Saving the World with User-centric Identity.

Getting Started with Identity

Welcome to the Identity Woman Blog

I am an advocate for the rights and dignity of our digital selves.

Top Posts:

How to Join NSTIC, IDESG: A Step-by-step Guide

How to Participate in NSTIC: A Step-by-step Guide

Where I am in the World:

I live on the East Bay of the San Francisco Bay.

ID360  April 9-10, Austin

NSTIC Management Council Retreat  April 22-23 in DC

Internet Identity Workshop - May 6-8, Mountain View, California.

SHARE: Catalyzing the Sharing Economy - May 13-14 in San Francisco

NSTIC 9th Plenary June 17-19 in DC

Cloud Identity Summit - July 19-22 in Monterey, California

Web of Change (tentative) Hollyhock, Cortez Island, BC, Canada

World Economic Forum - YGL Summit + Annual Meeting of New Champions - Sept 7-12 in Taijin, China

Internet Identity Workshop number 19, October 4-6, Mountain View California

Latest Media:

NSTIC in Tech President: In Obama Administration’s People-Powered Digital Security Initiative, There’s Lots of Security, Fewer People 

Article on the BC eID Citizen Engagement Panel in Re:ID. PDF: reid_spring_14-BC

Fast Company Live Chat: On Taking Back Your Data

Fast Company: World Changing Ideas of 2014: You Will Take your Data Back

Posts on NSTIC:

  • Participatory Totalitarianism! - My TEDxBrussels Talk about how if we don't get this NSTIC stuff right we will end up in a really creepy world.  It references my struggles with Google+ to use the name I chose for my online self.

Posts about Identity:

  •  NymWars - My Personal Saga with Google in the [psuedo] NymWars to use the name I choose on their service - annotation of all my posts.
  • My speech at the Digital Privacy Forum in January 2011 articulating a vision that goes beyond "Do-Not-Track" vs. Business as Usual, creating a new ecosystem where people collect their own data.

Organizations and Events I share leadership in:

  • I am co-leading a new project - more details coming soon.
  • I am on the Management Council of the IDESG - the Identity Ecosystem Steering Group of NSTIC - the National Strategy for Trusted Identities in Cyberspace.
  • I co-founded, co-produce and co-facilitate the Internet Identity Workshop #18 May 6-8  in Mountain View, CA. This conference has focused on User-Centric Identity since 2005.
  • I am a steward of Identity Commons which keeps all the organizations and groups working on user-centric identity linked together.
  • I am the volunteer network director at the civil society organization I have been affiliated with since 2003.
  • I founded She's Geeky a women's only unconfernece for those in Technology and STEAM fields (Science, Technology, Engineering, Art and Math)
  • I co-founded Digital Death Day and work with that community to continue to host events on the issue. You can see a video of me talking at Privacy Identity and Innovation about this. The next conference is in London on October 6th.
  • I own a business that designs and facilitations participant driven events for a range of clients (IIW, She's Geeky and Digital Death Day are all Unconferences).

BC Identity Citizen Consultation Results!!!!

As many of you know I (along with many other industry leaders from different industry/civil society segments) was proactively invited to be part of the NSTIC process including submitting a response to the notice of inquiry about how the IDESG and Identity Ecosystem should be governed.

I advocated and continue to advocate that citizen involvement and broad engagement from a broad variety of citizen groups and perspectives would be essential for it to work. The process itself needed to have its own legitimacy even if "experts" would have come to "the same decisions" if citizens were and are not involved the broad rainbow that is America might not accept the results.

I have co-lead the Internet Identity Workshop since 2005 every 6 months in Mountain View, California at the Computer History Museum. It is an international event and folks from Canada working on similar challenges have been attending for several years this includes Aran Hamilton from the National oriented Digital ID and Authentication Council (DIAC) and several of the leaders of the British Columbia Citizen Services Card effort.

I worked with Aron Hamilton helping him put on the first Identity North Conference to bring key leaders together from a range of industries to build shared understanding about what identity is and how systems around the world are working along with exploring what to do in Canada.

CoverThe British Columbia Government (a province of Canada where I grew up) worked on a citizen services card for many years. They developed an amazing system that is triple blind. An article about the system was recently run in RE:ID. The system launched with 2 services - drivers license and health services card. The designers of the system knew it could be used for more then just these two services but they also knew that citizen input into those policy decisions was essential to build citizen confidence or trust in the system.  The other article in the RE:ID magazine was by me about the citizen engagement process they developed.

They developed to extensive system diagrams to help provide explanations to regular citizens about how it works. (My hope is that the IDESG and the NSTIC effort broadly can make diagrams this clear.)


The government created a citizen engagement plan with three parts:

The first was convening experts. They did this in relationship with Aron Hamilton and Mike Monteith from Identity North - I as the co-designer and primary facilitator of the first Identity North was brought into work on this. They had an extensive note taking team and the reported on all the sessions in a book of proceedings. They spell my name 3 different ways in the report.

The most important was a citizen panel that was randomly selected citizens to really deeply engage with citizens to determine key policy decisions moving forward. It also worked on helping the government understand how to explain key aspects of how the system actually works. Look in the RE:ID I wrote an article for RE:ID about the process you can see that here.
The results were not released when I wrote that. Now they are! yeah! The report is worth reading because it shows the regular citizens who are given the task of considering critical issues can come out with answers that make sense and help government work better.



They also did an online survey open for a month to any citizen of the province to give their opinion. That you can see here.

Together all of these results were woven together into a collective report.


Bonus material: This is a presentation that I just found covering many of the different Canadian province initiatives.


PS: I'm away in BC this coming week - sans computer.  I am at Hollyhock...the conference center where I am the poster child (yes literally). If you want to be in touch this week please connect with William Dyson my partner at The Leola Group.

I've co-founded a company! The Leola Group

Thursday evening following Internet Identity Workshop #18 in May I co-Founded and became Co-CEO of the Leola Group with my partner William Dyson.

So how did this all happen? Through a series of interesting coincidences in the 10 days (yes just 10 days) William got XDI to work for building working consumer facing applications. He showed the music meta-data application on Thursday evening and wowed many with the working name Nymble registry.  The XDI [eXtneible Resource Identifier Data Interchange] standard has been under development at OASIS for over 10 years. Getting it to actually work and having the opportunity to begin to build applications that really put people at the center of their own data lives is a big step forward both for the Leola Group and the  Personal Data community at large.

William and I met in September of 2013 via an e-mail introduction from Drummond Reed.  We started working together the day I met him on the efemurl project.  We were dating a few days later and a few weeks later we were engaged. We announced this during the closing circle at IIW #17.

The efemurl project was taking a extensively featured web platform William had built over several years and working to turn it further develop it and turn it into a consumer-co-operative.  The short hand way to describe, you know in that way they describe movie plots, it's like Google and REI have a baby.  The core ideas developed for the efemurl platform will be brought over into the applications the Leola Group is developing.  Core aspects of what the Leola Group is are to valuable to be owned by one company and we will be working with Planetwork to turn the operation of those into a consumer co-operative.

So big questions for people in the community include:

Are you still involved with IIW? 
Yes of course!  IIW will continue and my roll with it will too. Phil Windley founded his company Kynetx and continues to be a co-leader of IIW with me and Doc.  We have a great production team lead by Heidi Nobantu Saul.

What is going to happen to PDEC?

We have worked to create a 6 month transition plan for the organization/community to new leadership.   We have brought on Dean Landsman (well known for his leadership in the VRM community) serve as Communications Director and among other things host regular community calls and host a podcast.  As part of taking on the Co-CEO role in the new company I have woven into the job taking the time needed to properly transition out of my role as Executive Director and work with the community over the next 6 months to get governance in line and then have that leadership group hire an new Executive Director. You can read more about it on the PDEC blog and see a video we made.

The organization just welcomed 11 new members. Dean will be presenting about his new role with PDEC at the Personal Data Meetup in NYC on Monday.

When are you getting Married?

William and I are getting married the weekend after IIW #20 which is April 7-9 (Yes, it's way early!!!).  This will help friends coming for IIW from around the world being able to join in the celebration.

Resources for HopeX Talk.

I accepted an invitation from Aestetix to present with him at HopeX (10).

It was a follow-on talk to his Hope 9 presentation that was on #nymwars.

He is on the volunteer staff of the HopeX conference and was on the press team that helped handle all the press that came for the Ellsberg - Snowden conversation that happened mid-day Saturday.  It was amazing and it went over an hour - so our talk that was already at 11pm (yes) was scheduled to start at midnight.

Here are the slides for it - I modified them enough that they make sense if you just read them.  My hope is that we explain NSTIC, how it works and the opportunity to get involved to actively shape the protocols and policies maintained.

I am going to put the links about joining the IDESG up front. Cause that was our intention in giving the talk to encourage folks coming to HopeX to get involved to ensure that the technologies and policies for for citizens to use verified identity online when it is appropriate and also most importantly make SURE that the freedom to be anonymous and pseudonymous online.
This image is SOOO important I'm pulling it out and putting it here in the resources list.


Given that there is like 100 active people within the organization known as the Identity Ecosystem Steering Group as called for in the National Strategy for Trusted Identities in Cyberspace published by the White House and signed by president Obama in April 2011 that originated from the Cyberspace Policy Review that was done just after he came into office in 2009. Here is the website for the National Program Office.

The organization's website is here:  ID Ecosystem - we have just become an independent organization.

My step by step instructions How to JOIN.

Information on the committees - the one that has the most potential to shape the future is the Trust Framework and Trust Mark Committee

Here is the video.

From the Top of the Talk

Links to us:
Aestetix -  @aestetix Nym Rights
Kaliya - @identitywoman  -  my blog

Aestetix - background + intro #nymwars from Hope 9

     Aestetix's links will be up here within 24h
We mentioned Terms and Conditions May Apply - follows Mark Zuckerberg at the end.

Kaliya  background + intro

I have had my identity woman blog for almost 10 years  as an Independent Advocate for the Rights and Dignity of our Digital Selves. Saving the world with User-Centric Identity

In the early 2000’s I was working on developing distributed Social Networks  for Transformation.
I got into technology via Planetwork and its conference in 2000 themed: Global Ecology and Information Technology.  They had a think tank following that event and then published in 2003 the Augmented Social Network: Building Identity and Trust into the Next Generation Internet.
The ASN and the idea that user-centric identity based on open standards were essential - all made sense to me - that the future of identity online - our freedom to connect and organize was determined by the protocols.  The future is socially constructed and we get to MAKE the protocols . . . and without open protocols for digital identity our ID's will be owned by commercial entities - the situation we are in now.
Protocols are Political - this book articulates this - Protocols: How Control Exists after Decentralization by Alexander R. Galloway. I excerpted key concepts of Protocol on my blog in my NSTIC Governance Notice of Inquiry.
I c0-founded the Internet Identity Workshop in 2005 with Doc Searls and Phil Windley.  We are coming up on number 19 the last week of October in Mountain View and number 20 the third week of April 2015.
I founded the Personal Data Ecosystem Consortium in 2010 with the goal to connect start-ups around the world building tools for individual collect manage and get value from their personal data along with fostering ethical data markets.  The World Economic Forum has done work on this (I have contributed to this work) with their Rethinking Personal Data Project.
I am shifting out of running PDEC to Co-CEO with my partner William Dyson of a company in the field The Leola Group.


Aestetix and I met just after his talk at HOPE 9 around the #nymwars (we were both suspended.
So where did NSTIC come from? The Cyberspace Policy Review in 2009 just after Obama came into office.
Near-Term Action Plan:
#10 Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.
Mid-Term Action Plan:
#13 Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy.
NSTIC was published in 2011: Main Document - PDF  announcement on White House Blog.
Trust Frameworks  are at the heart of what they want to develop to figure out how navigate how things work.
What will happen with results of this effort?
The Cyber Security Framework  (paperObama Administration just outlined . NSTIC is not discussed in the framework itself – but both it and the IDESG figure prominently in the Roadmap that was released as a companion to the Framework.  The Roadmap highlights authentication as the first of nine different, high-priority “areas of improvement” that need to be addressed through future collaboration with particular sectors and standards-developing organizations.

