The identity problem in E-business
By Sean Mc Grath
You operate a coffee shop in downtown Erewhon . You are standing behind the till ready to pounce on any business that walks through the door. You smile at me as I walk in. I show all the normal signs of a budding customer. We exchange a pleasantry. I read the menu. Then I ask you:
"How much is a Latte grande?"
Then I ask you the price of an espresso. You answer. I follow with questions about the price of a Cappuccino, a Blueberry muffin. You answer all of my questions patiently but begin to feel as if I am going to be troublesome. I ask a bunch more questions, you give me a few more answers but your blood pressure rises with each one. Eventually you suggest that I get out of your shop before you throw me out. I leave your shop. You calm down. A real customer comes in. A trade ensues. Reality resumes.
This sort of thing goes on in the real world but it is remarkably uncommon. People by and large, especially in high-density areas, learn the speed-rules of commerce that everyone obeys. Wasting someone else's time may not necessarily be a criminal offence but it is a social no no. Information about repeat offenders spreads like wildfire around business communities. "You see that guy? A time waster. If he comes round your place, show him the door."
Apart from social mores, an important reason for the lack of time wasting in commerce is that it takes two to waste time. Thankfully, most of us have too little time, to waste other people's time – if you see what I mean.
Business processes in the physical world factor in allowances for what I will call NITTs (NITT being a just-now invented acronym for "Not Intending To Trade").
Now let's switch to the electronic world and revisit the impact of NITTs. You operate a coffee shop in downtown Erewhon. You publish a web site. Your web site lists all of your prices. Thousands of people visit your web site every day and "virtually" inquire about prices. Some are for real, some are cranks, and some are competitors checking out your prices. By and large, you don't mind such NITTS. After all, the web site is an automated process. It is not costing you money to answer the questions – even to NITTs.
Let's move up a notch to E-business. You operate a coffee shop in downtown Erewhon. You publish an E-service. Software applications out there in the ether are free to connect to your E-service to inquire about prices, place orders and so on. As with the web site scenario some of the visitors are real, some are cranks and some are almost certainly competitors doing automated price comparisons. Do you care about the NITTs now?
I think you do. It's all very well knowing that your competitors can read your prices on your web site, but we don't want to make it too easy for them to create clever competitive models! These days this stuff is being taught in high school. It's only a matter of time before some visitors to your E-service are a bunch of script kiddies working on a school project. Getting more pessimistic for a moment, what if some nut living on the far side of the planet picks you out for a distributed denial of service attack on your E-service because of a slightly cold Mocha you sold him last year?
Some analogies have been made between E-services and shop windows. Like shop windows in the last century, electronic shop windows in this century will be required to stay in business. That is true but the electronic window is a two edged sword. The more powerful and useful the electronic window, the more it can be used against you by NITTs.
What to do?
Simple -- we limit access to E-services based on the identity of the caller. Wouldn't that solve the problem of NITTs?
Yes, but, um, nobody knows how to solve the identity problem.
This simple fact has put the brakes on many a runaway Powerpoint presentation business plan. The Internet was born without an identity mechanism. This simple fact is perhaps the single, most powerful inhibitor to E-business in the world today.
To date, the most prevalent scourge to grow out of the lack of an identity system is e-mail SPAM. I fear that if and when global E-services come to pass, a new, more insidious class of SPAM will emerge -- SOAP SPAM. It will slide friction-free through business processes, created as federations of Web Services. It will soak up resources, reveal useful information to competitors, slow down transaction rates for real customers. All without generating a financial return. All without traceability or culpability.
You see, in a purely electronic world, we lose the mutual assurance that it takes two humans to waste each other's time. A form of positive friction we are rapidly removing with automation.
There was a time when "the identity problem" referred to human identity on the Internet. That problem was – is – hard enough on its own. With E-business, we need to go further and address process identity. A significantly thornier problem I suspect!
We can only hope that the Inventor's Paradox  comes to our rescue and makes the more general problem easier to solve.
Frankly, I have my doubts.
Sean is co-founder and Chief Technology Officer of Propylon and is an industry–recognised XML expert.