I know I’ve been the Old Man of Novato, ranting about context all these years, but the market, the industry, and—most importantly—the technology are finally evolving toward this direction. For the longest time, it was just me and the usual suspects in academia and elsewhere, muttering in our corners about the Semantic Web, but now we’re hearing about context-aware computing from every direction. While I’ve refined a set of slides on context that I’ve delivered to groups large and small over the years, along with a demo of our Context Browser technology, now seems like a great time to put everything I know down in writing.
Although my French heritage and Math background prefer to start from theory and illustrate through examples, my newly American pragmatic tinkerer side is planning to do a quick roadmap here, then look at examples from our existing systems and, through them, make the theoretical case. It’ll take a few posts to get there, but then, I’ve really been enjoying blogging lately, as my manifesto in response to Ian Glazer will testify. Read it from the beginning, if you’d like a peek into my recent madness: one, two, three, four, five, six.
Context Matters: Where We’re At, Where We’re Headed
We’ve already seen the word creeping into marketing materials, but one of these days—okay, maybe months or years—it’s going to be more than a promise: digital context will be everything. As we get closer to digitalizing our entire lives, we’re also moving toward a context-aware computing world. Now, when we’ve talked about context-aware computing so far, it has seemed like one of those woolly concepts straight from a hyper-caffeinated analyst’s brain (or an over-promising marketer’s pen). But the truth is, any sizeable application that’s not somehow context-aware is pretty useless or poorly designed.
Sure, there are pieces of code or programs that exist to provide some transition between observable states and, as such, are “stateless.” And I know that on the geeking edge, it’s trendy to talk about stateless systems, which are an important part of the whole picture. In reality, however, the world needs to record all kinds of states, because a stateless world also means a world without any form of memory—no past, present, or future. So it’s not like most of our programs and applications are not context-aware. They are, and most of the time they’re pretty good at managing their own context.
The problem is that we move from context to context, and in the digital world this means that unless those programs, those agents, those devices share their context, we are facing a stop-and-go experience where the loss of context can be as annoying—or as dangerous—as an interrupted or broken service. The lack of context integration can mean a bad user experience—or a dead patient due to a wrong medication. In a world where actions and automated decisions can be taken in a split-second, this absence of context integration is a huge challenge. Nowhere is the issue is more acute than in security, in authentication and authorization.
The Big Question: What is Context?
This is what we’ll consider over my next few posts—what context is, how we represent it in current programs, and how we could link each island of context for a fuller, more fluid picture of how everything interrelates. We’ll begin by observing how authorization enforcement has evolved from the use of groups to roles to attributes and try to characterize what is context in those specific cases.
Then we’ll see how generalizing those observations and combining them with an intuitive, natural language description of context can guide us toward a solution to represent and link context across data silos.
Of course, since I’m all about evolution and not disruption, we’ll look at how such an implementation can leverage existing databases and directory structures to deliver the same advantages—familiarity, experience, scalability—while cancelling the current limitations, such as both systems’ known inflexibilities and the problems of large-scale distributed deployments.
Finally, I’ll illustrate how this new category of software—what I call context servers—can be leveraged, first in security and later as a way of gluing together our existing application silos.
Be sure to check back to join our discussion of using context to drive policy development and authorization enforcement.