Understanding Identity and Trust in a Cognitive IoT World
As the juggernaut of IoT and Cognitive Computing continues it is becoming evident that we will need a much more robust Identity solution than the ones we currently have. A large part of this is due to the fact that systems are more and more interacting with each other and invoking actions on behalf of individuals and organizations. In addition the social media architectures and cloud integration platforms have left us open to a world where not only can a system act on your behalf independently but it can announce it and tie up your network of suppliers, partners, clients and peer groups.
This kind of world is the one technologists have dreamt of for years. The one where your digital personal assistant knows that you want to take a vacation soon and are simply looking for the right time and price of flight. So at 3 am while you are sleeping, he finds a really great fair for a flight, then he takes the initiative to put a vacation on your calendar for next month to the Cayman Islands, notifying your boss and your clients, and clearing your calendar for that time. Also, he knows you like to let all your friends know what you are up to and posts pictures of the Cayman Islands to your Facebook and linked in profiles, sets your out of office notifications and sends Jess and Ben, your two best friends, notification. Well he actually notifies their digital personal assistants and discusses with them that he's found a great fair and they should book the same flight so you can all go together. Of course, the assistants discuss the week first to make sure that everyone can go along. You wake in the morning to a delightful notification that you have been approved to take a vacation and a list of recommended items to pack (just a bathing suit please).
Sounds fantastic, or scary depending on your personality and your trust in the digital world. Did your assistant take into account the balance of the negotiations with your key customers and schedule your trip at the wrong time? Does it know that you really wanted to deep sea fish and scuba dive so picked the exact right location to be able to do both? Did it really find the best fair? What about a breakfast buffet? You really only want a hotel that has a nice breakfast buffet (the most important meal of the day right)? All of these minor yet very human nuances of trust and planning are a part of making way for truly independent digital actions. And all of them depend on understanding identity and trust in a much more sophisticated way. Imagine the same scenario but the actors are large organizations and they are negotiating a series of business deals. How far will we trust our machines to act for us, and how can we characterize it?
I am proposing a relatively simple hierarchy of digital identities which I will expand on in multiple ways in the future. First and foremost in your mind should be characterizing the actions and trust levels of various digital identities in the world and assigning them autonomy and action activities. My first pass at a hierarchy of identities looks like this:
- Provocateur; Intelligent agent with intention and action indistinguishable from a human
- Independent Intelligent Agent; Intelligent agent able to act without permission
- Intelligent Agent; Agent with a degree of reasoning capacity acting only with permission
- Agent; Invoker which acts through orchestration to do work for a higher level agent
- Invoker; Service which coordinates services calls or acts on services
- Service; An object which returns a complex set of responses which may do work
- Software; Network object which returns a response
- Network; An object which is addressable
- Hardware; An object which is identifiable over a network
As you can see this is a very early model for something as complicated as identity, independence, action and trust, all of which are fundamental to our notion of self and fulfillment of intent. It is at the highest levels of these capabilities that the concept of intent (whether harmful or beneficial) emerges and it is that for which we seem to be striving.
However, before we move (in a future post) to such ideas, we will need to discuss what modern businesses can do with these current concepts to grow and achieve their own intent (profitability, market growth, shareholder value, etc.) To do so we will need to explore further into the hierarchy. In my next cognitive post, I will discuss ways we can put even this basic hierarchy to work to drive our architectural goals.