Saving the World with User-centric Identity.

Getting Started with Identity

Welcome to the Identity Woman Blog

I am an advocate for the rights and dignity of our digital selves.

Top Posts:

How to Join NSTIC, IDESG: A Step-by-step Guide

How to Participate in NSTIC: A Step-by-step Guide

Where I am in the World:

I live on the East Bay of the San Francisco Bay.

ID360  April 9-10, Austin

NSTIC Management Council Retreat  April 22-23 in DC

Internet Identity Workshop - May 6-8, Mountain View, California.

SHARE: Catalyzing the Sharing Economy - May 13-14 in San Francisco

NSTIC 9th Plenary June 17-19 in DC

Cloud Identity Summit - July 19-22 in Monterey, California

Web of Change (tentative) Hollyhock, Cortez Island, BC, Canada

World Economic Forum - YGL Summit + Annual Meeting of New Champions - Sept 7-12 in Taijin, China

Internet Identity Workshop number 19, October 4-6, Mountain View California

Latest Media:

NSTIC in Tech President: In Obama Administration’s People-Powered Digital Security Initiative, There’s Lots of Security, Fewer People 

Article on the BC eID Citizen Engagement Panel in Re:ID. PDF: reid_spring_14-BC

Fast Company Live Chat: On Taking Back Your Data

Fast Company: World Changing Ideas of 2014: You Will Take your Data Back

Posts on NSTIC:

  • Participatory Totalitarianism! - My TEDxBrussels Talk about how if we don't get this NSTIC stuff right we will end up in a really creepy world.  It references my struggles with Google+ to use the name I chose for my online self.

Posts about Identity:

  •  NymWars - My Personal Saga with Google in the [psuedo] NymWars to use the name I choose on their service - annotation of all my posts.
  • My speech at the Digital Privacy Forum in January 2011 articulating a vision that goes beyond "Do-Not-Track" vs. Business as Usual, creating a new ecosystem where people collect their own data.

Organizations and Events I share leadership in:

  • I am co-leading a new project - more details coming soon.
  • I am on the Management Council of the IDESG - the Identity Ecosystem Steering Group of NSTIC - the National Strategy for Trusted Identities in Cyberspace.
  • I co-founded, co-produce and co-facilitate the Internet Identity Workshop #18 May 6-8  in Mountain View, CA. This conference has focused on User-Centric Identity since 2005.
  • I am a steward of Identity Commons which keeps all the organizations and groups working on user-centric identity linked together.
  • I am the volunteer network director at the civil society organization I have been affiliated with since 2003.
  • I founded She's Geeky a women's only unconfernece for those in Technology and STEAM fields (Science, Technology, Engineering, Art and Math)
  • I co-founded Digital Death Day and work with that community to continue to host events on the issue. You can see a video of me talking at Privacy Identity and Innovation about this. The next conference is in London on October 6th.
  • I own a business that designs and facilitations participant driven events for a range of clients (IIW, She's Geeky and Digital Death Day are all Unconferences).

BC Government Innovation in eID + Citizen Engagement.

I wrote an article for Re:ID about the BC Government's Citizen Engagement process that they did for their eID system.

Here is the PDF: reid_spring_14-BC

Big Data and Privacy

On Friday I responded to the Government "Big Data" Request for Comment.

I will get to posting the whole thing in blog form - for now here is the PDF. BigData-Gov-2



NSTIC WhipLash - Making Meaning - is a community thing.

Over a week-ago I tweeted that I had experienced NSTIC whiplash yet again and wasn't sure how to deal with it.I have been known to speak my mind and get some folks really upset for doing so - Given that I know the social media savy NSTIC NPO reads all tweets related to their program they know I said this. They also didn't reach out to ask what I might be experiencing whiplash about.

First of all since I am big on getting some shared understanding up front - what do I mean by "whiplash" it is that feeling like your going along ... you think you know the lay of the land the car is moving along and all of a sudden out of nowhere - a new thing "appears" on the path and you have to slam on the breaks and go huh! what was that? and in the process your head whips forward and back giving you "whip-lash" from the sudden stop/double-take.

