The Law of Relationships: A Work in Progress

The Laws of Relationships (A Work In Progress)

Ian Glazer

Senior Director, Identity

salesforce.com

@iglazer

What’s the problem?

firstName lastName email mobile ou nickname title …

firstName lastName email mobile ou nickname title …

firstName lastName email mobile ou nickname title …

firstName lastName email mobile ou nickname title …

Reasonably large number of identities with a reasonable

number of attributes

deviceID firmware

deviceID firmware

deviceID firmware

deviceID firmware

Unreasonably large number of identities

with a few attributes?

Reports To

Reports To

Reports To

Works with

Reports To

Reports To

Reports To

Owns

Owns

Owns

Works with

Reports To

Reports To

Reports To

Owns

Owns

Owns

Paired

Owns

Gets data from

Sends data to

Uses

Controls

Works with

Reports To

Reports To

Reports To

Owns

Owns

Owns

Paired

Owns

Gets data from

Sends data to

Uses

Controls

Works with

Drives

UsesConstrains Choice Of

Uses

Reports To

Reports To

Reports To

Owns

Owns

Owns

Paired

Owns

Gets data from

Sends data to

Uses

Controls

Works with

Drives

UsesConstrains Choice Of

Uses

Can send data to

Riden In

Riden In

Unreasonably large number of relationships between

unreasonably large numbers of people and things, each

with attributes?

Why build laws in the first place?

• Inform our designs • Test existing solutions • Identify gaps

Laws of Identity (2004)1. User Control and Consent

2. Minimal Disclosure for a Constrained Use

3. Justifiable Parties

4. Directed Identity

5. Pluralism of Operators and Technologies

6. Human Integration

7. Consistent Experience Across Contexts

The Laws* Of Relationships

(A Work In Progress)

• Axioms • Types • Laws

AxiomsAttributes in support of

pre-existing natural state or requirements

1. Scalable 2. Actionable

Scalable

• Number of actors• Number of relationships• Number of attributes

• Number of actors• Number of relationships• Number of attributes• Administration

Actionable

Relationships must be able to carry authorization data

Can perform actions X, Y, and Z

Can perform actions Q, W, and E

Can perform actions X, Y, and Z

Can perform actions Q, W, and E

Can perform actions X, Y, and Z

Can perform actions Q, W, and E

?

?

But relationships do not have to carry authZ data

TypesInforms the greater context

1. Immutable 2. Contextual 3. Transferrable

Immutable

Built by

Built by

Contextual

Relationship is active when conditions are met

Inactive relationships• None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer

relationships isn’t “used” until there is a claim.

• Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne.

Inactive relationships• None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer

relationships isn’t “used” until there is a claim.

• Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne.

Drives

Inactive relationships• None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer

relationships isn’t “used” until there is a claim.

• Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne.

Drives Insures

Inactive relationships• None of the parties “use” the relationship until a condition is satisfied. • The set of driver, car, insurer

relationships isn’t “used” until there is a claim.

• Inert, inactive relationships are still important because they provide context • This widget was made by Yoyodyne.

Drives Insures

Manufactured by

Active Relationships

• Context toggles a relationship into a usable state

Active Relationships

• Context toggles a relationship into a usable state

Active Relationships

• Context toggles a relationship into a usable state

Customer

Active Relationships

• Context toggles a relationship into a usable state

Customer

Possesses

Active Relationships

• Context toggles a relationship into a usable state

Customer

Owns

Possesses

Active Relationships

• Context toggles a relationship into a usable state

Customer

Owns

Owns

Possesses

Active Relationships

• Context toggles a relationship into a usable state

Customer

Owns

Owns

Possesses

Active Relationships

• Context toggles a relationship into a usable state

Customer

Owns

Owns

Possesses

Context is a requirement• Related Research:

– Death of authentication and rise of recognition – Relationship context metadata and the need for durable metadata

Transferable

Client

Temporary Transference

Client

Temporary Transference

Delegate

Client

Temporary Transference

Delegate

Acts on behalf of client

Client

Temporary Transference

Delegate

Acts on behalf of client

Client

Temporary Transference

Acts on behalf of client

Client

Temporary Transference

Permanent Transference

Owns

Permanent Transference

Owns

Customer Of

Permanent Transference

Owns

Customer Of

State of transference• Do we need a system of record for transference state?

• Who would maintain such a system of record?

• Can/should the relationship carry history?

Laws

If a thing cannot be X, then it is not a relationship

1. Provable 2. Acknowledgeable 3. Revocable 4. Constrainable

Provable

Mechanism to prove that a relationship

exists between parties

• Single-party asserted • Multi-party asserted • 3rd-party asserted

Single Party Asserted: X relates to Y because X says so

I work for her

Multi-Party Asserted: X relates to Y because X and Y say so

I work for her

She works for me

3rd-Party Asserted: X relates to Y because Z says so

Sally works for Mary

HR

3rd-Party Asserted: Does this require other relationships?

HR

Acknowledgeable

All parties must be able to acknowledge they are

in a relationship

I acknowledge my relationship

with Twitter

I acknowledge my relationship

with Twitter

I acknowledge my relationship

with Twitter Do I acknowledge my followers?

They will acknowledge

their relationship with me

They will acknowledge

their relationship with me

But can I acknowledge my relationship with

them?

Is this really a Law or a feature request from the VRM/PDE/Privacy-types?

Revocable

Real-world revocation

Real-world revocation

Real-world revocation

Owns

Owns

Real-world revocation

Owns

Owns

Built By

Real-world revocation

Owns

Owns

Paired

Built By

Acts on behalf of

Real-world revocation

Owns

Owns

Paired

Built By

Acts on behalf of

Real-world revocation

Owns

Owns

Paired

Built By

Acts on behalf of

Real-world revocation

Owns

Paired

Built By

Acts on behalf of

Real-world revocation

Owns

Paired

Built By

Acts on behalf of

Questions that need answers• Can either party revoke a relationship?

• If I sever a relationship should any party who was part of the relationship still have access and use of what was shared in the course of the relationship?

• Does this imply the idea of cascading delete?

Constrainable

With my permission, it can report its location

With my permission, it can report its location

It can constantly report energy use to my power company

With my permission, it can report its location

It can constantly report energy use to my power company

It can only used by customers with active licenses

Consent

It can constantly report energy use to my power company

It can only used by customers with active licenses

Consent

Consent

It can only used by customers with active licenses

Consent

Consent

DRM

Now what?

Laws, Types, and Axioms

Laws Types Axioms

• Provable • Acknowledgeable • Revocable • Constrainable

• Immutable • Contextual • Transferrable

• Scalable • Actionable

Join the Kantara WG!

Send me comments : https://www.tuesdaynight.org/

2014/05/28/the-laws-of-relationships-a-work-in-

progress.html

Go test this!

Where should we try and test relationship management?• IoT is a natural case

– Industrial settings (factories, planes, etc) – Citizen (smart homes, sensors in public)

• Familial Relationships – Insurance – Healthcare

• Finance – Complex authorization models – Regulatory influence

Where else can we test this?• Product architecture

• User stories

• Random strangers on the bus

Reports To

Reports To

Reports To

Owns

Owns

Owns

Paired

Owns

Gets data from

Sends data to

Uses

Controls

Works with

Drives

UsesConstrains Choice Of

Uses

Can send data to

Riden In

Riden In

The Laws Of Relationships