c=US ID Mgt. Research/Development

So the news today is the Healthcare summit at the Whitehouse. It's going to be very interesting what develops. I am listening to the state efforts (which are significant) at a conference in North Bethesda.

Obviously a great deal of work has gone into both analysis, and building systems. The job going forward for c=US is to gather requirements, build an ontology, and then translate those requirements in a proof of concept. This will result from the collaborative processes that have continued to bear fruit, and analyze the roadblocks that will inhibit adoption.

The Kentucky group has developed a fine sense of what works, and what barriers exists to adoption by health systems and doctors. There was a strong point made in regards to the economic consequences of a health care crash that they predict is coming.

There is significant interest by the health care interstate collaborations in addressing security and privacy issues. I will be publishing the ontology when it is cleaned up, and in the spirit of advancing Obama's plan, you are welcome to use this business intelligence since it was presented with a goal of harmonization and standards adoption.

Do we in fact have some of the problem solved. I have stated this explicitly that the requirements, the UML, and agile model are pointing to the fact that the AUTH-N part of the problem is solvable. One consortia was able to bring up AUTH-N within a year. Now to scale that out to a national level, that's where the competition is. Each of us has a part to contribute to the puzzle, my part is the 12-13 years i have spent developing identity management on a national scale, that can reach down to the local level.

A couple of issues have surfaced which will have to be resolved. To scoot back to the original value statement of Aescelpius, i.e. the Hippocratic Oath, we have to figure out what is the role of the doctor, and what is the role of the specialist HIT role.

The idea is to free doctors from the burdens, and give them the advantages of some uniformity to hook up their product of choice for the services they choose to provide. Other systems will then be able to "talk" to their system, and dependent on policy, expose that to their patients via PHR access. The best system is one in which the patients are actively involved in their own health care, or "patient centric". Saying that, and doing that of course represent a gap, a gap that can be addressed, and is work. Once done, it is a matter of technological adaption, which is going to be uneven so different use cases will address different classes of users. How difficult will it be to get someone who uses Facebook to manage their health care, and develop a health plan, manage a health savings account, and in general limit their economic footprint on the system, which as Kentucky officials put it, is on the way to sure disaster if the current approach is not modified. My gut reaction is not so difficult, since the current generation of young adults is born into the digital environment, and takes digital identity management as part of the matrix.

The more 20th century systems are based on code sharing, which dates back to code books developed in the telegraph era. Shortened messages were required to save bandwidth, and one sees the same short message format in SMS, like BRB, ROTFL, for the same reason. So they have naturally already coded. And genetically, we are masses of code. But the bandwidth limitations that existed in telephone central offices, which required a terse order entry system, which spawned fairly cryptic commands like ls, for list files, and rm for remove file, with appended switches, like ls -a, and so on, is a command oriented language, which predates the more graphic rich hypertextual environment. As the Kentucky contingent put is, healthcare is at the DOS level, and they need to be at XP. Actually they need to be at Kim and Stefan's level, which is about creating identity cards and secure token services, which is common across various operating systems and within the heart and soul of Windows 7, and Server 2008. There is no time to approach the problem gradually, we have to leap frog onto Turtle Island, which is the national safe place. The Turtle Island metaphor, is also the  migration path from the sipapu, which we are able now to navigate. I say navigate, because the bamboo pole is already grown under the Grand Canyon caves and the whirlwind of change, animus and anima is visible from the edge of the crevasse. We can hunker down in the cellar while the tornado passes, or attempt to understand what psychological forces are allowing for, or inhibiting the processes of collaboration. As a network alchemist, I'm arguing that the transmutation of the various requirements requires both geek speek and poltitical wonk synthesis, which is going to be one of the hallmarks of the advancements done by e-goverment services.

Luckily we can tap into standard data modeling approaches, like agile, and UML to tackle this problem, and iterate as we find defects. There are going to be people who will take the leap to digital faster than others, but if health is primary, or as the astute binary statement common in the ancient Arabic philosophy goes, wealth is a zero, but health is a one. If you have 01, that's not as good as 10. Health logically comes first in the requirements analysis, reduced to the most basic code. To complicate that further, with Oxford coding for various procedures, that's understandable, and to share those codes is in fact similar to the UCC, and all code sharing systems. But there are advances with knowedge management that are at the heart of what a doctor does, and in concert with the patient. We don't need to re-write that process, but we need to enable it to the larger sets of systems that are very rigid.



So based on my requirements gathered I'm going to ask Stefan to insert the intellectual property that Microsoft got with him to introduce Zero Knowledge Proofs into the beta E-Health product. Currently they use Live ID, and Open ID, but in conversations with the states we are grappling with an age old identity problem.

That problem, which of course goes back to the Hopi, and my SNP343 cohort who started out with 10 guys in Asia that migrated to Europe, is migration. Populations shift according to value chains. Those value chains are economic, but also cultural. Systems don't adapt that well to people who don't fit into neat categories. So from a health perspective, it's about the healthcare first, and triage within that system, and identity second. That's the basic requirement, and accords with the Pythagorean oath. So Stefan and Kim can step to the plate and make that part of the puzzle fit, by putting in a Zero Knowledge token for care providers to link together records for non-documented participants who represent an opportunity to improve health, and an economic cost within the system. It's a tailor made opportunity because in a very advanced way, these migrants are faking or sharing social security records, so the old approach of the SSN will not work. This means you need to generate a unique identity, and then we are back to which unique identity do you want to use? At a fundamental level, we can allow a anonymous secure token to authenticate a HMR. This should remove any barriers to identity risk adverse user groups from taking advantage of the system. Additional economic benefits would then result in the credentialing (doctors also) which different roles would require. Electronic sheepskins are not such a bad idea when you consider the recent spate of falsification of academic records, and so on that exist in regulatory regimes.

The link between the layout of the kiva, and the tholos is interesting. Both mark the position of the sun, and a specific angle is presented in the kiva on how the sun falls at different parts of the season. At Epidaurus, the floor of the temple was inlaid with rhomboids, apparently a heliocentric depiction of the planets circling the sun in the center. In the middle of the temple was a depiction of the sun, which sent out arrows (like rays) being a form of love, or attraction to the other planets, which kept them in an elliptical orbit. In both instances there is a charting of time and space. One also sees this energy of the future in a cartoon put out about the wonders of Atomic Energy, that starts out with Democritus, and ends up with a glowing Tholos in Schenectady N.Y. This is a page about the first colliders. You can find the rest of the comic on the atomic history web site.


So I first came across the A man while I was walking through the State Park in Saratoga Springs. I looked up on one of the buildings and there he was. And I wondered why and how do you get these Greek god on a public building? Exactly what was the significance of this? I had never heard of Tholos, but I had heard some great performances at the performing arts center.



So when I got home I pulled out a book on Saratoga Springs architcture, and it explained Aesculapius, and how the building had been built during the depression by Baruch, because of theories that the waters had curative principles.

They had employed people to research water cures, something that always fascinated me from places like Baden Baden, Arizona, and the Battle Creek Sanitarium, which had by far the most wacky medical cures they foisted on people, my favorite being radium inhalation therapy and of course the corn flakes, and grande promenades of various upper class Americans and Europeans who had come to "take the cure" for dypsomania. I got a tour of the basement at the San and it was just amazingly wierd, because the Defense Department put all of these one of kind audio-visual devices down there in kind of an A/V graveyard. I would not have been surprised to come across a Zoetrope.

By that time I had sampled most of the different springs, including the ones in Congress Park, and not too much mindful that in fact they were slightly radioactive, and the mineral ones are particularly not that pleasing.  But I had not gotten around to the Baths, and the whole history behind them. So this was in a sense, Baruch's interpretation of Epidaurus, sans the Tholos. 

So the settlers of Saratoga Springs got on friendly terms with the Iroquois, and the iroquois let them in on a secret, which was the springs. Of course the battle of Saratoga was one of the turning points of the revolutionary war, but there are a couple of lesser known facts that make the place interesting, and not the racetrack.

Outside of town is one of the spots where life began. Its sort of an odd mixture of sand and rock, and limestone, which is how you get the carbonated springs, and this place where there are these stromatolites from an ancient sea bed, roughly 2700 millions years old.  Needless to say, the Iroquois found some of the areas around Saratoga Springs to be sacred, and in particular, one tree which signified the confederation of the Indian nations.

It was a story that a man came down from Huron country and attempted to get them to agree to this arrangement. This story was supposed to have taken place somewhere along the Hudon between Saratoga Springs and Albany where there was a huge waterfall.

Generally they thought the idea that they would all live together in peace was fairly outlandish, and things had gotten fairly bad because there was a lot of feuding, and thus violence between clans. Sort of an early version of Gangs of New York.  So, he said, "ok, you don't belive me, what would it take to convice you, at which point they were pretty much not taking him seriously at all, so he proceeded to climb up this really tall pine tree, and he went up and up, til he was at the top, and then he jumped off, into the Hudson.

They were pretty amazed at that, but he didn't surface, so they figured, well that was that, and the rest of the day went on pretty much as normal. Later on that night at dinner, he showed up at dinner, and said, in effect, so what do you think about my proposal to link up the tribes? They thought about it, and said, well it's a pretty good idea, but there's one serious problem, there's this guy who has been spoiling everything, and there is no way we can get him to either stop being such a pain, or get him to leave.
And anyone who tries does not survive.

So he said, I got a plan, we will get all these people together and go visit him. And they tried to convince him not to, since the man had been taken over by some evil spirit, and thus anything they said to him would be misunderstood and taken as a provocation. But they went along, some of them anyway, and he got a few people here and there, and to pass the time on the way to his hut, he taught them peace songs. And by the time they got there, and the old man was very angry in his hut threatening them with this and that, and they were pretty scared and wanted to leave, thinking this was not such a good idea, espcially since he seemed to have some extraordinary powers which he didn't mind using.

