(The basic text to my talk at Defragcon 2014. The slides I used are at the end of this post and if they don’t show up you can get them here.)
What have we done to manage people, their “things,” and how they interact with organizations?
The sad truth that we tried to treat the outside world of our customers and partners, like the inside world of employees. And we’ve done poorly at both. I mean, think about, “Treat your customers like you treat your employees” is rarely a winning strategy. If it was, just imagine the Successories you’d have to buy for your customers… on second thought, don’t do that.
We started by storing people as rows in a database. Rows and rows of people. But treating people like just a row in a database is, essentially, sociopathic behavior. It ignores the reality that you, your organization, and the other person, group, or organization are connected. We made every row, every person an island – disconnected from ourselves.
What else did we try? In the world of identity and access management we started storing people as nodes in an LDAP tree. We created an artificial hierarchy and stuff people, our customers, into it. Hierarchies and our love for them is the strange lovechild of Confucius and the military industrial complex. Putting people into these false hierarchies doesn’t help us delight our customers. And it doesn’t really help make management tasks any easier. We made every node, every person, an island – disconnected from ourselves.
We tried other things realizing that those two left something to be desired. We tried roles. You have this role and we can treat you as such. You have that role and we should treat you like this. But how many people actually do what their job title says? How many people actually meaningful job titles? And whose customers come with job titles? So, needless to say, roles didn’t work as planned in most cases.
We knew this wasn’t going to work. We’ve known since 1623. John Donne told us as much. And his words then are more relevant now than he could have possibly imagined then. Apologies to every English teacher I have ever had as I rework Donne’s words:
No one is an island, entire of itself; everyone is a piece of the continent, a part of the main. If a clod be washed away by the sea, we are the less. Anyone’s death diminishes us, because we are involved in the connected world.
What should we do?
If treating our customers like employees isn’t a winning strategy, if making an island out of each of our customers won’t work, if we are involved with the connected world, then what should we do?
We have to acknowledge that relationships exist. We have to acknowledge that the connections exists between a customer, their devices and things, and us. No matter what business you are in. No matter if you are a one woman IT consulting shop, or two-guys and a letterpress on Etsy, or even a multi-national corporation – you are connected to your customers; you have a relationship with them.
This isn’t necessarily a new thought and, in fact, there are two disciplines that have sought to map and use those relationships: CRM and VRM. Customer relationship management models one organization to many people. Vendor relationship management models one person to many organizations. Both, unknowingly share an important truth – the connections between people and organizations are key. It’s not “CRM vs VRM;” it’s “CRM and VRM.” What I am proposing is the notion of IRM – identity relationship management. IRM puts the relationships front and center, but more on that in a minute.
I believe that acknowledging relationships re-humanizes our digital relationships with one another. I believe that this is one of the reasons why online forums descend into antisocial behavior. It’s because those systems don’t make you feel like you have a relationship with the other party. “There’s no person there, just a tweet.” And this is a shame – that platforms meant to provide scalable human-to-human interactions and contact and closeness often dehumanize those very interactions.
I believe that we ought to use relationships to manage our interactions. You can’t get delighted customers by just treating them like a row in a database. You cannot manage data from all of your customer’s “things” without fully recognizing there’s a customer there with whom you have a relationship.
What I know about relationships
I believe we must build “relationship-literate” systems and processes. We should stop operating on rows of customers and start using digital representations of relationships. What follows are nine aspects of relationships that can serve as design considerations for relationship-literate systems.
If we are going to use relationships as a management tool in this world of ever-increasing connections between people, their things, and organizations, then we have to tackle scalability issues. The three obvious ones are huge numbers of actors, attributes, and relationships. But there’s another that is often left out: administration. If we don’t do something better than we do today, we’ll be stuck with the drop-list from hell in which an admin has to scroll through a few thousand enteries to find the “thing” she wants to manager.
I’ve got to know I’m in a relationship before anything else can meaningfully happen. I can’t buy a one-sided birthday card: Happy birthday to a super awesome partner who doesn’t know who I am. All parties have to know. Otherwise there is an asymmetry of power. And that tends to tilt towards the heavier object, e.g. the organization and not the individual. Familiar with the Law of Gross Tonnage? It’s part of the maritime code that says the heavier ship has the right of way. Now growing up outside of Boston, this is basically how I learned to drive. The Law of Gross Tonnage is useful in that situation but absolutely inequitable and unhelpful in terms of delighting a customer.
There’s got to be a way for us to know if multiple parties are in a relationship. This can take many flavors: single party, multi-party, and 3rd party asserted. Things like Facebook can serve as that 3rd party vouching two people are connected. But should there be alternatives to social networks for this? And who connects people and their “things”?
We want our relationships to be able to do something. And by looking at the relationship each party can know what they can do. Without having to consult some distant authority. Without waiting for an online connection. The relationship leads to action and does so without consulting some back-end service somewhere.
Not just because a relationship can do something doesn’t mean it can do everything. We need to be able to put limits of what things and people can do; we all need constraints. Examples of this are things like granting consent or enforcing digital rights management.
Some things are in a relationship forever. This is useful to know when you want to make sure that a “thing” was really made by one of your partners and is authentic.
Some relationships can be transferred. We have legal proxies that we transfer a relationship to on a temporary or conditional basis. There are plenty of familial relationships in which we transfer authority on a semi-permanent basis. And some relationships are permanently transferred – like selling a jet engine to someone.
Many relationships exist but aren’t very useful, until a condition changes. My relationship to my auto insurance provider isn’t a very vibrant relationship. I don’t use the relationship on most days. But then I get into an accident that inert relationship between my car, the insurer, and me becomes active. There’s something out there, some condition out there, that can make a relationship active and vital.
Some relationships end or have to come to an end. What happens then? What happens to the data now that the relationship is gone? At this point we have to turn to renowned privacy expert, John Mellencamp for his insight. You might not know it but he wrote about the Right to Be Forgotten and other privacy issues in “Jack and Diane”. As he sang, “oh yeah data goes on / long after the thrill of the relationship is gone.” But this problem is at the root of the “Right to Be Forgotten” debate. This will only become a larger problem as our digital footprints get heavier and heavier. And this gets especially messy when relationships that I am not even aware of create data about me and my devices and my things.
In summary, relationships:
- Must be scalable
- Ought to be both acknowledgable and provable
- Need to be actionable and constrainable.
- Can be immutable or transferable.
- Can spring into action basedon context and some times dissolve away
If we were to do this, how would things be better?
Relationships add back the fidelity and color that we have drained from the digital identity world. By focusing on relationships, we would behave more like we do in the real world, but with all the efficiencies of the digital world. We’d be able to use familiar language to describe how and what people and things can do.
How should we do this?
I don’t fully know. This is the least satisfying and most accurate thought in this whole talk. I don’t fully know. And I am looking for help.
So I lied to you dear audience. This is a sales pitch. I want you to do something. If you have any interest in this vague notion of relationships and using them to make our world better, then I ask you to join the Kantara Initiative. It’s free to join and free to participate. It’s the home of some amazing identity and IoT thinking. And we need your help. I’d like you to join the Identity Relationship Management working group. I’d love it if you could bring your use cases to us. Share with a group of awesome people from around the world how you, your business, your service, your things connect and relate. Help us stop treating people like islands unto themselves. Help us to use relationships to make our digital interactions rich, meaningful, humanizing, and manageable.