Trust Models, Accountability, Lifecycles, Social Context
by Kaliya "Identity Woman" Young (formerly Hamlin)
Two quotes stuck out for me reading the papers submitted to the Rebooting the Web of Trust conference - both in The PGP Paradigm.
"Trust trust is specialized trust not real-world trust."
"The trust portion of the Web of Trust relies completely on the user-specific trust marking and the weights that the key holder places on keys."
These quotes raise for me questions about how to keep the conversations and instantiations of "the web of trust" from becomming hopelessly confusing with different definitions of Trust, trust, and trust. Each being used and understood to mean different things. Might other terms be more appropriate to consider for some aspects such as Web of Connection? or Web of Knowing?
During the conversations surrounding NSTIC (the National Strategy for Trusted Identities in Cyberspace) the phrase "Trust Framework" came into my lexicon. I did what I do with all technical discussions I participate actively in - I worked hard to figure out on a deep level what was actually meant by this phrase - what is it? how do trust framworks function? And from there I returned to my center of attention: What are the implications for end-users?
The phrase "Trust Frameworks" seems particularly pervasive and not yet defined well. After struggling for several months it became clear to me… that it is a technology/policy(legal) sandwich that is used to allow large complex networks/multi-party systems to function. In the identity world this was called a Federation.
Once I understood what NSTIC meant by "Trust Framework" I considered the implications of naming the technology/policy(legal) sandwich that connects everything together a "trust framework." It seemed that one should actually have a conversation with end-users and end-user communities (representatives of various types of end-users with particular needs/interests) about the viability and the appropriateness of various "trust frameworks."
Should the users trust these frameworks, or not? It seemed like it would be a challenge to have conversations with the interested public about the trustability of particular trust frameworks. We needed a better name for them. It was out of this quest that I wrote the Trouble with Trust and the Case for Accountability Frameworks. It starts out discussing various forms of trust and (social, computational, and trust metrics) and outlines how trust operates at different scales drawing on Stephen M.R. Covey's work the Speed of Trust that talks about how trust operates at different scales
- people trusting themselves: SELF TRUST
- people trusting each other: RELATIONSHIP TRUST
- In groups of people working together: ORGANIZATIONAL TRUST
- For organization there is: MARKET TRUST
- Beyond the business or nonprofit is: SOCIETAL TRUST
The conversations around Trust Frameworks within the identity community continued out of this it became clear that different individuals from different niches had their own picture of what they looked like. And often knew about their own industry version/norm and maybe another couple but there was no comprehensive documentation or way to talk about them broadly.
Models of Trust
I outlined 11 different trust models and documented them in a paper that was co-authored with Steve Greenberg. The Field Guide to Internet Trust Models It was submitted to the ID360 Conference 2013 and was awarded best paper. This is from the introduction here is a link to the full PDF - each model has a diagram, a description and
A Tour of the Trust Models Common Internet Trust Models:
Sole source: A service provider only trusts identities that it has issued.
Pairwise Federation: Two organizations negotiate a specific agreement to trust identities issued by one another.
Peer-to-Peer: In the absence of any broader agreement, individuals authenticate and trust one another.
Three-Party Model: A common third party provides identities to both the requester and the service provider so that they can trust one another.
“Bring your Own” Portable Identity: In the absence of any institutional agreement, service providers accept individual, user-asserted identities.
“Winner Take All” Three Party Model: Service provider wants to allow the requester to use an existing identity, but only accepts authentication from a single or very limited set of providers.
Federations: A single, standard contract defines a limited set of roles and technologies, allowing similar types of institution to trust identities issued by one another.
Mesh Federations: These share a common legal agreement at the contract that creates permissible interoperability.
Technical Federations: These share a common technical hub responsible for making the interoperability happen.
Inter-Federation Federations: This is what happens when one federation actually inter-operates with another federation.
Four-Party Model: An interlocking, comprehensive set of contracts allows different types of entity to trust one another for particular types of transaction.
