Rules, Roles, Personas and Goals
From InternetIdentityWorkshop
Rules, Roles, Personas and Goals
User processes provide credentials in order to identify themselves as a specific persona known to an organization or service.
Users do so in order to achieve a personal goal which they believe that the organization or service can help them achieve.
The organization or service uses rules to govern the persona’s authorized privileges.
Sometimes a persona is associated with a role (e.g. the current president of the United States) that may be associated with a specific person for a limited time, and that may well be associated with another person at another time.
Alternatively, a persona may be associated with a specific person’s name throughout time, even though the roles they occupy may vary over time.
In everyday life, we frequently use roles and names interchangeably. We expect that a letter sent to “the President of the United States” and a letter addressed to “George W. Bush” will be delivered to the same person.
Problems arise when a privilege is granted to a specific person based upon their current ownership of a persona associated with a role. E.g. a rule that grants “George W. Bush” the privilege of attending National Security Council briefings would result in a security breach after the termination of the Bush’s term in office. Yet it might be that the only way a security guard will know who to admit is by their appearance, not by their carrying around the presidential seal.
Similarly, problems arise when a privilege is granted to a specific persona associated with a role when the persons who hold that role change. If an invitation addressed to “Mr. President” arrives at the White House after his term expires, inviting him to attend the new George W Bush School of Anti-Terrorist studies at Yale University, the sender did not intend to deliver this to be delivered to his successor.
In the everyday world, we recognize that people often confuse roles with the persons who hold roles, and we are careful to be aware of the potential misattribution at times of change, and we take appropriate actions to distinguish the desired result from the specified result.
How will we provide such an electronic system capable of recognizing such situations and enabling such flexible responses?
How will we help organizations and services write effective rules based on persons or roles without overloading them with the need to master a distinction that they often don’t anticipate today?
