Is Jeff bigger than a bread box?

A thread about something called an Identity Oracle has spun out of the LLP thread. Bob Blakley describes an Identity Oracle here. Kim Cameron has his take here.

So the idea behind the Identity Oracle seems to be a service that can answer questions about an identity without giving away personal information. The example Bob gives is the person’s age:

Instead, GiCorp’s request looks like this:
“I am allowed to extend service to Bob only if he is above the legal age for this service in the jurisdiction in which he lives.  Am I allowed to extend service to Bob?”
And the Identity Oracle’s response looks like this:
“Yes.”

It pains me to disagree with someone who I respect as much as Bob Blakley, but I don’t think there is much promise in this idea. Of course Bob uses the age example, which is the “Hello World” of identity information. What other useful answers could an Identity Oracle provide? The usefulness of this seems limited to personal information that is a simple attribute to which a boolean test could be applied. That seems a pretty small and not very useful set.

Say for instance I want order some chocolate. The conversation between my Chocolate Provider and my Identity Oracle might sound something like:

Chocolate Provider: Jeff has ordered our Gut Buster size chocolate sampler. Could you give me his home address so we can ship it?

Identity Oracle: I can’t give you that information without violating Jeff’s privacy. Would you like to know if he is over 18?

Chocolate Provider: No thank you. We pretty much sell to anyone who can pay for it. I really need his address.

Identity Oracle: I can’t give you that information without violating Jeff’s privacy. Would you like to know if he is a resident of a specific state or country?

Chocolate Provider: That’s not really specific enough to ensure delivery. Could you give me his phone number?

Identity Oracle: I can’t give you that information without violating Jeff’s privacy. Would you like to know if his medical condition allows him to eat chocolate?

Chocolate Provider: We don’t care if he actually eats it so long as we get paid. Can you give me his email address?

Identity Oracle: I can’t give you that information without violating Jeff’s privacy.

Chocolate Provider: I thought so. Is Jeff bigger than a bread box?

Identity Oracle: Yes! Do I get paid now?

Chocolate Provider: No, just kidding. We’ll cancel his order.

OK this is a silly example, but I just can’t see much besides age that would fit the Identity Oracle model. I do recognize that many of the companies I do business with collect more information than they really need. But the solution to that is very simple; just don’t collect what you don’t need. But for the information they need, they need the information, not an answer based on that information.

I just can’t see how I could use an Identity Oracle in practice, much less be willing pay for it.

(Mirrored from TalkBMC)

Advertisements

One response to “Is Jeff bigger than a bread box?

  1. Jeff, I agree that the questions you ask are important. However I disagree entirely that they’re difficult to answer. Let me give you a very simple reason why I think this model can work.

    Let’s say you’re Brad Pitt. Lots of people want to find out personal things about you like your address and telephone number. You don’t want them to find these things out, but you still want to be able to order books from amazon.com and receive flowers and phone calls from your friends and get introduced to new and interesting people.

    So what do you do?

    Simple answer: you hire an agent and/or a manager. New contacts to you go through this individual. Business which would normally require you to reveal things about yourself are conducted through this person’s office.

    I claim that most aspects of what this agent does can be provided to large numbers of private citizens through a business which automates many of the tasks a human agent performs.

    I call this business an Identity Oracle. It acts on its customers’ behalf just as Brad Pitt’s agent and manager act on his behalf – and for the same reason, namely, that its business is providing a trustworthy service to individuals.

    And if it sees anyone trying to play 20 questions, it refuses to play.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s