Scott's Workblog

This blog has moved! Go to my new blog!

January 03, 2007

Identity and Principal

A post by Stephen Downes prompted by a post by Andy Powell points me to this fantastic post on identities. There are lots of ideas here that I'm going to have to take some time over, but one thing that immediately leaps out for me is this crucial distinction made in the security world between an identity and a principal. Often problems occur in systems when the organisation thinks it is concerned with the principal (the living person) and not an identity, and seeks controls and assurances it simply cannot assert.

Security systems - authentication, authorization - are largely based on the assertion of identity (not principal) and its association with characteristics with a range of assurance mechanisms. The latter include self-assertion for low-stakes information, third party verification (ask a trusted observer), secondary verification (get a person to check an artifact provided by a trusted third party) and primary verification (get a person to check a characteristic directly).

For the most part web systems work using a combination of self-assertion with a small amount of primary verification (confirm your email address). This is entirely consistent with the identification of an identity, not a principal.

The issue for ePortfolios is what are they intended to evidence - an identity or a principal? For me, identity is a far better choice and more easily accomplished. However, we have to give up the concept of one-portfolio-per-principal, as principals are no longer within the scope of concern. This also means no one system for managing portfolios.

Within this scope, however, there is still room for action. Its not a negative statement. There can still be portfolios, tools for assisting with the construction of portfolios, and standards for moving bits of portfolios around (or even whole portfolios). However, I'm starting to lean towards seeing these as subsidiary to an identity system (or metasystem) not a replacement for it. Portfolio is not identity, and I'm quite happy to stick with the very bare and impoverished definition of identity found in IT - I think it actually fits reasonably well with the "attractor" concept.

For example, its quite usual to establish many identities (accounts) and associate a range of characteristics to them, such as email addresses. If, like me, you have several different email addresses, choosing which ones to associate with an identity is a real choice that affects the affordance of the services provided as a result of asserting that identity. Likewise, the association of assets to an identity through the mechanism of attribution and authorship is a crucial capability. This isn't exactly new in the Portfolio discussion, as the idea of "multiple presentations" has been kicking around for a while; however this is usually predicated on the concept of different views of one principal rather than of different identities. There is again the concept of the unitary self and its electronic analogue.

There are ethical issues around this separation of identity and principal, and I know some people who are concerned about this issue. My personal attitude is founded on an odd mix of pragmatism and principle in this case - as the stakeholders I work to support are organisations (universities, colleges), they should have only identities as the scope of their concern; they can never see the "whole person" as they are fundamentally only ever dealing with parts of lives. We are not and should not become 'total institutions', which is where becoming concerned with principals rather than identities eventually leads.

NB: the term "principal" itself has two almost opposite meanings in IT. I've used it above with the more general definition of "the person for whom a broker executes an order", that is, the entity outside the system that asserts an identity. An alternative usage in security is to use principal to refer to the entity within a system that is associated with an identity. If you are used to the latter case, then I'm afraid you'll have to subsitute "user" or "nominal" for "principal".

main archive