Int. Journal of Business Science and Applied Management, Volume 2, Issue 1, 2007
Research Note:
Representing Identity and Relationships in Information
Mike Martin
Centre for Software Reliability, Newcastle University,
Newcastle upon Tyne, NE1 7RU, United Kingdom
Tel: +44 (0)191 2227087
Fax: +44 (0)191 2228788
This research note is concerned with how identity and of relationship are represented in information
systems. It presents a real world example of the problems that can arise in the delivery of social care
and explores some thoughts about the application of Peirce’s ideas to respond to these issues in the
context of case management and record systems.
Keywords: identity, relationships, information systems
Int. Journal of Business Science and Applied Management /
This research note is concerned with how the concepts of identity and of relationship are
represented in information systems. It is not presented as completed research but as work in progress
and as a provocation to thought and discussion in the formulation of future research directions. It starts
by outlining a particular case which illustrates the problem in a rather extreme form. The purpose is not
to attempt to ask questions about the solution to this case as if it were some sort of computational
puzzle, it is not. The purpose of this example, which is drawn from real life, is as a test for the
expressiveness and the adequacy of the concepts and terms we use to talk about identities and
relationships as they are represented in our systems.
The case concerns an individual called Mary and the problems she faces. The question we must
ask is whether our systems language, with terms such as “Identity Management”, “Provisioning” and
“Data Warehousing”, is adequate to express her problems let alone offer a framework for articulating
some solution, if, indeed, the term “solution” is an appropriate one in the face of the wicked problems
we will explore.
The second part of the paper uses some of the ideas of the American philosopher Charles Sanderes
Peirce as a framework to examine our notions of identity and relationship and how this could have an
impact on how we represent and reason about them in the design of information systems.
There are two broad stances represented in current systems and management literatures on Identity
Management: the enterprise centred approach and the user centred approach. The first is concerned
with protecting the interests of an enterprise and, in this literature, identity management is typically
defined in the following sorts of terms:
Identity management refers to the process of employing emerging technologies to manage
information about the identity of users and control access to company resources. The goal of
identity management is to improve productivity and security while lowering costs associated with
managing users and their identities, attributes, and credentials.
In this approach, information is the wholly owned internal resource of the enterprise which assumes
complete rights over its use. The second stance in the literature is the user centred one in which the
issues of the privacy of the subject are centre stage. In this stance, the concept of identity management
is defined in a different set of terms:
(Privacy-enhancing) identity management offers a means whereby individuals control the
nature and amount of personal information about them that is disclosed. In particular, to
achieve privacy, individuals can use pseudonyms and determine the degree of linkability
between different occurrences of their data. Through the secure and authenticated use of
pseudonyms, accountability of an individual for his or her actions can be achieved without
giving away personal data.
While the two stances locate the centre of concern and interests differently, in both of them the
relationships within which identities are embedded are ones of supplier - customer or employer
There is little or no literature to be cited about the organisational and systems issues of identity in
the contexts of the caring and developmental sectors including social and health care as well as
education. Here, relationships between service providers and service users exhibit different sorts of
symmetries and asymmetries compared with the world of commerce and outcomes my include the co-
production of new identities and the negotiation of new relationships. There are increasing pressures on
public services and the voluntary organisations, which represent a high proportion of the providers in
the caring and developmental sectors, to achieve higher efficiency and effectiveness. This is resulting
in the increased adoption of the information management and communications techniques of the
From . An Introduction to
Identity Management, Spencer C. Lee. March 11, 2003
2 .
Privacy-Enhancing Identity Management, Sebastian Clauß, Andreas Pfitzmann, Dresden
University of Technology, Marit Hansen, Independent Centre for Privacy Protection Schleswig-
Holstein and Els Van Herreweghen, IBM Research Lab Zurich
Mike Martin
commercial sector and there is an assumption that all the concepts and tools required to address issues
of confidentiality and control are available.
In this note I argue that the approach to identity management for the caring and developmental
sectors is not simply a question of finding a balance between the enterprise centred and the user centred
approaches. It requires a deeper understanding of what we mean by identity and relationship and how
we represent them in our information systems.
This story involves a large national charity concerned with the interests of children and young
people. In our city, they are commissioned by the Local Authority to manage the Sure-Start Centres
where the parents of babies and toddlers can find support, advice and a range of services. At the time
we are considering, one of these centres was being managed, on a temporary basis, by Mrs. Cannybody
who is not a qualified social worker but who has done both voluntary and contract work for the charity
for many years and is highly experienced.
