Episode 162 - GluuFederation/identerati-office-hours GitHub Wiki

Title: The Death of Identity

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Bob Blakley, Co-Founder / Head of Product Mimic

Channels

• Linkedin Event
• Youtube Video

Description

The problem of identity arises because we want to authorize an electronic agent to act on behalf of a human being. But the barrier between the physical world inhabited by the human being and the electronic world inhabited by the agent is completely impenetrable; all that passes across the barrier is images. Identity has focused on the question "how does the electronic agent satisfy itself as to the nature of the human being on the other side of the barrier?". And that is indeed very complicated. But the question "what is the nature of the electronic agent itself, and how many human beings' wills is it subservient to?" has hardly been addressed at all, and has never been answered. And without an answer to this question, identity cannot be relied upon.

Homework

• White Paper Ceremony Design and Analysis
• Turing Award Lecture Reflections on Trusting Trust
• Podcast Stories We Tell: The Golem

Extra Credit

• We Let AI Run a Vending Machine. It Stocked a Live Fish and a PlayStation

Takeaways

• ⚡ We should not conflate humans and software. The "User Agent" as defined by the SAML specifications is software controlled by a human-- it was a browser back in the early 2000s. But User Agents are getting more sophisticated, and doing more on behalf of humans. Agentic AI is a forcing function that requires people to recognize the impedance mismatch between human and software agency.

• ⚡ The mythical golem from 15th century Eastern European lore is perhaps the first literary example of the potential problems with delegation to an agent. The golem is powerful yet unstable: truth wielded without wisdom becomes dangerous. The golem acts mechanically, literally, and without moral insight. It follows commands too faithfully, revealing a central anxiety of the legend: Truth without judgment becomes tyranny. This is why the golem becomes dangerous—not because it lies, but because it cannot contextualize truth.

• ⚡ Agents are comprised of multiple software "parts". Whereas the Golem has one creator, modern agentic software is built on a mountain of open source and commercial software. We need to trust the whole stack of software and its "judgment".

• ⚡ "Accountability scales" is true. And you can't have accountability without identity--not just human identity, but software and organizational identity is also important. But the elevation of identity as the core focus of governance is a mistake. Managing risk is probably the most important focus for a business--accountability is only needed when things go wrong. And a lack of transparency never results in trust.

• ⚡ What should the agent do? Humans have morals, conscience, ethics, and norms to guide us--which collectively address the infinite number of things we should NOT do. But for agents, it's not that easy. If what the agent shouldn't do is infinite, all that matters--all that we can control--is the more bounded area of what the agent should do. It reminds me of the difference between rule of law v. civil law differences: do you need permission, or to ask for forgiveness. We can only govern the bounded allowed, not the infinite not-allowed.

Livestream Audio Archive

here