This is my second Axiom of Identity, which builds upon the
first. I swear that if you grok these, you'll see the model that
I am creating that allows for the creation of powerful identity
management solutions. I believe that it is important to remember
that we are living in a world with so much identity around us, that we
fail to realize where it all came from. On to Axiom #2:
I posit that identity does not exist outside the context of a community.
Once again, it is easy to fall into the trap of believing that I have
inherent identity, and that it is mine. However The First Axiom
of Identity builds the foundation that all of my identity is given to
me by others. If this is the case, then that identity can only
exist, and be understood, by the community that gave me that identity, or other communities that are related.
The root of the Second Axiom is that identity is built upon language and
communications. Since attributes of identity are descriptive in
nature, they are dependant upon accurate and consistent definitions of
those attributes. It is often difficult to see this clearly since
much of what we are looking at with identity was learned when we were
children. Some of our attributes are so commonly understood
within our communities, that we fail to see them distinctly.
For example, we all know what height, weight, age, hair color, and shoe
size are. What we forget is that there are still communities on
earth that would not understand our measurements of these attributes
... let alone the name of the attribute! We can assume that
almost any culture on earth has the concept
of weight, and has some word they assign to it. We can not assume
that they measure their concept of weight in a unit of measurement that
we would understand. I happen to be well versed in 'pounds' since
I was raised in the United States. In the UK someone might
actually still give me their weight in 'stone'.
Although there is considerable efforts in global standards, these
standards are only beginning to scratch the surface of a common
language for identity attributes, and a common set of metrics for these
attributes. Until the standards grow to encompass all of identity
(yeah ... and when will that be?) we have to understand that identity
attributes must be related to a community, and the standard by which it
So where does this fit in the software realm? It simply means
that as we create a 'schema' for identity, we have to keep track of the
'context' of that information. Two core pieces of information
that we have to track when creating an identity management solution
include "Who is the definitive source of that identity attribute?", and
"Who is the authority on the metrics of that identity attribute?"
These might be different, or the same, communities. Using the
example of weight, the definitive source of the information could be my
home scale, a doctor, or a hospital that I visited. The metric of 'pounds'
in the United States, however, is governed by the National Institute of Standards and Technology.
Again, the importance of this is when a person or company wants my
identity, they also will want to ensure they trust the definitive
source, and the metrics that I provide. (I am sure that the new Virgin Galactic
space flights are not going to trust my home scale as a definitive
source of my weight!) Another example of this is that your bank,
when you apply for a car loan, still wants to check with the definitive
source of your employment information. And they are going to want
to hear your salary in units of measurement that they know!
Some new issues arise as we dig deeper into this model. First, we
have to be ready to resolve conflicts in naming of identity
attributes. Second, we have to be ready to provide translations
between units of measurement. Third, we have to have mechanisms
to verify identity information with the definitive sources.
All of these are subjects that I'll touch on in other Axioms ...