So they said, what should we do now? And he replied, "Sing the songs that you learned". And so they sang. And they sang, and then sung some more. Nothing happened at first, but more and more people showed up, and they started singing. And then there was this horrible scream, and it came from inside the hut. They went inside the hut and there was the old man. And he was very happy. He told them that he had been taken over by this evil spirit, and the spririt hated the singing so much that it left him. So they told him the idea about the constitution, and he said that's a great idea, I will help do this.

So the Irogouis lived that way, with their constitution, which the man that had come down the river had helped author. And things went well. And one day they were approached those who had heard about their form of government and  wanted their advice to create another nation. The Founders would be exploring how to acheive the union, and debating what form it should take. In Pennsylvania, they reached back to the idea behind the union. When the union is broken, the value of strength and consistency is lost. Preserving the union, means preserving the faith with each other, and remembering.

[C]ast your eyes towards this belt, whereon six figures are . . . holding one
another by the hands. This is a just resemblance of our present
union. The first five figures representing the Five Nations [and] the
sixth . . . the government of Pennsylvania; with whom you are linked in a close
and firm union. In whatever part the belt is broke, all the wampum runs
off, and renders the whole of no strength or consistency. In like manner,
should you break faith with one another, or with this government, the union is
dissolved. We would therefore hereby place before you the necessity of
preserving your faith entire to one another, as well as to this
government. Do not separate; Do not part of any score. Let no
differences nor jealousies subsist a moment between Nation and Nation, but join
together as one man.

"To support the NYHII SHIN-NY must use architecture
and materials that fit the problem – the Internet is
the best model we have"

NYS Office of Health Information Technology Transformation

In the early 90's I helped the N.Y State Economic Commission explore ways to bring high speed networking and advanced services to NY.

The N.Y. Health Department was kind enough to provide hosting for my blog, (except there were no blogs back then, so it was called a ListServ, and it was on the BITNET). I attended meetings with many of the cable and telco executives, and spoke up for the potential of the Internet, which I had been using for email, and wanted to use for multimedia. The telcos and cable folks had their own plans, and no one thought the Internet was such a big deal, except in the academic and scientific community, but there was considerable interest.

When I talked to these executives, I said, why don't you join the ListServ, and be up to date on what is new?

Remarkably, they did not have email accounts, so I offered to get them set up. That's when I started working for PSINet in the RPI tech park and the big Internet boom had started, from what had previously been regional networks, and before that super-computer networks.

In 1993 the government paid for a Pilot project to develop an Internet based directory service. PSINet ran the root servers for that service in the U.S., and the Internic was responsible for signing up participants. The technology was very advanced, but the business model had not matured relative to the need to selectively maintain confidential information and how those organizational borders were defined. To help that out that process the directory operators created a bill of rights for personal information on the network.

There have been significant advancements in technology and adoption since 1993. The Internet is no longer subject to some of the same limitations in terms of bandwidth, ubiquity, processing and connectivity. Thus the overall architecture which was present of non-connected systems is now replaced with a systems which are connected and end users are accustomed to both high quality services, and  risk.

The idea of borders reduces risk, because it is a fundamental concept, establishing domains in which certain interactions take place according to a plan or policy. By nature the Internet itself has little in the way of policy, it is neutral, so it is not a PEP, or policy enforcement point. But we can establish national policies as a layer over the network. I say this as a citizen, sitting on a park bench and nothing more. This is not a Chinese firewall, a limitation, but a recognition that we can, in fact have a national identity that can extend to all citizens as defined in the stimulus bill. It is this scope which requires a polite wave from the bench and say are you ready for this now?

But to function, these borders need to both flexible and adaptable. This is why corporate use of the Internet started out as brochureware, a few pictures, and an email address, and phone number, but with the majority of business processes taking place on the "back end" with many people typing, and retyping in information.

Gradually, with the advent of better portals, customers were able to interact more directly with the business processes, which arrived with much more efficient packaging, as a direct effect of integrating the business process with the presentation layer. This caused a rethinking of the back end processes, and the relationship to the front end presentation layer, thus promoting a second wave of integration known as middleware.

The complexity of electronic health records is related to the complexity of the health system. It thus makes sense to apply the best simplification mechanisms that the network has to offer. In particular, the lack of accurate identity is a problem in the general Internet, and in secure networks the problem is critical that identity is not fragmented as it is in health systems. This is largely a result of "ownership" issues that need to factored out of an Identity Management solution as a service. If there is to be a national initiative for health care information technology, there has to a solution that scales beyond the current fragmented approach to identity.

This holistic concept  is something that is realized by the military. I came up with the concept of digital identity, which is now matured beyond the technology into meeting line of business requirements.

This is exactly the point, identity is a collaborative concept that has to be filled in, by the stakeholders, it has to be defined, and tied into the business processes.

It is not about a specific technology, but leverages and merges appropriate technologies and concepts to provide services to individuals. Which is why we came up with the term, it brought the idea out of the data center and into the hands of the end user to manage their identity, and to use that concept to manage their health care, and other goals.

The technologies are simply not adequate by themselves. Instead it is a value chain that allows the end user to access a wealth of resources, and when a properly authenticated identity is presented, the next step is to apply business rules based on defined roles. That's the value of identity.

Combined with another basic concept, breaking down information into internet protocol packets, and sending them to virtual addresses, as Vint Cerf first described it, "IP over everything", and the TCP state machine, this becomes a very powerful concept. And a concept that only works when the right security and privacy controls are in place.

Thus you have Cequs, fundamentally listed right under the original DOD Internet numbering system arc. Because it is just that basic a service for an advanced network architecture. And simple is good, when the knowledge domain is already highly complex.

IDENTITY DOMINANCE EVOLUTION. Recently, the DOD consolidated the
management and oversight of CAC, PKI and Biometrics under an Identity
Protection and Management Senior Coordinating Group (IPMSCG) that is
comprised of senior DOD Flag-level Officials. This action recognized
that information assurance fundamentally depends upon strong
management, assurance and protection of digital identities across the
DOD.

Fundamentally. As in bedrock. Also as in boundaries. Luckily the certification guidelines do require authenticated identity in a way that is consistent with NIST approaches, but these largely do with a subset of identity proofing, and not identity routing. There is a concept that we agree upon. The government, and useful and necessary as it is, is not the entire nation. The people are the fundamental principle, we the people. Thus the government must be limited in what it can do, even when it holds very important powers. Ultimately the value of identity far exceeds the artifacts produced by a government, like a photo id. It comes when citizens fulfill a role that is not constrained by official duties, because simply not everything can be defined as a cycle. Some things are unique, you are unique, you are not a number.

Why should Healthcare have a different identity for you than if you needed to be evacuated in a disaster? Its because the systems don't talk to each other, and they largely don't recognize you. So we pile up more and more identity tokens.

If we don't put into place an inter-operable identity system, we will have to duplicate data.

The system is healthcare system is cracked in some places it is broken, but it still manages to provide high quality services.

Unfortunately at a cost which is not affordable for a greater and greater portion of the U.S. This is an economic issue, if we don't fix healthcare, we are going to have a far more difficult effort fixing the economy, if we don't fix HealthCare systems (and the records  and processes they contain), we can't leverage the 34 billion dollars in savings from advances in Health IT. And if we don't solve PII in these systems and apply some rational identity mangement, we will not truly fix HIT.

To ignore this and continue to reject citizen centric efforts to reform the national architecture for Identity is a clear violation of principles which are behind the Clinger-Cohen act. It is simply a waste of taxpayer money, and the Federal Architects support the idea of a unified identity layer that allows for connections from multiple systems, in different formats, but fundamentally, and I really mean this, gets systems so they can talk to each other. They don't, and the Exchanges are a way to make this happen, to manage the complexity of the data, and to make the PII part simpler, since there are so many requirements from the certifications for PII, employ a consistent standard. If you don't accept the world documented standard for this approach which has already been in place since 1988, what are you waiting for?

Keep the stuff that works, but realize that duplication of efforts does not scale. The same guidelines for EHR and Personal Health Records need to apply. One is this typically highly regulated and complex backend system, the other is this typical web based system. Meanwhile clerks from CVS have been chucking PII in the dumpsteer.

PHR are held to standards which are typical of web based services. That means some https, and privacy policies, with some encryption thrown in, but very customer facing, and inherently fragmented.

One of the major well known PHR efforts makes absolutely no mention of HIPPA in their privacy policy. PII is currently a very, very, difficult privacy issue, with significant legal costs. They can't be responsible when you leave "their" system. Yet your identity is the same.

CVS just was fined millions of dollars for failing to follow these procedures.



"The FTC opened an investigation into CVS after numerous reports from around the
country said CVS pharmacies were throwing trash into open dumpsters
that contained pill bottles with patient names, addresses, prescribing
physicians' names, medication and dosages; medication instruction
sheets with personal information;
computer order information from the pharmacies, including consumers'
personal information; employment applications, including social
security numbers; payroll information; and credit card and insurance
card information, including, in some cases, account numbers and
driver's license numbers. At the same time, HHS opened its
investigation into the pharmacies' disposal of health information
protected by HIPAA, the FTC  said" [Network World]

Some PHR companies that I looked at would transmit your SSN to a healthcare provider, sure it's encrypted, but that's not the point.

This is backwards. I don't know how to deal with the fragmented procurement system, but the Stimulus Bill can fix this, and at a very reasonable cost.

The E-Health Exchanges can have a scalable model if they follow something like NY has outlined, since they understand network protocols and how important they are.  They will lower costs and provide better customer oriented service. But they should be consuming identity, and not providing it, each time they replicate the information is an opportunity to do something wrong. It is a massive effort to normalize identity in all the records, but it has to be done.

Aesculapius leaned up against the Corinthian column that supported the Tholos. At the supporting point, the capital, the column was decorated with perfectly carved acanthus leaves, more perfect than in nature, giving some insight into his brush with Platonic forms.

