identity of the person behind the Web browser. The same lack of trust establishment mechanisms can be identified at virtually every step of the Web-based interaction. Consequently, we can expect as we go forward the development of a more general interaction model that encompasses both human and computer environments with equal facility, along with the many other interactions that we engage in on a daily basis; and, through this model we can quantitatively assess the levels of trust that we will reasonably expect from the various facets of the interaction environment.

Any consideration of policy, particularly within a comprehensive policy infrastructure, must take into account the ubiquitous concerns about personal privacy if it is to have any measure of popular acceptance. Somewhat like identity, privacy is a complicated concept in its own right. Within the social ecosystems of the United States, privacy presents itself in at least three rather distinct guises: “I am free to do what I want.” “What I do is my business and therefore the fact and results of my actions belong to me.” and “What I do is private; it’s no one else’s concern!” We might paraphrase these aspects as freedom of action, ownership of transactions and opaqueness of interactions.

We have observed that one of the first aspects of establishing a framework for interactions is to arrive at an agreement on the applicable rules of engagement. Paramount among such considerations is the determination that the parties have no prohibitions against participation in the specific transaction. In fact, we live and operate within an environment of such complex and overlapping policy infrastructures that we rarely have complete freedom of action. As we have alluded more than once previously, we often have a problem knowing what policy constraints may be in effect within any given situation.

The ownership of the fact of transactions and of the information involved in transactions is typically a matter of the specific body of law that comprises the foundation of the policy infrastructure within which the interaction occurs. In some instances, these points are subject to negotiation among the respective parties but in many cases they are established by law, subject to the proper consideration of the rights of personal privacy.

We’ve alluded to the concept of negotiation as prelude to interactions. Obviously, this negotiation is only appropriate for certain interactions. When we drive our automobile into the toll booth on a turnpike, the fee we have to pay is non-negotiable. On the other hand, when we walk into an automobile dealership to purchase a new car, the price to be paid for that car is certainly negotiable. Where appropriate, the purpose of negotiation is to seek more detailed agreement by the parties involved as to the conditions and expected results of a specific interaction. The goal of this approach is to minimize post-interaction disagreements due to subjective evaluation of the outcome. This in turn minimizes the need to resort to a consequence infrastructure to sort out interactions gone bad. Pre-interaction negotiation using well-defined terms and actions offers a mechanism through which to achieve this goal. Consider a few areas where current interactions often present problems.

Most obvious is the authentication of the identities of the parties to an interaction. This provides credibility to any negotiation of policy that subsequently occurs. By using both differential identity and experiential identity mechanisms, constraints established by law can be readily addressed. “If you live in Texas, when you buy this product from the Web you must pay this rate of sales tax.” “You must be at least 18 years old to access this material.” “You have two hours to complete this examination.” All of these are relatively routine occurrences for network based

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)