The inadequacy of passwords for authentication was a key driver behind the 2011 issuance of the National Strategy for Trusted Identities in Cyberspace (NSTIC), which calls upon the private sector to collaborate on development of an Identity Ecosystem that raises the level of trust associated with the identities of individuals, organizations, networks, services, and devices online.

I wrote this article just afterwards: National! Identity! Cyberspace! Why we shouldn't Freak out about NSTIC   (it looks blank - scroll down).
Aaron Titus writes a similar post explaining more about NSTIC relative to the concerns arising online about the fears this is a National ID.
Staff for National Program Office

The put out a Notice of Inquiry - to figure out How this Ecosystem should be governed.

Many people responded to the NOI - here are all of them.

I wrote a response to the NSTIC Notice of Inquiry about Governance.  This covers that covers much of the history of the user-centric community  my vision of how to grow consensus. Most important for my NSTIC candidacy are the chapters about citizen's engagement in the systems co-authored with Tom Atlee the author of the Tao of Democracy and the just published Empowering Public Wisdom.

The NPO hosted a workshop on Governance,  another one Privacy - that they invited me to present on the Personal Data Ecosystem.  The technology conference got folded into IIW in the fall of 2011.

OReilly Radar - called it The Manhattan Project for online identity.

The National Program Office published a proposed:

Charter for the  IDESG Organization

ByLaws  and Rules of Association for the IDESG Organization

Also what committees should exist and how it would all work in this webinar presentation.  The Recommended Structure is on slide 6.  They also proposed a standing committee on privacy as part of the IDESG.

THEN (because they were so serious about private sector leadership) they published a proposed 2 year work plan.  BEFORE the first Plenary meeting in Chicago in August 2012

They put out a bid for a Secretariat to support the forthcoming organization and awarded it to a company called Trusted Federal Systems.
The plenary was and is open - to anyone and any organization from any where in the world. It is still open to anyone. You can join by following the steps on my blog post about it.
At the first meeting in August 2012 the management council was elected. The committees they decided should exist ahead of time had meetings.
The committees - You can join them - I have a whole post about the committees so you can adopt one.

Nym Issues!!!

So after the #nymwars it seemed really important to bring the issues around Nym Rights and Issues into NSTIC - IDESG.  They were confused - even though their bylaws say that committees. I supported Aestetix writing out a charter for a new committee - I read it for the plenary in November of 2012 - he attended the Feb 2013 Pleanary in Pheonix. I worked with several other Nym folks to attend the meeting too.
They suggested that NymRights was to confrontational a name so we agreed that Nym Issues would be a fine name. They also wanted to make sure that it would just become a sub-committee of the Privacy Committee.
It made sense to organize "outside" the organization so we created NymRights.
Basically the committee and its efforts have been stalled in limbo.
        Aestetix's links will be up here within 24h

The Pilot Grants from the NPO

Year 1 - announcement about the FFO , potential applicant Webinar - announcement about all the grantees and an FAQ.
  • Daon, Inc. (Va.): $1,821,520
    The Daon pilot will demonstrate how senior citizens and all consumers can benefit from a digitally connected, consumer friendly Identity Ecosystem that enables consistent, trusted interactions with multiple parties online that will reduce fraud and enhance privacy. The pilot will employ user-friendly identity solutions that leverage smart mobile devices (smartphones/tablets) to maximize consumer choice and usability. Pilot team members include AARP, PayPal, Purdue University, and the American Association of Airport Executives.
  • The American Association of Motor Vehicle Administrators (AAMVA) (Va.): $1,621,803
    AAMVA will lead a consortium of private industry and government partners to implement and pilot the Cross Sector Digital Identity Initiative (CSDII). The goal of this initiative is to produce a secure online identity ecosystem that will lead to safer transactions by enhancing privacy and reducing the risk of fraud in online commerce. In addition to AAMVA, the CSDII pilot participants include the Commonwealth of Virginia Department of Motor Vehicles, Biometric Signature ID, CA Technologies, Microsoft and AT&T.
  • Criterion Systems (Va.): $1,977,732
    The Criterion pilot will allow consumers to selectively share shopping and other preferences and information to both reduce fraud and enhance the user experience. It will enable convenient, secure and privacy-enhancing online transactions for consumers, including access to Web services from leading identity service providers; seller login to online auction services; access to financial services at Broadridge; improved supply chain management at General Electric; and first-response management at various government agencies and health care service providers. The Criterion team includes ID/DataWeb, AOL Corp., LexisNexis®, Risk Solutions, Experian, Ping Identity Corp., CA Technologies, PacificEast, Wave Systems Corp., Internet2 Consortium/In-Common Federation, and Fixmo Inc.
  • Resilient Network Systems, Inc. (Calif.): $1,999,371
    The Resilient pilot seeks to demonstrate that sensitive health and education transactions on the Internet can earn patient and parent trust by using a Trust Network built around privacy-enhancing encryption technology to provide secure, multifactor, on-demand identity proofing and authentication across multiple sectors. Resilient will partner with the American Medical Association, Aetna, the American College of Cardiology, ActiveHealth Management, Medicity, LexisNexis, NaviNet, the San Diego Beacon eHealth Community, Gorge Health Connect, the Kantara Initiative, and the National eHealth Collaborative.In the education sector, Resilient will demonstrate secure Family Educational Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Act (COPPA)-compliant access to online learning for children. Resilient will partner with the National Laboratory for Education Transformation, LexisNexis, Neustar, Knowledge Factor, Authentify Inc., Riverside Unified School District, Santa Cruz County Office of Education, and the Kantara Initiative to provide secure, but privacy-enhancing verification of children, parents, teachers and staff, as well as verification of parent-child relationships.
  • UniversityCorporation for Advanced Internet Development (UCAID) (Mich.): $1,840,263
    UCAID, known publicly as Internet2, intends to build a consistent and robust privacy infrastructure through common attributes; user-effective privacy managers; anonymous credentials; and Internet2's InCommon Identity Federation service; and to encourage the use of multifactor authentication and other technologies. Internet2's partners include the Carnegie Mellon and Brown University computer science departments, University of Texas, the Massachusetts Institute of Technology, and the University of Utah. The intent is for the research and education community to create tools to help individuals preserve privacy and a scalable privacy infrastructure that can serve a broader community, and add value to the nation's identity ecosystem.

Year 2 - announcement about the FFO, potential applicant webinar, annoucement about the grantees.

  • Transglobal Secure Collaboration Participation, Inc. (TSCP) (Va.): $1,264,074
    The TSCP pilot will deploy trusted credentials to conduct secure business-to-business, government-to-business and retail transactions for small and medium-sized businesses and financial services companies, including Fidelity Investments and Chicago Mercantile Exchange. As part of this pilot, employees of participating businesses will be able to use their existing credentials to securely log into retirement accounts at brokerages, rather than having to obtain a new credential. Key to enabling these cross-sector transactions will be TSCP's development of an open source, technology-neutral Trust Framework Development Guidance document that can provide a foundation for future cross-sector interoperability of online credentials.
  • Georgia Tech Research Corporation (GTRC) (Ga.): $1,720,723
    The GTRC pilot will develop and demonstrate a "Trustmark Framework" that seeks to improve trust, interoperability and privacy within the Identity Ecosystem. Trustmarks are a badge, image or logo displayed on a website to indicate that the website business has been shown to be trustworthy by the issuing organization. Defining trustmarks for specific sets of policies will allow website owners, trust framework providers and individual Internet users to more easily understand the technical, business, security and privacy requirements and policies of the websites with which they interact or do business.Supporting consistent, machine-readable ways to express policy can enhance and simplify the user experience, raise the level of trust in online transactions and improve interoperability between service providers and trust frameworks. Building on experience developing the National Identity Exchange Federation(NIEF), GTRC plans to partner with the National Association of State Chief Information Officers (NASCIO) and one or more current NIEF member agencies, such as Los Angeles County and the Regional Information Sharing Systems (RISS).
  • Exponent (Calif.): $1,589,400
    The Exponent pilot will issue secure, easy-to-use and privacy-enhancing credentials to users to help secure applications and networks at a leading social media company, a health care organization and the U.S. Department of Defense. Exponent and partners Gemalto and HID Global will deploy two types of identity verification: the use of mobile devices that leverage so-called "derived credentials" stored in the device's SIM card and secure wearable devices, such as rings and bracelets. Solutions will be built upon standards, ensuring an interoperable system that can be easily adopted by a wide variety of organizations and companies.
  •, Inc. (Va.): $1,204,957, Inc.'s Troop ID will develop and pilot trusted identity solutions that will allow military families to access sensitive information online from government agencies, financial institutions and health care organizations in a more privacy-enhancing, secure and efficient manner. Troop ID lets America's service members, veterans, and their families verify their military affiliation online across a network of organizations that provides discounts and benefits in recognition of their service. Today, more than 200,000 veterans and service members use Troop ID to access benefits online. As part of its pilot, Troop ID will enhance its current identity solution to obtain certification at Level of Assurance 3 from the U.S. General Services Administration's Trust Framework Providers program, enabling Troop ID credential holders to use their solution not only at private-sector sites, but also when interacting online with U.S. government agencies through the recently announced Federal Cloud Credential Exchange (FCCX). Key project partners include federal government agencies and a leading financial institution serving the nation's military community and its families.
  • Privacy Vaults Online, Inc. (PRIVO) (Va.): $1,611,349
    Children represent a unique challenge when it comes to online identity. Parents need better tools to ensure safe family use of the Internet, while online service providers need to comply with the requirements of the Children's Online Privacy Protection Act (COPPA) when they deal with minors under the age of 13. PRIVO will pilot a solution that provides families with COPPA-compliant, secure, privacy-enhancing credentials that will enable parents and guardians to authorize their children to interact with online services in a more privacy-enhancing and usable way. Project partners, including one of the country's largest online content providers and one of the world's largest toy companies, will benefit from a streamlined consent process while simplifying their legal obligations regarding the collection and storage of children's data.

Year 3 - ? announcement about FFO - grantees still being determined.

Big Issues with IDESG

Diversity and Inclusion

I have been raising these issues from its inception (pre-inception in fact I wrote about them in my NOI).

I was unsure if I would run for the management council again -  I wrote a blog post about these concerns that apparently made the NPO very upset.  I was subsequently "univited" to the International ID Conf they were hosting at the White House Conference Center for other western liberal democracies trying to solve these problems.

Tech President Covered the issues and did REAL REPORTING about what is going on.  In Obama Administration's People Powered Digital Security Initiative, There's Lots of Security, Fewer People.

This in contrast to a wave of hysterical posts about National Online ID pilots being launched.

They IDESG have Issues with how the process happens. It is super TIME INTENSIVE.  It is not well designed so that people with limited time can get involved.  We have an opportunity to change tings becoming our own organization.

The 9th Plenary Schedule - can be seen here.  There was a panel on the first day with representatives who said that people like them and others from other different communities needed to be involved AS the policy is made.  Representatives from these groups were on the panel and it was facilitated by Jim Barnett from the AARP.

  • Association of the Blind
  • ACLU

The Video is available online.


The organization is shifting from being a government initiative to being one that is its own independent organization.

The main work where the TRUST FRAMEWORKS are being developed is in the Trust Framework and Trust Mark Committee.  You can see their presentation from the last committee here.


