2007-10-14
Why I think identity blurs into authority
In theory we can separate the ideas of identity and authorization, and it is common to present complex computer systems this way. In practice I think that many people blur the two together and attempting to forcefully separate them only leads to confused users and frustrated security people.
I believe that one reason for this is because we rarely think of people alone in the real world; instead we think of them with attached associations. It is not 'Chris Siebenmann, who is authorized to', it is 'Chris Siebenmann who works for the University of Toronto and is thus authorized to'. In turn I think this is because we understand that we need to specify a context for the identity in order for it to name a specific person. If you just say 'John Smith', the question is which John Smith you're talking about, and the answer is established by the context; that context may be implicit, but it's there.
Only on the Internet can we pretend to have identities divorced from context. And it is a pretense, because the context here is that of the identification system itself. (Or to put it in pretentious computer science terms, an identifier only has meaning within a particular namespace.)
Once you think of people with associations, those associations create natural ideas of authorization. In fact we should expect them to, because it is less work for people; they get to pigeonhole people into roles based on their identity associations and then just extend whatever privileges the role is entitled to.
(Or in other words, 'Chris Siebenmann works here, of course he's allowed into the building'. And when security systems depart from this they are perceived as getting in the way and get bypassed.)