Algorithmic Authorizations


Yesterday I was reading Seeing What's Next: Using Theories of Innovation to Predict Industry Change by Clayton M. Christensen, Erik A. Roth and Scott D. Anthony and came across a story about how credit scoring changed the loan industry:

In 1956, Fair, Issac created a standard predictive risk-assessment tool. It dramatically simplified the process of judging creditworthiness with a statistical methodology that plugged variables from an applicants credit history into an algorithmic formula that produced a score. Credit scoring's robust, scientifically based, quick assessment enabled a broader population of less-skilled people to make lending decisions.

It occurred to me that this was, essentially, an algorithmic authorization to access a certain amount of credit. In most authorization regimes, we conceive of a two-dimensional look-up tables that says whether a particular identity or role (one dimension) is allowed access to a particular resource (the second dimension). Building these two dimensional tables to completely specify authorizations for all the roles in a company, say, and all it's resources is difficult and once done quickly out of date.

Being able to compute authorizations from the attributes associated with an identity would make this problem more tractable. Can anyone think of other examples besides credit scoring where authorization to access a resource is computed instead of being lookup up in a table?

By the way, I'll have more to say about this book later. It's a very good read and contains some valuable theories and analysis methods.