I was toddling through and found this post.  What does it Mean to Embrace the NSTIC Guiding Principles?

I'm like ok - what does it mean? and who decided? how?

I read through it and it turns out that in September the NPO just decided it would decide/define the meaning and then write it all out and then suggest in this odd way it so often does that "the committees" just go with their ideas.

"We believe that the respective committees should review these derived requirements for appropriate coverage of the identity ecosystem.   We look forward to continued progress toward the Identity Ecosystem Framework and its associated trustmark scheme."

Why does the NPO continue to "do the work" that the multi-stakeholder institution they set up was created to do that is to actually figure out the "meaning" of the document.

Why not come to the Management Council and say - "hey we really need to as a community figure out what it "means" to actually embrace the guiding principles. We need to have a community dialogue that gets to a meaningful concrete list relatively quickly - how should we do that as a community." Then the Management Council would do its job and "manage" the process and actually figure out 1) if the NPO was right that indeed now would be a good time to figure out the meaning of embrace and 2) then figure out how to do it and the people on the council (and others in the community) who have some experience in leading real mulit-stakeholder efforts and skills inclusive methodologies would have debated and put forward a path. The Secretariate - (if it actually functioned as a support organ for the Management Council) would then help the council carry out the process/method and get to the needed "outcome" some community developed articulation of what embracing the principles means.  Instead we just have what the NPO staff thinks. Which while I am sure it is "great" and they are such "hard working, good folks" wasn't community generated and therefore not "owned" by the community which is not good if the outcomes of this effort are to be "trusted" by public at large all the core work items of a mutli-stakeholder institution can't just be done by the NPO.

I'm not your NSTIC "delegate" any more ... pls get involved.

I have heard over the past few years from  friends and associates in the user-centric ID / Personal Cloud/ VRM Communities or those people who care about the future of people's identities online say to me literally - "Well its good  you are paying attention to NSTIC so I don't have to."

I'm writing to say the time for that choice is over. There is about 1 more year left in the process until the "outputs" become government policy under the recently released White House Cyber Security Framework (See below for the specifics).

Key items of work are progressing and the time for "our" world view showing up within the work is now and my ability to get them to be taken seriously is ZERO if I continue to be an almost lone voice expressing these key items - particularly

The functional Model Group is working on defining all the "bits" of the system. I believe this is where the "personal cloud" should be a key primary function/piece of the ecosystem. So far it has not been raised in a significant way and not be addressed by the powers that be leading the committee.

The Trust Framework work is progressing rapidly. This is the work to take existing what they call Trust Frameworks (and I think should be called Accountability Frameworks). These are where the existing rules/policies and technologies for various networks are all harmonized and then through that some how we get to a kind of mata/uber trust framework and interoperability.

The big challenge that I see is that it is all coming from existing frames within the conversation do NOT have a remotely "user centric" frame.

  • I don't hear any conversation about how individuals will be protected from their "Identity Provider" (the entity that has "all" their identity information and vouches for them at a Relying Party).
  • I don't hear any conversation about how people will be protected from over zealous relying parties asking for way to much information.
  • I don't hear any conversation about how individuals will be protected from IdP's and RP's being able to sell their data into the data broker industry.
  • I don't hear any conversation about how people could collect their own attributes and information in a Personal Cloud and from that center of personal sovereignty use it in the ecosystem.

I do see:

  • Assertions that Relying Parties can ask for whatever they want / think they need to complete a transaction and that "the market will decide"
  • Assertions that concerns about people's rights around how they choose to name and identify themselves should be set aside for future iterations.
  • I do see that one of the pilots in the last round of multi-million dollar grants went to a defense industry consortium specifically for "development of an open source, technology-neutral Trust Framework Development Guidance document"

So what should you DO?

1) Sign up to attend the April 1-3 Plenary in Mountain View (bonus you don't have to attend in person) Link Here.