Centralized Token Issuance, Distributed Enrollment: A shared, central authority issues a high-trust communication token. Each service provider independently verifies and authorizes the identity, but trusts the token to authenticate messages.
Individual Contract Wrappers: Manage how personal data is used rather than trying to control collection. Information is paired contract terms that governs how it can be used. Compliance is held accountable using contract law.
Open Trust Framework Listing: An open marketplace for listing diverse trust frameworks and approved assessors.
Critique of the Universal
One of the papers submitted to Rebooting the Web of Trust talks about the potential for global universal reputation and the emergence of universal trust. This contrasts with the view from Randy Farmer that it is critical to not cross the streams of reputation beyond context.
The former seems to be a kind of Ayn Randian objectivist world view - the "universalization" of everything is a project of the west it is both a strength and I think it is a downfall - without self-reflection and understanding certain people with certain privileges are more able to operate and succeed within the frame - those with enough social privilege to be seen and operate as "individuals" alone. How does thinking about the real working of trust in social human context come to include the vital role of social connection and groups?
What about Shame?
I have been reading Brene Brown's work - a researcher storyteller who uses Grounded Theory Methodology - intensive interviewing and coding of interviews from a broad range of subjects to work to see the patterns in the data - rather than having a theory and then testing for it. Her work is about trust and human connection and looks at how shame is overwhelming in our current culture and yet not talked about - and thus grows and is an underlying driver of a tremendous number of social ills we face as a culture.
To talk about reputation and reputation systems also requires us to address how shame and shaming operate through them. What does it mean to be vulnerable to try something and then potentially FAIL if every record of every failure is recorded in a universal "reputation" graph? What does forgiveness in these systems look like and how do we build up the social-cultural muscles to exercise this - to re-weave connection and community when it is broken and frayed?
Our Social Context - Privilidge
There is much that is broken and frayed in our society today. The #BlackLivesMatter movement being just one that is highlighting the impacts of 400 years of systemic oppression, and extraction and labor and work from decendants of africans brought to the shores of America to be slaves. This history of exploitation that provided the excess capital needed to bootstrap capitalism can not be just 'disappeared' and forgotten. When looking at webs of trust and connection - we have to look at the underlying political economy. Are the new patterns and systems we are creating just replicating the ones we are used to and acculturated to in with our current global capitalism? Are these new systems working to create space for communities of color and other marginalized groups to re-claim their data for themselves individually and collectively? How does reputation operate differently in different cultures? What do communities with less monetary resources want and need from these types of systems? How are we thinking about the needs of users that are not just american adults with day jobs? I worked with Bob Blakeley on the closing key note of the Cloud Identity Summit. The slides for this are here for Identification and Social Justice [http://www.slideshare.net/Kaliya/identification-and-social-justice](I also have an unpublished super rough transcript that I am working with him on in turning into a paper.) Who has the social power to create and maintain reputations - how are the marginalized not just eternally doomed in this type of system? How are life and historical circumstances understood and taken into account?
Human Lifecycle Needs + Lexicon
To help understand the range of just human life-cycle and begin thinking about how our identity (and data) needs change throughout our life I developed A Preliminary Mapping of the Identity Needs in People’s Life Cycles. This paper along with the Field Guide to Identity: Context, Identifiers, Attributes Names and more. were both submitted to the ID360 2014 conference (I was sick during the week of the conference and could not travel to present).
Relative to the workshop topic on rebooting the web of trust there is in the mix one paper about some potential common vocabulary. This paper has four parts and goes into depth about
It is another source for lexicon to support effective discussion about key terms and concepts that require shared language.
Questions of governance and meta-governance (governacne of governance systems) are relevent to consider.
- What is there role of standards like KMIP (at OASIS - their standards work for interoperable key managemnet)?
- What is the role of the Priavcy by Design work also ongoing at OASIS?
- How is the rating of people treated and managed differently then the rating of social objects or business entities? * The reaction to the proposed Peeple app is worth considering.