"So what do you think?" He began.

"Beautiful, more so than I could have imagined, the pictures on the Web really don't do it justice. It's much better in person."

"Well that's the idea, really, you should spend the night. We can talk about your dreams in the morning, you see your dreams, but then you have to discuss them with other people. it's more about the inner dialog, how is she working out?"

"Working out well, I didn't realize I would get assigned a muse."

"One of the perks of the job, I guess. Kind of like the Cledon, you want to be careful how you use the key."

"Well the time queasiness is an issue, I noticed that they are using that device in Lost now.I started watching it again."

"Lost, I love that show, how do the writers ever keep track? Much less the viewers."

"You get that show in Ancient Greece?"

"Remember, I'm in your subconscious, so of course I get it."

"Oh right, of course, I forgot I was dreaming".

"Precisely, now back to the matter at hand, what have you figured out".

"Well first I want to give some credit to the Muse."

"What is this, the Academy Awards?"

"No really, and Steven Spielberg"

"Spielberg? What, did you fall asleep again watching the Academy Awards?"

"Oops, yes again, It's a theme, like how I met my wife, the memory device, you know, Vannevar Bush, the Memex, memento pattern, wampum belts, and you of course, the Shoah Visual History."

"So that affected you, going out and seeing that on the lot?

"Well being on the lot on the tour is one thing, but going there and watching the tapes was another. I guess everybody breaks down, it's very powerful when you hear the survivor stories...its almost a PTSD, Post Traumatic Stress Disorder. It's hard to remember the Shoah, he deserves credit. He had that dream about the Rabbis at the end of the hall. I love that story.

"I remember. It's all about the healing process. For society, that is."

"So the remembering, that's important?"

"Sure it is, that's why its factored into identity. So I was just reading about the Woz, he remembers it now."

"The accident, you mean?"

"Yea, apparently he wasn't flight rated for that plane"

"Bit like Icarus?", Aesclepius, somewhat tired, decided to sit on the steps going into the Tholos.

"You could say that, but lets forget about the connection to the academy awards right now, that keeps popping up, and let's discuss about healing the economy."

"I thought this was going to be a dream about Medical Records, you know saving 364 Billion dollars by accelerating Health IT".

"We could save more money by getting everyone to lose some weight, and stop smoking, and thats not going to happen overnight. I haven't been to Dunkin for three months since I lost my job, and I quit donuts way before that."

"Didn't you meet Obama at the Dunkin?" Aesclepius said topologically, savoring a metaphysical donut that was about to be a cup of coffee.

"I'm sure I imagined it, the person just looked like him. i ordered a bagel instead of a donut, and he said "A wise choice". I was supporting Hillary at the time, but that's when I switched. It was a Dunkin moment. Anyway, he came to my daughter's high school, and I had to work, so she met him, and of course there was that whole "stand by the river" thing that was produced here in Swarthmore. You know the underground railroad ran right through here. People are always finding hidden rooms in old houses."

"Oh yes do tell, that was Muse stuff".

"Not my muse, but I enjoyed the play. The  theme was for me embedded within the economic snafu. The whole AIG mess, it just does not go away. I remember drinking with the AIG project team it was Christmas, Bush had just been elected, they did away with the regulations on derivatives trading, I was there in the bar, talking to them after work, we were going to go out and see the window decorations. I ended up not going and missed my connection in Newark to take the train back to Philly."

"So the naming, you got that? After all, the day AIG was trying to borrow money from everyone, and the credit markets froze, that was an important moment. You got a call. The New York Fed was preparing for the worse."

"Not at first. Exceedingly clever, my grandmother was Leila, you add my last name, and it's like a river, only a brook. Brook man." Lee Brookman., but in German, Lee Bachman, my oldest sister.

So I really did not workout the other clue without the muse. First I had to look at the derivatives financial history, one of the first big bailouts, then the Enron scam where they faked an entire trading floor, then see the timeline. Even in 2005 they were talking financial meltdown from the derivatives.

That led me to the Brook, and Lee combo. It's a unique name. Very synchronistic. And then when I try to explain the financial crisis to my other sister Kay she then is interested in doing a movie about Brooksley Born, and how she tried to stop the crisis. This makes a lot more sense to more people than wampum, with government agencies duking it out, and the beginning of the Bush trillion dollar deficit legacy. It's something you get George Clooney to do, explaining how credit default swaps work."

"Aha".

"So Born's parents liked the names Brook and Lee. And thus you have Brooksley Born. And the story is impressive, she probably knew more about derivatives, and futures, than anyone. Well anyone except the financial wizards that cooked up the current mess, that helped fuel the bubble."

"It nuked her career. Going before congress. That took a lot of courage."

"She tried to stop an 8 year bubble, before it started.  Enron writ large, Brave woman. Can't wait to see the movie.  Don't know if they have a deal yet. Academy Awards are a long way off."

"It's no Slumdog".

"No it's not, but people want answers, she told the truth, and was told to go home, we could have avoided a major catastrophe. People want to know why."

"Speaking of Slumdog, what about the muse there?"

"Again, brilliant...he opens a window in his office, and puts a computer there hooked up to the Internet, facing out for all the kids to use in the slum and as an experiment sees if they teach themselves to use it. They do, it's total situated learning, they bootstrap themselves. It's pure Engelbart, right down in the Mumbai slums. The writer hears about it, adds the millionaire theme, then they buy the film option to the book, and it goes right down to the kids in the movie on the red carpet."

"I see they got another award, oh that's right, you are asleep listening to Academy Awards, can we get back to the stimulus?

"Yes, but I was ahead of the curve on that one, check my Facebook page, I beat Colbert to that. It was a shoe in, so was Sean Penn."

"So the whole Hopi, gamma ray thing? Where's that heading?"

"Oh the real estate bubble? Securitization of mortgages, Fannie and Freddie? Bad banks and no one knows what anything is worth?"

"Yes"

"I was going to take a job working at Fannie. They knew that they had control problems, and I also interviewed doing middleware at CountryWide, it was clear that they were riding a boom that would not last. I didn't land the job.

I hiked back into the White Tanks and saw some of the petroglyphs. It right around the time of the big lemon war at the beautiful Frank LLoyd Wright hotel in Phoeneix where they leave the lemons outside the rooms, and before my father died. I don't know if our family can ever stay there again as a result.

They were seriously tanked. Still you can get a handle on the symbols, the ones from Chaco Canyon make a lot of sense. EnergyMan is very cool, did you see it earlier in the blog?"

"Dude, absolutely no one reads your blog, it's just a conversation with yourself?, except for a few intelligence analysts, no one follows it. Only one person linked the "Birds" with the NSA beam splitter in S.F., and no one is getting the Fabry-Perot etalon, except for DOD, but then again they get the global IDM going into the SOA bus. Believe me, I know from pissing off Gods, they like their drink. You talk ambrosia shortage at the bar, and Loki just goes berserk, you would think it was Armageddon or something."

"Oh yea, forgot. Dreaming. But we are plugged into the Jungian Archetypes, synchronicity, Wolfgang Pauli breaking the Chinese vase in Switzerland, and the reactor at Princeton, and Dirac space around the Black Hole. Black Holes That's got to count for something. A minor stipend, perhaps?"

"On a quantum level, you might as well be trying to get virtual Internet dollars for Canada like Cartman, and end up with coupons to Bennigans, so maybe, but Tholos never really makes it to your time, as opposed to fake Irish pubs. You are about the only one who comes here now, but theater, and musical theater, is a big hit. Tholos, not so big. Can you get me tickets for Guys and Dolls?"

"Deal, you get me the medical privacy solution without this whole RHIA, CHPS overhead, Obama doesn't have time for this on the project line, we need to deliver to the HIT Coordinator in Bethesda, and they have been studying this since 1993 for electronic health records. They will be studying for another 5 years at this rate.  Besides, HL7, XML, that's not such a big deal, they are still using Personal Information, they don't own it."

"Let the cutters cut, that's what I always say"

"Let's show em that SNP 343 still has some innovation left in the genome sequence. Living by the brook, so to speak, let's party like the glacier is receding. Those Irish people might have nothing but their voices, but they like the pubs, and it's so pretty, we R1B1 know how to keep ourselves amused, we won't let something like a tectonic plate shift or the English Channel stand in our way. We reserve the right to party. Why else would the ancient parliament be right there near Law Rock. You know, the Thing."

"The Thing? The one on the North American plate boundary, on the old road through the crevasse?, boy did they get hit by the weapons of financial destruction, Iceland was financially nuked."

Aesclepius, decided to stretch his legs, it was a fine summer night, and no ice around. "You folks are all about dodging icebergs I guess. Don't stand on the bow of the boat I say."

"Well SNP 343 still is planning a party at Law Rock, we don't mind a bit of ice in our Scotch. Or standing by the river. It's going to be a party for everyone that left Eurasia thirty thousand years ago. I'm letting the relatives know. Catered. And free drinks in the Irish pubs, the real ones."

"Good luck with that. Thinking about any publicity? Everything is about Mardi Gras right now?"

"Aesclepius, would you be interested in doing "Le Show", It seems all I do all day is listen to NPR. After all he figured out the Dutch polder house political connection to Katrina, he's on the right track? Maybe he could help FEMA? You know, living by the water, instead of walling it out?"

"Have his people, call my people."

"Dude, you are in my imagination".

"It's radio, you think that ever stopped the Winged Warrior?"

"You mean that Obama is really mild mannered Benton Harbor?"

"He's everywhere isn't he? From Chicago?"

"You got a point, you got a point. Later A., I think I'm waking up"

Concerned that J. Random Hacker or some other unauthorized user is going to be reading your personal health records? You should be, and here is what is going either stop that from happening, or not.