The same charity also delivers another service in the city. This provides counselling, therapy and
support to children and young people who have suffered sexual abuse or exploitation. Clearly, this is a
specialised service which is not widely publicised to which clients are referred by professional
Finally, our charity also works with the police, probation service, courts and social services of a
town at the other end of the Region in a programme of initiatives to control prostitution which is seen
as a particular local problem.
Mary is 17 years old and is a single mother with a 6 month old baby. She has been attending Sure-
Start but recently, Mrs Cannybody has noticed that she has become withdrawn and unhappy. She
cannot, however, get Mary to discuss her problems and, as a result, is concerned about her well being.
Unbeknown to Mrs Cannybody, or anybody else in Sure-Start, Mary is also attending sessions at
the counselling service because, a year ago, she was relocated into our city by the Prostitution
Response Programme as part of an action to close down a prostitution ring. The pimp who ran this ring
was sent to prison and, in the initiative to support the then pregnant Mary, she was relocated and a
number of services activated to help her rehabilitate herself and build a new life. She made it clear that
she wanted to put her previous experiences behind her and that she was only prepared to discuss them
with her individual councillor at the support service.
Meanwhile, Derek, her erstwhile pimp, has been realised on parole, after serving 12 months, on
condition that he attends one-on-one and group counselling sessions for ex-abusers which are run by
our national charity. While in prison, Derek found the Lord and was born again. He claims to be the
father of Mary’s child and says he wants to do what is right by her and support them both. The
relationship between Derek and his councillor in the local rehabilitation service is not one of
supervision and control but is intended to be therapeutic and supportive.
So, within our single, national charity, we have three professionals or workers. Two of these have
a relationship with Mary while the third has a relationship with Derek, whose records may have an
historical, indirect link to her, for example via the various police records. The question we are faced
with concerns how and where Mary’s identity and her relationships are represented in the case
management, recording and reporting systems of the Charity.
The specific background to asking this question is the growing pressure on the charity to provide
detailed reporting to the commissioners of the services that it delivers about activities, costs and
outcomes. This has led to a proposal by the IT department that what they really need is a “Data
Warehouse” as part of a new “Enterprise Information Architecture”. The potential providers of these
products talk about “single point of truth”, data cleansing and normalisation as key values that they can
offer to address the organisation’s complex information management needs.
Any attempt to approach the professionals engaged with Mary and her baby to elicit use cases,
map processes and define data sets and security policies is simply exacerbating their problems: this
language is simply not adequate for expressing Mary’s concerns and interests or, indeed Derek’s, the
professionals and the organisations involved. Equally, the policy objectives of integrated delivery,
integrated planning and processes and integrated governance may sound laudable and attractive but
Mary needs real and dependable boundaries around her relationships and separation of the information
Int. Journal of Business Science and Applied Management /
that they hold. Mary’s story forces us to reconsider the term “integration” and the assumption that it is
a universal, value where more is always better.
When we are forced to consider situations such as this one, it becomes very clear that, if there is to
be any resolution, then that resolution is one that will be co-constructed by the individuals involved
within the context of the individual cases and relationships. The purpose of the organisational and
systems resources that are deployed around the case is to facilitate this co-construction and to provide
supportive and safe governance mechanisms. The questions we must ask about such systems concern
how they enable the signalling of concern, the assumption, exchange and discharge of responsibility for
care with consent, and the appropriate governance of information in the interests, and under the control,
of the parties concerned.
Putting this in the more concrete terms of Mary’s case: how could Mrs Cannybody signal her
concerns in ways that respect Mary’s choices? How can Mary’s councillor respond and engage Mary in
that response? How can the three domains of information remain distinct and separate until and unless
individuals with the appropriate rights and responsibilities perform explicit acts of relationship
management which connect things together and how, finally, can these acts of identity and relationship
management be made auditable, accountable and governable?
Before we can begin to consider these difficult questions, we must first establish some
groundwork of concepts and meanings. This is ontology in the deeper, philosophical sense, not in the
rather superficial sense of the data modeller.
As human individuals we all share an innate sense of self. We each uniquely experience what it is
like to have our own thoughts and feelings and also to experience the continuity of individuality
through out our lives. This concept of identity and individuality corresponds to what Peirce calls a
“First” or monadic concept. The “I” that is delineated is purely self referential and needs no reference
to anything else. There are few instances of monadic concepts that we use in everyday life and they
seem strange. Much more familiar is the dyadic concept of identity. In this way of framing the issue, I
am the collection of attributes that I exhibit to the world and through which I can be recognised. So, I
am the individual with a particular date and place of birth, with a gender, parentage, etc. I exhibit a
particular demography and any particular collection of information items from this set of items may be
adequate to uniquely identify me from within some wider group.