2) Sign up to watch and contribute to the Trust Framework and Functional Model Groups - please see this post OR any of a number of groups with activity.

3) Sign up to join the IDESG organization (that way you can be "official members") of the committees and "vote" on things.  See this Post.

4) Let me know you are keen on getting more involved and I can help connect you others also "diving in" right now [ kaliya AT identitywoman DOT net].

5) Bonus - Attend the Internet Identity Workshop in Mountain View May 6-8 and work with others in the user-centric community on this and other more fun issues (like building cool decentralized, empowering technologies).

This is what I referenced above it becoming government policy and practice.

As the White House announcement details below, today marked the release of the Cybersecurity Framework crafted by NIST – with input from many stakeholders – in response to President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity issued one year ago.

NSTIC is not discussed in the framework itself – but both it and the IDESG figure prominently in the Roadmap that was released as a companion to the Framework.  The Roadmap highlights authentication as the first of nine different, high-priority “areas of improvement” that need to be addressed through future collaboration with particular sectors and standards-developing organizations.

The inadequacy of passwords for authentication was a key driver behind the 2011 issuance of the National Strategy for Trusted Identities in Cyberspace (NSTIC), which calls upon the private sector to collaborate on development of an Identity Ecosystem that raises the level of trust associated with the identities of individuals, organizations, networks, services, and devices online.

NSTIC is focused on consumer use cases, but the standards and policies that emerge from the privately-led Identity Ecosystem Steering Group (IDESG) established to support the NSTIC – as well as new authentication solutions that emerge from NSTIC pilots – can inform advances in authentication for critical infrastructure as well.

NSTIC will focus in these areas:
· Continue to support the development of better identity and authentication solutions through NSTIC pilots, as well as an active partnership with the IDESG;

· Support and participate in identity and authentication standards activities, seeking to advance a more complete set of standards to promote security and interoperability; this will include standards development work to address gaps that may emerge from new approaches in the NSTIC pilots.








What is a Functional Model?

I have been working in the identity industry for over 10 years. It was not until the IDESG - NSTIC plenary that some folks said they were working on a functional model that I heard the term.  I as per is normal for me pipped up and asked "what is a functional model", people looked at me, looked back at the room and just kept going, ignoring my question.  I have continued to ask it and on one has answered it.

I will state it out loud here again -

What is a Functional Model?

How to Participate in NSTIC, IDESG - A step by step guide.

The Identity Ecosystem Steering Group is a multi-stakeholder organization (See this post about how join.) Technically You can participate on lists even if you are not members but it is better that you go through the process of joining to be "officially" part of  the organization.

If you join the IDESG it is good to actively participate in at least one active committee because that is where organization work is done by committees - any person or organization from any stakeholder category can participate.

The committees have mailing lists - that you subscribe to (below click through where it says Join Mailing list and put in the e-mail address you want to use, share your name and also a password).

On the list the group chats together on the list and talk about the different work items they are focused on.  They have conference calls as well to talk together (these range from once a week to once a month).  You can also contact the chair of the committee and "officially" join but that is not required.

If you are reading this and getting involved for the first time - read through this list and pick one of the committees that sound interesting to you.  They are friendly folks and should be able to help you get up to speed - ask questions and ask for help. This whole process is meant to be open and inclusive.

Read the rest of this entry »

How to Join NSTIC, IDESG - A step by step guide.

The National Strategy for Trusted Identities in Cyberspace calls for the development of a private sector lead effort to articulate an identity ecosystem.

To be successful it needs participation from a range of groups.

An organization was formed to support this - the Identity Ecosystem Steering Group in alignment with the Obama administration's open government efforts.

The "joining" process is not EASY but I guess that is part of its charm. It is totally "open and free" but challenging to actually do.


PART 1 - Getting an Account on the Website!

Step 1: Go to the website:

Read the rest of this entry »

She's Geeky! Bay Area, January 24-26

Calling all Geeky women!

