Entity Management System
Copyright Creative Designed By 北极星

Entity Management System

Guy Huntington Guy Huntington

Guy Huntington

Trailblazing Human and Entity Identity & Learning Visionary - Created a new legal identity architecture for humans/ AI systems/bots and leveraged this to create a new learning architecture

发布日期: 2022年6月15日
+ 关注

Rewritten May 18, 2024

Updated August 29, 2024

This article is also available as a PDF.

In the "old days", not that long ago, human identities within an enterprise were managed by HRMS (human resource management systems), CRM (customer relationship marketing) systems and SMS/LMS (student/learning management systems). They exported key parts of the identities out to the enterprise LDAP (lightweight directory access protocol). This is what today's IAM (identity access management) systems use.

MY POINT - IT'S NOT GOING TO WORK WELL ANYMORE. WHY?

Enter AI Systems, AI Agents, Bots and Increasingly Smart IoT Devices

First, look at these examples re human AI agents:

Then skim to the section titled "Jane Leverages Her AI Medical Agent "MedBot" Identity Which Is Part of a Hive At Work" in “An Identity Day in the Life of Jane Doe ”.

Next, skim to Problem #2 in "CISO's - What's Your Security Strategy For AI, Bots, IoT Devices & AI Leveraged Smart Human Digital Identities? ". It shows Jane Doe in payables leveraging her AI Payables Agent in conjunction with all sorts of other agents, etc. NOTE: The same type of example can be rewritten for almost all other industries on the planet today e.g. finance, insurance, manufacturing, marketing, etc.

Then consider an enterprise which has hundreds, then thousands or more AI agents doing tasks faster, cheaper and better. As risk rises entities within an enterprise require identities.

Increased Risk Requires Legal Identities

So, if MedBot1 is going to do medium to high risk activities within the enterprise, the risk requires a legal identity for the bot.

Challenge #1 - Today's There's No Legal Identity Framework for AI Systems and Bots

Which is why, for the last not quite seven years, I've been architecting a legal identity framework for these types of entities. Skim this doc:

Come with me on a short mental journey. If MedBot1 is a digital bot then, hypothetically, it's possible for an AI system in one jurisdiction on the planet, to create digital MedBots at speeds of thousands to millions per second, which in the next instance can be operating in all other jurisdictions on the planet. YIKES!

So, any legal identity framework created MUST BE LOCAL AND GLOBAL AT HIGH TRANSACTIONAL SPEEDS. The lack of the ability to instantly determine entity friend from foe is creating a national security crisis. Skim “National Security – Reduce Risk By Instantly Determining Entity Friend From Foe

Which is why, as part of the architecture, it leverages the following:

  • A new age CRVS (Civil Registration Vital Statistics) system able to register humans and AI systems/bots able to register digital entities at transactional speeds
  • TODA - a protocol able to work at transactional speeds confirming that an identity created in the CRVS system was sent to MedBot1 on X date, at Y time, with a unique legal identifier of Z, along with a hash of the above, digitally signed by the CRVS system. To learn more about TODA skim “TODA, EMS, Graphs – New Enterprise Architectural Tools For a New Ag ”.

Let's assume the legal identity architecture doesn't arrive anytime soon. Thus, your enterprise is going to have to create unique identifiers within the entity's source code. Skim “Part I AI Systems, Bots, AI Agents, IoT Devices, & Identity Architecture ”.

MedBot1 Can Belong to a Hive

So, let's assume MedBot1 is part of a hive of thousands of medbots. Note that the bot hive can easily be a combination of digital and physical bots, all sharing and working together. The dumb question is how will not only MedBot1's legal identity be determined, BUT ALSO WHAT HIVE MEDBOT1 LEGALLY BELONGS TO?

Within TODA, it's possible to cross link different entities TODA files. Thus, it's possible for the CRVS to cross-link MedBot1's legal identity TODA file with the other MedBots and vice-versa. As well, there are also TODA "capability files" that a CRVS could hypothetically issue, which could assign MedBot1 certain group rights, etc. All of these are new possible tools to use in legally identifying MedBot1 and its hive.

To see an example of what's coming skim this article, “Nanobots, Microbots, Manufacturing, Risk, Legal Identity & Contracts ”.

Assuming the legal identity architecture doesn't arrive anytime soon, I suggest you skim this article. "Hives, AI, Agents/Bots & Humans - Another Whopper Sized Problem ".

