If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Adactio: Journal - Identity and authority
What most interested in reading this post was the reminder that actually it doesn’t matter how much we all talk about “identity” - it will ultimately come down to how it gets used by applications and the associated user experience. I’d never seen Jeremy Keith’s blog before so find it interesting how this discussion is framed from different perspectives (ie, from the web development side, rather than that of looking at “identity” in, and of, itself).
Jeremy’s comment about the differences between trust and authority is particularly striking for one who is looking at security and identity - there’s an instant parallel between the methods used in hierarchical systems (PKI for instance) and more distributed systems (OpenID or PGP), although this throws up some interesting points about the interaction of PKI and trust-based identity systems - at some point we generally require cryptographic verification of an identity. I’d actually suggest that, in these examples, authority, as described, is derived merely from a multi-layered “trust relationship” and the examples of this failing (newspaper reports &c) show this.
If I visit a web site, protected by an SSL certificate I can choose whether or not to trust the site based upon which organisation signed it - likewise with a newspaper (or online journal for that matter) - I can choose to trust the content depending on who the author and editor are and the publishing organisation. The problem comes in that, generally, some layers of the trust are removed from the end user - browsers have “trusted” roots that will remove prompting; the newspaper (by its very existence) gives a presumption of trust to the reader - as systems scale it becomes more difficult for individuals to personally verify claims and we rely on others to do it for us and this naturally breaks as multiple layers are involved. Alice may trust Bob to a level of 50%; If Bob trusts Clara 50% then Alice only trusts Clara 25% - obvious, but worth stating for these purposes - if a particular (trans)action requires a level of trust at 40% then Alice will deal only with Bob.
The point about authority is that the levels of “trust” involved are much higher, through choice, enforcement on a construct such as a warranty; Bob, by exercising “authority” rather than expecting trust, will back it financially or legally providing an incentive to rely on his assertions and decreasing the risk in doing so.
On this day..
- Two Things - 2006
- Concentration and information - 2006
Loading ...