We are doing it again - a weekend of fun and connection and nerding out.

January 24-26th at Microsoft in Mountain View.

Read the rest of this entry »

Personal Cloud Gathering Sept 25th - Video's from August 22

The next SF Personal Cloud Community Gathering is September 25th in downtown.

Please head over to the Eventbrite to register and learn who is speaking.

Jospeh Boyle record and posted the presentations from the last meetup you can find them here.

Read the rest of this entry »

Personal Clouds, Digital Enlightenment, Identity North

Next week Thursday August 22nd is the Personal Cloud Meetup in San Francisco. It will be hosted at MSFT.  If you want to get connected to the community it is a great way to do so. Here is where you register. 

In September I'm heading to Europe for the Digital Enlightenment Forum September 18-20th. I'm excited about the program and encourage those of you in Europe who might be reading this to consider attending. We are doing a 1/2 day of Open Space (what we do at IIW) where the agenda is created live at the event.

Read the rest of this entry »

Core Concepts in Identity

One of the reasons that digital identity can be such a challenging topic to address is that we all swim in the sea of identity every day.  We don't think about what is really going in the transactions....and many different aspects of a transaction can all seem do be one thing.  The early Identity Gang conversations focused a lot on figuring out what some core words meant and developed first shared understanding and then shared language to talk about these concepts in the community.

I'm writing this post now for a few reasons.

There is finally a conversation about taxonomy with the IDESG - (Yes! after over a year of being in existence it is finally happening (I recommended in my NSTIC NOI Response  that it be one of the first things focused on)

Secondly I have been giving a 1/2 day and 1 day seminar about identity and personal data for several years now (You can hire me!).  Recently I gave this seminar in New Zealand to top enterprise and government leaders working on identity projects 3 times in one week.  We covered:

  • The Persona and Context in Life
  • The Spectrum of Identity
  • What is Trust?
  • A Field Guide to Internet Trust
  • What is Personal Data
  • Market Models for Personal Data
  • Government Initiatives Globally in eID & Personal Data

Read the rest of this entry »


This spring I attended the Executive Education program Leadership and Public Policy in the 21st century at the Harvard Kennedy school of government with fellow Young Global Leaders (part of the World Economic Forum).  A line of future inquiry that came to me by the end of that two weeks -

How do we design, create, get functioning and evolve governance systems?

The governance of governance systems = Meta-Goverancne. 

At the Kennedy program all they could talk about was "individual leadership" (with good advice from good teams of course) at the top of  Organizations.  They all waved their hands and said "Good luck young leaders, We know its more complicated now...and the problems are bigger then just organizational size but we don't really know how what to tell you about how to interorgainzational collaborative problem solving and "good luck".

It was surreal because this inter-organizational, complex space is where I spend my work life helping design and facilitate unconferneces - it is in that complex inter organizational place.

I have this clear vision about how to bring my two main career bodies of knowledge together (digital identity + digital systems & design and facilitation of unconferneces using a range of participatory methods) along with a range of other fields/disciplines that I have tracked in the last 10 years.

Value Network Mapping an Ecosystem Tool

My response, two years ago to the NSTIC (National Strategy for Trusted Identities in Cyberspace) Program Office issued Notice of Inquiry about how to govern an Identity Ecosystem included a couple of models that could be used to help a community of companies & organizations in an ecosystem co-create a shared picture. A shared co-created picture is an important community asset to develop early on because it becomes the basis for a real conversation about critical issues that need to be addressed to have a successful governance emerge.

The Privacy Committee within NSTIC has a Proactive Privacy Sub-Committee and before I went on my trip around the world (literally) a month ago.  I was on one of the calls and described Value Network Mapping and was invited to share more about the model/method and how it might be used.

Value Network Maps are a tool that can help us because both the creation of the map and its subsequent use by the companies, organizations, people and governments that are participating strengthens the network.   This is important because we are dealing with a complex problem with a complex range of players. In the map below we are in the top left quadrant - we NEED strong networks to solve the problems we are tasked with solving.  If we don't have them we will end up with Chaos OR we will have a hierarchical solution imposed to drive things towards the complicated and simple but ...given the inherent nature of the problem we will NOT fully solve the problem and fall off the "cliff" on the edge between simplicity and into chaos.

