Advertisement
Check these out next
Laws of Relationships
Jun. 5, 2014•0 likes•10,183 views
5 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
Business
Taking a page from the work that Kim did with “The Laws of Identity,” I wanted to provide the starting point for the community to build a similar set of design constraints and considerations for relationships and relationship management technologies. Our current IAM methods will be insufficient in a near future in which we are dealing with an unreasonable number of people and things and the relationships between them. At the IRM Summit, I’ll be presenting a strawman set of laws for relationships to help us think about this coming future. To that end, here is a preview of the laws (and axioms and attributes) of relationships.
Ian GlazerFollow
Chair, ID Pro Discussion Group at Kantara InitiativeAdvertisement
Laws of Relationships
- The Laws of Relationships (A Work In Progress) Ian Glazer Senior Director, Identity salesforce.com @iglazer
- What’s the problem?
- firstName lastName email mobile ou nickname title … firstName lastName email mobile ou nickname title … firstName lastName email mobile ou nickname title … firstName lastName email mobile ou nickname title …
- Reasonably large number of identities with a reasonable number of attributes
- deviceID firmware deviceID firmware deviceID firmware deviceID firmware
- Unreasonably large number of identities with a few attributes?
- Reports To Reports To Reports To Works with
- Reports To Reports To Reports To Owns Owns Owns Works with
- Reports To Reports To Reports To Owns Owns Owns Paired Owns Gets data from Sends data to Uses Controls Works with
- Reports To Reports To Reports To Owns Owns Owns Paired Owns Gets data from Sends data to Uses Controls Works with Drives Uses Constrains Choice Of Uses
- Reports To Reports To Reports To Owns Owns Owns Paired Owns Gets data from Sends data to Uses Controls Works with Drives Uses Constrains Choice Of Uses Can send data to Riden In Riden In
- Unreasonably large number of relationships between unreasonably large numbers of people and things, each with attributes?
- Why build laws in the first place?
- • Inform our designs • Test existing solutions • Identify gaps
- Laws of Identity (2004) 1. User Control and Consent 2. Minimal Disclosure for a Constrained Use 3. Justifiable Parties 4. Directed Identity 5. Pluralism of Operators and Technologies 6. Human Integration 7. Consistent Experience Across Contexts
- The Laws* Of Relationships
- (A Work In Progress)
- • Axioms • Types • Laws
- Axioms Attributes in support of pre-existing natural state or requirements
- 1. Scalable 2. Actionable
- Scalable
- • Number of actors • Number of relationships • Number of attributes
- • Number of actors • Number of relationships • Number of attributes • Administration
- Actionable
- Relationships must be able to carry authorization data
- Can perform actions X, Y, and Z Can perform actions Q, W, and E
- Can perform actions X, Y, and Z Can perform actions Q, W, and E
- Can perform actions X, Y, and Z Can perform actions Q, W, and E
- ? ?
- But relationships do not have to carry authZ data
- Types Informs the greater context
- 1. Immutable 2. Contextual 3. Transferrable
- Immutable
- Built by Built by
- Contextual
- Relationship is active when conditions are met
- Inactive relationships • None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer relationships isn’t “used” until there is a claim. • Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne.
- Inactive relationships • None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer relationships isn’t “used” until there is a claim. • Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne. Drives
- Inactive relationships • None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer relationships isn’t “used” until there is a claim. • Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne. Drives Insures
- Inactive relationships • None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer relationships isn’t “used” until there is a claim. • Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne. Drives Insures Manufactured by
- Active Relationships • Context toggles a relationship into a usable state
- Active Relationships • Context toggles a relationship into a usable state
- Active Relationships • Context toggles a relationship into a usable state Customer
- Active Relationships • Context toggles a relationship into a usable state Customer Possesses
- Active Relationships • Context toggles a relationship into a usable state Customer Owns Possesses
- Active Relationships • Context toggles a relationship into a usable state Customer Owns Owns Possesses
- Active Relationships • Context toggles a relationship into a usable state Customer Owns Owns Possesses
- Active Relationships • Context toggles a relationship into a usable state Customer Owns Owns Possesses
- Context is a requirement • Related Research: – Death of authentication and rise of recognition – Relationship context metadata and the need for durable metadata
- Transferable
- Client Temporary Transference
- Client Temporary Transference Delegate
- Client Temporary Transference Delegate Acts on behalf of client
- Client Temporary Transference Delegate Acts on behalf of client
- Client Temporary Transference Acts on behalf of client
- Client Temporary Transference
- Permanent Transference Owns
- Permanent Transference Owns Customer Of
- Permanent Transference Owns Customer Of
- State of transference • Do we need a system of record for transference state? • Who would maintain such a system of record? • Can/should the relationship carry history?
- Laws If a thing cannot be X, then it is not a relationship
- 1. Provable 2. Acknowledgeable 3. Revocable 4. Constrainable
- Provable
- Mechanism to prove that a relationship exists between parties
- • Single-party asserted • Multi-party asserted • 3rd-party asserted
- Single Party Asserted: X relates to Y because X says so I work for her
- Multi-Party Asserted: X relates to Y because X and Y say so I work for her She works for me
- 3rd-Party Asserted: X relates to Y because Z says so Sally works for Mary HR
- 3rd-Party Asserted: Does this require other relationships? HR
- Acknowledgeable
- All parties must be able to acknowledge they are in a relationship
- I acknowledge my relationship with Twitter
- I acknowledge my relationship with Twitter
- I acknowledge my relationship with Twitter Do I acknowledge my followers?
- They will acknowledge their relationship with me
- They will acknowledge their relationship with me But can I acknowledge my relationship with them?
- Is this really a Law or a feature request from the VRM/PDE/Privacy-types?
- Revocable
- Real-world revocation
- Real-world revocation
- Real-world revocation Owns Owns
- Real-world revocation Owns Owns Built By
- Real-world revocation Owns Owns Paired Built By Acts on behalf of
- Real-world revocation Owns Owns Paired Built By Acts on behalf of
- Real-world revocation Owns Owns Paired Built By Acts on behalf of
- Real-world revocation Owns Paired Built By Acts on behalf of
- Real-world revocation Owns Paired Built By Acts on behalf of
- Questions that need answers • Can either party revoke a relationship? • If I sever a relationship should any party who was part of the relationship still have access and use of what was shared in the course of the relationship? • Does this imply the idea of cascading delete?
- Constrainable
- With my permission, it can report its location
- With my permission, it can report its location It can constantly report energy use to my power company
- With my permission, it can report its location It can constantly report energy use to my power company It can only used by customers with active licenses
- Consent It can constantly report energy use to my power company It can only used by customers with active licenses
- Consent Consent It can only used by customers with active licenses
- Consent Consent DRM
- Now what?
- Laws, Types, and Axioms Laws Types Axioms • Provable • Acknowledgeable • Revocable • Constrainable • Immutable • Contextual • Transferrable • Scalable • Actionable
- Join the Kantara WG!
- Send me comments : https://www.tuesdaynight.org/ 2014/05/28/the-laws-of- relationships-a-work-in- progress.html
- Go test this!
- Where should we try and test relationship management? • IoT is a natural case – Industrial settings (factories, planes, etc) – Citizen (smart homes, sensors in public) • Familial Relationships – Insurance – Healthcare • Finance – Complex authorization models – Regulatory influence
- Where else can we test this? • Product architecture • User stories • Random strangers on the bus
- Reports To Reports To Reports To Owns Owns Owns Paired Owns Gets data from Sends data to Uses Controls Works with Drives Uses Constrains Choice Of Uses Can send data to Riden In Riden In
- The Laws Of Relationships
Advertisement