Enter the Entity Management System (EMS)

Enterprises must change their internal architecture to get ready for this incoming tech tsunami wave. So, within the enterprise, it will create an Entity Management System to manage all the many different entities. This includes humans as well as AI systems and bots like MedBot1.

Challenge #2 - Verifying MedBot1's Legal Identity

So, the enterprise EMS must be able to instantly verify MedBot1's legal identity. MedBot1 will have a secure port able to be queried for the legal identity written by the CRVS to MedBot1's source code. The CRVS will have digitally signed this. Thus, using a secure port, secure DNS and PKI infrastructure, the EMS can query for MedBot1's legal identity and then do an instant check to see if the digital certificate is valid. Skim “Creating AI Systems/Bots Legal Identity Framework ”.

Or, lets assume the legal identity framework "stuff" doesn't happen anytime soon. This means:

  1. Your enterprise is going to have to create it's own standards for writing unique entity identifiers into the entity's source code.
  2. Then you'll require abilities to be able to instantly query the entity to do identity verification.

Skim “Part I AI Systems, Bots, AI Agents, IoT Devices, & Identity Architecture ” to see an enterprise architecture article discussing this.

Challenge #3 - Verifying MedBot1's Medical Credentials

MedBot1 might have different types of medical credentials. So the dumb question is how can the enterprise verify this? Skim this article, “Verifiable Credentials For Humans and AI Systems/Bots ”.

The planet requires a rethink in not only legal identity, but also credentials for AI systems/bots as well as humans. Thus, MedBot1 may be assigned, by a legal medical authority somewhere on the planet, it's medical credentials, which are securely written to it's legal identity source code, via a secure API, TODA, secure endpoints, DNS and PKI standards, etc.

Now, it's time for the enterprise to enter MedBot1 into its system.

Challenge #4 - Enter the EMS Database

MedBot1's legal identity will be written to the EMS database. The enterprise might or might not want to assign MedBot1 other unique identifiers. It might also want to assign certain authentication and authorization rights to MedBot1.

This can be done using TODA files internally within the enterprise.

Challenge #5 Exporting MedBot1's Identity, Authorization Rights - LDAP Isn't Going to Work Well

Here's the challenge in today's world. An entity, be they bot or human, can have many, fast changing relationships with a multiple of different entities, IoT devices, et al. The relationships might last only seconds to years. LDAP is crappy at dealing with fast changing, many different relationships for the same entity with other entities.

Enter Graphs

My friend, Derek Small , has been pioneering use of graphs to either supplement or replace LDAP for the last several years, creating a product enabling fast deployment of graphs re identity (3Edges ). Graphs are well suited for managing fast changing relationships. It's recently been bought by IndyKite .

3Edges is a graphic drag and drop tool, able to be used by line managers, who don't know security programming, who aren't "enterprise security experts", BUT ARE EXTREMELY KNOWLEDGEABLE ABOUT WHAT ENTITIES WORKING UNDER THEM REQUIRE ACCESS AND AUTHORIZATION RIGHTS TO OTHER ENTITIES AND DATA. All of which can be delegated to the line manager, by the central security team, to the extent the risk warrants it.

So, while your existing IAM vendors babble about LDAP, AD in the cloud, etc. they're behind the times. YOUR NEW EMS MUST EXPORT ENTITY DATA TO A NEW GRAPH BASED IAM SYSTEM.

Thus, the EMS will write MedBot1's identity et al to the new enterprise graph based/IAM system.

Bottom line? Enterprise security teams can now begin to use an easy to learn interface to line managers to create and modify IAM policies where risk warrants it.

Skim this article to learn more about graphs .

To understand the challenges of authorization rights with AI agents, skim “AI Agent Authorization - Identity, Graphs & Architecture ”.

Skim “Part II Hives & Fast Changing Authorization Relationships ” to see a discussion on what the future holds for entity authorization security management.

Challenge #6 - Security Models Must Be Able to Change On a Second By Second Basis

Skim this article, ?“New Physical/Cybersecurity Security Model ”. It begins to stake out, at the 100,000 foot level, a new security model for enterprises. It's what I call in my head "Zero trust on steroids".

As MedBot1 interacts with other entities, be they humans physically or digitally, other entities physical or digitally, smart IoT devices and environments like AI/AR/VR, the risks hypothetically can change each second. This is a far cry from the old models of doing identity verification and authentication, and then allowing the person in with their authorization rights to do whatever they want to.

