Thursday, April 10, 2008

Social Sails and Peacock Tales


Dimetrodon is one of those 'dinosaurs' (technically, not actually one) that people recognize from school days - it's the one with the big sail sticking up out of its spine. (I had a tiny green plastic one that constantly battled the army men).

There seem to be two leading theories as to the purpose of the sail (it had to have some value because it assuredly would have had drawbacks (e.g. in windstorms) that would otherwise put the owner at a net disadvantage).

The first theory is that the sail was used for thermal regulation, either to warm up a cool animal basking in the sun or cool down an over-heated one through increased evaporation.

The other theory is that the sail, like a male peacock's tail, was used for sexual advertisment to other dimetrodons - the message (from a male) being
'How you doin', I must have a pretty fine set of genes if I can survive even while walking around with this huge &#(*$@!* sail on my back. You and I would make healthy babies'.

If it were used for thermal regulation, the sail would have created (or not) intrinsic value for the owner, i.e. it would have been just as useful to an isolated beast as to another in a herd. On the other hand, the sexual avertisement theory would mean that the value of the sail to its owner was dependent on some other dimetrodon's 'perception' of the sail - there is no point in advertising healthy genes if no potential partner is around to 'click on the banner' (FYI, a euphemism for the sex act).

Some things we do for our own benefit. Other things we do with others in mind (with hopefully advantageous downstream effects for ourselves).

So it is for an Identity Provider's security processes & mechanisms - an IDP would perform certain processes (e.g. backups, file encryption, etc) even if not connecting to partners for federated identity. These processes are the equivalent of the thermal regulation theory for the Dimetrodon's sail functionality - they provide direct and intrinsic security value to the IDP.

Other security processes are the equivalent of the sexual advertisement theory for the Dimetrodon sail - the IDP's motivation in supporting such processes is to create for candidate SPs a feeling of 'That IDP would be a Good Partner'. The list might include maintaining logs for 3rd party audit, supporting vulnerabiltiy scanning, publishing metadata, etc.

This insight of mine (like the parent blog itself) has no practical worth - its potential value lies only in it possibly impressing others. So I guess I lean to the social sail theory.

2 comments:

Dave Kearns said...

Interestingly, my RSS reader (Atensa) skips everything between the two ampersands so it read:

"'How you doin', I must have a pretty fine set of genes if I can survive even while walking around with this huge & mechanisms - an IDP would perform certain processes (e.g. backups, file encryption, etc) even if not connecting to partners for federated identity."

And, even for you Paul, that's weird!

Paul Madsen said...

Actually Dave, I think it reads better that way....

thanks for the tip, I'll escape appropriately

paul