Who Owns A Relationship?
August 20, 2007 - 11:56am — bexAfter my claim that decent identity management would destroy Facebook last week, I began thinking about identity management a lot.
A whole lot...
More than is healthy, really...
I'm obsessing about the question: who owns a relationship? The answer seems obvious, but there are a lot of gotchas that make me nervous... I have to blog this before I can wrap my head around the true market value of an OpenID/XACML integration...
Lets assume I'm a salesman working for Oracle (I'm not)... and I have a friend in charge of software purchases at Boeing (I don't). Lets further assume that we set up some system with OpenID that stores that relationship data on the greater internet -- something like a next-generation LinkedIn or Facebook that "gets" identity management. Or perhaps Facebook with some OpenID magic using Identitude...
Anyway, lets further assume that the relationship is important somehow to my boss... so its managed internally by both employers, using some variation of SAML/XACML for authorization and trust inside the firewall.
Now... who owns that relationship? Um... Arguably, the humans do. The relationship is mine, and my friend's. Until a falling out of some sort, we're on each others' buddy list. My relationship, my data.
But wait a minute... doesn't Oracle have some claim to this information? Its not just a me/him relationship, I'm also a proxy for an Oracle/Boeing relationship... If I quit, they need to know who my contact is at Boeing so they can continue with the potential client/partner/whatever relationship.
Perhaps... but what if I quit and joined IBM or Microsoft? Sales people are hired for two reasons: their salesmanship, and their contacts. You can bet that they would want to know about my friend at Boeing... Likewise, my contacts were probably a major reason why Oracle initially hired me... They sure didn't mind when I left my previous employer with that relationship in tact... although they sure would like to retain control of that relationship after I leave.
Everybody wants it both ways...
If I were clever, I'd probably keep my business contacts outside of my employer's clutches... like Highrise, or at least paper copies at home. If my employer were clever, they would require me to keep it inside a strict, federated, SAML/XACML secured repository for customer relationship management, and private networks similar to LinkedIn... they'd like to make it as tough as possible for me to move my data out of their repository, even though I have a right to that data as well.
This harks back to the age-old question of "what is property," answered by one of the fathers of American capitalism, John Locke:
every individual man owns his own person; this is something that nobody else has any right to. The labour of his body and the work of his hands, we may say, are strictly his. So when he takes something from the state that nature has provided and left it in, he mixes his labour with it, thus joining to it something that is his own; and in that way he makes it his property. He has removed the item from the common state that nature has placed it in, and through this labour the item has had annexed to it something that excludes the common right of other men: for this labour is unquestionably the property of the labourer, so no other man can have a right to anything the labour is joined to - at least where there is enough, and as good, left in common for others. -- Second Treatise of Government, John Locke, Ch 5, Section 27
Despite 200 years, Web 1.0, and Web 2.0, this argument still makes the most sense... the information that I have a relationship is free to all who bother to find out... however, the ownership of the structured data is the property of whomever mixes their labor with the information. Complexity Economic Theory would dictate that's when data turns into knowledge, and therefore economic wealth.
Locke also said:
Where there is no property there is no injustice
but let's put down the book and step away from the hippie...
Essentially, I have no right to expect easy transference of data outside of my employer's clutches. Even if I typed in everything to their system, they were paying my salary at the time. Likewise, if I entered that information into Highrise on my own time, they have no right to expect an easy copy of the data into their systems.
Thus, there's actually a very strong disincentive towards making relationship data too easy to move from the internet to the intranet... Why should I let my employer get my labor and wealth (entering contact info to Facebook) for free? Likewise, why should they give me a great parting gift when I quit? To a lesser degree, this same disincentive even exists for sharing bookmarks and tag clouds across the firewall...
An OpenID/XACML integration sounds cool... but because of a lack of incentives -- and many disincentives -- I just don't see its value in today's world. At best you could import things like name and email address, asking for anything else will probably cause problems...
Something else needs to change first before that kind of identity management could find a niche...
Post new comment