Businesses spend a great deal of time and money trying to identify
their customers. By "identify" I mean not just get a name and credit
card number, but find, learn about, and discover the attributes,
preferences, and even desires of customers. They spend millions of
dollars on "customer relationship management" (CRM) systems that are really
"customer dossier systems" in a quest to manage the identity data
they collect about customers.
In the same way, customers spend a great deal of effort identifying
businesses. Which business sells the product that will meet my needs
at a price I'm willing to pay? Which business will give me the best
shipping, the best service, or even the most emotional lift when I
buy from them?
Doc Searls has been talking about the need for the one-way "CRM"
systems to become more truly about relationships for years--ever
since I first met him. He's set up Project
VRM at Harvard to focus on that effort. VRM, which stands for
"vendor relationship management" was meant as a play on CRM, but is
maybe too "user-centric" at this point. The real idea is
relationships.
When Bob Blakely spoke
at IIW about relationships, I don't think I really understood
what he was saying, but I took notes and today when I was going back
over them, the idea of relationships as the context for identity
actually leaped out at me. (See also Drummond Reed's notes
on this same talk.)
I've been thinking about this idea in the context of ecommerce lately
and trying to understand the market that might emerge as ideas like
VRM start to take hold. As Bob mentioned in his talk, this idea has
real power when relationship intermediaries start to get involved.
The much used analogy to the credit card industry is applicable
here. I can buy a TV at Best Buy on credit not because I have a
direct credit relationship with Best Buy (although they'd love to
establish one with me) but because I have a trusted relationship with
my bank, they have one with their bank and there's a contract between
those two banks (via the Visa network) that links them.
In a similar way, intermediaries could provide strong trust
relationships that link merchants and shoppers. Here's a picture:
In this diagram the blue box labeled "RelP" represents a relationship
provider. Not an IdP who provides low value authentication services,
but someone with a strong trust relationship with various
parties--shoppers and merchants in my example. The RelP creates a
relationship context within which the identity data lives and is
shared. Other RelPs through contractual relationships can federate
to create relationship contexts that span a single RelP.
As a side note, this model doesn't necessarily envision the creation
of a network for relationships like Visa, although you could imagine
one. This was the reason Andre
Durand started Ping Identity. 2002 was probably too early to get
that gargantuan task accomplished, but the technology and thought
processes around this area have grown up a lot in the last 6 years.
How might such relationships be created and managed? Drummond and
the folks at the Higgins Project believe that relationship cards,
or r-cards are the answer. They well may be. An r-card, perhaps
slightly misnamed,
offers the capability to instantiate an ongoing data sharing
relationship that can be terminated at any time by either party. in
Drummond's words:
An r-card ... exchanges a set of claims and associated
policies that enables both parties to continue to share other
information over time, e.g.:
- Updates to the initial values of the claims
- New claims
- Permissions and controls over communications via other channels
- Changes to the r-card itself
I'm still trying to understand all the details, but convinced of the
necessity of this kind of thing. My work on reputation
(PDF) was a start at understanding how trust relationships can be
created online. I'll be writing more about this as I understand it
more over the coming weeks.
Tags:
identity
relationship
rcards
reputation
