Laws of Relationships

7,944 views

Published on

Taking a page from the work that Kim did with “The Laws of Identity,” I wanted to provide the starting point for the community to build a similar set of design constraints and considerations for relationships and relationship management technologies. Our current IAM methods will be insufficient in a near future in which we are dealing with an unreasonable number of people and things and the relationships between them. At the IRM Summit, I’ll be presenting a strawman set of laws for relationships to help us think about this coming future. To that end, here is a preview of the laws (and axioms and attributes) of relationships.

Published in: Technology, Business
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
7,944
On SlideShare
0
From Embeds
0
Number of Embeds
1,056
Actions
Shares
0
Downloads
35
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Laws of Relationships

  1. 1. The Laws of Relationships (A Work In Progress) Ian Glazer Senior Director, Identity salesforce.com @iglazer
  2. 2. What’s the problem?
  3. 3. firstName lastName email mobile ou nickname title … firstName lastName email mobile ou nickname title … firstName lastName email mobile ou nickname title … firstName lastName email mobile ou nickname title …
  4. 4. Reasonably large number of identities with a reasonable number of attributes
  5. 5. deviceID firmware deviceID firmware deviceID firmware deviceID firmware
  6. 6. Unreasonably large number of identities with a few attributes?
  7. 7. Reports To Reports To Reports To Works with
  8. 8. Reports To Reports To Reports To Owns Owns Owns Works with
  9. 9. Reports To Reports To Reports To Owns Owns Owns Paired Owns Gets data from Sends data to Uses Controls Works with
  10. 10. Reports To Reports To Reports To Owns Owns Owns Paired Owns Gets data from Sends data to Uses Controls Works with Drives Uses Constrains Choice Of Uses
  11. 11. Reports To Reports To Reports To Owns Owns Owns Paired Owns Gets data from Sends data to Uses Controls Works with Drives Uses Constrains Choice Of Uses Can send data to Riden In Riden In
  12. 12. Unreasonably large number of relationships between unreasonably large numbers of people and things, each with attributes?
  13. 13. Why build laws in the first place?
  14. 14. • Inform our designs • Test existing solutions • Identify gaps
  15. 15. Laws of Identity (2004) 1. User Control and Consent 2. Minimal Disclosure for a Constrained Use 3. Justifiable Parties 4. Directed Identity 5. Pluralism of Operators and Technologies 6. Human Integration 7. Consistent Experience Across Contexts
  16. 16. The Laws* Of Relationships
  17. 17. (A Work In Progress)
  18. 18. • Axioms • Types • Laws
  19. 19. Axioms Attributes in support of 
 pre-existing natural state or requirements
  20. 20. 1. Scalable 2. Actionable
  21. 21. Scalable
  22. 22. • Number of actors • Number of relationships • Number of attributes
  23. 23. • Number of actors • Number of relationships • Number of attributes • Administration
  24. 24. Actionable
  25. 25. Relationships must be able to carry authorization data
  26. 26. Can perform actions X, Y, and Z Can perform actions Q, W, and E
  27. 27. Can perform actions X, Y, and Z Can perform actions Q, W, and E
  28. 28. Can perform actions X, Y, and Z Can perform actions Q, W, and E
  29. 29. ? ?
  30. 30. But relationships do not have to carry authZ data
  31. 31. Types Informs the greater context
  32. 32. 1. Immutable 2. Contextual 3. Transferrable
  33. 33. Immutable
  34. 34. Built by Built by
  35. 35. Contextual
  36. 36. Relationship is active when conditions are met
  37. 37. Inactive relationships • None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer relationships isn’t “used” until there is a claim. • Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne.
  38. 38. Inactive relationships • None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer relationships isn’t “used” until there is a claim. • Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne. Drives
  39. 39. Inactive relationships • None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer relationships isn’t “used” until there is a claim. • Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne. Drives Insures
  40. 40. Inactive relationships • None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer relationships isn’t “used” until there is a claim. • Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne. Drives Insures Manufactured by
  41. 41. Active Relationships • Context toggles a relationship into a usable state
  42. 42. Active Relationships • Context toggles a relationship into a usable state
  43. 43. Active Relationships • Context toggles a relationship into a usable state Customer
  44. 44. Active Relationships • Context toggles a relationship into a usable state Customer Possesses