(In this diagram based on the cynefin framework developed by David Snowden architect of children's birthday parties using complexity theory and the success of Apolo 13 )


So - what is a Value Network Map?

It models technical & business networks by figuring the roles in any given system and then understanding the value that flow between different roles.  Value flows include payment for the delivery of goods or services (these are tangible deliverables) but also intangible deliverables such as increased level of confidence because information was shared between parties (but was not contractually obligated and no payment was made).

Drawing from Verna's book/site that lays out how to do it. There are four steps to a value network map.

1. Define the scope and boundaries, context, and purpose.

2. Determine the roles and participants, and who needs to be involved in the mapping.

3. Identify the transactions and deliverables, defining both tangibles and intangibles.

4. Validate it is complete by sequencing the transactions.


I've worked on several value network mapping projects.
I worked with the Journalism that Matters to document he old and new journalism ecosystem.I have lead several community Value Network Mapping efforts.

This projects highlights how the method can be used to talk about a present/past state about how things happen "now". How do people today or 20 years ago share verified attributes with business and government entities one does business with?  If we understand the roles that exist in a paper based version/world How do those roles change in a future enable with technology and how do the value flows change and what new roles are created/needed?

A value networm map can be used to map the flow of rights and duties between different roles in an ecosystem can also be considered along with the flow of monetary and other value.

Two years ago I went with Verna Allee (the innovator of the method) to  the Cloud Identity Summit  to work on a map for my organization the Personal Data Ecosystem Consortium focused on the "present state" map to explain what currently happens when someone visits a website and clicks on an add to go buy something and then is asked to provide identity attributes.

We took this FCC submitted map that has the individual at the center and data flows to the businesses, government and organizations they do business with and is sold on to Data Brokers and then Data Users buy it to inform how they deal with the individual all without their awareness or consent.


PersonalData-VNA-NowMapWe added in a wrinkle to this flow and asked what happens when an individual has to prove something (an attribute) about themselves to make a purchase.

Our hope was to do this and then work on a future state map with a Personal Cloud provider playing  a key role  to enable new value flow's that empower the  Individual with their data and enabling similar transactions.

This is best viewed in PDF so if you click on the link to the document it will download.

Creating this map was an interactive process involving involved two dozen industry professionals that we met with in small groups.  It involved using large chart paper paper and post-it notes and lines on the map.   We came into the process with some of the roles articulated, some new roles were added as we began mapping with the community.

An example to give you a sense of what it looks like when you do it in real life is this map that shows how trust frameworks & the government's reduction of risk in the credit card system.

This was a small piece of the original map for the Personal Data Ecosystem (it did not end up getting included in the PDF version).  The roles are the orange flowers and the green arrows are tangible value flows and the blue arrows are intangible value flows.

So how could the Proactive Privacy Sub-Committee use this method?

At an IIW11 one of the practitioners of value network mapping came to share the method and we broke up into smal groups to map different little parts of an identity ecosystem. We had a template like this picking four different roles and then beginning to map.

The exercise is written about here on Verna's website.

Scott David was a community member there and really saw how it was a tool to understand what was happening in systems AND to have a conversation about the flow of rights and responsibilities flow.

The method is best done face to face in small groups.  It helps if the groups are diverse representing a range of different perspectives.  A starting point is a use-case a story that can be mapped - what are the roles in that story and then walking through the different transactions.

So how do we "do" it. Well a starting point is for those interested in helping lead it to identify themselves in the context of the pro-active privacy committee.  We should work together  to figure out how we lead the community using this process to figure out the privacy implications and see where the money flows for different proposed solutions.

We can try to do a session at the upcoming July or October plenary.