First off, medical privacy is a subset of all security, then specifically information/data/network security and the best practices that go along with that security. We are not talking about security theater, which gives the illusion of security, or security through obscurity where one hopes that either someone does not know a specific trick, or just will not look in a specific place. Instead we are talking about security in depth, that attempts to be comprehensive, and anticipate (itself sort of a knowledge gambit) attacks.

Ultimately there are no guarantees, but unencrypted Personal Health Information data on a consultant's laptop has happened, and then stolen from a car trunk during lunch, or mailing CDs of unencrypted data and having them get lost in the mail. So it is just as important to weed out the really stupid stuff, because your medical records may not be that interesting to someone who wants to buy things with a fake credit card in your name, and as the saying goes, you don't build an armored car to deliver information if the end points are not also secure. Thus most specific requirements actually make sense, and some requirements are in there because someone thought they made sense, which they may have at one time, but due to technological changes, they are now longer valid, say for example a specific type of message hash, or cryptography that has been broken. Frankly we don't want our health care professionals to be concerned about this, it just has to work right.

Since the knowledge base, such as Common Criteria,  and threat matrices are fairly well known, and are often reiterated, they form a long term knowledge process which is highly documented, and testable, say from a CISSP certification. They don't address the real social environment to some extent, but then again they do. If you have cancer and lose your hair from chemo, you can wear a wig, and people do, but more than likely you are going to share that information with significant others, and not require them to sign a HIPPA statement. Yet the hospital, or doctor, has to specifically take these relationships into account and adjust the "view" of the data to the roles of the various use case actors, even if the social situation is not really set up that way. So largely we are talking about "official" roles, and who can see your information, and to what use it can be put. This creates "ownership" issues. This is the great thing about Identity, you are the only one who really "owns" it, even though people will have the job of managing the data.

Does this comprehensive security teach one to think outside the box?

Not necessarily, but certainly by using known best practices one will reduce problems from simple mistakes which might turn out to be quite devastating. This makes requirements very important but not necessarily sufficient, because attacks will focus on both well known problems (say a failure to apply a specific security patch) but also unique zero day vulnerabilities known only to the attacker, or a small group. This infers that security is, (as often stated), a process and not a product.

I remember a conference of Federal Architects where they presented a paper on security that I had helped work on. Two comments by experts in the field struck home. The first was from a very well known person in the security community, a person you usually find associated with documents on practice, the other a head of IT security for one of the three letter organizations.

The well known security expert remarked that we were repeating the same thing, and it was remarkable to be paid for it. I had to agree, most of the conference was nothing new, but everything was spot on, it really was a question actually applying that knowledge. Also the OMB, who was one the key agencies involved in the process was responsible for grading the efforts of various agencies. There were few Federal agencies that got a decent grade. It is very difficult to effect change on a comprehensive government wide level. With this funding cycle, this has a chance because it is not just about staying within a specific domain.

The same conversation just in a slightly different format. Essentially from a Scrum or Agile development process the stories, and defects fell into a predictable set of vulnerabilities, the ever present buffer overload, unexpected injection of strings that could be interpreted as commnds, in short the usual suspects of poorly written software that was not adequately tested, or just written without a knowledge of vulnerabilities.

This implies that information security is largely a solved problem, in theory, but not in practice, and therefore it is a matter of fundamentally of communication of these best practices, and then the implementation of the same.

But also that people want to get things done and not be concerned with the security under the hood, (for example does the remote for your car have frequency code hopping),  there are expectations of the larger issues, does the remote work? [Availability]

Can someone clone my remote? Can someone lock me out my car? But first you have to know that cloning is possible, then you want the feature of frequency code hopping. To me that means that security should be "baked in", but not always exposed to the end user. For example, for an authentication decision one could use a number of different factors, some of which might have a higher degree of validity.

The director of security for the three letter agency had a much more troubling comment, because he was discussing information assurance, in the general sense, of whether it was possible to trust the output from any computer, period. This hearkens back to Ken Thompson, and "Reflections on Trusting Trust", sort of the original paper on self replicating code, in which he hid something on a computer that no one would be able to find. Even more so it went back to the basis of symbolic logic and Turing's examination of things that are computable, and things that are not. So it is fair for any user to question whether what they are seeing is really what should be there, and the question is how does one know? How can inaccurate information gather momentum and be transformed into supposed fact?

So I mentioned that to be effective, identity information had to be transmissible across domains. This is now a specific draft criterion of the Personal Health Record, 4.02 by the Certification Commission for Health Information Technology. To translate into business process speak that we use in the Architecture, it has to be crosscutting. Why? Because vendor systems often are proprietary, and the ER system does not talk to another system in another department, thus requiring a great deal of integration. This is normal, but has to change, thus the requirement of interoperability, is introduced. In order to get interoperability you need at least two things, "open systems", and "standards". Then the software implementations of those two things have to demonstrate interoperability.

One has to have a fairly good tolerance for abstraction to make this work, because one has to take an object, and reuse that object in a number of different instances and use cases. And that is how you know that you modeled that object correctly, because it represents not an arbitrary way of doing something, or the way "It always has been done here at XYZ Hospital" perhaps with a very good reason based on how the systems  have to talk with each other, but really because it has some intrinsic value as an object.

So the doctor will look upon certain people as his or her patient, but in the general context that person can be defined in more general terms that the health care professional can further define as a patient, but already exists in a way that is crosscutting across domains, and thus the identity data is interoperable.

Looking at PHR 05.01 we have Security identity Proofing, which provides the answer to the question is this person whom they claim to be? The level of Proofing can range from very simple, to very complex, and this is not really the role of the Directory, which can provide that answer that the information is consistent with the claim, and that the method of authentication is dependent of the needed level of assurance. X.509v3 certificates are backed by a CPS, or certificate policy statement, that will attest to something simple, like the domain name of the site you are visiting, or someone's personal credentials. The more elaborate checking that needs to be done is a policy issue, because the certificate issuer has to back the CPS with insurance in the case that the information is not correct.

If there a question regarding authenticity of data, one asks more questions, perhaps from multiple sources, perhaps drilling down, perhaps using a notary approach such as how Perspectives from CMU polls on how long a digital certificate has been visible on the net.

Moving on in the requirements (which leans heavily on material from the Markle Foundation, when in turn refers to the government E-Authentication initiative we have a series of classification of security tokens based on information from NIST).These are collectively referred to as E-Authentication Partnership (EAP) and E-Authentication Framework. As a root server operator, Cequs would be interested in the more stringent level 4 form of token, especially given the recent problems that have required DNSSEC in the DNS to meet the requirements of passing along information from Identity Proofers. This gives protection against

1. Online Guessing
2. Replay Attacks
3. Eavesdropper
4. Verifier Impersonation
5. Man in the Middle (MITM)
6. Session Hijacking

This is largely handled by the Directory software itself, and X.509v3, but an out of band hardware token may also be necessary to achieve the highest levels of assurance. Anything beyond a level 2 assurance for end users would probably be fairly expensive, so PHR requires a minimum level 2 assurance, or better.

It's not mentioned in the requirements, but something that I have researched indpendently is that there is a long term concern of medicine and pharmaceutical companies that feel that they have a limited supply of "blockbuster" drug general purpose compounds in the pipeline that tend to affect people roughly the same in clinical trials. As research begins to understand more about proteins and SNPs, based on massive sequencing efforts in bioinformatics, some very specific information is now available about potential problems that may occur to genetic defects that are specific an individual. While this information can not be legally shared with Insurance companies, to the best of my knowledge, it is not something that most people want to be made public. Of course there are exceptions, such as the brave volunteers of the Personal Genome Project.

Scientific advancements will lead to more targeted and  personalized drugs (with the advantage of higher efficacy and fewer side effects) in the next 5-20 years. This also means that people may be at higher risk also, thus requiring higher security for participants in clinical trials, and from drugs which might aggravate a specific condition. People may be taking multiple forms of medication, and thus need to partner with their pharmacists and doctors to avoid problems.

"All that may come to my knowledge in the exercise of my profession or
in daily commerce with men, which ought not to be spread abroad, I will
keep secret and will never reveal."

Here we have a fundamental statement on medical privacy. Another translation of the Hippocratic Oath by North reads as follows:

"Whatever I see or hear in the lives of my patients, whether in
connection with my professional practice or not, which ought not to be
spoken of outside, I will keep secret, as considering all such things
to be private."

Thus we have a clear linkage, dating back to the Pythagoreans, of medical data and privacy. So why would there be any problem?, it seems so clear cut in theory, what's wrong with the implementation?

The problem space originates (meaning in the collective unconscious, or mythological symbolism) of the advancements of medical science, and the problem of boundaries between life and death as expressed in the mythology, but also in a more modern sense boundaries in general, between organized systems.

A lot of the Greek drama comes from conflicts that come from stepping across those boundaries, who has dominion over a specific area, who subverts or interferes with control of that area, conflicts between mortals and immortals that then needs to explained as a story, often in the form of catharsis, allowing the performers to examine these conflicts as the tragedy ensues, making the audience experience it, as opposed to repeating it and thus acting it out in real life. This duality of purpose is a great design, it not only is entertainment, but also an examination of the tension, or in the case of comedy, absurdity, which is present in the lives of the gods and the mortals, each of which have their flaws. If that flaw can be avoided by emotional understanding brought about by a theatrical performance, so much the better. If a better understanding of flaws, or triumphs can be presented, Memento GoF 283, that also works.

Collapse also comes from the failure to explicate the story, by carrying on as usual where tragedy could have been avoided by listening. Of course in foreshadowing the dramatic tension is maintained by ambiguity, the audience may in fact choose to misinterpret what is being foretold based on their own prejudices. The Greeks had a concept of "paying the poet" at their Symposia, in the same way we have an English concept of "paying the piper" in the context of calling the tune (as in performer), but also in the sense of being responsible for one's actions, which in this case is a powerful cost incentive in health care, since the ancient proverbs weigh in with "an ounce of prevention is worth a pound of cure".