Key Words & Key Concept form the Identity Battlefield


What is Identity?  Its Socially Constructed and Contextual

Identity is Subjective

Aestetix's links will be up here within 24h

What are Identifiers?: Pointers to things within particular contexts.

Abrahamic Cultural Frame for Identity / Identifiers

Relational  Cultural Frame for Identity / Identifiers

What does Industry mean when it says "Trusted Identities"?

What is Verified?

Verified ID in the context of the Identity Spectrum : My post about the spectrum.


In Conclusion: HOPE!

We won the #nymwars!

Links to Google's apology.

Skud's the Apology we hopped for.

More of Aestetix's links will be up here within 24h

The BC Government's Triple Blind System

Article about & the system  they have created and the citizen engagement process to get citizen buy-in - with 36 randomly selected citizens to develop future policy recommendations for it.

Article about what they have rolled out in Government Technology.

Join the Identity Ecosystem Steering Group

Get engaged in the process to make sure we maintain the freedom to be anonymous and pseudonymous online.

Attend the next  (10th) Plenary in mid-September in Tampa at the Biometrics Conference

Join Nym Rights group.

Come to the Internet Identity Workshop

Number 19 - Last week of October - Registration Open

Number 20 - Third week of April







Rosie the [New Language] Developer - Where are you?

This past week we [me, Phil, Heidi + Doc] put on the Internet Identity Workshop. It was amazing.

There is a new project / company forming and they are very keen to have women programmers/developers in the first wave of hires.  They are also committed to cultural diversity.

Since they are developing in a new language - you don't need to have experience in "it" - you just need to have talent and the ability to learn new things.

I asked them for a list of potentially helpful per-requisites:

  • Some experience with ruby on rails
  • Some experience with JSON
  • Some experience with XML
  • Some experience with HTML5
  • Some experience with semantic data modeling
  • Some understanding of the ideas related to the semantic web and giant global graphs

If you are reading the list and thinking - I don't have "all" of those qualifications...then read this before you decide not to reach out to learn more - The Confidence Gap from this month's Atlantic.  TL:DR "Remember that women only apply if they have 100% of the jobs qualifications, but men apply with 60%!"

Please be in touch with me if you are interested. I will connect you with them this week.

Kaliya [at] identitywoman [dot] net





Field Guide to Internet Trust Models: Introduction

This is the first in a series of posts that cover the Field Guide to Internet Trust Models Paper.

The post for each of the models is here - full papers is downloadable [Field-Guide-Internet-TrustID]

The decreasing cost of computation and communication has made it easier than ever before to be a service provider, and has also made those services available to a broader range of consumers. New services are being created faster than anyone can manage or even track, and new devices are being connected at a blistering rate.

In order to manage the complexity, we need to be able to delegate the decisions to trustable systems. We need specialists to write the rules for their own areas and auditors to verify that the rules are being followed.

This paper describes some of the common patterns in internet trust and discuss some of the ways that they point to an interoperable future where people are in greater control of their data. Each model offers a distinct set of advantages and disadvantages, and choosing the appropriate one will help you manage risk while providing the most services.

For each, we use a few, broad questions to focus the discussion:

  • How easy is it for new participants to join? (Internet Scale)
  • What mechanisms does this system use to manage risk? (Security)
  • How much information the participants require from one another how strongly verified?

(Level of Assurance -not what I think assurance is...but we can talk - it often also refers to the strength of security like number of factors of authentication )

Using the "T" Word
Like “privacy”, “security”, or “love”, the words “trust” and “identity”, and “scale” carry so much meaning that any useful discussion has to begin with a note about how we're using the words.
This lets each link the others to past behavior and, hopefully, predict future actions. The very notion of trust acknowledges that there is some risk in any transaction (if there's no risk, I don't need to trust you) and we define trust roughly as:
The willingness to allow someone else to make decisions on your behalf, based on the belief that your interests will not be harmed.
The requester trusts that the service provider will fulfill their request. The service provider trusts that the user won’t abuse their privileges, or will pay some agreed amount for the service. Given this limited definition, identity allows the actors to place one another into context.

Trust is contextual. Doctors routinely decide on behalf of their patients that the benefits of some medication outweigh the potential side effects, or even that some part of their body should be removed. These activities could be extremely risky for the patient, and require confidence in the decisions of both the individual doctor and the overall system of medicine and science. That trust doesn’t cross contexts to other risky activities. Permission to prescribe medication doesn’t also grant doctors the ability to fly a passenger airplane or operate a nuclear reactor.

Trust is directional. Each party's trust decisions are independent, and are grounded in the identities that they provide to one another.

Trust is not symmetric. For example, a patient who allows a doctor to remove part of their body should not expect to be able to remove parts of the doctor’s body in return. To the contrary, a patient who attempts to act in this way would likely face legal sanction.

Internet Scale

Services and APIs change faster than anyone can manage or even track. Dealing with this pace of change requires a new set of strategies and tools.

The general use of the term “Internet Scale” means the ability to process a high volume of transactions. This is an important consideration, but we believe that there is another aspect to consider. The global, distributed nature of the internet means that scale must also include the ease with which the system can absorb new participants. Can a participant join by clicking “Accept”, or must they negotiate a custom agreement?

In order to make this new world of user controlled data possible, we must move from a model broad, monolithic agreements to smaller, specialized agreements that integrate with one another and can be updated independently.

A Tour of the Trust Models

The most straightforward identity model, the sole source, is best suited for environments where the data is very valuable or it is technically difficult for service providers to communicate with one another. In this situation, a service provider issues identity credentials to everyone it interacts with and does not recognize identities issued by anyone else. Enterprises employing employees, financial institutions, medical providers, and professional certifying organizations are commonly sole sources. Because this is the most straightforward model to implement, it is also the most common.

Two sole sources might decide that it’s worthwhile to allow their users to exchange information with one another. In order to do so, they negotiate a specific agreement that covers only the two of them. This is called a Pairwise Agreement and, while it allows the two parties to access confidential resources, the need for a custom agreement makes it difficult to scale the number of participants. This is also a kind of federated identity model, which simply means that a service accepts an identity that is managed someplace else.

As communication technology became more broadly available, the number of institutions who wanted to communicate with one another also increased. Groups of similar organizations still wanted to issue their own identities, but wanted their users to be able to interact freely with one another. The prospect of each service having to negotiate a custom agreement with every other service was daunting, so similarly chartered institutions came up with standard contracts that allow any two members to interact. These groups are called Federations, and there are several different kinds. Federation agreements and membership are managed by a Contract Hub.

When the federation agreement limits itself to policy, governance, and common roles, but leaves technical decisions to the individual members, it's referred to as a Mesh Federations. Individual members communicate form a mesh, and can communicate directly with one another using whatever technology they prefer.

Alternatively, a Technical Federation defines communication methods and protocols, but leaves specific governance and policy agreements to the members. In some cases, the technical federation may also route messages between the members.

As the number of services has increased, so has the problem of managing all of those usernames and passwords. Users might decide to reuse an existing identity rather than creating a new one. In recent years, some organizations have made identities that they issue available to other services. Service providers accept these identities because it lowers the cost of user acquisition. When the same entity provides identities for both the requester and the service provider, it is referred to as a Three Party Model.

If the requester and the service provider have provider have separate but compatible identity providers, it is called a Four Party model. This is present in highly dynamic models, such as credit card processing,

Peer-to-peer networks are for independent entities who want to identity assurance, but who lack a central service that can issue identities to everyone. To get around this, the participants vouch for one another’s identities.

Individual contract wrappers are an innovation to enable complex connections between services where the terms and conditions of using the data are linked to the data.

Common Internet Trust Models

Sole source: A service provider only trusts identities that it has issued.

Pairwise Federation: Two organizations negotiate a specific agreement to trust identities issued by one another.

Peer-to-Peer: In the absence of any broader agreement, individuals authenticate and trust one another.

Three-Party Model: A common third party provides identities to both the requester and the service provider so that they can trust one another.

“Good Enough” Portable Identity: In the absence of any institutional agreement, service providers accept individual, user-asserted identities.

Federations: A single, standard contract defines a limited set of roles and technologies, allowing similar types of institution to trust identities issued by one another.

Four-Party Model: An interlocking, comprehensive set of contracts allows different types of entity to trust one another for particular types of transaction.

Centralized Token Issuance, Distributed Enrollment: A shared, central authority issues a high-trust communication token. Each service provider independently verifies and authorizes the identity, but trusts the token to authenticate messages.

Individual Contract Wrappers: Manage how personal data is used rather than trying to control collection. Information is paired contract terms that governs how it can be used. Compliance is held accountable using contract law.

Open Trust Framework Listing: An open marketplace for listing diverse trust frameworks and approved assessors.

Personal Cloud + Agents: An Individual has a personal Cloud and delegates agents it trust to work on their behalf.

BC Government Innovation in eID + Citizen Engagement.

I wrote an article for Re:ID about the BC Government's Citizen Engagement process that they did for their eID system.

Here is the PDF: reid_spring_14-BC

Big Data and Privacy

On Friday I responded to the Government "Big Data" Request for Comment.

I will get to posting the whole thing in blog form - for now here is the PDF. BigData-Gov-2



NSTIC WhipLash - Making Meaning - is a community thing.

Over a week-ago I tweeted that I had experienced NSTIC whiplash yet again and wasn't sure how to deal with it.I have been known to speak my mind and get some folks really upset for doing so - Given that I know the social media savy NSTIC NPO reads all tweets related to their program they know I said this. They also didn't reach out to ask what I might be experiencing whiplash about.

First of all since I am big on getting some shared understanding up front - what do I mean by "whiplash" it is that feeling like your going along ... you think you know the lay of the land the car is moving along and all of a sudden out of nowhere - a new thing "appears" on the path and you have to slam on the breaks and go huh! what was that? and in the process your head whips forward and back giving you "whip-lash" from the sudden stop/double-take.

I was toddling through and found this post.  What does it Mean to Embrace the NSTIC Guiding Principles?

I'm like ok - what does it mean? and who decided? how?

I read through it and it turns out that in September the NPO just decided it would decide/define the meaning and then write it all out and then suggest in this odd way it so often does that "the committees" just go with their ideas.

"We believe that the respective committees should review these derived requirements for appropriate coverage of the identity ecosystem.   We look forward to continued progress toward the Identity Ecosystem Framework and its associated trustmark scheme."

Why does the NPO continue to "do the work" that the multi-stakeholder institution they set up was created to do that is to actually figure out the "meaning" of the document.

Why not come to the Management Council and say - "hey we really need to as a community figure out what it "means" to actually embrace the guiding principles. We need to have a community dialogue that gets to a meaningful concrete list relatively quickly - how should we do that as a community." Then the Management Council would do its job and "manage" the process and actually figure out 1) if the NPO was right that indeed now would be a good time to figure out the meaning of embrace and 2) then figure out how to do it and the people on the council (and others in the community) who have some experience in leading real mulit-stakeholder efforts and skills inclusive methodologies would have debated and put forward a path. The Secretariate - (if it actually functioned as a support organ for the Management Council) would then help the council carry out the process/method and get to the needed "outcome" some community developed articulation of what embracing the principles means.  Instead we just have what the NPO staff thinks. Which while I am sure it is "great" and they are such "hard working, good folks" wasn't community generated and therefore not "owned" by the community which is not good if the outcomes of this effort are to be "trusted" by public at large all the core work items of a mutli-stakeholder institution can't just be done by the NPO.

I'm not your NSTIC "delegate" any more ... pls get involved.

I have heard over the past few years from  friends and associates in the user-centric ID / Personal Cloud/ VRM Communities or those people who care about the future of people's identities online say to me literally - "Well its good  you are paying attention to NSTIC so I don't have to."

I'm writing to say the time for that choice is over. There is about 1 more year left in the process until the "outputs" become government policy under the recently released White House Cyber Security Framework (See below for the specifics).

