Archives


Atom Feed

Associated Blogs
 
Edge City
 
Numbering Peano
 
Praxis101
 
Prof. von Clueless in the Blunder Dome

Recent Items
 
John Backus: December 3, 1924 – March 17, 2007 I j...
 
Herding OOXen Doug Mahugh was the semi-official ph...
 
OOX-ODF: Why Have Peace When You Can Have War? In ...
 
OOX-ODF: Taming the Guerilla Bob Sutor just linked...
 
A World of Identity No, Internet Identity is not ...
 
If You Knew Me, You’d Know This   Read my Vis...
 
OOX-ODF: The ECMA Response to ISO Comments I much ...
 
Hedging the Software Biz Game: Feeling Lucky? Acco...
 
OOX-ODF: The WOES of ODF Emerging Discussion of He...
 
California Won’t Be Outdone: Banning Zip, PDF, Tex...

Is “Digital Identity” a Misleading Notion?

The other day I found myself back in contact with a wandering iconoclast who likes his name to be called Bartleby T. Scrivener (“not that this identifies his name, merely what he would like his name to be called”), a drinking buddy of IT warrior Gomer Wheatley.  Bartleby looked over my blog and was incited by my mention of the Internet Identity Workshop 2007[a]:

The tech community has the whole problem wrong. It’s not about “identity”, it’s about authorization.  The Identity fetish is what gets us sidetracked onto the lacunae of privacy, etc.  When I offer cash to a merchant during a purchase, the merchant has no interest in who I am, merely whether the cash is authentic and that there is some credibility to the notion that it is legitimately mine.  When I offer a credit card, online or in person, there may be a show of interest in whether the bearer of the card is indeed the person to whom the card is issued (“may I see some picture ID?”), but online this is meaningless and offline it's usually a charade:  the real interest is in the authorization code from the credit card company.  When I want to see a piece of restricted information, there is often lively interest in whether I am authorized to see it:  Do I have adequate clearance and need-to-know?  Am I over 18?

...  The real issue is authentication of the authorization credential, and whether the bearer is authorized to possess it.  There are ways of addressing this issue that do not require the establishment and authentication of Identity.  When this Blinding Glimpse of the Obvious is seen by the movers and shakers that populate such conferences as this, the issue will be seen to be different, and much easier.

Thinking that this was a nomenclature conflict more than some deep flaw in the practical conception, I pointed Scrivener to Kim Cameron’s blog and the Seven Laws material to be found there.  Bartleby came back with this:

I browsed through Cameron’s blog, and read his paper on seven laws.  (The referenced paper by Chappell looks interesting, so I'll probably read it, too.)  I can’t say that I’m very enthused by the direction this work is going, but perhaps that’s because I’m neither smart nor informed enough to understand it.  I do think Cameron and his colleagues would profit from a little bit of the scorned “philosophy of identity”, since there they might discover the instrumental use of both identity and its metastructures.  I also find the use of the word “user” to be both distasteful and misleading: why not “subject”, for example?  Or would this force recognition that some subjects are carbon-based and other are code-based (with apologies to L---- M----), and that these are treated differently in practice but not in metastructure and “law”?

Now, this is not the last time that I will be left more confused than I began in a discussion with Bartleby and/or around “identity” as it is meant, more or less, in the context of an Internet Identity Workshop.  The benefit of Bartleby’s concerns, to me, is that it has forced me to re-examine Kim Cameron’s Laws of Identity.  I find, under the Words that Allow Dialog section, that there is an useful characterization of digital identity and digital subjects.  So maybe it is a matter of nomenclature and also ontology that is in Bartleby’s way.  I know that I must reread the material on digital identity quite often to avoid confusing it with other ways that identity and identification are regarded.

My take-away from these thought-provoking objections is this:

• Identity is a red-flag notion, especially for those who have dealt with the struggles around identity, identification, denotation, and so on in philosophical contexts.  Because some of these bear on linguistics and formal systems (including those that are material to computation), it may be disconcerting to entertain identity as it is held for digital identity and the seven laws.
    
• I’m willing to overlook the appropriation of identity for a specialized use, with some concern that this may cut us off from an important use at a different level of abstraction that is not immaterial in the context of digital identity.
     
• Concern: Digital identity is not what we think of as identity, and collapsing them together is going to keep us confused.  I must constantly remind myself that digital identity, as defined in the Laws of Identity, is only and always an artifact — expression of some claims — and has always-contingent connection to anything in reality.  I wager that most of us think that identity is something stronger than that.  This is not a new consideration, it relates to how anything that happens in computational systems has at most slim connection to the “real” world.  (See also: What Computers Know.)

It may well be too late to quarrel with the use of “identity” as it arises in Laws of Identity and, in particular, digital identity as an artifact.  It is difficult to even consider this as an ontological confusion, now that “ontology” is already misappropriated by technologists.  (That is to say, if you are a believer in the Semantic Web, the IIW use of Identity may strike you as exactly right, and for those of us who fail to see semantics in the web and similar artifacts will have to continue to marvel at whatever is attempted from that peculiar metaphysical view.)

Finally, I don’t think Kim Cameron is confused about this.  In the framing of the Laws of Identity, there is a great deal of care in the choice of terms and how they are used.  At the practical level, which I expect to dominate the situation, I am heartened to see insistence that services granted our proxies not be allowed to impersonate us (and here).  It is that clarity, along with the work on URL-based identifiers (e.g., OpenID), that has me be eager to attend IIW2007.

[I could not find any mention of a paper by Chappell though, so I wonder where Bartleby is looking.]