So this is where the savings come into play, and therefore the ROI, which justifies the investment. The idea of "health care consumer" is thrown out out the window. Totally defenestrated. The actor has to be far more involved in the role, because that is what is going to change the equation. Can't simply consume, but has to plan an active part of the process. That starts with getting better information. Better information flow means using standards, since one has a better chance of getting agreement as to protocols. Protocols can be defined with an independent abstract language, (ASN1). Thus managing identity goes hand in hand with managing health care, with a national focus, that means citizens managing their healthcare, not consumers. Consumers are at the end of a value chain, citizens can be at the front. The savings comes from the front, and in understanding the stories that make sense. These may not be the same exactly the same stories told by pharmaceutical companies on television, which is our equivalent to Greek theater, or medical soap operas. But in this case the doctor who consults Google on his office computer while consulting with a patient, or a patient looking up cases in PubMed has already chosen a role that is something more than provider, consumer, and instead there is active collaboration.

So the question is how we are preventing the theft or misuse of PII in medical records and what effects of exploring system boundaries (generally considered to be bounded by life and death in record keeping) might have. Here we put Asclepius on stage at Epidaurus, in front of a summer's eve crowd of some 15 thousand practitioners of his art and the symposium begins.

When those boundaries are crossed, people need to have adequate cultural explications.

The medical profession has it's own terminology for these explications. How does the wrong person have their limb removed? Who receives a dosage for a drug that is 20 times what is prescribed? There is a company which can handle the tracking and reporting of accidents and "bad outcomes" to improve patient safety, a concept that blends accidents and processes into the mix, with the realization that we are already dealing with a highly analytical, process driven, self-reflective, and regulated space in which decision making is a highly important part of the process.

What about Auth-N (authentication) in Health IT?

The fundamental question which I have posed is whether we "cut" the identity part of health care out of the system, to overlay it with a general service that provides identity proofing, or whether it is simply a question of sufficiently hardening identity processing components to have adequate resistance to threats which might be coming from all attack surfaces.

This was clearly discussed in the Medical Identity Theft town meeting in which experts discussed how many people it took to handle and process a patient's medical record. We have to model the threat of one or more of those actors stealing identity data.

To restate it, we can take out the "who", and leave the what, how, when.

Accessing Identity as a service (like DNS) may require a remote lookup, rather than a local lookup of stored data. There are all sorts of permutations. Employees may choose to have their data held in your LDAP server, or at a Identity Service Provider. We are already familiar with the ritual of "swiping" and "signing" credit cards. The numbers that are associated with those cards can be changed when there has been a system compromise. It is expensive, but it can be done. Unfortunately, other than monitoring for illicit usage, and fraud alerting there is little that can be done to recover from identity theft. Once someone starts pretending to be you, then it is a question of who accepts that data. In Health IT that can end up being false billing to Medicare through shell companies. Patients have also had to deal with practitioners who managed falsify their identity, or credentials to practice medicine, a problem that can persist for years in private practice.

There are a well developed set of political assumptions regarding the structure of health care, one of which is the retention and management of patient care records. The storage, maintenance, and access to this data represents a significant cost, and sometimes a revenue stream if that data is sold to downstream providers. Configuring an independent storage of personal health care information is consistent with the ideas of privacy and portability. If the business case is aligned with the services provided, then Identity should not really be important. It is a positive factor in good patient care to "know" who someone is, in fact it is a requirement, and perhaps to know details regarding a family medical history.

I do not think that translates into keeping medical records in inconsistent formats, and one of elements that can be standardized fairly quickly is the PII, without having to deal with the other  complex codes (such as 4109N, for example), are already in use.

At the same time in more socialized systems where a vast amount of records are already available and the goal is to assign a unique identifier to those records, using programs such as OXLINK and OCNA to get rid of duplicate records and assign a new national health service number. Rather than take that approach, I would advise to put Identity first, as a unique value, and then use that Identity to populate the field for PII, based on user input, and verified by an identity proofer. This is the way it is done now, but this is a more systematic way to go about it, and fits the GOF design pattern of a singleton, rather than doing it in reverse by starting with medical records, and then assigning a health services unique identifier. That way when a use case arises that is cross domain, say emergency services relocation of medical records, then the identity can be cross cutting through domains. This is consistent with the approach of Federal Architecture.

They do relate to authorization, which I feel can be to some extent categorized by roles, and how much the public (as expressed by a political stance) should be involved in health care for individuals who also have access to differing degrees of "private" healthcare. Thus it is not "who" gets what type of treatment, but "who" belongs to a specific use case regarding treatment, and the defined roles of the use case actors. This can be modeled in business process models of UML.

I think it does no harm to take out the "who" from healthcare, while still allowing individuals, stakeholders, actors and groups to manage their own identity, and put thus  put the "who" back in. So in this case the Marx brothers were right, "Who is on first".

Identity comes before care, (even pre-natal care when we consider genetic screening) and exists as a potentially definable IT object numbered as an OID, defined as an international standard such as a unique distinguished name as a replacement for a common name, which does not have sufficient IT uniqueness, or a SSN, which was never intended to stand in for a value of uniqueness. In short, using SSN was never a good idea for medical systems.

This comes down to an analysis if the current system of maintaining medical records is adequate and supports the goals of privacy, given the developments of more comprehensive laws, (such as HIPPA) guidelines and frameworks since the original value statement in the Hippocratic Oath, which creates a strong historical precedence as being part of best practice, but is conditionally applied in the larger sphere of medical ethics.

Privacy is not an "absolute" right, but reflected as a penumbra of shadow and light.

INDIVIDUAL CHOICE
Individuals should be provided a reasonable opportunity and capability to make informed decisions about the collection, use, and disclosure of their individually identifiable health information.
[Federal Framework]

I don't know if the life and death or privacy philosophical and medical situations can or will ever be adequately explained to anyone's satisfaction.

However national identity can be sociologically described and discussed in terms of a culture using concepts like actor-network theory, modeled in UML, and then translated into an IT design for software.

Identity already defined for the entire U.S.

In fact it has already happened and we are adapting to the fact that we have digital versions as well as physical versions of our identity. The question is how much we can now impact it as individuals, and this is the exciting part of identity software development. My overall design links into those significant approaches.

Thus we need safeguards when politics spills over into abuse of identity, (as it has in several documented cases) and thus can leverage large databases against individuals, and groups, falling into the category of identity abuse, and thus with knowledge create a system can be designed with adequate safeguards, and understand how it can be exploited. This is part of the 10+ year Cequs requirements analysis.

That protection against abuse (and not just a knee jerk reaction to the 666 crowd of Armageddon followers which prompted a pseudo-national ID as REALID, despite whatever merits or faults it had as an improved Drivers Licensing System) is a real system design that goes back to the original design of the Founders. Do we want our ability to drive a car be our National Identity by proxy?

A national id system can and has been pre-emptively challenged by concepts such as a permanent state of emergency, and the Patriot Act and so on, but the question of building in safeguards has as much to do with the structural integrity of the identity system as anything else, it simply will not be able to maintain state if it does not meet the requirements. This was the reason behind so much resistance over REALID. And is behind resistance to some national id plans in the UK for example. These are programs driven by bureaucrats paying high priced consultants, not a bottom up approach. They seek to recoup exorbitant costs of ID card manufacture and distribution by charging high fees.

There is the concept and design and then the vendor driven implementations such as national ID cards with biometrics, bar-coding, etc. Generally, national ID documents like a Passport design are driven by a small group of specialists. It is really a data feeding mechanism into larger databases. It's not the enabling tool to get at how your data is being used, the fact that your data points were gathered, (for example if you ordered a special meal on an airline) and what data points were negotiated on a country, or supra-national level between groups. Often these negotiations were also coupled with the bargaining that they would interefere with commerce, i.e. stop flights going into a specific country, over acceptance of the data terms. No one is going to stop someone from going to a doctor over ID, or prevent care from being given, it is about aligning with the federal framework; the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information

The fact that a passport has an RFID chip embedded inside is a technical, rather than policy issue. How the data is collected in terms of transborder information flows, maintained, and used is entirely a different matter.

This is why these technologies should be accompanied by equal and offsetting technologies that put power back into the end user, driven by OECD guidelines such as transparency.

That can't effectively scale with siloed systems, the end user simply has too many places to keep track of. It worked fine for a pre-networked, primarily local identity. Now it does not scale. In terms of design patterns this would be called a "Singleton". GOF 127, to ensure that a class has only one instance, and provide a global point of access to it. Simply put that means putting control (as much as possible, into the hands of the individual, making them responsible for accurate data, rather than tasking someone else with this primary responsibility). The fact that this does not work for some people, does not rule it out in general. This information is independent of life or death. I could determine, and would in general, if certain  SNPs would be personally significant,and which could be ignored, in passing on my genetic data based on counseling and risk analysis.

This being in the Asclepius world of medical ethics, i.e. something that has to be worked out relative to individual liberties and culture and choices.

I could store for example (almost permanently if I wanted to persist it) that information on the Internet...such as TTTAACCTCCTCCAGCTCTGCA.INFO for how and what the R1B1 SNP 343 group should expend their efforts, and once indexed,  pass that data on to future generations as trivial, or significant. I could do that anonymously, or pseudo-anonymously, sign it with a digital certificate. Lot's of creative possibilities here.

The real abuses are not connected not with the technologies (which like it or not are neutral) but how policy is implemented using those technologies. It is much better to design a system with safeguards, and use case actors defined, than to ignore them. This is because we are dealing with highly complex, adaptive systems. Systems which can be analyzed using various software, and knowledge management techniques. The good thing is that we can engineer this.

Some of this simply has to be fought over or tested on the IT security battleground simulation and practice using the roles assigned in that sphere to test the protocols to get a sense of how the system can be exploited. Human nature is such that it will be exploited and will need to be fault tolerant.