Key items of work are progressing and the time for "our" world view showing up within the work is now and my ability to get them to be taken seriously is ZERO if I continue to be an almost lone voice expressing these key items - particularly

The functional Model Group is working on defining all the "bits" of the system. I believe this is where the "personal cloud" should be a key primary function/piece of the ecosystem. So far it has not been raised in a significant way and not be addressed by the powers that be leading the committee.

The Trust Framework work is progressing rapidly. This is the work to take existing what they call Trust Frameworks (and I think should be called Accountability Frameworks). These are where the existing rules/policies and technologies for various networks are all harmonized and then through that some how we get to a kind of mata/uber trust framework and interoperability.

The big challenge that I see is that it is all coming from existing frames within the conversation do NOT have a remotely "user centric" frame.

  • I don't hear any conversation about how individuals will be protected from their "Identity Provider" (the entity that has "all" their identity information and vouches for them at a Relying Party).
  • I don't hear any conversation about how people will be protected from over zealous relying parties asking for way to much information.
  • I don't hear any conversation about how individuals will be protected from IdP's and RP's being able to sell their data into the data broker industry.
  • I don't hear any conversation about how people could collect their own attributes and information in a Personal Cloud and from that center of personal sovereignty use it in the ecosystem.

I do see:

  • Assertions that Relying Parties can ask for whatever they want / think they need to complete a transaction and that "the market will decide"
  • Assertions that concerns about people's rights around how they choose to name and identify themselves should be set aside for future iterations.
  • I do see that one of the pilots in the last round of multi-million dollar grants went to a defense industry consortium specifically for "development of an open source, technology-neutral Trust Framework Development Guidance document"

So what should you DO?

1) Sign up to attend the April 1-3 Plenary in Mountain View (bonus you don't have to attend in person) Link Here.

2) Sign up to watch and contribute to the Trust Framework and Functional Model Groups - please see this post OR any of a number of groups with activity.

3) Sign up to join the IDESG organization (that way you can be "official members") of the committees and "vote" on things.  See this Post.

4) Let me know you are keen on getting more involved and I can help connect you others also "diving in" right now [ kaliya AT identitywoman DOT net].

5) Bonus - Attend the Internet Identity Workshop in Mountain View May 6-8 and work with others in the user-centric community on this and other more fun issues (like building cool decentralized, empowering technologies).

This is what I referenced above it becoming government policy and practice.

As the White House announcement details below, today marked the release of the Cybersecurity Framework crafted by NIST – with input from many stakeholders – in response to President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity issued one year ago.

NSTIC is not discussed in the framework itself – but both it and the IDESG figure prominently in the Roadmap that was released as a companion to the Framework.  The Roadmap highlights authentication as the first of nine different, high-priority “areas of improvement” that need to be addressed through future collaboration with particular sectors and standards-developing organizations.

The inadequacy of passwords for authentication was a key driver behind the 2011 issuance of the National Strategy for Trusted Identities in Cyberspace (NSTIC), which calls upon the private sector to collaborate on development of an Identity Ecosystem that raises the level of trust associated with the identities of individuals, organizations, networks, services, and devices online.

NSTIC is focused on consumer use cases, but the standards and policies that emerge from the privately-led Identity Ecosystem Steering Group (IDESG) established to support the NSTIC – as well as new authentication solutions that emerge from NSTIC pilots – can inform advances in authentication for critical infrastructure as well.

NSTIC will focus in these areas:
· Continue to support the development of better identity and authentication solutions through NSTIC pilots, as well as an active partnership with the IDESG;

· Support and participate in identity and authentication standards activities, seeking to advance a more complete set of standards to promote security and interoperability; this will include standards development work to address gaps that may emerge from new approaches in the NSTIC pilots.








What is a Functional Model?

I have been working in the identity industry for over 10 years. It was not until the IDESG - NSTIC plenary that some folks said they were working on a functional model that I heard the term.  I as per is normal for me pipped up and asked "what is a functional model", people looked at me, looked back at the room and just kept going, ignoring my question.  I have continued to ask it and on one has answered it.

I will state it out loud here again -

What is a Functional Model?

How to Participate in NSTIC, IDESG - A step by step guide.

The Identity Ecosystem Steering Group is a multi-stakeholder organization (See this post about how join.) Technically You can participate on lists even if you are not members but it is better that you go through the process of joining to be "officially" part of  the organization.

If you join the IDESG it is good to actively participate in at least one active committee because that is where organization work is done by committees - any person or organization from any stakeholder category can participate.

The committees have mailing lists - that you subscribe to (below click through where it says Join Mailing list and put in the e-mail address you want to use, share your name and also a password).

On the list the group chats together on the list and talk about the different work items they are focused on.  They have conference calls as well to talk together (these range from once a week to once a month).  You can also contact the chair of the committee and "officially" join but that is not required.

If you are reading this and getting involved for the first time - read through this list and pick one of the committees that sound interesting to you.  They are friendly folks and should be able to help you get up to speed - ask questions and ask for help. This whole process is meant to be open and inclusive.

Read the rest of this entry »

How to Join NSTIC, IDESG - A step by step guide.

The National Strategy for Trusted Identities in Cyberspace calls for the development of a private sector lead effort to articulate an identity ecosystem.

To be successful it needs participation from a range of groups.

An organization was formed to support this - the Identity Ecosystem Steering Group in alignment with the Obama administration's open government efforts.

The "joining" process is not EASY but I guess that is part of its charm. It is totally "open and free" but challenging to actually do.


PART 1 - Getting an Account on the Website!

Step 1: Go to the website:

Read the rest of this entry »

She's Geeky! Bay Area, January 24-26

Calling all Geeky women!

We are doing it again - a weekend of fun and connection and nerding out.

January 24-26th at Microsoft in Mountain View.

Read the rest of this entry »

Personal Cloud Gathering Sept 25th - Video's from August 22

The next SF Personal Cloud Community Gathering is September 25th in downtown.

Please head over to the Eventbrite to register and learn who is speaking.

Jospeh Boyle record and posted the presentations from the last meetup you can find them here.

Read the rest of this entry »

Personal Clouds, Digital Enlightenment, Identity North

Next week Thursday August 22nd is the Personal Cloud Meetup in San Francisco. It will be hosted at MSFT.  If you want to get connected to the community it is a great way to do so. Here is where you register. 

In September I'm heading to Europe for the Digital Enlightenment Forum September 18-20th. I'm excited about the program and encourage those of you in Europe who might be reading this to consider attending. We are doing a 1/2 day of Open Space (what we do at IIW) where the agenda is created live at the event.

Read the rest of this entry »

Core Concepts in Identity

One of the reasons that digital identity can be such a challenging topic to address is that we all swim in the sea of identity every day.  We don't think about what is really going in the transactions....and many different aspects of a transaction can all seem do be one thing.  The early Identity Gang conversations focused a lot on figuring out what some core words meant and developed first shared understanding and then shared language to talk about these concepts in the community.

I'm writing this post now for a few reasons.

There is finally a conversation about taxonomy with the IDESG - (Yes! after over a year of being in existence it is finally happening (I recommended in my NSTIC NOI Response  that it be one of the first things focused on)

Secondly I have been giving a 1/2 day and 1 day seminar about identity and personal data for several years now (You can hire me!).  Recently I gave this seminar in New Zealand to top enterprise and government leaders working on identity projects 3 times in one week.  We covered:

  • The Persona and Context in Life
  • The Spectrum of Identity
  • What is Trust?
  • A Field Guide to Internet Trust
  • What is Personal Data
  • Market Models for Personal Data
  • Government Initiatives Globally in eID & Personal Data

Read the rest of this entry »


This spring I attended the Executive Education program Leadership and Public Policy in the 21st century at the Harvard Kennedy school of government with fellow Young Global Leaders (part of the World Economic Forum).  A line of future inquiry that came to me by the end of that two weeks -

How do we design, create, get functioning and evolve governance systems?

The governance of governance systems = Meta-Goverancne. 

At the Kennedy program all they could talk about was "individual leadership" (with good advice from good teams of course) at the top of  Organizations.  They all waved their hands and said "Good luck young leaders, We know its more complicated now...and the problems are bigger then just organizational size but we don't really know how what to tell you about how to interorgainzational collaborative problem solving and "good luck".

It was surreal because this inter-organizational, complex space is where I spend my work life helping design and facilitate unconferneces - it is in that complex inter organizational place.

I have this clear vision about how to bring my two main career bodies of knowledge together (digital identity + digital systems & design and facilitation of unconferneces using a range of participatory methods) along with a range of other fields/disciplines that I have tracked in the last 10 years.

Value Network Mapping an Ecosystem Tool

My response, two years ago to the NSTIC (National Strategy for Trusted Identities in Cyberspace) Program Office issued Notice of Inquiry about how to govern an Identity Ecosystem included a couple of models that could be used to help a community of companies & organizations in an ecosystem co-create a shared picture. A shared co-created picture is an important community asset to develop early on because it becomes the basis for a real conversation about critical issues that need to be addressed to have a successful governance emerge.

The Privacy Committee within NSTIC has a Proactive Privacy Sub-Committee and before I went on my trip around the world (literally) a month ago.  I was on one of the calls and described Value Network Mapping and was invited to share more about the model/method and how it might be used.

Value Network Maps are a tool that can help us because both the creation of the map and its subsequent use by the companies, organizations, people and governments that are participating strengthens the network.   This is important because we are dealing with a complex problem with a complex range of players. In the map below we are in the top left quadrant - we NEED strong networks to solve the problems we are tasked with solving.  If we don't have them we will end up with Chaos OR we will have a hierarchical solution imposed to drive things towards the complicated and simple but ...given the inherent nature of the problem we will NOT fully solve the problem and fall off the "cliff" on the edge between simplicity and into chaos.

(In this diagram based on the cynefin framework developed by David Snowden architect of children's birthday parties using complexity theory and the success of Apolo 13 )


So - what is a Value Network Map?

It models technical & business networks by figuring the roles in any given system and then understanding the value that flow between different roles.  Value flows include payment for the delivery of goods or services (these are tangible deliverables) but also intangible deliverables such as increased level of confidence because information was shared between parties (but was not contractually obligated and no payment was made).

Drawing from Verna's book/site that lays out how to do it. There are four steps to a value network map.

1. Define the scope and boundaries, context, and purpose.

2. Determine the roles and participants, and who needs to be involved in the mapping.

3. Identify the transactions and deliverables, defining both tangibles and intangibles.

4. Validate it is complete by sequencing the transactions.


I've worked on several value network mapping projects.
I worked with the Journalism that Matters to document he old and new journalism ecosystem.I have lead several community Value Network Mapping efforts.

This projects highlights how the method can be used to talk about a present/past state about how things happen "now". How do people today or 20 years ago share verified attributes with business and government entities one does business with?  If we understand the roles that exist in a paper based version/world How do those roles change in a future enable with technology and how do the value flows change and what new roles are created/needed?

A value networm map can be used to map the flow of rights and duties between different roles in an ecosystem can also be considered along with the flow of monetary and other value.

Two years ago I went with Verna Allee (the innovator of the method) to  the Cloud Identity Summit  to work on a map for my organization the Personal Data Ecosystem Consortium focused on the "present state" map to explain what currently happens when someone visits a website and clicks on an add to go buy something and then is asked to provide identity attributes.

We took this FCC submitted map that has the individual at the center and data flows to the businesses, government and organizations they do business with and is sold on to Data Brokers and then Data Users buy it to inform how they deal with the individual all without their awareness or consent.


PersonalData-VNA-NowMapWe added in a wrinkle to this flow and asked what happens when an individual has to prove something (an attribute) about themselves to make a purchase.

