Businesses spend a great deal of time and money trying to identify their customers. By "identify" I mean not just get a name and credit card number, but find, learn about, and discover the attributes, preferences, and even desires of customers. They spend millions of dollars on "customer relationship management" (CRM) systems that are really "customer dossier systems" in a quest to manage the identity data they collect about customers.
In the same way, customers spend a great deal of effort identifying businesses. Which business sells the product that will meet my needs at a price I'm willing to pay? Which business will give me the best shipping, the best service, or even the most emotional lift when I buy from them?
Doc Searls has been talking about the need for the one-way "CRM" systems to become more truly about relationships for years--ever since I first met him. He's set up Project VRM at Harvard to focus on that effort. VRM, which stands for "vendor relationship management" was meant as a play on CRM, but is maybe too "user-centric" at this point. The real idea is relationships.
When Bob Blakely spoke at IIW about relationships, I don't think I really understood what he was saying, but I took notes and today when I was going back over them, the idea of relationships as the context for identity actually leaped out at me. (See also Drummond Reed's notes on this same talk.)
I've been thinking about this idea in the context of ecommerce lately and trying to understand the market that might emerge as ideas like VRM start to take hold. As Bob mentioned in his talk, this idea has real power when relationship intermediaries start to get involved.
The much used analogy to the credit card industry is applicable here. I can buy a TV at Best Buy on credit not because I have a direct credit relationship with Best Buy (although they'd love to establish one with me) but because I have a trusted relationship with my bank, they have one with their bank and there's a contract between those two banks (via the Visa network) that links them.
In a similar way, intermediaries could provide strong trust relationships that link merchants and shoppers. Here's a picture:
In this diagram the blue box labeled "RelP" represents a relationship provider. Not an IdP who provides low value authentication services, but someone with a strong trust relationship with various parties--shoppers and merchants in my example. The RelP creates a relationship context within which the identity data lives and is shared. Other RelPs through contractual relationships can federate to create relationship contexts that span a single RelP.
As a side note, this model doesn't necessarily envision the creation of a network for relationships like Visa, although you could imagine one. This was the reason Andre Durand started Ping Identity. 2002 was probably too early to get that gargantuan task accomplished, but the technology and thought processes around this area have grown up a lot in the last 6 years.
How might such relationships be created and managed? Drummond and the folks at the Higgins Project believe that relationship cards, or r-cards are the answer. They well may be. An r-card, perhaps slightly misnamed, offers the capability to instantiate an ongoing data sharing relationship that can be terminated at any time by either party. in Drummond's words:
An r-card ... exchanges a set of claims and associated policies that enables both parties to continue to share other information over time, e.g.:
- Updates to the initial values of the claims
- New claims
- Permissions and controls over communications via other channels
- Changes to the r-card itself
I'm still trying to understand all the details, but convinced of the necessity of this kind of thing. My work on reputation (PDF) was a start at understanding how trust relationships can be created online. I'll be writing more about this as I understand it more over the coming weeks.