Platt’s Law of Assertions
In a meeting the other day, we were musing about the consequences of assertion life-time value, noting that most PKI-like assertions were ‘long-lived’ and SAML assertions were optimized for ‘short-lifespan’.
Darren Platt made a comment which stuck in my mind when he stated that ‘shorter assertions, when the infrastructure is capable of handling them, will always be used over longer assertions.’.
I’ve not had time to analyze the trends with which assertion life-time values are declining, but it occurred to me that this statement is quite profound, in a Moore’s Law sort of way.
We live in a world of long-lived assertions ‘tokens’ (assertions of identity), both physical, and in the case of PKI certs, digital (think of VeriSign’s SSL Certs). The lifetime of these assertions in many cases is measured in years. I suspect over time, as new infrastructures arise to deal with these assertions, such as federated identity infrastructures capable of building and receiving SAML assertions, the gates of accessibility will become increasingly tied to ‘real-time’ policy enforcement.
While this thought has not been completely flushed through, I’d like to refer to this as Platt’s Law of Assertions, which simply put, states that “shorter assertion lifetimes will always prevail over longer assertion lifetime values, given the infrastructure to deal with them is in place.”