Our hope was to do this and then work on a future state map with a Personal Cloud provider playing  a key role  to enable new value flow's that empower the  Individual with their data and enabling similar transactions.

This is best viewed in PDF so if you click on the link to the document it will download.

Creating this map was an interactive process involving involved two dozen industry professionals that we met with in small groups.  It involved using large chart paper paper and post-it notes and lines on the map.   We came into the process with some of the roles articulated, some new roles were added as we began mapping with the community.

An example to give you a sense of what it looks like when you do it in real life is this map that shows how trust frameworks & the government's reduction of risk in the credit card system.

This was a small piece of the original map for the Personal Data Ecosystem (it did not end up getting included in the PDF version).  The roles are the orange flowers and the green arrows are tangible value flows and the blue arrows are intangible value flows.

So how could the Proactive Privacy Sub-Committee use this method?

At an IIW11 one of the practitioners of value network mapping came to share the method and we broke up into smal groups to map different little parts of an identity ecosystem. We had a template like this picking four different roles and then beginning to map.

The exercise is written about here on Verna's website.

Scott David was a community member there and really saw how it was a tool to understand what was happening in systems AND to have a conversation about the flow of rights and responsibilities flow.

The method is best done face to face in small groups.  It helps if the groups are diverse representing a range of different perspectives.  A starting point is a use-case a story that can be mapped - what are the roles in that story and then walking through the different transactions.

So how do we "do" it. Well a starting point is for those interested in helping lead it to identify themselves in the context of the pro-active privacy committee.  We should work together  to figure out how we lead the community using this process to figure out the privacy implications and see where the money flows for different proposed solutions.

We can try to do a session at the upcoming July or October plenary.

We could also organize to do some meetings at:

  • conferences in the next few months were we can identify 5-10 interested IDESG members to participate in mapping an ecosystem chunk for an hour or two.
  • in cities around the country where we identify 5-10 folks who want to spend an hour or two mapping an ecosystem chunk.

It would be great if we decide to do this that the Secretariat lead by Kay in her role as Executive Director of the IDESG can support us in organizing this (That is why we are paying htem 2.5 million buck s to help us  do the work of  organizing in a meaningful way.

I am friends with Verna Allee and can ask her for advice on this however I think the kind of help/advice we need to really use this method and do it WELL would behove us to actually use NSTIC IDESG moneys to hire Verna to engage with us in a serious way. When I wrote my NSTIC NOI I did so thinking that their would finally be monies available to pay people to do community conference building work like this.  Perhaps it is not to late to do so.



She's Geeky Seattle: April 26-27

She's Geeky is coming to Seattle in April 26-27.

She's Geeky Logo

I will be heading up to facilitate and am very excited to finally have this event coming to the North West.

She's Geeky is a kind of magical event where women geeks of all kinds, gaming geeks, linux geeks, fandom geeks, crafting geeks, beekeeping geeks, drupal geeks, raspberry pi geeks, Arduino geeks, geeks in training, come together and hang out learning from each other.

Maybe we can even get some women from my native Vancouver to come down. :)

Online Community Unconfernece "Its BACK!"

I am really excited to be working with a super awesome crew of leaders of the Online Community Manager Tribe - or OCTribe.  We have been considering reviving the event and the pieces have finally come together to do it.

May 21st at the Computer History Museum

Registration is Open!

I really love the other co-organizers who are all rockstar community managers.

The conference was originally produced by Forum One and I contracted with them to help design and facilitate. That event itself grew out of an invitational summit they hosted annually on online communities.  I actually attended one of these in 2004 as a replacement for Owen Davis who I worked for at the time at Identity Commons (1).

My firm is doing the production and facilitation for the event.

I plan to bring forward topics of digital identity forward at the event and hopefully get some of the amazing expertise on identity and reputation to participate in NSTIC.



Another Bill of Rights

I did a collection called the Bill o' Rights o Rama. 

Here is a new proposed one a Gamers Bill of Rights  based on another gamers bill of rights (this one looks beautiful)

Gamers are customers who pay publishers, developers, and retailers in exchange for software.

They have the right to expect that the software they purchase will be functional and remain accessible to them in perpetuity.

They have the right to be treated like customers and not potential criminals.

They have the right to all methods of addressing grievances accessible by other consumer.

They have the right to the game they paid for, with no strings attached beyond the game and nothing missing from the game.

Gamers' Bill of Rights
I. Gamers shall receive a full and complete game for their purchase, with no major omissions in its features or scope.

II. Gamers shall retain the ability to use any software they purchase in perpetuity unless the license specifically and explicitly determines a finite length of time for use.

III. Any efforts to prevent unauthorized distribution of software shall be noninvasive, nonpersistent, and limited to that specific software.

IV. No company may search the contents of a user's local storage without specific, limited, explicit, and game-justified purpose.

V. No company shall limit the number of instances a customer may install and use software on any compatible hardware they own.

VI. Online and multiplayer features shall be optional except in genre-specific situtations where the game's fundamental structure requires multiplayer functionality due to the necessary presence of an active opponent of similar abilities and limitations to the player.

VII. All software not requiring a subscription fee shall remain available to gamers who purchase it in perpetuity. If software has an online component and requires a server connection, a company shall provide server software to gamers at no additional cost if it ceases to support those servers.

VIII. All gamers have the right to a full refund if the software they purchased is unsatisfactory due to hardware requirements, connectivity requirements, feature set, or general quality.

IX. No paid downloadable content shall be required to experience a game's story to completion of the narrative presented by the game itself.

X. No paid downloadable content shall affect multiplayer balance unless equivalent options are available to gamers who purchased only the game.

Interesting events in 2013

This is a calendar of events that I know in 2013 (and beyond). I think their interesting, I'm currently planning attending all the events in , I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
Cloud Computing Workshop and Big Data Forum, Gaithersburg, Maryland, January 15 - 17, 2013
Strata Online, DataWarefare, January 22
State of the Net Conference, Washington DC, January 22 - 23, 2013

Online Community Manager Meetup link  San Francisco, January 23th 

The core of this community are some amazing people who I really love and share the professional practice of doing community management online. Randy Farmer, Gail, Susan Tenby [personal hero for testifying before congress pro-social good use of second life and pro-nym and then having that picked up by the Daily Show, ] Bill Johnston, ,

Cloud Security Alliance, Bay Area, January 24th

* Streams, Gardens, and Clouds: Visualizing Dynamic Data for Engagement, Education and the Environment: A CITRIS Data and Democracy Event to Celebrate Data Innovation Day link, Berkeley, January 24th

She's Geeky!!!! link Bay Area - Mountain View, January 25-27

I am super excited about this year - we have the amazing Kas Nettler executive producing and

* CFP Mini Conference in DC, January 28th
Green Data Center Conference, San Diego, January 29-31
* Research Exchange talk by Tim O'Reilly at CITRUS, January 30th

Personal Cloud Evening in San Francisco, last week in San Francisco

Working with Johannes
Computers, Privacy and Data Protection, Brussels, January 23-25


Community Leadership Summit linkSan Jose, 

Van Riper

NSTIC IDESG Face to Face, Phoenix, Feb 5-7

First of all you can register here - this will be the 3rd
Lift Conference, Geneva, Feb 6-8

European Identity Workshop, LINK, Vienna, Feb 12-13

Personal Digital Archiving, Maryland, Feb 21-22nd
Wisdom 2.0, February 21-24th
Future of  Banking Summit, Paris,  Feb 26th
Strata Conference, Santa Clara, Feb 26 - 28th,

RSA Conference, San Francisco, Feb 25 - 29th

* Network & Distributed System Security Symposium,  San Diego, Feb 25-27,
Hosted by the Internet Society
 *  Public Interest Environmental Law Conference PIELC, Eugene, Feb 28 - March


* Economist Technology Frontiers: Humans and Machines, London, March 5 - 6th
Computers Freedom and Privacy, Washington DC, March 5 - 6th
IAPP, Washington DC, March 6 - 8th
SXSW Interactive, Austin, March
GigaOm Structure, NYC, March 21-22
* UnLike us #3, link, Amsterdam, March 22-23
  1. Theory and Critique of ‘Social’
  2. Are you Distributed? The Federated Web Show
  3. Political Economy of Social Networks: Art & Practice
  4. Mobile Use of Social Media
  5. Facebook Riot: Join or Decline
Ideas Economy: Innovation 2013, Berkeley, March 28th
Redefining the Speed of Business


Harvard Leadership Program with YGLs, link, Cambridge, April 2-12th

Cloud Connect,  Silicon Valley, April 2 -4
White Privilidge Conference, April 10-13, Seattle
Nonprofit Technology Conference, Minneapolis, April 11 - 13th
HOPES, Eugene, April 4 - 6th
TEDx Berkeley, April 20th
Future of Money and Technology, link, San Francisco, April ? 

UnMoney Convergence, link, San Francisco, April ?

* Social Venture Network Spring Conference, San Diego,  April 25-28th


Internet Identity Workshop #16, Mountain View, May 7-9

European Identity Conference, Munich, May 14-17
The product
WWW 2013, Rio de Janeiro, May 13 - 17


YGL Summit Mayanmar, and WEF East Asia link June 2 - 7 

* TERENA, TNC2013, Maastrich, Netherlands, June 3 - 6
Ideas Economy: Information 2013,  San Francisco, June 4 - 5, 2013
Democratization of Big Data
Personal Democracy Forum, NYC,  June  6 - 7
Cloud Expo, NYC, June 10-13
As advanced data storage, access and analytics technologies aimed at handling high-volume and/or fast moving data all move center stage, aided by the cloud computing boom, Big Data Expo is the single most effective event for you to learn how to use you own enterprise data – processed in the cloud – most effectively to drive value for your business.A recent Gartner report predicts that the volume of enterprise data overall will increase by a phenomenal 650% over the next five years.
Smart Cities, London, June 11-12
Indie Web Camp, Portland, June 22 - 23,
Open Source Bridge, Portland , June 24-26,
Aspen Ideas Festival, Aspen, June 26 - July 2


ePIC European ePortfolio, London,July 8-10
Cloud Identity Summit, link, Napa, July 8 - 12
Hollyhock Invitational, link Cortez, July 
Open Source Convention, Portland ,July 22 - 26
BlogHer, Chicago, July 25-27


Blackhat, Las Vegas, July 27 - August 1
DefCon, Las Vegas, August 1 - 4
Burning Man, Nevada, August 26 - Sept 2
Art Theme:  Cargo Cult


dConstruct, UK, Sept 5 - 7
Indie Web Camp, UK, Sept 8th
Digital Enlightenment Forum  link, ___, September
Biometrics Consortium Conference, Tampa, September 17-19th
* Web of Change, link, Texas Hill Country, Sept 18-22,
 * DataWeek, link, September 28 - Oct 3


* Money 2020, Las Vegas, October 6-9
* Bioneers
* New Yorker Festival
Interent Identity Workshop #17, link, Mountain View, October


 * 88th IETF Meeting, Vancouver BC, Nov 3-8
* Identity Next, The Hague, November 19-20


Chaos Computer Congress, link, Germany, ~ Dec 27-29
* 89th IETF Meeting, London, March 2-7, 2014,
* WWW 2014, Seoul, April 7-11, 2014
* TERENA, TNC2014 Dublin, Ireland May 19-22, 2014
* 90th IETF Meeting, Toronto, July 20-25th 2014
* 91 IETF Meeting, Hawaii, Nov 2014
* 92nd IETF Meeting, Dallas, March 22-27th, 2015
* 93rd IETF Meeting, Prague, July 19-24, 2015
* 94th IETF Meeting, Japan, Nov 1-6, 2015

Mass-Educational Databases = Wrong Architecture

[This is cross posted on the PDEC blog -]


permrecord--tablet (Photo credit: teach42)


Every day it seems there is a new story about new "big data" systems are going to make things better - but then... they just made things creepier.