I suggest you read Part III AI, Bots, Behaviour Tech & Security Models ”.

Challenge #7 - Speed of Attack Curves Against Legal Identities the Enterprise Uses

Look at this curve produce by my friend Pat Scannell . It hypothetically means, EACH HOUR, new attack vectors are being created against not only the tech used in legal identities, but also the governance, business processes and end users (be they human or bots).

I have a premise - only the largest countries and companies on the planet have the resources, expertise and budgets to continually defend their legal identity frameworks against these new attacks i.e., the rest of us don't. Thus, we'll be repeatedly, successfully attacked.

Thus the new legal identity architecture for AI systems/bots and humans, includes a new, global, independent, non-profit. One of its jobs is to do 24x7x365 threat analysis against the legal identity framework. It will issue rated threat assessments. Thus a very high risk MUST be responded to by governments, companies and enterprises within hours. This brings industry best practices to the world of legal identity.

I can easily see the costs for this new non-profit approaching $1 billion a year. To fund it, the architecture proposes licensing the new age CRVS system to each jurisdiction on a very small fee per CRVS event up to a yearly maximum amount. This is out of the box thinking for out of the box times.

Now, consider the fact this won't appear anytime soon. I strongly suggest you read Part IV Enterprise Risk & Innovation Governance ”. It lays out an outside the box enterprise framework for managing innovation and risk.

THIS IS THE FUTURE COMING AT YOUR ENTERPRISE AT THE SPEED OF AN ELECTRON

It's not a simple tweak and twiddle tech adjustment your enterprise can make. It requires a serious rethink of almost all parts of your enterprise both technically and legally.

It's Crying Out For A Rethought Enterprise Architecture

Skim:

It's Also Crying Out For A Rethought Legal Identity Framework For Humans, AI, & Bots

Skim these articles aimed at national government and business leaders:

Your Enterprise Is Entering A Major Paradigm Shift

Where your old ways won't work well anymore, like your HRMS. Thus, it requires out of the box thinking for our out of the box times like an EMS. Contact me if you'd like to chat.

About Guy Huntington

I'm an identity trailblazing problem solver. My past clients include Boeing, Capital One and the Government of Alberta's Digital Citizen Identity & Authentication project. Many of my past projects were leading edge at the time in the identity/security space. I've spent the last eight years working my way through creating a new legal identity architecture and leveraging this to then rethink learning.

I've also done a lot in education as a volunteer over my lifetime.?This included chairing my school district's technology committee in the 90's - which resulted in wiring most of the schools with optic fiber, behind building a technology leveraged school, and past president of Skills Canada BC and Skills Canada.

I do short term consulting for Boards, C-suites and Governments, assisting them in readying themselves for the arrival of AI systems, bots and AI leveraged, smart digital identities of humans.

I've written LOTS about the change coming. Skim the?over 100 LinkedIn articles ?I've written,?or my webpage ?with lots of papers.

Quotes I REALLY LIKE!!!!!!:

  • We cannot solve our problems with the same thinking we used when we created them” – Albert Einstein
  • “Change is hard at first, messy in the middle and gorgeous at the end.” – Robin Sharma
  • “Change is the law of life. And those who look only to the past or present are certain to miss the future” – John F. Kennedy

Reference Links:

An Identity Day in The Life:

领英推荐

My Message To Government & Industry Leaders:

National Security:

Rethinking Legal Identity, Credentials & Learning:

Learning Vision:

Creativity:

AI Agents:

Architecture:

AI/Human Legal Identity/Learning Cost References

AI Leveraged, Smart Digital Identities of Humans:

CISO's:

Companies, C-Suites and Boards:

Legal Identity & TODA:

Enterprise Articles:

Rethinking Enterprise Architecture In The Age of AI:

LLC's & AI:

Challenges With AI:

New Security Model:

DAO:

Kids:

Sex:

Schools:

Biometrics:

Legal Identity:

Identity, Death, Laws & Processes:

Open Source:

Notaries:

Climate Change, Migration & Legal Identity:

"Human Migration, Physical and Digital Legal Identity - A Thought Paper

Fraud/Crime:

Behavioral Marketing:

AI Systems and Bots:

Contract Law:

Insurance:

Health:

AI/AR/VR Metaverse Type Environments:

SOLICT:

EMP/HEMP Data Centre Protection:

Climate:

