15:24
No Person is an Island: How Relationships Make the IT World More Manageable

Thanks Eric for having me back. ItÕs one of the highlights of my year to come here and hang out with such an amazing group of people.

When I first spoke a Defrag a few years ago, I killed off identity and access management. Look Š I was angry; I admit that. I didnÕt love my then employer and I might have said some things in haste. I think my general mood was reflected in the color palette for the talk. Now in an attempt to repent, I came back and talked about representing privacy in the larger hyper-connected world. Same dour color scheme, but at least this time I tried to build as suppose to destroy something. What I didnÕt know then was the links I talked about, the links between me, my things, and my service providers provided a glimpse into where we must go.

So I left those guys [gartner logo] and went to these guys [Salesforce logo]. IÕm much happier now and I think my new color scheme reflects that. I promise this isnÕt a sales pitch. Yes, our stock ticker is CRM. And yes that R stands for relationship but thatÕs just a happy coincidence.

What have we done?
What have we done to manage people, their Ņthings,Ó and how they interact with organizations?  The sad truth that we tried to treat the outside world of our customers and partners, like the inside world of employees. And weÕve done poorly at both. I mean, think about, ŅTreat your customers like you treat your employeesÓ is rarely a winning strategy. I mean if it was, just imagine the Successories youÕd have to buy for your customersÉ ouch. [need picture here]

We started by storing people as rows in a database. Rows and rows of people. But treating people like just a row in a database is, essentially, sociopathic behavior.  It ignores the reality that you, your organization, and the other person, group, or organization are connected. We made every row, every person an island Š disconnected from ourselves.

What else did we try? In the world of identity and access management we started storing people as nodes in an LDAP tree. We created an artificial hierarchy and stuff people, our customers, into it. Hierarchies and our love for them is the strange lovechild of Confucius and the military industrial complex. Putting people into these false hierarchies doesnÕt help us delight our customers. And it doesnÕt really help make management tasks any easier. We made every node, every person, an island Š disconnected from ourselves.

We tried other things realizing that those two left something to be desired. We tried roles. You have this role and we can treat you as such. You have that role and we should treat you like this. But how many people actually do what their job title says? How many people actually meaningful job titles? And whose customers come with job titles? So, needless to say, roles didnÕt work as planned in most cases.

We knew this wasnÕt going to work. WeÕve known since 1623. John Donne told us as much. And his words then are more relevant now than he could have possibly imagined then. [Animate the relationships of people and things slide while reciting the following] No one is an island, entire of itself; everyone is a piece of the continent, a part of the main. If a clod be washed away by the sea, we are the less. AnyoneÕs death diminishes us, because we are involved in the connected world. 
What should we do?
Okay, if treating our customers like employees isnÕt a winning strategy, if making an island out of each of our customers wonÕt work, if we are involved with the connected world, then what should we do? 

We have to acknowledge that relationships exist. We have to acknowledge that the connections exists between a customer, their devices and things, and us (the organization.) No matter what business you are in. No matter if you are a one woman IT consulting shop, or two-guys and a letterpress on Etsy, or even a multi-national corporation Š you are connected to your customers Š you have a relationship with them.

This isnÕt necessarily a new thought and, in fact, there are two disciplines that have sought to map and use those relationships: CRM and VRM. Customer relationship management models one organization to many people. Vendor relationship management models one person to many organizations. Each infer that the one has greater control and power over the many. Both, unknowingly share an important truth Š the connections between people and organizations are key. ItÕs not ŅCRM vs VRM;Ó itÕs ŅCRM and VRM.Ó What I am proposing is the notion of IRM Š identity relationship management. IRM puts the relationships front and center, but more on that in a minute.

I believe that by acknowledging relationships re-humanizes our digital relationships with one another. I believe that this is one of the reasons why online forums descend into antisocial behavior. ItÕs because those systems donÕt make you feel like you have a relationship with the other party. ŅThereÕs no person there, just a tweet.Ó And this is a shame Š that platforms meant to provide scalable human-to-human interactions and contact and closeness often dehumanize those very interactions.

I believe that we ought to use relationships to manage our interactions. You canÕt get delighted customers by just treating them like a row in a database. You cannot manage data from all of your customerÕs ŅthingsÓ without fully recognizing thereÕs a customer there with whom you have a relationship.
How should we do this?
I donÕt fully know. This is the least satisfying and most accurate thought in this whole talk. I donÕt fully know. And I am looking for help.