The latest news like this came from inBloom Inc. via SXSW-Edu (on Reuters). inBloom is a newly formed nonprofit to host a massive database of student records created with $100 million in funding from the Bill and Melinda Gates Foundation.  The goal seems good: track the progress of students through school and use the data to improve their outcomes.


The records can be comprehensive and inBloom doesn't need students' parents to consent to have their records in the database.


Federal officials say the database project complies with privacy laws. Schools do not need parental consent to share student records with any "school official" who has a "legitimate educational interest," according to the Department of Education. The department defines "school official" to include private companies hired by the school, so long as they use the data only for the purposes spelled out in their contracts.


The whole idea that you must have one massive educational database of all student records is an architecture of the past.


The core idea is right: more data about a student's learning experience in school is good for them and could be good for the overall school system. The challenge is how it is engineered. Are students and their parents put at the center of their own data lives? Or are they in another giant system they have little control over or say in?


We need to empower students with their own personal clouds. They must be able to download their own student learning records. They must be able to share them with companies and services that will work on their behalf. With personal clouds and infomediaries to help, students will find educational resources/and tools that can help them fill gaps in their learning and discover communities of interest. This infomediary market approach puts personal data to use without revealing any more data than needed and only on the student's terms.


Infomediary Market Model for Personal Data



In this market model the individual collects data in their personal cloud. This could be a machine in their home or a service provider they trust (they must have the right & ability to move service providers with all their data if this is truly a personal cloud service). The individual trusts an infomediary service to look into their personal cloud but does so with a fiduciary duty to the end-user. The infomediary then works on their behalf in the market place to find relevant vendors and services.  It does not reveil specific personally identifying information to prospective service providers. It helps the individual have good choices and they decide who to transact with (thus reveling personal information).


The inBloom project sounds like an marketing project: companies will comb through the data base, find students to approach, and sell them with "education" products. The student data is up for grabs.


We need a better set of policies, technologies, and products that put parents and their kids at the center of and in control of their data. This single point of failure won't do.



Enhanced by Zemanta

WEF Report #3: Unlocking the Value of Personal Data!

[This is cross posted on the PDEC blog -]

The World Economic Forum released its third major report about Rethinking Personal Data: Unlocking the Value of Personal Data: From Collection to Usage. PDEC has worked with the WEF's Rethinking Personal Data project since before its first gathering in the Summer of 2010. It is really gratifying to see this third report come out and continue to move the issue forward.

The Rethinking Personal Data work is now within a larger umbrella WEF's calling "Hyperconnectivity," lead by Bill Hoffman, the original steward of the Rethinking Personal Data project.

Unlocking's executive summary highlighted what PDEC member startups have been building:

New ways to engage the individual, help them understand and provide them with the tools to make real choices based on clear value exchange.

and the path forward of

Needing to demonstrate how a usage, contextual model can work in specific real world application.

The report says we must solve simplicity and elegance of design for usability so people can see the data generated by and about them.
The last part of the executive summary calls for "stakeholders to more effectively understand the dynamics of how the personal data ecosystem operates. A better coordinated way to share learning, shorten feedback loops and improve evidence-based policy-making must be established."
The Rethinking Personal Data project convened six face-to-face events leading to the report. I participated in four of them in 2012 on behalf of PDEC: March in San Jose, June in London, September in Tianjin, and October in Brussels.

One of the meetings' themes was the challenge to rise to the Fair Information Practice Principles. The US FTC's FIPPs were written in the 1970's when citizens raised concerns to Congress about how they were ending up on catalogue mailing lists. This offline model is not an ideal basis for how to address the economic opportunities of personal data and the challenges it presents today.

The second chapter covers the context of data use, where everything surrounding data use affects people's privacy expectations and the choices of institutions using their data. It's great seeing this level of nuance brought to a general business audience.

This report is notable for highlighting the role of the personal data store in initatives put forward by the UK, French and US governments that mandate Data Handbacks, that data created by an individual when transacting with a government or business should be given back to the individual.


A few paragraphs stand out for me in looking ahead and the opportunity for PDEC companies.

Potentially, markets can encourage a “race to the top” in which user control and understanding of how data is used and leveraged become competitive differentiators. Various trust marks and independent scoring systems will help stimulate this kind of response.

Given the complexity of choices, there is also potential for the development of “agency type” services to be offered to help individuals. In such a scenario, parties would assist others (often for a commission or other fee) in a variety of complex settings. Financial advisers, real estate agents, bankers, insurance brokers and other similar “agency” roles are familiar examples of situations when one party exercises choice and control for another party via intermediary arrangements. Just as individuals have banks and financial advisers to leverage their financial assets and take care of their interests for them, the same type of “on behalf of” services are already starting to be offered with respect to data.

The last section of the report outlines thirteen different use-cases for personal data by a range of stakeholders, including two PDEC startup circle companies - Personal and


Enhanced by Zemanta

Super Trip Review from NSTIC to RSA

I've been on two super trips recently.  One went from before American Thanksgiving to early December. This last one was much of February beginning with NSTIC and ending with RSA. I wrote this in pen and paper last week and typed it up today.

One way I manage to get around is to piece together what could only be considered "super trips" - 18 days.

I actually started off at home on Feb 2nd helping Van Riper run the Community Leadership Summit West. Its an unconfernece for mostly technical  community leaders but also managers but was inclusive of other community based community leaders. I will have a blog post about it up on my site.

February 4th I headed to NSTIC's 3rd plenary in Phoenix. I presented the results of the Holistic Picture Visualization Sub-Committee printing out the images we found online.  Bob Blakley and Brett McDowell did a good job shaping the agenda and inviting plenary participants to connect with the big vision of NSTIC of 10 years out.

  • All implementation actions are complete, and all required policies, processes, tools, and technologies are in place and continuing to evolve to support the Identity Ecosystem.
  • A majority of relying parties are choosing to be part of the Identity Ecosystem.
  • A majority of U.S. Internet users regularly engage in transactions verified through the Identity Ecosystem.
  • A majority of online transactions are happening within the Identity Ecosystem.
  • A sustainable market exists for Identity Ecosystem identity and attribute service providers.

While at the same time reminding on the way to getting a man on the Moon we got a Monkey into the Ionosphere - so what is our monkey in an Ionosphere - at the plenary groups were invited to articulate this:

  • Relying parties from multiple sectors are demonstrating identity and strong authentication credential interoperability
  • Is easier to use than the broken user account and password methods
  • Licensed professionals now have a common way to express credentials and ongoing certification.   No longer do licensed professionals need to scan, fax or otherwise send paper copies proving their qualifications every time another client seeks to retain their services.
  • allows citizens to securely establish a multi-purpose single identity that will significantly reduce, and eventually eliminate, the need to create and maintain multiple passwords and PINs.
  • Secure web accounts for use in circles of on line providers by 10 banks, 15 insurance companies and 25 hospitals.

February 7th I headed to Washington DC to work with my colleague at PDEC Steve Greenberg who is based there. We came up with some great new metaphors to explain for what is happening on the Personal Data Ecosystem.  You will have to come to one of our seminars if you wanna know ;)

I logged in to find a place nearby via AirBnB and had to go through KBA to do so (I had a choice I could have held up my drivers licence beside my face and turn on my camera too).  They also strongly encourage people to login with Facebook.  Your username is prominently displayed and well I didn't get that in choosing Kaliya this was the case. I have to see if I can change this. I stayed with a great couple - they had just given up cable in exchange for Netflix and Hulu. We watched the first episode ever of Star Trek.

I took a BoltBus from Baltimore to NYC with 4h to get to JFK for my direct red-eye flight to Vienna. I was met by Rainer Hober at the airport. He and Markus Sabedello invited me to help them put on an unconfernece in the spirit of IIW - the name of it became the European Workshop for Trust and Identity.  Rainer did an amazing job of pulling it all together and Terrena folks were well represented along the 40 people. There were folks from at least 12 different countries.  You can see the notes here.

I was excited to learn new things and have new insights / clarity enough not so easy these days.  I will write a post about the insights from this particular session where I whiteboard some new understandings.

A key to super trips is to not make travel to stressful. So mid-day Wednesday I travelled to London. I went to my a friend's flat and headed to the Innovation Wearhouse to touch base with Tony Fish & Prep for the first ever seminar. It went well - I covered more material then I planned for the day.

We had:

  • 2 Consultants
  • 1 guy from a Telco
  • 1 Investor
  • 1 University Student
  • 1 Business guy

Three knew Tony well, 1 had seen our diagrams circulating and looked us up.

The next day I had the day off in London and met with Jon Sharman and his daughter about the idea of an identity film festival of both short and long films.  We had the idea of creating an identity game with trump cards. I went to the Muji Store <3 Then I met up with Peter Stepman from WPSChallenger for a drink and some food while we wandered to a new part of London.

I headed to DC mid-day Sunday and stayed with a friend from the identity community. I met up with Greg who runs myUSA. They are looking at how people can use personal clouds to fill out government forms.  We talked about Identity standards and what is emerging in the industry. I encouraged him to head out to IIW.  It turns out we met about 10 years ago at an event that Susan Mernit put on.

I headed to NYC for our now postponed Seminar there. I got to meet up with Allison Fine who invited me to contribute to the Anthology Rebooting America. She is working on a new project on how us being networked is impacting collective generosity.

I took a break and saw Avenue Q off broadway. It was super fun - basically Sesame Street for adults.

I was reminded by a friend about Brene Brown's work on whole hearted living. The only difference between those who experience whole hearted is that they believe they are worthy of love and belonging. I totally recommend all 3 of her TED talks and this other one.

The East Coast part of trip ended with my meeting up with a guy who pinged me from the internet because my blog is referenced in  the wikipedia Social Login article (with a rare direct link pointing to my identity spectrum post). It turns out the company has a product in the personal data space. I headed to Seattle and spent the morning with my colleague Bill Aal.



NSTIC in six simple parts

One of the challenges with the whole NSTIC thing is that it has a bunch of different parts. I wrote up this description as part of our What could Kill NSTIC paper.

NSTIC National Program Office. The NSITIC NPO operates within the Department of Commerce’s National Institute of Standards. It is lead by Jeremy Grant. The office has several full time staff and they are responsible for the transition of NSTIC from a US government initiative to an independent, public- private organization. They’re smart, talented, and they care.

Identity Ecosystem Steering Group (IDESG). The NPO invited many people, NGOs, government bodies, and companies to participate in building an identity ecosystem in the Identity Ecosystem Steering Group. All the people and organizations who sign up to be a part of this are together called “The Plenary.” The NSTIC NPO wrote IDESG’s charter and its first bylaws.

IDESG Management Council. The IDESG management council is elected by the members of the plenary who self-selected into stakeholder categories. Each stakeholder category elects a delegate to the Management Council. The entire plenary also elects two at-large positions and two leadership positions. The management council can create sub-committees to get its work done. I’m chaired one that collected holistic ecosystem pictures, for example.

Committees within the IDESG Plenary. These committees do the actual work of making the identity ecosystem’s vision a reality. New committees can be proposed by any member. Committee membership is open to all plenary members. The work and activity of the committees is shared openly. A few of the active committees are working on standards, privacy, trust frameworks, accreditation, and nymrights.

The Secretariat. The NSTIC NPO awarded a $2.5 million dollar contract to provide support services to the Identity Ecosystem Steering Group. Trusted Federal Systems won the contract to act as the IESG’s “Secretariat.” They coordinate meetings, manage listservs, and the like.

NSTIC Pilot Projects. In early 2011, the National Program Office put forward $10 million in funding for five pilot projects that worked to solve some of NSTIC’s challenges. Grants were awarded in September 2012 and run for one year. The pilot projects were set up before the IDESG existed and the IDESG had no input into the selection of the the winning pilots. 187 different initial pilot projects applied for grants, 27 were selected to submit full proposals, and five were selected. Applications for a second round of pilots are coming in Q1 2013.

