Sat 17 Jun 2006
People in the protocol
Posted by Pete Rowley under identity , InfoCards , user-centric identity , identity 2.0 , SAML , burton groupI have been at the Burton Catalyst this week. At the reception I was discussing with Paul Trevithick about how I define user-centric identity. The phrase I use is “the people are in the protocol.” Though I wasn’t expecting it, the next day Paul was on a panel when he was asked what user-centric identity was and he quoted me. Cool, but then the next day another panel was asked about the quote and whether having people in the protocol was just a way of excluding other protocols and groups. Well since I wasn’t on the panel to answer that I thought I would take the opportunity to do so here.
When I say protocol I mean it in its broadest sense, in the sense that showing my driving license to a cop at a traffic stop and the cop returning it to me is a protocol. In that transaction I am in possession of the information, I have full knowledge of what information I would pass along to the cop, and I also have the choice of saying no - even if that might result in bad things happening. So people in the protocol means that rather than being an end node that may begin a transaction and perhaps be the recipient of the end results but with only vague or even no information about the information passed in the transaction, they are rather a conduit for all identity decisions in an environment of informed consent. This necessarily means that the protocol must pass through the user, or in other words appear on the screen and be approved by the user. That is an architectural philosophy that results from Kim Cameron’s laws of identity and it is a necessary one in order to gain user buy in. It is also just the right thing to do.
It turns out that it really isn’t hard to architect identity systems to include freedom and choice, but it might not be what one would create if the issue were never considered. It is also not too difficult to re-architect to take account of the philosophy - some work has already begun in SAML for example. Putting people in the protocol is the first step towards providing a scaleable identity framework that takes account of the requirements of the important part - the person. The first step towards treating the users of identity systems with respect.
7 Responses to “People in the protocol”
Leave a Reply
You must be logged in to post a comment.
June 17th, 2006 at 4:07 pm
[…] Pete Rowley has spoken on user-centric identity, which is to say “people are in the protocol.” In other words: When I say protocol I mean it in its broadest sense, in the sense that showing my driving license to a cop at a traffic stop and the cop returning it to me is a protocol. In that transaction I am in possession of the information, I have full knowledge of what information I would pass along to the cop, and I also have the choice of saying no - even if that might result in bad things happening. So people in the protocol means that … [they are] a conduit for all identity decisions in an environment of informed consent. This necessarily means that the protocol must pass through the user, or in other words appear on the screen and be approved by the user. That is an architectural philosophy that results from Kim Cameron’s laws of identity and it is a necessary one in order to gain user buy in. It is also just the right thing to do. […]
June 18th, 2006 at 6:32 pm
[…] A nice post from identity guru Pete Rowley of Red Hat: I have been at the Burton Catalyst this week. At the reception I was discussing with Paul Trevithick about how I define user-centric identity. The phrase I use is “the people are in the protocol.” Though I wasn’t expecting it, the next day Paul was on a panel when he was asked what user-centric identity was and he quoted me. Cool, but then the next day another panel was asked about the quote and whether having people in the protocol was just a way of excluding other protocols and groups. Well since I wasn’t on the panel to answer that I thought I would take the opportunity to do so here. […]
June 19th, 2006 at 9:45 am
Hi Pete,
I was the person who asked that question - and I really, really like your answer. It seemed all wrong to me to hear user centricity defined as something so narrow as being only applicable in cases of discussion of web protocols. By stepping away from the geek definition of the word so that protocol means simply a code of correct conduct, it makes a world of difference. It takes the conversation away from starting at technological imperative as the be-all end-all, and puts us back up to the covenant as (imo) the whole point of this exercise.
Thanks for the clarification.
Pamela
June 19th, 2006 at 5:59 pm
[…] Pete Rowley’s thoughts on “people in the protocol” resonated with me, as they have with Paul Madsen; in fact, I had a great conversation with Pete about this general topic just after doing a user-centric identity panel at Burton Catalyst with Kim Cameron, Michael Graves, and Dick Hardt. But I think that to disambiguate all the options, we need a fuller set of terms, which indeed Paul lays out (this is the same set I used during my time on the panel). […]
June 26th, 2006 at 8:56 pm
[…] User-centric identity has become a buzz word in the identity market. Eve Maler, Paul Madsen and Pete Rowley have all been talking about it. I was on a panel with Eve and Kim Cameron a couple weeks ago during Catalyst where we talked about user-centric identity. My key thoughts on it were: […]
September 17th, 2007 at 4:39 pm
[…] Credit and debit cards are personally what I use the most for financial transactions. I tend to like them because they are both convenient and a point of control for me to authorize money taken from one account and given to a business. Credit cards are more burdensome for businesses than checks, but more secure. Credit cards are less burdensome for businesses than establishing a link to each customers bank. I also like that I can easily have multiple cards for multiple purposes. I can even easily keep track of purchases from a single business when I am in different roles by using my work card vs. my personal card. I’m sure I could do that with the other systems as well, but I don’t. It seems more natural with cards. […]
September 23rd, 2007 at 5:07 pm
[…] I really don’t like the phrase “user-centric identity” and as I struggled to name this post, I came upon Pete Rowley’s 2006 phrase the people are in the protocol. […]