HereÕs what I do know about relationships:
Scalable
If we are going to use relationships as a management tool in this world of ever-increasing connections between people, their things, and organizations, then we have to tackle scalability issues. The three obvious ones are huge numbers of actors, attributes, and relationships. But thereÕs another that is often left out: administration. If we donÕt do something better than we do today, weÕll be stuck with the drop-list from hell. [ŅPlease select device to manage:Ó build drop list that scrolls downwards over two slides.]
Acknowledgeable
IÕve got to know IÕm in a relationship before anything else can meaningfully happen. I canÕt buy a one-sided birthday card: Happy birthday to a super awesome partner who doesnÕt know who I am. All parties have to know. Otherwise there is an asymmetry of power. And that tends to tilt towards the heavier object, e.g. the organization and not the individual. Anyone familiar with the Law of Gross Tonnage? ItÕs part of the maritime code that says the heavier ship has the right of way. The Law of Gross Tonnage (for Relationships): add up the weight of everyone in each group; the heavier gets its way. [find picture of a sailboat and a freighter]
Provable
ThereÕs got to be a way for us to know if multiple parties are in a relationship. This can take many flavors: single party, multi-party, and 3rd party. Things like Facebook can serve as that 3rd party vouching two people are connected. But should there be alternatives to social networks for this? And who connects people and their ŅthingsÓ?
Actionable
We want our relationships to be able to do something. And by looking at the relationship each party can know what they can do. Without having to consult some distant authority. Without waiting for an online connection. The relationship leads to action and does so without consulting some back-end service somewhere.
Constrainable
Not just because a relationship can do something doesnÕt mean it can do everything. We need to be able to put limits of what things and people can do; we all need constraints. Examples of this are things like granting consent or enforcing digital rights management.
Immutable
Some things are in a relationship forever. This is useful to know when you want to make sure that a ŅthingÓ was really made by one of your partners and is authentic.
Transferable
Some relationships can be transferred. We have legal proxies that we transfer a relationship to on a temporary or conditional basis. There are plenty of familial relationships in which we transfer authority on a semi-permanent basis. And some relationships are permanently transferred Š like selling a jet engine to someone. [USE EXAMPLES FROM LoR deck]
Activatable
Many relationships exist but arenÕt very useful, until a condition changes. My relationship to my auto insurance provider isnÕt a very vibrant relationship. I donÕt use the relationship on most days. But then I get into an accident that inert relationship between my car, the insurer, and me becomes active. Or consider a SIM card in my phoneÉ [FILL THIS IN] ThereÕs something out there, some condition out there, that makes a relationship active and vital. 
Revocable
And some relationships end or have to come to an end. What happens then? What happens to the data now that the relationship is gone? At this point we have to turn to renowned privacy expert, John Mellencamp for his insight. You might not know it but he wrote about the Right to Be Forgotten and other privacy issues in ŅJack and DianeÓ. As he sang, Ņoh yeah data goes on / long after the thrill of the relationship is gone.Ó But this problem is at the root of the ŅRight to Be ForgottenÓ debate. This will only become a larger problem as our digital footprints get heavier and heavier. And this gets especially messy when relationships that I am not even aware of create data about me and my devices and my things.

So what I know about relationships is
There is an aspect of scalability to them. That we need to be able to both acknowledge and prove relationships. That they must be both actionable and constrainable. That some are immutable and some are transferable. That they can spring into action and that some times they are revoked.

If we were to do this, how would things be better?
Relationships add back the fidelity and color that we have drained from the digital identity world. By focusing on relationships, we would behave more like we do in the real world, but with all the efficiencies of the digital world. WeÕd be able to use familiar language to describe how and what people and things can do.

How can we do this?
So I lied to you dear audience. This is a sales pitch. I want you to do something. If you have any interest in this vague notion of relationships and using them to make our world better, than I ask you to join the Kantara Initiative. ItÕs free to join. ItÕs the home of some amazing identity and IoT thinking. And we need your help. IÕd like you to join the Identity Relationship Management working group. IÕd love it if you could bring your use cases to us. Share with a group of awesome people from around the world how you, your business, your service, your things connect and relate. Help us stop treating people like islands unto themselves. Help us to use relationships to make our digital interactions rich, meaningful, humanizing, and manageable.

Thanks!