This can be thought of as a defect analysis, with policy being one of the components of a defense in depth.

If it is safe to say the infrastructure will be exploited, now what?

Those are important details in implementation and best practices. What other similar examples do we have?

If the Identity infrastructure is adequate in how the miltary handles nukes, or how the intelligence agencies handle classified information is it adequate for your personal information, and how much security do you need?

These answers can only be partially answered by an organization attempting to implement adequate guidelines, so the burden has to some degree fall back on the individual to manage those choices of how much security is necessary, and what they are willing to bring to the table.

This then becomes a formal design by contract, (say between the c=US Manager and the National coordinator for Health Information Technology, and related stakeholders), where the actors and stakeholders understand which role they are playing, and which costs and options exist..

If it is a lot more expensive to use one solution versus another, then "hidden costs" of non-standardization need to be exposed, which is an important element of transparency. We need to give people a choice, but not overburden them with false choices.

Part of that is letting the battles be fought in the policy and political space (say different priorities set by executive administrations for Family Planning or Stem Cell Research) and not proxy those conflicts into the implementation of Health IT software, even to the point of allowing them to be cultural assumptions behind technology.

Identity itself is already somewhat overloaded officially with these concepts, such as "birth records' and "death records". These take on a different slant with digital identity where data is going to persist post physical death, and certainly in terms of SNPs, before birth.

Then the problem becomes an issue of attaining an ability to distance oneself to get the big picture of an entire system, and still communicate that meta information using the terms of the cohort. This is a hermeneutic problem of pulling back to the edge of the event horizon, but still finding information there. It is fairly impossible not to see things through the lens of one's dominant cultural paradigm, but the effort is worth it, if we truly want to see the cybernetic qualities, feedback loops, etc., of general systems theory, rather than approaching it as simply another vendor product for Identity Management. This is somewhat at the exciting crux of public-private partnerships.

Unfortunately it is going to sound like mumbo jumbo outside of that linguistic bubble which tends to create it's own jargon, the best analogy I have heard is rebuilding the train while it is travelling down the tracks.

And it is when these forms of jargon are orthogonal, for cultural reasons, rather than technical reasons that a solution might be obvious due to the requirements, but there are reasons why it is not adopted, beyond the technical side of the requirements.We can figure out why a particular standard is adopted, or not, and why.

In fact a fair amount of effort is devoted specifically in to figuring out, and attempting to explain what the ground rules of life, death, and rebirth are, either from a religious or Darwinian point of view.

We can safely elide this rather difficult cultural and moral problem space while still admitting that it exists, and not attempt to avoid it, since it will impact on authorizations.

However, in terms of identity, we can avoid it, since we are dealing with identity in the system, rather than what relationships that identity object has with other objects. If we wanted to couch in medical terms of "unwanted outcomes", we are in the medical jargon bubble that has its own highly specialized terminology that goes out of its way to eliminate these cultural problems.

Redefining this "sans frontieres" recognizes that some of these boundaries are couched in cultural terms, none the less. If we are going to recognize national identity as legitimate in terms of benefits of defining citizens, and then incorporate and include other schema, such as state systems, its possible to have the benefits of both, and then if appropriate, dispense with it altogether, as a ladder which is no longer needed.

Most cultures build up elaborate systems to justify or explain who lives and who dies, and when, and under what circumstances. In the modern sense we generally assume that everyone should have access to high quality health care, and with all the difficulty and ambiguity that entails.

However, in the original form  Aesculapius was able to perfect his art to such a degree that he was accused of stealing from the gods what was their role. He then set into motion a fundamental change, where we ourselves are responsible, and how that becomes an implementation. We can get some help from Telesphorus, his "mysterious" helper, who wears the same hat of Liberty that adorns the seal of the Senate, and acts as the process of healing, (health-Identity here), as we have leaned in the past on his sisters Hygiene and Panacea. So we are asked to deal with the problem, but at the same time we are given a solution though Federation, and Liberty, (meaning the values).

Translating that into modern terms, (and it translates well, because it is so fundamental) is that medicine, and science take on god like qualities relative to certain cultures, and cultures don't have a handle on how primitive they are relative to other cultures, ours included.

A lot of anthropological assumptions are worth challenging and we should not fear borrowing ideas, (like the Sipapu) to create value chains. Of course this runs into the jargon wall of consultant speak, but that's ok, because a shaman from Chaco Canyon and a modern medical specialist might have some common ground if we look deeply into the requirements process. How often is some new drug not found already being used in the rainforest by a shaman?  Chew two pieces of tree bark and call me in the morning. Increasingly we are becoming more holistic, and "sans frontieres" to our own benefit.

If we fail to look into the mythological, we are not leveraging the entire cultural history, and a significant part of our brain.

Without being judgmental from an anthropological point of view; there is data and knowledge which is not understood fully from either a professional, shamanic, religious, personal, or technological point of view regarding transitions between worlds. Much explained, but still in the belief area and I personally advocate an open mind in regards to this, there is practical implications in regards to identity here where we look at digital data which can be thought of in abstract terms.

Health IT gets beyond this problem with persistence, once the digitial information is created, and linked, it exists independently.

This location deals with "ownership" and might be in a Doctor's practice, or not. It really can be anywhere. The doctor "adds value" by understanding the patient and her history but currently is not the source of all information, given various sources, such as MRI, etc. While historical records, (did this person meet the public requirements of having a particular vaccination) are part of the record, the record is only a part of the care. A starting point where the patient has to be a participant, and can be incented to lower overall costs through prevention. As an IT person, I would like to see a color coded risk factor web page, and then options and checklists. Other people respond to other types of data and incentives, but the forces of massive personalization based on Health IT can be used effectively.

The Chaco canyon tribes etched petroglyphs to explain the situation of how animals would be killed in the hunt to sustain the tribe, and then went through a process of return, (a spiral of dots), and then were reborn for the next hunt. The place of their return, a portal, was such that only they were allowed to pass through it.

So, in the time of Asclepius, the Gods were initially pleased, and then threatened when the issue of immortality was brought to bear. Mortals died, end of story. Suddently mortals were dying and being brought back to life. This suddenly formed a problem space, and one which is still with us today as we deal with parallel advances in medical technology. The fundamentals of life and death are in discussion, and in play. So this is about medical privacy, and not that issue, but suffice to say, the problem is in the original formula, that medicine can, and does heal, and may in fact bring back those that have, for all intents and purposes, died. So the philosophical questions are not that far away, and we look for a philosphical ladder that we can use to get beyond that intractable problem space of culture to the modern (not disconnected, let's for the sake of argument say post-modern), era.

So what's different about the 21'st century? Well while much remains the same fundamentally, we have global networks. As a result we live in a sphere of information that did not previsously exist when confined to specialists. We can access PubMed, and look at peer reviewed journals to look at research and get some insight into what otherwise would have been restricted specialized knowledge.

So logically we want to leverage these long distance (tele) technonologies, learning at a distance, communications at a distance, etc. and that is what Telesphorus brings to the table, advanced tele technologies that can interface with the difficult problem space that Asclepius introduces in terms of medical privacy and now exits to have a sip of ambrosia, confident that the message has been heard to last seat of the theater at Epidaurus.

I just finished an RFI on Identity Management for FEMA. I need about 11 million dollars to pull off what I'm proposing.

They had established a good set of requirements, but they needed a solution, and one that scaled securely over the entire country, and that's a national identity solution that can interface with different systems.

It's all about the interdependency risk and getting a handle on that. The key is in allowing essentially the system to continue to work as it does now, (conservation of effort) for the 90% of what needs to get done, (Pareto principle) but then when needed keep the roles (think of pieces on a chessboard) the same, but be able to flexibly move those resources to where you need them, and quickly fill those roles.

So we need to persuade and even market to people to react in the most useful manner, and not necessarily in the manner in which they immediately think they should react.


So you have to enable citizens to respond in an organized and effective fashion, and one way to do that is to cut down on the infrastructure communications traffic that says "Are you alright"? and "Where are you?", by providing those answers in a very simple manner in regards to status, or the method of communication used.

These are not unusual events, but usual and cyclical events like Hurricanes. FEMA knows this stuff is going to happen, sometimes when, and how.

We know that lying to folks about a potential or current emergency situation does not help. That was the old policy of the original civil defense to try and keep people off the roads.

 NISAC models have "agents", an AI approach to what people and systems might do in these situations, and then they run the simulation. Things fail, and then you can allocate resources.

They did this before Katrina, with a simulated hurricane, and it was almost exactly the same as predicted.

So there are elements of a disaster response which can be orchestrated, but the elements that go into that highly complex situation, say how high is the water, and how high is the levee, are about the long term engineering, and thus are an expense that is going to be subject to political choices among other expenses. In short, a tradeoff which is going the favor the status quo.

It is this narrowness of view (call it a reaction) which Obama can help the nation move beyond, by accurately giving the big picture. The more we understand, the easier it is to establish value and make effective choices.

That's why the Dutch naturally listen to the folks but (don't always agree) with the people who maintain the local infrastructure of dikes.

They certainly understand how much their economy is based on shipping, and what effects a port closure, or shipping point failure would have. The folks who maintain the dikes are a political element, and not a purely engineering and construction, because it's about hard choices. Political scientists would say;"choices among a scarcity of resources".

I think it's a question about how the infrastructure has evolved, it starts becoming complex, and subject to large effects from small perturbations.

It's a case where what is natural, to check on the status of someone, but it may be the wrong thing to do during a disaster. Why not have a website that can do just that?

Which brings me to the big picture folks, namely SANDIA and NISAC.

Very big picture thinking, with agent modeling, game theory Nash Equilibrium, power grids over telecommunication lines over maps, etc. All written in very deep formulas.

But does DOE get the Identity thing? Yep, they do. Or did.  But is it in a sort of in a way that CERN gets the WWW?

