On reading the visionary Kim Cameron in 2021. The Laws of Identity …as of 5/11/2005
25/01/2021 – 15:44
The first line is spot on, yet it is written as if a was a bug, yet of course it was the feature that made the company KC was attached to from 1999 to 2019, Microsoft, so prominent.
The Internet was built without a way to know who and what you are connecting to
Kim foreshadows disposable identities as situational identities (context specific), for example as in contextual identity choices as browsing for exploring the web (giving away no real data) personal: a self-asserted identity for sites with which I want an ongoing but private relationship, professional: a public identity for collaborating issued by my employer, and citizen, community…. This was an extremely timely and visionary model that now is becoming reality. By now it is clear that this thinking went into the framework on DID (A DID identifies any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) that the controller of the DID decides that it identifies, v1.0www.w3.org), Verifiable Credentials (A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified) and Self-sovereign identity (SSI), a term used to describe the digital movement that recognizes an individual should own and control their identity without the intervening administrative authorities (sovrin.org). The key lay in the shift from ‘essence’ focused to attribute focused modeling.
Of course the thinking is dated and biased towards corporations as ‘essential’ entities. Interestingly, as with most visionary thinkers, KC sees change coming but keeps key entities as ‘normal’, not changing and fixed: “Enterprises, for example, see their relationships with customers and employees as key assets, and are fiercely protective of them. It is unreasonable to expect them to restrict their own choices or give up control over how they create and represent their relation- ships digitally.”
Two question arise. The first is why? Why is it ‘unreasonable’ to expect companies – who have built their entire value chain on the ‘bug’ that is popping up now – the fact that there is no identity layer – to rethink themselves as well? This is a question about power asymmetry.
The second is more intrinsic. As the terrain is shifting towards describing processes and defining processes as and with attributes, not concepts or schematic templates that already have internal relations – why should enterprises be exempt from this? What else do they do but provide services? Do we need ‘brands’ or competition on services that can be simply described and defined? The answer of course is No. It is extremely arbitrary and extremely amoral to close down an avenue a protocol has opened up at a moment in time when the value amassed on that road has become so vital that it would need to be redistributed over a number of actors, yet that is not the case and the actor, Microsoft, that has profited most (and incidentally started by closing down an open source project (https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists) from the feature now starts calling it a bug. Yet KC is right in stating that different identity systems must exist in a meta-system. Indeed and for that we need a new governance. This governance is currently worked on in many regulatory ongoing projects that are beginning to understand that the basic issues addressed by KC need to be harnessed in a new vision for connectivity build from the chip architecture up including embedded e-ID based on SSI and disposable or situational identites, extending KC ideas to thousands of identities that people can spin off their own self sovereign ecosystem.