Kim Cameron: Why Claims Will Change Everything


Kim Cameron is talking about claims. Today's landscape is filled with silos. The perimeters are purposely impermeable. Users are reduced to the system's definition of them within those boundaries. Digital experience is organized from the point of view of the system, not the user--who employs many systems. There are gates at the edges to control movement in and out of each system. The technology landscape is rigid in terms of protocols, formats, syntax and semantics. The system represents a single source of truth.

Users want to obtain a service, not be defined by it. We face all kinds of silos: operating systems, applications, enterprises, services, networks, and the access control stack.

Security in this world is based on layers of protection, but there's no end-to-end policy for coordinating their actions.

Claims are the information through which loosely coupled components can decide whether and how to provide services. There are different sources of claims for different purposes. A claim is an assertion which is in doubt. Claims describe entities. Claims can be static, relationship based, derived, describe capabilities, or even be claims about other claims (meta-claims).

An identity provider is a claims transformer. Those transformers can transform trust (partner claim to local claim), format (X.509 cert to SAML token), and content (role to access). To get loose coupling, we need systems that are linked by claims that can be transfered, transformed, and evaluated to match local needs.

In short, user-controlled claims are the key to loose coupling. My personal experience is that this is a tough concept for many in IT to understand. They like the idea of loose coupling, but their instinct is towards control--which leads to tight coupling.