Follow up on Relational Continuity Sockets Layer
In my post Relational Risk I promised to flesh out an idea that I provisionally dubbed "relational continuity sockets layer" (RCSL - [our-sizzle]). In the meantime, Mark Wahl already posted on this idea. As it turns out, Mark's been thinking along similar lines for some time; and since I agree with everything he says, I'll just quote his ideas on this topic:
This RCSL abstraction has several promising benefits for use in identity relationships.
- It could provide a standard and potentially portable container to hold the state of relationship as it changes over time.
Examples of this kind of state which could be referenced from this relationship might be a eBay reputation, or a transaction history. In addition, it could enable the user to view where their identities are in a workflow process.
- It could provide the means for each party to have access to theunderlying data from which the party would be able to perform a consistency check.
For example, a bank may keep track of the date and source IP address of each successful login. Other than to perform some basic checks that the requests are coming from a country that's appropriate for the user's transaction pattern, the bank may not wish or even be able to perform any further checks on whether the IP address is appropriate. While the end user may not wish to see this information displayed to them directly as they maynot know their IP address history, theoretically the end user's computing systems could coordinate amongst themselves, determine whether this IP address history matches the addresses known by these systems, these end-user-focused systems could use this data to determine if there has been a compromise.
- It could provide a means of controlling the visibility of relationship state.
At a minimum, the ability to address the relationship as an entity separate from the participants could allow for selective disclosure of relationship information without needing to disclose who is in this relationship.
- It could provide a referencable underlying data set on which a reputation system could be built.
Some reputation systems may be able to leverage the knowledge that if A and B have had a relationship over n transactions, they each may be able to make a better assessment about each other than parties which has had fewer transactions with A or B.
- It could provide a template for common operations among many kinds of identity relationships.
For example, just as "logout" is a typical operation for many kinds of identity transactions, "end relationship" could be an operation for an identity relationship.
- It could enable multi-party relationships to be better managed by the participants.
The majority of existing identity protocols describe pairwise relationships between two parties, but may not be able to incorporate theinteractions of other parties.
[posted by Mike Neuenschwander]
Comments