In addition to my demography there is also a set of biometric data which is associated with my
physical presence: photographs, thumb prints, retinal scans and genetic maps are examples of this sort
of identifying information. Finally there is my signature which is performative data which is associated
with, but not necessarily unique to, me. (A forger could practice and make perfect.) This concept of
identity what Peirce calls a “Second” - is two items which, through their relationship or association,
form a concept. It is the association of the data with the individual which constitutes this notion of
identity. When this data is put into an information system, and clearly, I, the individual, remain in the
world outside of that system, we face an interesting set of challenges. Who, for example, owns that
system? What is its purpose and what is my relationship with both of these? The ownership of the
system that contains this data represents a relationship of potential power and control and, as a result, I,
as the subject, have a stake and an interest to protect. It is this concept of identity that is the basis of the
two approaches to identity management mentioned at the beginning of this paper.
Unfortunately, the propensity to confuse the data in the system with the realities that it refers to
outside of the system is a strong one and there is a rather pervasive attitude in technological and
management domains to rely on technical and organisational means and to attribute ultimate value to
the information in the system referring to it, for example, as the “single point of truth”. But even in the
case of a banking system, for example, where the figure in the account does represent the account
holder’s balance as far as the bank is concerned, we are still left with questions as to whether the string
of transactions that have resulted in this figure were executed by the individuals that the system has
taken to be their authors. Anyone who has experienced impersonation and fraud will know that the
concept of truth is relative here and we need to ask the question “whose truth?”
Arguments like this, and there are many of them, lead to the conclusion that the dyadic notion of
identity, whilst it does a job in the world of information systems, is not an adequate one in many
circumstances. Certainly when we remember Mary’s story, we can see that, even though there is only
one individual, Mary, the information system(s) which support the delivery of services to her can not
afford to take the process of interpreting identity attributes and recognising Mary away from the
contexts of the particular relationships within which that recognition is taking place. In Peircian terms,
this is making identity triadic. An identity is the three way linkage between the means (information) by
Mike Martin
which a recogniser (person, institution, agency) recognises an individual (person). The purpose of the
recognition is to maintain and make use of a shared history, i.e. it is to support a relationship.
In terms of our information systems, this has an important consequence. We understand the
concept of identity management with its associated registration and authentication services. We also
understand the concepts of relationship management with its case and index support services by which
the records associated with different relationships can be combined. Mary’s story, as an example of the
most difficult and challenging use case, shows that these two sets of systems functions and associated
responsibilities cannot be divorced from each other and made separate, independent. Acts of identity
management where, for example, a registrar creates and records an identity for an individual and, as a
result, the possibility for a set of persistent records is generated and maintained, cannot be assumed also
to be acts of relationship management where those records are automatically correlated with others.
Creating connections between records are acts which are distinct from those of creating records
themselves and must be explicitly accounted for, audited and governed.
In this light, the automation of identity correlation, known as data cleansing, is a particularly
significant process requiring the highest level of scrutiny and governance. The technologies and
approaches that have been developed to support the process of rationalising insurance and savings
account business for banks, are not necessarily appropriate for addressing the information needs of our
national charity.
Further, notions of role based access to information does not adequately encompass all of the
concerns and issues that are relevant. Cases such as Mary’s demonstrate that it is not simply who I am
and what my role is that governs my rights to see information about some individual but, in addition,
my specific relationship with the subject of that information and the contexts of my activities within
that relationship need to be taken into account. For example I may be involved in an ongoing case that
is governed by the established consents and a current information sharing protocol or I might be
declaring an emergency which will need to be accounted for at some future date in the context of the
auditing and governance of my practice. Alternatively, I might, like Mrs Cannybody, be exploring a
concern by publishing a query to anyone who has a relationship with the individual she knows as Mary,
on the understanding that Mary may have relationships which she wants to maintain quite separately
from the one Mrs Cannybody has with her. What the recipients of this narrowcast and specific
publication do about it is up to them and Mary and Mrs. Cannybody may or may not get a direct
answer. She must look to her experience, recommended practice and her relationship with Mary to
formulate her next moves.
These thoughts about how we deal with identity and relationships in our information systems have
some important implications on method and on language. The continued development of both the
power and the pervasiveness of information systems has resulted in the situation that many aspects of
our lives, development and well being are becoming dependent on how they, the information systems,
are constructed and operated. Bateson defines information as “news of a difference that makes a
difference” and, increasingly, it is information in systems, rather than in the real world, that is making
the key differences in peoples lives. These developments cannot be halted. What does perhaps need to
change is the language we use when we plan, develop, deploy and govern them and the range of
individuals who have a voice in these processes.