A 100,000-Foot Level Summary Of Legal Human Identity

  • Each person when they’re born has their legal identity data plus their forensic biometrics (fingerprints, and later when they can keep their eyes open – their iris) entered into a new age CRVS system (Civil Registration Vital Statistics - birth, name/gender change, marriage/divorce and death registry) with data standards
  • The CRVS writes to an external database, per single person, the identity data plus their forensic biometrics called a SOLICT “Source of Legal Identity & Credential Truth).?The person now controls this
  • As well, the CRVS also writes to the SOLICT legal identity relationships e.g. child/parent, cryptographically linking the SOLICTs.?So Jane Doe and her son John will have cryptographic digitally signed links showing their parent/child.?The same methodology can be used for power of attorney/person, executor of estate/deceased, etc.
  • The SOLICT in turn then pushes out the information to four different types of LSSI Devices “Legal Self-Sovereign Identity”; physical ID card, digital legal identity app, biometrically tied physical wristband containing identity information or a chip inserted into each person
  • The person is now able, with their consent, to release legal identity information about themselves.?This ranges from being able to legally, anonymously prove they’re a human (and not a bot), above or below age of consent, Covid vaccinated, etc.?It also means they can, at their discretion, release portions of their identity like gender, first name, legal name, address, etc.
  • NOTE: All consents granted by the person are stored in their SOLICT
  • Consent management for each person will be managed by their PIAM “Personal Identity Access Management) system.?This is AI leveraged, allowing the person, at their discretion, to automatically create consent legal agreements on the fly
  • It works both locally and globally, physically and digitally anywhere on the planet
  • AI systems/bots are also registered, where risk requires it, in the new age CRVS system
  • Governance and continual threat assessment, is done by a new, global, independent, non-profit funded by a very small charge per CRVS event to a jurisdiction to a maximum yearly amount.

A 100,000-Foot Level Summary Of The Learning Vision:

  • When the learner is a toddler, with their parents’ consent, they’ll be assessed by a physical bot for their learning abilities.?This will include sight, sound, hearing and smell, as well as hand-eye coordination, how they work or don’t work with others, learning abilities, all leveraging biometric and behavioral data
  • All consents given on behalf of the learner or, later in the learner’s life by the learner themselves, are stored in the learner’s SOLICT “Source of Legal Identity & Credential Truth
  • This is fed into a DLT “Digital Learning Twin”, which is created and legally bound to the learner
  • The DLT the produces its first IEP “Individualized Education Plan”, for the learner
  • The parents take home with them a learning assistant bot to assist the learner, each day, in learning.?The bot updates the DLT, which in turn continually refines the learner’s IEP
  • All learning data from the learner is stored in their LDV “Learner Data Vault”
  • When the learner’s first day of school comes, the parents prove the learner and their identities and legal relationship with the learner, via their LSSI devices (Legal Self-Sovereign Identity)
  • With their consent, they approve how the learner’s identity information will be used not only within the school, but also in AI/AR/VR learning environments
  • As well, the parents give their consent for the learner’s DLT, IEP and learning assistant bot to be used, via their PIAM (Personal Identity Access Management) and the learner’s PIAM
  • The schools LMS “Learning Management System” instantly takes the legal consent agreements, plus the learner’s identity and learning information, and integrates this with the school’s learning systems
  • From the first day, each learner is delivered a customized learning program, continually updated by both human and AI system/bot learning specialists, as well as sensors, learning assessments, etc.
  • All learner data collected in the school, is stored in the learner’s LDV
  • If the learner enters any AI/AR/VR type learning environment, consent agreements are created instantly on the fly with the learner, school, school districts, learning specialists, etc.?
  • These specify how the learner will be identified, learning data use, storage, deletion, etc.
  • When the learner acquires learning credentials, these are digitally signed by the authoritative learning authority, and written to the learner’s SOLICT.
  • The SOLICT in turn pushes these out to the learner’s LSSI devices
  • The learner is now in control of their learning credentials
  • When the learner graduates, they’ll be able, with their consent, to offer use of their DLT, IEP and LDV to employers, post-secondary, etc.?This significantly reduces time and costs to train or help the learner learn
  • The learner continually leverages their DLT/IEP/LDV until their die i.e., it’s a lifelong learning system
  • IT’S TRANSFORMATIONAL OVER TIME, NOT OVERNIGHT

要查看或添加评论,请登录

更多精彩文章

社区洞察

其他会员也浏览了