Gartner Blog Network


Relationship context metadata

by Ian Glazer  |  January 31, 2011  |  4 Comments

In our paper “A Relationship Layer for the Web“, we defined a “contextual identity asset” as a package containing two kinds of information:

  1. Identity information about an individual
  2. Relationship Context Metadata

Relationship context metadata explicitly describes the relationship from which the identity information was obtained and the constraints imposed by the participants in that relationship on the use and disclosure of the information.

The idea behind using relationship context metadata is that it puts personally identifiable information “in context”; in the paper we described this process as creating a “contextual identity assets”.  Our theory is that putting information into contextual identity assets does two important things:

  1. Makes it easier for those receiving the information to treat it properly (because recipients can just look at the metadata to see what the rules are)
  2. Makes it riskier for those receiving the information to misuse it (because anyone can just look at the metadata and see if the rules are being broken)

So, for example, imagine that instead of an identity provider passing this little chunk of raw identity information to a relying party

  • Bob’s credit card number is 555-00-1212

the provider passes the following contextual identity asset to a relying party:

  1. This individual’s name is Bob and his credit card number is 555-00-1212
  2. This information has been provided in the context of relationship (services contract #42 between InterMedProvider and RelPart, Inc.); under the terms of that contract the information in part 1 may be used to authorize Bob’s payment for the current transaction, but the information may not be stored, displayed on a screen, printed, or transmitted to any third party.

The contextual identity asset in a sense protects itself. Unlike the chunk of raw data above, which conveys no information about the sensitivity of the information it contains or the rules for processing the information, the contextual identity asset is self-explanatory. It states which relationship will be damaged if the information is misused (the one between InterMedProvider and RelPart), and it also describes what uses are proper and what uses are improper. Recipients of this asset can understand their obligations to protect it, and they can understand what damage will be done by a failure to meet those obligations.

And, importantly, the contextual identity asset is meaningful not just to the technology infrastructure, but also in the “social layer” above the technology infrastructure.  Humans can look at the metadata and decide whether they’re about to do something wrong – or whether they have received the information as a result of someone else already having done something wrong.

We think relationship context metadata is the way forward in privacy protection; we think private information will never be well-protected until it’s easy to tell what the rules are and whether they have been broken.

We’re doing research about existing uses of relationship context metadata, about projects underway to create and use relationship context metadata, and about the nuts and bolts of what relationship context metadata should look like, how it should be attached to private data, and what policies should be defined surrounding contextual identity assets.

If you use relationship context metadata today, or if you have or know about a project to define and use it, we’d love to talk to you as part of our research .  Get in touch.  Here’s how:

  • On Twitter
  • Email: ian dot glazer ~at~ gartner.com

Category: privacy  

Ian Glazer
Research Vice President and Agenda Manager
4 years at Gartner
16 years IT industry

Ian Glazer is a research vice president and agenda manager on the Identity and Privacy Strategies team. He leads IdPS' coverage for authorization and privacy. Topics within these two main areas include externalized authorization management, XACML, federated authorization, privacy by design, and privacy programs. Read Full Bio


Thoughts on Relationship context metadata


  1. […] This post was mentioned on Twitter by Alex Hutton, Bob Blakley and Ian Glazer, Keith Ricketts. Keith Ricketts said: Relationship context metadata: In our paper “A Relationship Layer for the Web“, we defined a “contextual identit… http://bit.ly/hneCCl […]

  2. This is important work. One of the axioms of modern identity management is that identities are meaningful in context. The key I think to security and privacy is indeed to convey context.

    There are powerful existing means to convey context. If your example …

    \1. This individual’s name is Bob and his credit card number is 555-00-1212 2. This information has been provided in the context of relationship (services contract #42 between InterMedProvider and RelPart, Inc.) …\

    we can bake the context onto the identity via digital certificates. The Policy under which a certificate issued can embody everything under point 2 above, and wrap it up into a nice crisp OID that can be checked by RP software to determine if the credential is fir for purpose.

    I am writing a new paper on contextualised identity. I would surely like to swap notes and be part of your research.

  3. […] love it when mid tier consulting firms “discover” a trend. A Gartner expert has revealed “Relationship Context Metadata.” Here’s the definition of the polysyllabic concept: “Relationship context metadata […]

  4. […] Relationship context metadata "The contextual identity asset in a sense protects itself. Unlike the chunk of raw data above, which conveys no information about the sensitivity of the information it contains or the rules for processing the information, the contextual identity asset is self-explanatory. It states which relationship will be damaged if the information is misused (the one between InterMedProvider and RelPart), and it also describes what uses are proper and what uses are improper. Recipients of this asset can understand their obligations to protect it, and they can understand what damage will be done by a failure to meet those obligations." (tags: ianglazer gartner tos privacy identity) […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.