Last week's Burton Group Catalyst Conference might have been subtitled "The Oprah Year" ("Get Health, Beauty, Recipes, Money, Decorating and Relationship Advice on Oprah.com") because the buzz was all about relationships. Burton Vice President and Research Director Bob Blakley even illustrated his presentation with what could have been pictures clipped from Cosmo.

The theme was introduced by Burton CEO Jamie Lewis in his opening keynote when he said “We need to think differently - It’s the relationships, stupid.” Blakley reiterated that theme and proposed that we stop talking about “trust” when what we really mean is cryptography; and stop thinking of our vendors, clients, partners, employees and customers in terms of risks to be assessed. Not, he hastened to add, that risk shouldn’t be taken into account but that risk acceptance and risk avoidance are simply one small factor in a relationship. “Relationship is the context which protects the security and the privacy of identity information,” is how he put it.

Bob went on to characterize three possible relationships: Custodial, Contextual and Transactional. He illustrated these in this way:

Custodial identity: An enterprise holds the identity data for its employees, creates and maintains the records and controls its use and distribution.
Contextual identity: The entity needing identity data relies on a partner or known identity provider for data, perhaps through federation or the use of user-driven systems such as InfoCards.
Transactional assurance: No actual exchange of identity information, just an assurance (e.g., “of legal drinking age”) that discloses minimal information. This ties in to Blakley’s “Identity Oracle” concept, a service to assess (and supply) the minimal data necessary to satisfy a need for data which could be used as an identifier.

In a rare presentation by someone who is neither a Burton analyst nor a Burton client, Sun Principal Engineer Eve Maler spoke to the relationship model in terms of user-driven identity, with particular reference to the Higgins Project’s “R-Card” construct.

The thrust of these sessions is that we need to model our online identity behavior after our real world identity behavior and that trust naturally flows from a relationship. The R-Card is an intriguing concept in line with that model, one which we’ll explore in more depth in the not too distant future.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.