We could also organize to do some meetings at:

  • conferences in the next few months were we can identify 5-10 interested IDESG members to participate in mapping an ecosystem chunk for an hour or two.
  • in cities around the country where we identify 5-10 folks who want to spend an hour or two mapping an ecosystem chunk.

It would be great if we decide to do this that the Secretariat lead by Kay in her role as Executive Director of the IDESG can support us in organizing this (That is why we are paying htem 2.5 million buck s to help us  do the work of  organizing in a meaningful way.

I am friends with Verna Allee and can ask her for advice on this however I think the kind of help/advice we need to really use this method and do it WELL would behove us to actually use NSTIC IDESG moneys to hire Verna to engage with us in a serious way. When I wrote my NSTIC NOI I did so thinking that their would finally be monies available to pay people to do community conference building work like this.  Perhaps it is not to late to do so.



She's Geeky Seattle: April 26-27

She's Geeky is coming to Seattle in April 26-27.

She's Geeky Logo

I will be heading up to facilitate and am very excited to finally have this event coming to the North West.

She's Geeky is a kind of magical event where women geeks of all kinds, gaming geeks, linux geeks, fandom geeks, crafting geeks, beekeeping geeks, drupal geeks, raspberry pi geeks, Arduino geeks, geeks in training, come together and hang out learning from each other.

Maybe we can even get some women from my native Vancouver to come down. :)

Online Community Unconfernece "Its BACK!"

I am really excited to be working with a super awesome crew of leaders of the Online Community Manager Tribe - or OCTribe.  We have been considering reviving the event and the pieces have finally come together to do it.

May 21st at the Computer History Museum

Registration is Open!

I really love the other co-organizers who are all rockstar community managers.

The conference was originally produced by Forum One and I contracted with them to help design and facilitate. That event itself grew out of an invitational summit they hosted annually on online communities.  I actually attended one of these in 2004 as a replacement for Owen Davis who I worked for at the time at Identity Commons (1).

My firm is doing the production and facilitation for the event.

I plan to bring forward topics of digital identity forward at the event and hopefully get some of the amazing expertise on identity and reputation to participate in NSTIC.



Another Bill of Rights

I did a collection called the Bill o' Rights o Rama. 

Here is a new proposed one a Gamers Bill of Rights  based on another gamers bill of rights (this one looks beautiful)

Gamers are customers who pay publishers, developers, and retailers in exchange for software.

They have the right to expect that the software they purchase will be functional and remain accessible to them in perpetuity.

They have the right to be treated like customers and not potential criminals.

They have the right to all methods of addressing grievances accessible by other consumer.

They have the right to the game they paid for, with no strings attached beyond the game and nothing missing from the game.

Gamers' Bill of Rights
I. Gamers shall receive a full and complete game for their purchase, with no major omissions in its features or scope.

II. Gamers shall retain the ability to use any software they purchase in perpetuity unless the license specifically and explicitly determines a finite length of time for use.

III. Any efforts to prevent unauthorized distribution of software shall be noninvasive, nonpersistent, and limited to that specific software.

IV. No company may search the contents of a user's local storage without specific, limited, explicit, and game-justified purpose.

V. No company shall limit the number of instances a customer may install and use software on any compatible hardware they own.

VI. Online and multiplayer features shall be optional except in genre-specific situtations where the game's fundamental structure requires multiplayer functionality due to the necessary presence of an active opponent of similar abilities and limitations to the player.

VII. All software not requiring a subscription fee shall remain available to gamers who purchase it in perpetuity. If software has an online component and requires a server connection, a company shall provide server software to gamers at no additional cost if it ceases to support those servers.

VIII. All gamers have the right to a full refund if the software they purchased is unsatisfactory due to hardware requirements, connectivity requirements, feature set, or general quality.

IX. No paid downloadable content shall be required to experience a game's story to completion of the narrative presented by the game itself.

X. No paid downloadable content shall affect multiplayer balance unless equivalent options are available to gamers who purchased only the game.