It's one thing to invent HTTP, or use X.500, and then the whole technological transfer process takes place as the infrastructure is rolled out.

So HTTP is no longer linked back to a CERN website where the whole thing started. Or a few sites that were linked into Alohanet, before the ubiquitous Internet, or the original DC based Edison power station that supplied Wall Street with electricity back in the early 20th century.

Perhaps the same way future generations will look at the large hadron collider in the future, an interesting relic for the time. But like Tesla, and Westinghouse, and Niagara Falls, a seed for what is to come much later in terms of complex failure.

Long distance transmission of power is invented, (as opposed to Edison's local power station) and years later in 2003 a tree falls on a power line in Ohio and due to power oscillations knocks out a huge chunk of the East Coast. It would have knocked out where I live, but an alert operator saw something wrong going on, and just in time took our area off the Grid.

 That's too sensitive to initial conditions, but logical compared to the Edison plant near Water Street because DC power would have required enormous guage copper wires that are not required because of transformers. It's about how the system involves and intertwines how suddenly how small failures become amplified. There's a whole science around fault tolerance and how a few lines of code can botch a huge mission, but it is possible to make certain things more scalable and not create more risk.

Sometimes rational responses come packaged in a way where all the key use case actors don't come to any form of convergence for critical decision making. Apparently this has to do with our emotional system able to handle far more information, but it also may limit our reactions to a few set responses.

One example I just read  posits emotional versus rational decision making and reactions. A fire jumper team leader found himself in a rapidly spreading wildfire in California. The entire team suddenly realized that the fire line was approaching too quickly. The emotional response, the one that is hardwired into the hormonal production of adrenaline is to shut down the brain, and get the legs going to run away from the fire. Run, the brain shouts. Don't think about anything else.

In this case the team leader ordered his team to stay. They did not agree, and were killed by the bushfire, except for a few members who found a crevasse in the mountain. One made it to the top of the ridge, and died of third degree burns a couple of days later.

The team leader survived. How? He analyzed the situation and determined that the immediate threat could not be run away from.

There was no time.

He got out his lighter and set the area around him on fire, and it very quickly caught on fire. And then burned out.

He laid down on the burnt ground, and covered his mouth, trying to get as much oxygen as possible. His approach, is now an accepted procedure. It was counter-intuitive. Years of emotional experience with fire suggested totally a different approach.

Years of building nuclear weapons at Hanford, and now the challenge is a race to protect the Columbia river, a few weeks ago they found weapons grade plutonium, in an office safe, in a jar, buried in the ground.

It is a long journey from the radium girls licking the ends of the brushes used to paint the watch dials and Madame Curie.  When things change so rapidly in 10 or 20 years, we have a difficult job to get a handle on things that last thousands of years.

Eisenhower toured Germany pre-WWII and was very impressed with the Autobahn. Later as President he realized that there was no effective way to move troops and nukes from place to place over our roads. So he started building the Interstate System. Of course, (like the Internet) there was a defense/civilian dual use.

In the fifties and sixties, civil defense warnings came on all the time, that radio announcement, which was sort of the "run" announcement to the  brain cortex.

Only that was not true. The whole point was to get people to stay home, and why? Because they were already toast. Getting on the roads, en masse, is a problem.

It's a natural response, and in all the disaster movies you see the standard massive traffic scene. This is not to say evacuation does not work, just that total group response of individual responses require some additional best practices knowledge to be effective, and that's exactly the kind of training info that FEMA now provides on their web site. You want to know what to do when a volcano blows up? Make sure you have a spare air filter for your car. That's good info. It is not complex.

The interdependence of modern systems, especially the systems of which experts are very paranoid about, is increasingly being analyzed, but the solutions to some of these problems is sometimes outside the scope of what those systems theorists are able to scope.

Pre 9/11 one would not expect a few terrorists with box cutters could do so much damage, (well except for the intelligence report that said that terrorists were going to attack airlines).  And that late summer was all about being eaten by sharks.  Our perceptions of threat post 9/11 as a reaction are part of the problem, unraveling those assumptions as to what is accurate, and what is not, is a priority.

So here's the simple description of the medical privacy solution. First of all take a look at this design pattern. http://www.opensecurityarchitecture.org/cms/library/pattern_landscape/244-pattern-identity-management

The key element of the simple pattern is both local, and national directory servers, so the the "Directory" part of the pattern, essentially means anyone in the U.S. that cares to participate. These directory servers are populated using an enrollment mechanism. They are then linked using X.500 servers that can replicate data as necessary. Security for directory entries is done, as usual, via X.509v3, (digital certificates).

Nice thing about this...no new technology needed, just an overhaul to use common standards.

All data is encrypted, and has security clearance tags, just like intelligence reports. Importantly, the end user chooses who is to see who has access to their data by "workflow" process diagrams. Rather than signing a blanket HIPPA authorization, the patient actor opts into the identity manager of their choice, more likely than not a plug in for a web browser, but could also be something like a secure token service for Microsoft "Geneva" Identity Card, or Higgins, (or whatever meets the basic requirements) and then determines how they want to manage their medical records from a menu of privacy options. They still could fill out that form in the doctor's office, and then modify it over the web later.

Each of the options should have a policy description, and a risk profile attached to it. For example, a lesser privacy protection policy would carry more risk for loss of information confidentiality, but less risk for attempting to connect to a non-compliant solution.

The beauty of using a Directory schema is that it can be enforced for certain mandatory critical elements. At the same time, this does not preclude importing and exporting data to other systems (especially internal systems) to provide interoperable results.

This is the 10,000 foot overview that everyone should be able to grasp. The specifics are what the stimulus package can pay for in terms of the medical broadband infrastructure. Here's what you get for your money.

1. An encryption and security tagging mechanism for medical documents
2. A consistent, but open ended method of managing Identity so that patients are not confused with other patients with similar attributes.
3. Patient access and transparency regarding medical records.
4. A clearly described process model and audit trail as to who is allowed to look at specific data, under what circumstances, and notification at a level aligned with best practices.
5. Location independence of medical records.
6. An approach that complies with HIPPA, but makes it more realistic for the end user for the problems that HIPPA attempted to solve, but did not.
7. Data is held by parties that the patient chooses to trust.
8. Saving money from excessive Medicare fraud by identity thieves and organized crime who scam tax payers out of money which is supposed to go to legitimate patients.
   

We currently have a problem that extending personal information through medical IT systems creates severe privacy problems. These problems can be mitigated in the short term by following guidelines for PII security as defined in the NIST SP-800 122 draft document.

This would go a long ways towards ensuring that stakeholders maintain a security stance which protects PII within an organization.

However the document does not address the transformative nature of digital identity accepted from outside the organization, that is in turn not persisted within the structure of that organization. We currently have examples of this design in clinical drug trials that collect data, but do not link that data back to PII. That is, accepting user generated digital identity to obtain services and perform AUTH-N, or authentication decisions regarding who someone is, as a digital object, relating to other digital objects as an outside service, rather than trying do this in-house.

As long as organizations continue to persist digital identity for consumers within their organization, there will be privacy concerns. Logically services should be provided with the end users in charge of their PII.

Once a client has been authenticated, it is then the purpose of the organization to provide services. The structure of providing those services are going to be enhanced through better communication and interoperability of IT systems. These in turn will be defined by their capabilities to provide line of business processes which are highly dependent on authorization or AUTH-Z. Thus the definition of what is provided and how is the difficult part, but the part in which these organizations excel with their matrix of interconnected service providers. At the same time, they are not always going to be in control of how PII is handled, either in systems within their security domain, or in connected systems.

It is in the abuse of that information where there is concern.

So the "shovel ready solution to medical privacy" is to separate AUTH-N from AUTH-Z, or the "who", from the "what".

The Cequs business model can do this by providing user controlled PII solutions which can be adapted to IT systems for AUTH-N. This frees the Medical IT community from the long term management of PII, an area in which they face a high threat risk profile.

Contact me at peterb at cequs dot com for more information on how to link medical data without compromising privacy.

Daniel Matt really has a clear explanation of placing Tikkun into the realms of physics and identity. While I'm working on these very long range time lines (I used to love reading Asimov's Foundation Trilogy as a teenager) I find Matt's explanation of the Big Bang very exciting. From a design standpoint my generation was very affected by the whole earth movement of the 1960s. Frankly, we saw beyond the current horizon, and this created some great opportunities and a few problems.

One of those problems is a sort of time disjointedness. We all feel it, (from time to time) in a variety of forms. I always had deja vu  as a young child and pretty much just took it for granted. I think that happens to most people. That's not what I'm talking about. Tikkun involves repair of the most fundamental aspects of the current universe through ethical living, and fairly one should question what that has to do with identity.

Let's take that down to the simplest statement that anyone (outside of a creationist) would understand. Your mother...These things always start out your mother...was African. We are talking gene pool here, that they have tracked back everyone on earth to a woman that lived in Africa.

Scientific fact or religion? This seems to be confirmed by DNA.

But can Science or Religion takes us back further, and what does this mean in terms of Identity, both in terms of identity of who were are, as well as constructed digital identity of what we want to project? Can we go back to the Big Bang of identity? We spend a lot of time and effort to differentiate ourselves and our groups, our countries, what is it that also makes us all the same? As human beings we share a great deal of DNA with other animals.

I like Matt's explanation. Of course I also have studied the kabbalah so this makes some sense to me. In a nutshell, the Big Bang happens, everything (thinginess) is created, whereas before you had no thing. In our section there was left over energy, which we could come to grips with, or be destroyed by. 

Coming to grips means that we need a grip, or handle to get to rebuilding the container. Here's a design pattern for that. It's a cho ku rei. To me it looks like a nice handle to an infinite series.



Some people by living correctly  (depending on your definintion of same, your moralistic mileage may vary) should be able to deal with that primordial energy. Others, unfortunately do not. Of course the chances of anyone actually agreeing on what that specific ethical behavior is, is somehat remote; but we do in fact have agreements in the forms of laws and constitutions, etc. so there is some common ground. And like all agreements at that level, not having those agreements is a disaster.

