Can you have federation without trust?

Back in olden days, when I worked for IBM, its sales & marketing people weren’t allowed to use the word “risk”… because it might be taken (by customers) to imply that there was any form of risk associated with the corporation’s products (this is long enough ago that it hadn’t really cottoned on to ‘services’ yet…). And so the word was carefully expunged from the corporate lexicon (as evidence, I cite Mike Cowlishaw’s seminal IBM Jargon Dictionary… look up “exposure” in the pdf file here).

This made things quite tricky for the poor souls who had to write a Project Risk Checklist for IBM’s project managers… without using the word “risk” anywhere. So, “Project Assessment Checklist” it was, then…

That said, when we in the field were given our first training session by a proper project manager, he was blunt about it to the point of political incorrectness. “A project which involves no business risk”, he intoned, “is unlikely to deliver any significant business benefit”.

Which is a fair enough comment, and worth making (if your vocabulary permits you to do so, that is…).

I thought of this as I read a Tweeted Q&A from the Burton Catalyst conference currently under way in Prague. Bob Blakey asks Tony Nadalin “Can federation exist on the internet without trust frameworks?”.

My initial thought is that not all kinds of trust are equivalent; for instance, when I conduct banking transactions online from my laptop, I place different kinds of trust in the bank and in the telecommunications infrastructure. I hold them responsible, respectively, for different aspects of the transaction’s success, and I would expect different forms of recourse if something went wrong.

So, if I intend my organisation and your organisation to conduct high-value business over the internet, but choose to do so with no kind of trust framework in place, I’m probably taking quite a risk. In some forms of business, I might be happy to do that. I might even be insured or re-insured against some kinds of failure. My safeguards against “transactional” risk for that high-value business are not necessarily the same as my safeguards against, say, the network suddenly dropping out of service.

On the other hand, some networks are not meant for ‘high value business’. What are referred to as ‘social networks’ (and I still don’t like that phrase) get their value from the network effect, rather than from the exchange of financial value – again, that doesn’t mean there’s no need for trust – but the risks and appropriate mitigations involved are different.

I’m not going to go for the CEM Joad response (“Well, I suppose it all depends on what you mean by ‘federation’ and what you mean by ‘trust frameworks'”), but it did occur to me that a federation, constructed over the internet, which has absolutely no element of trust is unlikely to deliver significant benefit.

There’s another interesting question, of course: can you have a federation which successfully meets the goals of all its stakeholders even if they don’t trust each other? (Strategic arms reduction, for instance). But that’s another discussion…