Interesting events in 2013

This is a calendar of events that I know in 2013 (and beyond). I think their interesting, I'm currently planning attending all the events in , I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach.
Cloud Computing Workshop and Big Data Forum, Gaithersburg, Maryland, January 15 - 17, 2013
Strata Online, DataWarefare, January 22
State of the Net Conference, Washington DC, January 22 - 23, 2013

Online Community Manager Meetup link  San Francisco, January 23th 

The core of this community are some amazing people who I really love and share the professional practice of doing community management online. Randy Farmer, Gail, Susan Tenby [personal hero for testifying before congress pro-social good use of second life and pro-nym and then having that picked up by the Daily Show, ] Bill Johnston, ,

Cloud Security Alliance, Bay Area, January 24th

* Streams, Gardens, and Clouds: Visualizing Dynamic Data for Engagement, Education and the Environment: A CITRIS Data and Democracy Event to Celebrate Data Innovation Day link, Berkeley, January 24th

She's Geeky!!!! link Bay Area - Mountain View, January 25-27

I am super excited about this year - we have the amazing Kas Nettler executive producing and

* CFP Mini Conference in DC, January 28th
Green Data Center Conference, San Diego, January 29-31
* Research Exchange talk by Tim O'Reilly at CITRUS, January 30th

Personal Cloud Evening in San Francisco, last week in San Francisco

Working with Johannes
Computers, Privacy and Data Protection, Brussels, January 23-25


Community Leadership Summit linkSan Jose, 

Van Riper

NSTIC IDESG Face to Face, Phoenix, Feb 5-7

First of all you can register here - this will be the 3rd
Lift Conference, Geneva, Feb 6-8

European Identity Workshop, LINK, Vienna, Feb 12-13

Personal Digital Archiving, Maryland, Feb 21-22nd
Wisdom 2.0, February 21-24th
Future of  Banking Summit, Paris,  Feb 26th
Strata Conference, Santa Clara, Feb 26 - 28th,

RSA Conference, San Francisco, Feb 25 - 29th

* Network & Distributed System Security Symposium,  San Diego, Feb 25-27,
Hosted by the Internet Society
 *  Public Interest Environmental Law Conference PIELC, Eugene, Feb 28 - March


* Economist Technology Frontiers: Humans and Machines, London, March 5 - 6th
Computers Freedom and Privacy, Washington DC, March 5 - 6th
IAPP, Washington DC, March 6 - 8th
SXSW Interactive, Austin, March
GigaOm Structure, NYC, March 21-22
* UnLike us #3, link, Amsterdam, March 22-23
  1. Theory and Critique of ‘Social’
  2. Are you Distributed? The Federated Web Show
  3. Political Economy of Social Networks: Art & Practice
  4. Mobile Use of Social Media
  5. Facebook Riot: Join or Decline
Ideas Economy: Innovation 2013, Berkeley, March 28th
Redefining the Speed of Business


Harvard Leadership Program with YGLs, link, Cambridge, April 2-12th

Cloud Connect,  Silicon Valley, April 2 -4
White Privilidge Conference, April 10-13, Seattle
Nonprofit Technology Conference, Minneapolis, April 11 - 13th
HOPES, Eugene, April 4 - 6th
TEDx Berkeley, April 20th
Future of Money and Technology, link, San Francisco, April ? 

UnMoney Convergence, link, San Francisco, April ?

* Social Venture Network Spring Conference, San Diego,  April 25-28th


Internet Identity Workshop #16, Mountain View, May 7-9

European Identity Conference, Munich, May 14-17
The product
WWW 2013, Rio de Janeiro, May 13 - 17


