Chapter 3. Trust

In the influential book Trust: The Social Virtues and the Creation of Prosperity, Francis Fukuyama argued that public values, especially trust, shape the direction of national economies. Among other things, Fukuyama shows how trust reduces transactions costs, and ultimately, economic friction. In a smaller way, being able to use a digital identity infrastructure to establish and capitalize on circles of trust within your organization, and between your organization and its partners and customers, may very well shape the direction of its success.

Trust is an important and yet tricky topic. Ultimately, every authorization made using a digital identity infrastructure is dependent on trusting that an identity and its attributes are correct. At the same time, trust is a concept that humans understand implicitly but have difficulty capturing algorithmically. Various mechanisms for establishing trust in identity credentials are available. This chapter introduces the notion of trust and the methods used to achieve it, but details of how those technologies are used to build trust are saved until later chapters.

In a digital identity infrastructure, trust occurs in a variety of places. Here are some examples of trust:

When we create a policy about digital identity and the actions available to holders of particular identity credentials, we're setting out a collection of objectives based on the circumstances of the transactions involved, the business requirements, the degree of risk that the business is willing to bear in those circumstances, and the cost the business is willing to pay to reduce the risk to an acceptable level. These objectives drive the level of trust and the amount of evidence we need to collect to attain it.

Circumstances of the transaction may vary greatly. On one end of the spectrum might be electronic transactions over secure lines wholly owned and operated by the company and on machines that are carefully maintained in secure facilities. At the other end are circumstances where such transactions occur over the Internet using machines that are owned by people who may be actively trying to take advantage of the organization.

Business requirements spell out what has to happen. Sometimes they may also spell out how it happens, as any supplier to Wal-Mart can attest. Business requirements spell out who we are dealing with and why. They also should make the end goal of the transaction clear and set forth the penalties for not achieving that goal.

Risk is something that is managed by the business either actively or passively. Some businesses and people are very risk averse. Others are more tolerant of risk, especially in light of the cost of reducing risk. Even so, our assumption is that most businesses want to reduce the risk attendant to electronic transactions, and understanding the appetite your organization has for risk is critical to building an effective digital identity infrastructure.

Trust is a firm belief in the veracity, good faith, and honesty of another party, with respect to a transaction that involves some risk. For example, when you give your credit card to the waiter at a restaurant, you are expressing trust that the waiter will use the credit card to process a transaction that will pay for your meal. You expect that that transaction will be the only one processed and that the waiter won't steal the credit card number for some other purpose. The only time I've ever had my credit card number stolen was in a restaurant, and yet I still blithely hand my credit card over to any waiter who comes along. There is clearly risk, but I take it because I'm convinced that the risk is small. Most of us don't consciously think about the risk of using a credit card to pay for a meal; we evaluate the risk intuitively based on a variety of factors including our previous experience, the way the restaurant looks, and, perhaps most importantly, beliefs about the credit card company indemnifying us beyond a certain point.

There's no doubt that trust is linked to risk when we consider who we're willing to trust with what. I may trust a particular person to fix my car, but not to baby-sit my children. Trust is based not just on the entities involved in the transaction, but also on their roles and the particulars of the transaction.

Trust is something I grant to or withhold from others—they cannot hold it for me. I can adjust it or revoke it completely, at any time. This leads to some important trust properties.

In the world of digital identity, trust is generally linked to a particular set of identity credentials and the attributes associated with them. I may have several email addresses, for example, and even though they all belong to me, people may see them in different contexts and trust a request contained in an email from my work address, for example, more than they do from my Gmail account.