  45. 45. Active Relationships • Context toggles a relationship into a usable state Customer Owns Possesses
  46. 46. Active Relationships • Context toggles a relationship into a usable state Customer Owns Owns Possesses
  47. 47. Active Relationships • Context toggles a relationship into a usable state Customer Owns Owns Possesses
  48. 48. Active Relationships • Context toggles a relationship into a usable state Customer Owns Owns Possesses
  49. 49. Context is a requirement • Related Research: – Death of authentication and rise of recognition – Relationship context metadata and the need for durable metadata
  50. 50. Transferable
  51. 51. Client Temporary Transference
  52. 52. Client Temporary Transference Delegate
  53. 53. Client Temporary Transference Delegate Acts on behalf of client
  54. 54. Client Temporary Transference Delegate Acts on behalf of client
  55. 55. Client Temporary Transference Acts on behalf of client
  56. 56. Client Temporary Transference
  57. 57. Permanent Transference Owns
  58. 58. Permanent Transference Owns Customer Of
  59. 59. Permanent Transference Owns Customer Of
  60. 60. State of transference • Do we need a system of record for transference state? • Who would maintain such a system of record? • Can/should the relationship carry history?
  61. 61. Laws If a thing cannot be X, then it is not a relationship
  62. 62. 1. Provable 2. Acknowledgeable 3. Revocable 4. Constrainable
  63. 63. Provable
  64. 64. Mechanism to prove that a relationship exists between parties
  65. 65. • Single-party asserted • Multi-party asserted • 3rd-party asserted
  66. 66. Single Party Asserted: X relates to Y because X says so I work for her
  67. 67. Multi-Party Asserted: X relates to Y because X and Y say so I work for her She works for me
  68. 68. 3rd-Party Asserted: X relates to Y because Z says so Sally works for Mary HR
  69. 69. 3rd-Party Asserted: Does this require other relationships? HR
  70. 70. Acknowledgeable
  71. 71. All parties must be able to acknowledge they are in a relationship
  72. 72. I acknowledge my relationship with Twitter
  73. 73. I acknowledge my relationship with Twitter
  74. 74. I acknowledge my relationship with Twitter Do I acknowledge my followers?
  75. 75. They will acknowledge their relationship with me
  76. 76. They will acknowledge their relationship with me But can I acknowledge my relationship with them?
  77. 77. Is this really a Law or a feature request from the VRM/PDE/Privacy-types?
  78. 78. Revocable
  79. 79. Real-world revocation
  80. 80. Real-world revocation
  81. 81. Real-world revocation Owns Owns
  82. 82. Real-world revocation Owns Owns Built By
  83. 83. Real-world revocation Owns Owns Paired Built By Acts on behalf of
  84. 84. Real-world revocation Owns Owns Paired Built By Acts on behalf of
  85. 85. Real-world revocation Owns Owns Paired Built By Acts on behalf of
  86. 86. Real-world revocation Owns Paired Built By Acts on behalf of
  87. 87. Real-world revocation Owns Paired Built By Acts on behalf of
  88. 88. Questions that need answers • Can either party revoke a relationship? • If I sever a relationship should any party who was part of the relationship still have access and use of what was shared in the course of the relationship? • Does this imply the idea of cascading delete?
  89. 89. Constrainable
  90. 90. With my permission, it can report its location
  91. 91. With my permission, it can report its location It can constantly report energy use to my power company
  92. 92. With my permission, it can report its location It can constantly report energy use to my power company It can only used by customers with active licenses
  93. 93. Consent It can constantly report energy use to my power company It can only used by customers with active licenses
  94. 94. Consent Consent It can only used by customers with active licenses
  95. 95. Consent Consent DRM
  96. 96. Now what?
  97. 97. Laws, Types, and Axioms Laws Types Axioms • Provable • Acknowledgeable • Revocable • Constrainable • Immutable • Contextual • Transferrable • Scalable • Actionable
  98. 98. Join the Kantara WG!
  99. 99. Send me comments : https://www.tuesdaynight.org/ 2014/05/28/the-laws-of- relationships-a-work-in- progress.html
  100. 100. Go test this!
  101. 101. Where should we try and test relationship management? • IoT is a natural case – Industrial settings (factories, planes, etc) – Citizen (smart homes, sensors in public) • Familial Relationships – Insurance – Healthcare • Finance – Complex authorization models – Regulatory influence
  102. 102. Where else can we test this? • Product architecture • User stories • Random strangers on the bus
  103. 103. Reports To Reports To Reports To Owns Owns Owns Paired Owns Gets data from Sends data to Uses Controls Works with Drives Uses Constrains Choice Of Uses Can send data to Riden In Riden In
  104. 104. The Laws Of Relationships

×