He brings up the problem of symmetry, and why (according to the dining philosopher's problem) the system has a halting problem.  If you take that back to Turing, you can see that on a universal level, stuff breaks. Computer software (aka symbolic logic) breaks. Which is why mission critical software is built by completely different teams, you don't want the same failure modes. The great thing about identity software is that we don't all have to agree on exactly what form it should take, but we should agree that it should be capable of handing the most fundamental aspects of what is important to us.

So a design for Identity has to take this requirement into account.

Thus the long term plan is to fix that.

Oddly enough, there are a few people already working on the problem space.

I have been pretty busy lately shutting down Tweeter on the last days before the doors are closed for good. It's been five years in the same place, lots of good memories, and I've made a lot of good friends with co-workers and customers. Certainly every day was an adventure of one sort or another.  Remarkably, with all these speakers, home theater rooms, etc., I recall actually sitting down and watching an entire movie probably once or twice.

Of course blog comments have this Internetish permanence about them, and if you are a potential employer and reading this thinking you might want to form an opinion on what I do to make money, you probably are not yet part of the digital world that my kids now live in.  The blog is about Identity, where it comes from, and ideas that really are in a much longer time line than employment, which of course is considerably more defined.

Right now I'm reading Anathema, by Neal Stephenson, which describes really long time lines, in fact it was inspired by the idea of the "Long Clock".  Of course I'm reading about 12 other books right now, one on the history of Internet protocols, another on social networking, and so on.  I'm feeling this very interesting constellation of ideas that started out with one of my favorite authors, Thomas Pynchon and a book that I finished, Against the Day, which considering it was over a thousand pages long, you could say it held my interest. Anathema weighs in at around 935 pages, so it's going to take a while, which is entirely ok.

So, like everyone else, I'm mulling over the economic situation and how we got there. Not got there in the last ten or so years with various complex financial instruments which people did not really understand, but the whole actor-network of how the bubble built up, and the players in the drama.

If you are one of the three or so people on the Net that's ever read my blog you know I take this back to the Aptuxcet trading post, my first venture which lived inside the Media Moo at MIT.  The original Aptuxcet was based on trading, and the intrinsic value of shells. A shell game, as it were. And this was official currency at one point.

More so than the shells themselves, was how they were drilled, the value added so to speak. And how they formed the wampum, an even more important idea. While your average grade schooler gets this concept, most of us do not. The wampum belt was a very important artifact, because it represented the agreement (honored in all sorts of documents) that was meant to transcend time, very much the memory device, like the long clock.  Typically in the Wampum belt is the idea of parallel universes, two lines of shells indicating paths which are shared, but different.

It's not about agreeing to disagree, it's about taking two totally different paths that do not converge, but still represent cooperation. The image in the document that precedes our U.S. Constitution, is that failing to do so is like having one foot in each of two canoes, a situation tricky to maintain, and doomed to failure as the path continues.

The question then becomes, on an economic, or other basis, where do the paths converge? And as a network engineer, I know that you need to have path convergence, or the system breaks down.

Pynchon alludes to this in Against the Day, in fact he plays with the idea quite a lot. There are zillions of characters in his books, that all come together at some singularity. In this case it is the events preceding WW1.  And he throws every thing into the mix, including Tesla's wireless power generator on Long Island.

When one thinks of convergence, one thinks of rays, and optics.  So where does this screed converge, the economy, Pynchon, the wampum, optics? It comes together in the character of the ray, the extraordinary ray that appears in the calcite crystal known as Iceland Spar.

The extraordinary ray appears as a basic optical property, a second image that appears from the same source in the crystal, and was used as a beam splitter of sorts in the Norden bombsite in WWII. In fact, Iceland Spar, and a specific location of Iceland Spar was the main source of optical instruments in the time period set around Pynchon's novel.

Where in fact do we get that convergence...well we get a clue in the idea of statistical probabilities. The same statistical probabilities that were used to calculate risk in derivatives. Getting it yet?

The idea of predicting risk based on these statistics can be flawed, as detailed in the book, The Black Swan.  Or as the author puts it, a turkey is fed for a thousand days, and based on past experience, does not anticipate being part of the Thanksgiving meal.

So complex computer models are based on something, and that something (besides the symbolic logic of Turing) were early represented by the gears of Babbage who used the machine to calculate risk for insurance companies, an actuarial task that had been previously by hand by clerks in Paris.

Hmm.

So Babbage writes about the convergence of the sacred and the secular that can occur in a statistically valid way at any specific moment of a series. Babbage is clearly a genius and a hacker. The machine will spit out the same result time and time again, based on engineering and best practices etc, and if someone can predict that a different result will take place at one specific moment, one critical moment, and then return back to its usual pattern, then that person is considered to be a hacker.  What happened is that at one moment, all possibilities were present, and then after that moment gone. Is this possible? He considers it to be a proof of miracles. Or disaster, if it happens to be the bridge you are on at the moment, and it crashes into the river. We have seen the footage of waves and the effect on bridges, and that's where Babbage takes us. Our actions create waves that continue on without end. Of course they bounce into other waves.

So the convergence of the light waves takes place at a specific place, and time, oddly re-discovered with the Iceland Spar, and demonstrated in other places in this sci-fi book I'm writing. Chaucer's House of Fame and Babbages Ninth Bridgewater Treatise explore this idea of light and sound diminishing, but continuing, an idea that Tesla worked with while he was in Colorado hearing thunderstorms. At some point the effect becomes so diminished that it exists at the quantum level of probability, able to be disturbed by the action of the observer, thus we create our own reality.

Thus if we are to rebuild the economy, we go through this cycle of attempting to find the foundations of what is value and what is simply the bubble.

These are interesting idea, not meant to be taken as truth per se, but interesting examples of convergence that we might not see at our position in the fractal. If we step back from the spatter of a Jackson Pollock we might see the pattern, or perhaps it is just monkeys playing on the computer keyboard.

Derivatives based on statistical models->>unusual exceptions to statistical models>>cyclical crashing back to foundations>>wampum>long term contracts and memory devices>>Babbage>>Chaucer>parallel systems>>optical properties that contain all rays in 9th Bridgewater>>Pynchon>Iceland Spar>>novel in development by Peter Bachman

Be experience; for if that thou
Throwe on water now a stoon,
Wel wost thou, hit wol make anoon
A litel roundel as a cercle,
Paraventer brood as a covercle;
And right anoon thou shalt see weel,
That wheel wol cause another wheel,
And that the thridde, and so forth, brother,
Every cercle causinge other,
Wyder than himselve was;
And thus, fro roundel to compas,
Ech aboute other goinge,
Caused of othres steringe,
And multiplying ever-mo,
Til that hit be so fer ygoo
That hit at bothe brinkes be.
Al-thogh thou mowe hit not y-see,
Above, hit goth yet alway under,
Although thou thenke hit a gret wonder.
And who-so seith of trouthe I varie,
Bid him proven the contrarie.

Chaucer "House of Fame"

One of the interesting factoids about the Identity singularity is that you can come at it from any direction, and it all goes to the same place. That's one of the characteristics of a paradigm shift, it all seems so obvious after the fact.

For example, everyone in the Blogosphere knows about Doc Searls, and one of the things he is famous for is the book the Cluetrain Manifesto. I read the Manifesto when I was back at PSINet and it was a startling awakening in connecting with customers. VRM is the latest wagon lit of the cluetrain.

We all understand customer relationship management, and the record keeping that is associated with it. All the classical issues of keeping in touch, maintaining channels of communication with the customer, that all is a part of good business practices. Doc is reversing this with Vendor Relationship Management, or VRM.

http://cyber.law.harvard.edu/projectvrm/Main_Page

This is reversing the paradigm, reversing the flow, because the source of the identity is not you within the corporation, and the data that is maintained there within those systems, but you (as a consumer) pushing that data into various systems depending what is required. We can open that up by allowing the consumer to be a publisher in a pub-sub architecture. That has been the mechanism for a while anyway.  This brings in the idea of process, and documented processes that follow a CMMI model, but the data is not some static attribute/value relationship which we have attempted to describe ontologically at the Identity Gang, but the flow of data which is controllable by the consumer.

So reversing the flow is one major trend in IDM, the other is the understanding of the physics of Identity. This is why I find the various creation myths so interesting. They all attempt to rationalize or tell a story regarding Identity. In terms of hard science the big collective "we" of the entire universe was at one point in time, one single thing. With the big bang, this expanded.

This naturally leads to any interesting mathematical exploration, the kind that Wolfram has done, into which patterns expand (as evidenced by the game life) and which patterns are dead ends. One pattern that seems to reach back into the singularity of identity is represented by aperiodic tiling, something of interest to the former head of research for Microsoft, and several others. Another point of interest is Fractals. What is the relationship? It looks like that the fractalization is a transport mechanism through different physical dimensions of intrinsic identity. It's the same pattern, but extended. And according to physics a lot has to do with the view point of the observer.

I don't explain this very well, I could give you examples lately where I have seen this working, a sort of multi-dimensional string theory reality of identity that exists pervasively and gives rise to all sorts of interesting points regarding organization, but you would be far better reading about this from someone who has examined the same idea in far greater depth, starting with what could or could not be defined mathematically, namely Kurt Godel, and how that relates to the basis of what is what is computable, the work of Turing. If we are talking about identifying someone over a computer network then the basis for making this decision should be mathematically sound. Typically in an X.500 network, that is handled by X.509v3 digital certificates, which are in turn based on the difficulty in factoring large numbers.

If you are interested in how this fractalness affects Identity, check out the following book by one of the experts on the subject, he explains it so much better. Use the Amazon link below, and put some pennies in my Amazon account, please, and I will be happy to reveal some more parts of the puzzle.