One of the projects that Kaliya and I are working on is an update to our paper, “A Field Guide to Internet Trust Models“. The original was well received (we even won an award), and readers offered good feedback.
In keeping with that spirit of community, we decided to publish the updates here as we go along. We hope you find this bit of sausage-making interesting and want to hear your feedback. Over time, we expect to update and add to the trust models. For those of you who don’t care about the kitchen and just want to eat, the most up-to-date definitions will be available on this page.
We call this a “field guide” because our intent is to define a set of criteria you can use to classify and organize trust models on the internet. Each of these models is designed to handle a specific situation, and each has advantages and disadvantages.
In a later post I’ll discuss how we arrived at our working definition of “trust” but, for now, please accept that when we use the “t” word, we mean:
The willingness to allow someone else to make decisions on your behalf, based on the belief that your interests will not be harmed.
So the question at hand here is, what to we mean by “someone else” and how do we know what history to link to it?
Identity is, simply put, the way that we tell one thing from another.
An identity lets us link an entity to past behavior and helps us predict what it’s likely to do next. This is a helpful skill to have because it lets us place each thing into a historical context. Based on what happened last time, I can decide what to do now. Have I ever seen this thing before? What happened? Did I bite it or did it bite me?
If it’s a thing with intention, can I predict what it’s going to do next? Do I help it? Should I climb a tree?
In this way, it places the request into a context. Every interaction carries some risk, and identities provide a foundation for assessing and managing that risk.
When we don’t know one another directly and depend upon a third party to authenticate us, identities are said to be federated.