Did Occam forget the bins?

Ian Glazer’s Laws of Relationships

In May 2014, Ian Glazer (1) posted a draft of his Laws of Relationships (for Identity Management). In June he presented these at the IRM Summit (2). Ian is a member of the Kantara working group on Identity Relationship Management and he has ‘donated’ his Laws to that initiative. It is to Ian’s credit that he actually asked his audiences to turn on their ‘BS detectors’ and to challenge his thinking at will.

This post is first in a series I am writing on the Laws.


The Laws are actually a collocation of three sets of ideas that together identify the design constraints to which digital identity services must be built if the are to work at the scale the internet requires. In outline the Laws are…


  • relationships must be scalable
  • relationships must be actionable


  • Immutable relationships
  • Contextual relationships
  • Transferrable relationships

Laws of Relationships

  • Relationships must be provable
  • Relationships must be acknowledgable
  • Relationships must be revocable
  • Relationships must be constrainable

I like these. I like them a lot, and I think they reflect a lot of insight and understanding. Which is why I am going to rip into them. Stress test them if you will. These are good.

They can be better.

My first concern will appear trivial, but if you bear with me I will try and explain why it matters.

The insights contained in the Laws are poorly served by an ill-defined frame of reference. In fact, I believe Ian’s initial gut reaction to Identity Relationship Management was good and correct.

I think IRM is a well intentioned move to refocus identity management in the face of some quite radical changes. Unfortunately, the road to confusion is paved with good intentions…

I have two ‘laws’ of my own in mind.

  1. As the twig is bent so is the tree inclined.
  2. Entia non sunt multiplicanda praeter necessitatem. (3)

It’s tricky to derive generally applicable principles from a contingent problem. But how we build on what we have is the difference between a breakthrough and a hack.

The essential requirement is garbage collection.

If we can’t use Occam’s razor, and identify the useless clutter of our past efforts, then we are just adding more stuff.

Incrementalism is unavoidable. There are no clean slates. But incrementalism without garbage collections invites horseless carriage thinking and red flag solutions. In the end we will just add more bits and pieces to the Rube Goldberg machine.

Identity Relationship Management – apart from being grammatically vague – is an unnecessary addition. It’s redundant.

It is axiomatic (no jibe implied) that we created digital identity so relationships can be mediated by interactions between machines. Rebranding a problem fosters confusion, not re-examination.

Digital identity exists to make it possible for machines to a) be our proxies in relationships and b) talk amongst themselves.

If you keep this in mind it needs no great leap of imagination to see that a rapid increase in the number and kinds of relationships between people, things and organisations will require a corresponding increase in the capacity and complexity of the systems mediating those relationships.

As I keep saying, the internet has just begun. Identity is a function of networks, and when the network changes identity changes.

So, despite my rant, the IRM horse has well and truly bolted – there’s a forum and everything. It’s the (unfortunate) marquee for the Laws that Ian has inherited from Kantara’s nomenclature.

The good thing is that the real provenance of the Laws is in Ian’s earlier presentation, Killing Identity Management to Save It, in which he quite clearly situates the challenges of contemporary identity services in the growth of networks. (4)

The Laws get so much right because they are predicated on the principle that, in the world that’s coming, information that represents relationships is going to be as necessary as information that represents people or entitlements.

In fact I believe this change is the dividing line between federated identity and what is referred to as user-centric identity management. (I sometimes think domainless identity is a better term – as awful as it sounds.)

If we are going to design new architectures that can represent and model relationships then, as Ian says in his presentation, we need to understand the constraints and gaps that will inform those designs. Which I take to be the whole point of the Laws.

Now I want think about how Laws apply directly to the fundamental functions of digital identity: identification, continuity and trust. And I hope to find time to consider and respond to them one by one.

But one final, general observation. If I have understood them correctly the following two design assumptions inform the Laws;

Identity services must be relationship dependent.

Relationship states must be resolvable in an access transaction.

Ian mentions these ideas in his presentation.

I think they are essential constraints for the kind of next-generation architecture Ian is imagining. These principles belong in the Laws.

However, because they take different objects, so to speak, one can’t fit them into the frame without torturing the English language – or renaming it something awful like the “Laws of Relationships and the Use of Relationships in Access Management Systems”.


To bind or not to bind?
A look at the second axiom, “Relationships must Be Actionable”.



1: Ian Glazser @ LinkedIn, Twitter

2: IRM in this case stands for Identity Relationship Management. In his presentation Ian explains his reticence at the arrival of this next-new-thing. And I take his  ‘Laws’ to be an excellent step away from IRM as a problem rebranding exercise. Here is the presentation, I think it is well worth the time…

3: This is ‘Occam’s Razor’ and in English says, “No more things should be presumed to exist than are absolutely necessary.” I like to think that if Occam had been a management consultant he would have said, “No more things should be made to exist than are absolutely necessary.”

4: I have should also acknowledge Manual Lima’s brilliant RSA Animate presentation The Power of Networks. It provides a great context piece to Ian’s thinking on the relationship between the network and identity.

5 thoughts on “Did Occam forget the bins?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s