Help co-create the Data Seder

Here is how I put forward the idea to a friend...

Me: Hey, so you know about Passover?

A: Yes, there is a meal... and its a jewish holiday

Me: Yes, its a religious service over a meal to retell the story of the jews escaping from Slavery in egypt 1000's of years ago.

It is a celebration of Freedom.

We are uptdating it for the contemporary struggle to free our data.

We want to raise consciousness about current data practices through a modern version of the Seder Meal

Join us on our mailing list (and soon on the wiki)

I am also going to be seeking input from leaders of multiple faiths about what their tradition has to say about identity and data rights in the digital age. Feel free to contact me if you know a faith leader we might approach for such a statement.

There will be a physical seder in Oakland - but we are hoping the service we develop can happen all over.


What could Kill NSTIC? PDEC White Paper Released

My colleague at the Personal Data Ecosystem Consortium, Phil Wolff, hosted sessions at the last two IIW's that invited community consideration of the risks to NSTIC. He has put together a paper that outlines the results of these two sessions that were titled "Death to NSTIC" the white paper is "What Could Kill NSTIC: A Friendly Threat Assessment". He has a video about it and you can download it from our website. 

It also has a Bonus Section I wrote that:

  • Explains some of the background of NSTIC
  • Articulates the 6 main parts of NSTIC and what they do
  • Explains the relevance of NSTIC to the companies in the Personal Data Ecosystem Consortium.

NSTIC and She's Geeky

I took the opportunity of the women's technology conference I run (She's Geeky) to host sessions about NSTIC.  This diagram was drawn.  It articulates the issue of attention and participation based on those in industry and those not "in" industry.


I'm running for Mayor* again!

I'm planning on running for Mayor * again (a position on the NSTIC Steering Group Management Council) - this time for a different "municipality" (delegate representative).

Currently I am the Consumer Advocate delegate - I'm going to shift my membership and join the IDESG with my hat as Executive Director of PDEC and run for the Small Business and Entrepreneur delegated on the Management Council.

If you want to be a part of the IDESG and VOTE in this round of elections you MUST register by February 14th.  

Go to to learn more about my campaign & register to vote OR just go to their site if you are new. If you registered last election you have to submit the new/updated membership agreement including signing it and sending it in.  Send an e-mail to: update your registration.

If you want updates from me put your e-mail here 

Why the shift in my mayoral race to a new stakeholder delegate category. Simply it creates greater alignment with the main focus of my day to day work on two fronts.

  • PDEC is a trade association of entrepenuers from around the world working developing personal clouds and services.
  • I myself am a small business owner is my conference design and facilitation business

It seems like it was just yesterday that I ran for Mayor * (The Consumer (and Citizen) advocacy delegate on the management council of the Identity Ecosystem Steering Group for the National Strategy for Trusted Identities in Cyberspace) but that was in August. Another round of elections is happening this spring.

I have been to all the Management Council meetings even those that happened at 3am local time when I was in China in September. Much of the energy and attention in this first period of of NSTIC was on the governance of the steering group but now we are focusing on getting real work done.

In December I was asked by Brett McDowell chair of the Management Council to chair a sub-committee of the Management Council focused on collecting Holistic Pictures.  We have completed our work you can see it here.

I also have been helping people who were involved in the NymWars who have an interest in ensuring that NymRights issues are represented within NSTIC.

Recently within NSTIC there has been a focus on business models for businesses and overall market models. I think that PDEC companies have a lot to offer in this effort and are really making privacy protecting, end user empowering business models.




European Workshop on Trust & Identity in Feb

I'm going to Vienna in Febuary to work with Rainer and Marks on an event they are pulling together (and invited me to help with).

The European Workshop on Trust and Identity 

February 12-13 in Vienna.

Registration is here.

Internet identity, identity federation and personal data online are complex, continually evolving areas. The event is inspired by similar events such as the Internet Identity Workshop(external link) in California, Identity North in Canada, and Identity Next in the Netherlands, with a focus on European perspectives and initiatives. At EWTI participants will seek deeper understanding, and better solutions to challenges like:

  • Technology. Developing feasible and open standards.
  • Trust Frameworks. Establishing new paradigms and policy sets.
  • Usability. How can users navigate different identities and understand their data?
  • Economy. How can identity services fit into businesses requirements and opportunities for all stakeholders?
  • Interoperability. On which levels and areas is interoperability necessary or feasible? This is a cross-cutting concern for technical, legal and business views.
  • Deployment and operation. How can different options be supported and exploited in the best way, given the whole range of places and devices.
  • EU project challenges. The European Commission’s projects related to trust and identity like STORK and eID regulation are landmarks on the roadmap. How do other actors relate to and utilize those projects?

Besides discussing specific topics in the above areas, there will also be plenty of opportunities for networking among solution providers and seekers, startups, investors and technology pundits. EIW provides a place where skilled people from a wide range of functions and projects in the identity ecosystem gather and work intensively for two days. The unconference format puts into the foreground what is important for the participants. How much attention topics receive is driven by active participation. Results will be collected and published at the and as proceedings. After the brief introduction on the first day there are no formal presentations, no keynotes, no panels. What happens then? We will make the schedule when we are face to face the first day of the conference. We use a method called Open Space Technology to support unconference where the topics most important to the participants that day are discussed. How much attention topics receive is driven by active participation. This supports a self-organized and self-responsible group unleashing the great creativity and passion of the participants. Results from sessions will be collected and published at the end as proceedings.

Communicate Across Initiatives

There are numerous IDM-related efforts and projects in both private and public sector. EIW is a place for direct talks skipping hours of time-consuming powerpoint presentations. Take the opportunity to form the contents yourself!

Next Events in early 2013

I'm working on a few key focused things this year (more on that in the next post). One of them is being more proactive in posting where I am going to be.
This post has events of three types for the next 2 months.
Black BOLD: Will be attending
Red BOLD italics: Helping to Organize and will be attending/leading
* Interesting I wish I could go - not likely too.
I'm also sharing below that events I know I will be attending for the rest of the year - the interesting event post for the rest of the year.
* Cloud Computing Workshop and Big Data Forum, Gaithersburg, Maryland, January 15 - 17, 2013
* Strata Online, DataWarefare, January 22
* State of the Net Conference, Washington DC, January 22 - 23, 2013
NymRights Meeting at SudoRoom, Link, Wednesday January 23rd
Discussing the development of a Name Policy, generally AND put it forward into the NSTIC conversation

Online Community Manager Meetup link  San Francisco, January 23rd 

The core of this community are some amazing people who I really love and share the professional practice of doing community management online. Randy Farmer, Gail, Susan Tenby [personal hero for testifying before congress pro-social good use of second life and pro-nym and then having that picked up by the Daily Show, ] Bill Johnston, ,

* Cloud Security Alliance, Bay Area, January 24th

* Streams, Gardens, and Clouds: Visualizing Dynamic Data for Engagement, Education and the Environment: A CITRIS Data and Democracy Event to Celebrate Data Innovation Day link, Berkeley, January 24th

She's Geeky!!!! link Bay Area - Mountain View, January 25-27

I am super excited about this year - we have the amazing Kas Nettler executive producing. There are a bunch key topics and conversations I want to have including about

  • NSTIC - and getting involved for regular folks
  • Nym Rights,
  • Transgender Identity Issues Online,
  • Community and Conference Diversity including educating allies,
  • Considering possibility of doing healing circles in hacker/technical comunities.
* CFP Mini Conference in DC, January 28th
* Green Data Center Conference, San Diego, January 29-31
* Research Exchange talk by Tim O'Reilly at CITRUS, January 30th

Personal Cloud Evening Link in San Francisco, last week in San Francisco

Working with Johannes, Adrian, Adam along with PDEC members coming in from out of town Phil Windley and Drummond Reed.  It looks like an exciting line up.
* Computers, Privacy and Data Protection, Brussels, January 23-25


Community Leadership Summit linkSan Jose, 

Van Riper is the Community Leader - community leader.

NSTIC IDESG Face to Face, Phoenix, Feb 5-7

First of all you can register here - this will be the 3rd. I'll write more soon about NSTIC
* Lift Conference, Geneva, Feb 6-8

European Identity Workshop, LINK, Vienna, Feb 12-13

I'm working with Rainer Hober and Markus Sabedello to put this Unconfernece on. I'm really excited about it.
* Personal Digital Archiving, Maryland, Feb 21-22nd
* Wisdom 2.0, February 21-24th
* Future of  Banking Summit, Paris,  Feb 26th
* Strata Conference, Santa Clara, Feb 26 - 28th,

RSA Conference, San Francisco, Feb 25 - 29th

* Network & Distributed System Security Symposium,  San Diego, Feb 25-27,
Hosted by the Internet Society
 *  Public Interest Environmental Law Conference PIELC, Eugene, Feb 28 - March


Harvard Leadership Program with YGLs, link, Cambridge, April 2-12th

Future of Money and Technology, link, San Francisco, April ? 

UnMoney Convergence, link, San Francisco, April ?


Internet Identity Workshop #16, Mountain View, May 7-9


YGL Summit Mayanmar, and WEF East Asia link June 2 - 7 


Cloud Identity Summit, link, Napa, July 8 - 12
Hollyhock Invitational, link Cortez, July 



Digital Enlightenment Forum,  Europe, September 16-18,


Interent Identity Workshop #17, link, Mountain View, October



Looking Ahead to 2013

The month of January I'm spending at home in the Bay Area and focused on a few key things:

  • Working with Phil Wolff and Jean Russell on key systems for the Personal Data Ecosystem Consortium with an emphasis on the Startup Circle, Personal Cloud Gathering around the country, Educational Seminars and preparing to launch the Open Protocol Wire (to track all the open protocols relevant to the emerging space).
  • Doing year long planning and business development for the Unconference design, facilitation and production company with Bill Aal, Jennifer Holmes and Jean Russell.
  • Visioning how all the interests and themes I have been engaged with in my life's work are woven together in this coming year - a few more posts will follow to share current ideas/reflections.
The year will include:
  • Focusing on my personal human form sustainability and happiness.
  1. Including making space for bodily healing and regeneration
  2. moving and exercising
  3. growing my relationships with my chosen family
  4. spending quality and extended time with good friends
  5. making time for my art
  6. creating a beautiful and nurturing home environment
  7. having time to think and be away from home
  8. completing life homework (paperwork) that has been put off to long
  9. consciously connecting to my spiritual self
  10. reflecting and connecting with my ancestors and sharing more about them online
  • Growing the Personal Data Ecosystem into a Thriving Community and Organization Supporting it. 
  1. Spending more time with the Personal Data Ecosystem startups and growing the number we serve.
  2. Offering Seminars to get individuals, companies and funders up to speed.
  3. Getting great informational synthesis systems in place for news updates, white papers, events etc.
  4. Developing peer educational opportunities across the ecosystem (podcasts, webinars etc).
  5. Growing the number of Personal Cloud Meetups happening
  6. Helping coordinate joint activities and conversations including engaging with governments as they look at regulation.
  7. Working with Evan Prodromo and others on making real mutli-code base, open standards based interoperable Federated Social Web.
  8. Developing some socially responsible investing SRI and Corporate Social Responsibility guidelines for technology that go beyond "is the electricity in your data center green"
  9. Figuring out how
  • Engaging with the NSTIC process including attending the Phoenix meeting in early February (you are invited too). 
  1. Working with Aestetix on the NymRights efforts within and beside NSTIC.
  2. Completing the work of the holistic picture subcommittee I lead and seeing what is next.
  3. Working on getting citizen advocates who are diverse engaged in the  process
  4. Continuing to advocate for and provide ideas about how to actually put into practice inclusive, easy to participate in processes for NSTIC that get input from a broad range of stakeholders AND create enough space for industry folks used to enterprise identity management to actually "get" that this isn't about employee provisioning and termination.
  5. Inviting a focus within NSTIC to listening and responding to the complex system of the existing and emerging identity ecosystem rather then pursuing "plans" developed in committees of self appointed experts.
  6. Considering running again for the NSTIC Management Council seat in the elections coming up this spring.
Connecting & working with Young Global Leaders and WEF 

Facebook's Problem = FSW Opportunity

ReadWriteWeb's social Blog has an articule up referencing a conversation the author had with Mark Cuban about Facebook's business model and integrity challenges.

