relationship?
• Does this imply the idea of cascading delete?
74. State of transference
• Do we need a system of record for transference state?
• Who would maintain such a system of record?
• Can/should the relationship carry history?
80. Where should we try and test relationship
management?
• IoT is a natural case
– Industrial settings (factories, planes, etc)
– Citizen (smart homes, sensors in public)
• Familial Relationships
– Insurance
– Healthcare
• Finance
– Complex authorization models
– Regulatory influence
81. Where else can we test this?
• Product architecture
• User stories
• Random strangers on the bus
82.
83. Reports To
Controls
Reports To
Reports To
Owns
Owns
Owns
Paired
Owns
Gets data
from
Sends data
to
Uses
Drives
Works with
Uses
Constrains
Choice Of
Uses
Can send
data to
Riden In
Riden In
IAM is really good at a reasonable number of identities with a lot of attributes
but how well will it hold up when we have a completely unreasonable number of identities with very few attributes?
but how well will it hold up when we have a completely unreasonable number of identities with very few attributes?
IAM can handle some amount relationships
but how well it hold up when we have an unreasonable number of relationships between those identities, each with a small number of attributes?
Are they really laws or design constraints?
Image courtesy of Doc Searls: https://www.flickr.com/photos/docsearls/4098177739/in/photostream/
This is the most important part of this presentation - the fact that these laws aren’t complete. They are not written in stone as it were. For the industry to rise the challenges ahead, I suggest we take what I have here as a start.
All parties must be aware they are in a relationship
IG - Is this informed consent?
If I don’t know about a relationship I am a part of then I am at a disadvantage
data brokers
government
Why do we need this?
If I cannot acknowledge a relationship, how can i authorize it?
IG - is this a best practice and not a law?
Do I acknowledge my twitter followers? Does my not blocking them constitute acknowledging the relationship? Does that even make sense?
Relationships must be able to carry authorization data to account for situations when the backend service cannot be reached
Relationships must be able to carry authorization data to account for situations when the backend service cannot be reached
Parties can impose limits of the use of the relationship. This has a natural affinity to the actionable axiom.
The set of driver, car, insurer relationships isn’t “used” until there is a claim.
In this case, the person isn’t billed until the cellphone pings the tower in London. Until that happens, the relationship between the cellphone carrier and the person is in a dormant state. Once context is added (location in this case) then the relationship becomes active.
Mechanism to prove that a relationship exists between parties
This can be tied to the “Immutable” type relationships but doesn’t have to be
When the device goes away, should those other relationships go away? What about the data related to those relationships? How would we enforce any action taken?
Regarding the 2nd question - the real world works that way; this is the right to be forgotten issue
We can and have traditional solved for the first three - the solution typically lives in the hands of engineers. But the fourth item is in the domain of user experience professionals and without their help this industry will fail.
Ability to transfer relationship to another party
In order to be ready for this
In order to be ready for this - we are going to need some guidance