Apparently Facebook is now going to charge brands a huge amount to reach the base of fans they have accumulated on facebook.

I’ve heard anecdotally about a huge brand that was complaining recently because it has spent four years building a following of millions of people, promoting its Facebook presence (and, by implication, Facebook itself) on expensive television ads - and now Facebook has flipped a switch and, overnight, their reach dropped by 40%.

So now they’re done. They’ve been burned, and, like Cuban, they’re looking elsewhere.

A few weeks back I as in a tweeted to a woman complaining how Facebook was shaping which of her friend's updates she saw and even asking her to pay money to have her updates go to more of her friends. I said that when we had a federated social web she wouldn't have this problem we would choose which of our friends we would follow and get updates from.

I attended my 3rd out of three federated social web summits last week eek it feels like last week it was 2 weeks ago just after IIW 15. Evan Prodromo pulled together an amazing group of folks working on key aspects of the challenge.

Phil Wolff and I presented about the emerging Personal Cloud offerings coming out of our community of companies (the Personal Data Ecosystem Startup Circle)

Tantek shared POSSE - Publish On your Own Site Syndicate Everywhere.

Even gave an update on where OStatus the stack of protocols that gives you twitter and facebook like functionality across services.

We learned about many other projects. too (you can see them on the wiki here).

I'm glad that folks like Mark Cuban are waking up to the fact there is an issue with Facebook and they should be looking elsewere. Facebook is to social what AOL and Compuserve were to e-mail. It will be disrupted by the Open Standards based infrastructure must of it based on Open Source code. People will have their own personal node on the network - a personal cloud where they will connect to others and to organizations they want to share with, connect with and do business with.

It would be great to see some big investments in core open infrastructure that can then be leveraged to make money afterwards. This is what Doc Searls is always saying you make money because of it not with it.  We need the web to continue extending to being the type that Nobody Owns, Everyone can Use it and Anyone improve it.  Open Standards are the key to this. I argue they are more important then open source code alone (look at diaspora open source but rolled its own way of doing things...and didn't interoperate with other projects/efforts doing similar things)

If you were to ask me what would get us to the future fastest though it is open source implementations of those open standards are invaluable and what "investors" like Mark Cuban and others who are now seeing the danger of one company "owning" the social profiles and identities of a billion people should consider funding now with no strings attached.

I was asked by an investor group that I gave a day long briefing to about the the emerging Personal Data Ecosystem. I said I would give Evan Prodromo 12 million dollars no strings attached (as in you are not seeking a return on the money with more money) the deliverable for that money would be a working federated social web in 1 year. On that web one can build a huge variety of businesses and services in new ways not possible on today's web (or at least not possible without creepy stalking and trackers and paying middle men like facebook to talk to your "fans").  That web itself...shouldn't be "owned" it needs to be created though.





IDESG: Governance beyond "us" Challenge 2 for NSTIC

Second Challenge:  How are we meaningfully and regularly checking in with those outside the community of self selected stakeholders - to regular citizens who have to use the currently broken systems we have today and hopefully will be enthused and inspired to adopt the outcomes of this whole effort?

The openness of NSTIC overall was inspired by the Open Government memo (  signed first day in office. It inspired a lot of my colleagues in the dialogue and deliberation community. (Yes, I have another life/carreer doing facilitation see

They went to work figuring out how to be sure that coherent resources and tools were available to those who were now mandated to "do" open government and have more public participation would have really good resources available.  Tom Atlee the person I co-wrote the Governance section of my NOI was one of the leaders of this working with the NCDD (the National Coalition for Dialogue and Deliberation) to define 7 core principles of public engagement.

Blog post that outlines them: (

Read the rest of this entry »

IDESG Governing "us": Challenge 1 for NSTIC

I am posting to this blog the two posts I made to the NSTIC IDESG governance list on Tuesday. Here is the first one on Governing "us" (that is the word "us" not U.S.)

I only got on the [governance] list over the weekend despite raising my hand to be a part at some point in the Chicago meetings.

I am working to track all that is being discussed and I also want to breath and step back a bit. I want to share two bigger challenges and perspectives.

First Challenge how are we we connecting/structuring and governing the interested stakeholders who ARE showing up to engage.  How are we as Bob just asked creating ways, systems, processes and tools forward to create alignment and agreement?

Second Challenge  How are we meaningfully and regularly checking in with those outside the community of self selected stakeholders - to regular citizens who have to use the currently broken systems we have today and hopefully will be enthused and inspired to adopt the outcomes of this whole effort?

They are two quite different but related challenges. This e-mail will deal with challenge 1. The next one with Challenge 2.

Read the rest of this entry »

Consensus Process and IDESG (NSTIC)

In my governance NOI response I proposed several different methods be used to solicit input from a wide variety of stakeholders and bring forward from those processes clear paths for making a real strategy that take input from a wide range of stakeholders.

When the first governance drafts came out of the NPO, they articulated that the steering committee would operate via consensus BUT then it also articulated a whole set of voting rules for NOT abiding by consensus.

When I asked about their choice of using the term consensus to define a particular methodology - they came back and said well we didn't actually mean to suggest the use of a particular proces.

But consensus IS a process method I said...and they said we didn't mean to proscribe a method. So we were sort of in a loop.

Now that we are in this stage that is considering governance and systems for the community of self identified stakeholders (and people beyond this group who will be the users of the outputs).  What I don't know is if people really know what real consensus process is or if we have anyone who is experienced in leading actual consensus processes? It keeps feeling to me like we are using Roberts Rules of Order and then getting everyone to agree - thus having "consensus".  That isn't consensus process.

Tree Bressen who was the leader of the Group Pattern Language project (I participated along with many others in its development) has an amazing collection of resources about conensus process including a flow chart of consensus process and Top 10 mistakes to avoid them.

Are we using consensus process?

One of the big issues of our democracy today (in the liberal west broadly) is that we have this tendency to believe that "voting" is the thing that makes it democratic. Voting is a particular method and one that by its nature sets up an adversarial dynamic. There are other methods and ways of achieving democracy and we can go well beyond the results of our current systems by using them. Tom has done a lot of research into them over the years at the Co-Intelligence Institute and has published two books The Tao of Democracy and Empowering Public Wisdom. 

I am glad methods outside what has been the normative frame of "Roberts Rules of Order" as Democracy are being considered...however we need to be clear on what processe we are using.




NSTIC Governance....Privacy Interests

This past weekend I finally got onto a bunch of mailing lists for NSTIC including the governance one. (you can too)

It is a generally accepted best practice that governance systems should be developed by the communities that need to live by them. With NSTIC the stakeholders were handed a charter and bylaws created (primarily driven by the vision of one guy) in the NSTIC National Program Office.  They kept saying "there is consens" around the charter and bylaws...but there wasn't they were sort of thrust upon us and not developed by us.  We chose to accept them for now and are now in the process of re-visiting the bylaws handed to us and we agreed to for a short period to get things going.

The draft by-laws include a privacy standing committee that has veto power over the outcomes of Identity Ecosystem Steering Group.

One theory about why this is, I have heard more then once from industry folks involved with NSTIC, is that the privacy constituency "got" this committee and its veto power as a deal to participate in NSTIC.  We don't know ... cause the process of how this idea of having this committee have a veto was not transparent or open.

If we are committed to actually having a consensus based process then no one group committee needs a veto.

I said on the chat during the call that there was a misttrust issue.  I don't trust giving the privacy advocates a veto in part because they don't currently show up and engage with industry in the development of the tools and technologies.  I have regularly invited privacy advocates to participate in the Internet Identity Workshop and I regularly have those invitations declined. I will call out the specific groups the ACLU of Northern California and the EFF.  (Having received a cool shoulder from them I haven't pursued inviting other groups however the woman from the World Privacy Forum who spoke today on the governance call would be great to have at IIW) Both claim "nonprofit" poverty and say lack of budget to attend such events. (IIW has an early bird ticket price of $150 and includes three meals a day for three its not expensive). Both have multi-million dollar budgets and choose not to invest, as part of how then spend their resources, on showing up in forums like IIW with industry "making the sausage" of open standards for how identity will work for people on the internet.

Organizations like this tend to spend their money on lawsuits against companies who have violated privacy. I don't disagree that EPIC and other groups should be holding Google and Facebook accountable for changing their settings in ways that violated user expectations and therefore one version of waht privacy is. However if that is all they do...(sue and file complaints with government agencies) then it is like investing in prisons instead of schools.  If you invest in schools you won't need prison's later to hold the citizens who become criminals because they didn't get a good education.

If they chose to invest in the fora where technical standards are made and work with industry to ensure that the interoperable systems they design are in alignment with core functional requirements that give people control of the flow of information about them in digital systems (what we might call privacy). Then they wouldn't have to file so many law suits down the road cause they would work well.

There is also the issue that "Privacy" isn't ONE THING.

See: Solove - Taxonomy of Privacy 

Until it is clearer what the groups who are pro-privacy mean and how they see it being instantiated in the standards that becoms the code that will be the basis for the ecosystem.  It feels really hard to engage or trust them with a veto.

My fear is that a structure for IDESG that includes a privacy committee with a veto will continue to foster the current pattern of of industry interaction. The privacy interested groups will stay away from really engaging with technology developments as they are done BECAUSE they have a veto over them .. at the end of the process. They will stand on the sidelines and then swoop in and kinda "gotcha" those in industry who have been working together.





Kaliya for Mayor!...nope NSTIC

Update August 18th: 

Thank you to all the people and organizations who vote for me in the NSTIC election - I WON! .  I ran with my association to Planetwork and I am the Consumer and Citizen Advocate delegate for the next 6 months on the Management Council of the Steering Committee of the National Strategy for Trusted Identities in Cyberspace. You can learn more about my candidacy and the election on this post.  You can track the group/community progress at

I will be working hard with the AARP to grow the number of citizen and consumer advocate groups who are participating in the NSTIC process.

Original Post:

I'm Running for Mayor NSTIC!
Learn how to vote for me and get involved at Kaliya for Mayor .org

Here is the video!

Read the rest of this entry »

It's NSTIC election time!

So it's NSTIC election time!

I'm running for the Consumer (And Citizen) Advocacy delegate position on the Management Council of the Steering Committee for the National Strategy for Trusted Identities in Cyberspace!  Learn how to vote for me and get involved at and see my campaign video.


I, like many in the identity community, have been paying attention to and tracking this since the first draft of the proposal two summers ago.

They wrote a draft we gave input. They announced they would be launching a strategy in Silicon Valley then they launched the Strategy.

They wrote a Strategy and then hosted a Governance  and Privacy technical "workshop".   Both were poorly designed and kinda ineffective but non-the-less well intentioned. 

They asked us how it should be governed with a "Notice of Inquiry" about that last summer (I submitted my ideas    others did too).

The technical meeting about NSTIC was woven in with IIW #13 last fall.

They had a briefing about the Grants for pilot projects (I attended via webinar).

They ( the NSTIC National Program Office) put forward a charter and by-laws. They have an Identity Ecosystem Steering Group webinar.