YGL Summit Mayanmar, and WEF East Asia link June 2 - 7 

* TERENA, TNC2013, Maastrich, Netherlands, June 3 - 6
Ideas Economy: Information 2013,  San Francisco, June 4 - 5, 2013
Democratization of Big Data
Personal Democracy Forum, NYC,  June  6 - 7
Cloud Expo, NYC, June 10-13
As advanced data storage, access and analytics technologies aimed at handling high-volume and/or fast moving data all move center stage, aided by the cloud computing boom, Big Data Expo is the single most effective event for you to learn how to use you own enterprise data – processed in the cloud – most effectively to drive value for your business.A recent Gartner report predicts that the volume of enterprise data overall will increase by a phenomenal 650% over the next five years.
Smart Cities, London, June 11-12
Indie Web Camp, Portland, June 22 - 23,
Open Source Bridge, Portland , June 24-26,
Aspen Ideas Festival, Aspen, June 26 - July 2


ePIC European ePortfolio, London,July 8-10
Cloud Identity Summit, link, Napa, July 8 - 12
Hollyhock Invitational, link Cortez, July 
Open Source Convention, Portland ,July 22 - 26
BlogHer, Chicago, July 25-27


Blackhat, Las Vegas, July 27 - August 1
DefCon, Las Vegas, August 1 - 4
Burning Man, Nevada, August 26 - Sept 2
Art Theme:  Cargo Cult


dConstruct, UK, Sept 5 - 7
Indie Web Camp, UK, Sept 8th
Digital Enlightenment Forum  link, ___, September
Biometrics Consortium Conference, Tampa, September 17-19th
* Web of Change, link, Texas Hill Country, Sept 18-22,
 * DataWeek, link, September 28 - Oct 3


* Money 2020, Las Vegas, October 6-9
* Bioneers
* New Yorker Festival
Interent Identity Workshop #17, link, Mountain View, October


 * 88th IETF Meeting, Vancouver BC, Nov 3-8
* Identity Next, The Hague, November 19-20


Chaos Computer Congress, link, Germany, ~ Dec 27-29
* 89th IETF Meeting, London, March 2-7, 2014,
* WWW 2014, Seoul, April 7-11, 2014
* TERENA, TNC2014 Dublin, Ireland May 19-22, 2014
* 90th IETF Meeting, Toronto, July 20-25th 2014
* 91 IETF Meeting, Hawaii, Nov 2014
* 92nd IETF Meeting, Dallas, March 22-27th, 2015
* 93rd IETF Meeting, Prague, July 19-24, 2015
* 94th IETF Meeting, Japan, Nov 1-6, 2015

Mass-Educational Databases = Wrong Architecture

[This is cross posted on the PDEC blog -]


permrecord--tablet (Photo credit: teach42)


Every day it seems there is a new story about new "big data" systems are going to make things better - but then... they just made things creepier.


The latest news like this came from inBloom Inc. via SXSW-Edu (on Reuters). inBloom is a newly formed nonprofit to host a massive database of student records created with $100 million in funding from the Bill and Melinda Gates Foundation.  The goal seems good: track the progress of students through school and use the data to improve their outcomes.


The records can be comprehensive and inBloom doesn't need students' parents to consent to have their records in the database.


Federal officials say the database project complies with privacy laws. Schools do not need parental consent to share student records with any "school official" who has a "legitimate educational interest," according to the Department of Education. The department defines "school official" to include private companies hired by the school, so long as they use the data only for the purposes spelled out in their contracts.


The whole idea that you must have one massive educational database of all student records is an architecture of the past.


The core idea is right: more data about a student's learning experience in school is good for them and could be good for the overall school system. The challenge is how it is engineered. Are students and their parents put at the center of their own data lives? Or are they in another giant system they have little control over or say in?


We need to empower students with their own personal clouds. They must be able to download their own student learning records. They must be able to share them with companies and services that will work on their behalf. With personal clouds and infomediaries to help, students will find educational resources/and tools that can help them fill gaps in their learning and discover communities of interest. This infomediary market approach puts personal data to use without revealing any more data than needed and only on the student's terms.


Infomediary Market Model for Personal Data



In this market model the individual collects data in their personal cloud. This could be a machine in their home or a service provider they trust (they must have the right & ability to move service providers with all their data if this is truly a personal cloud service). The individual trusts an infomediary service to look into their personal cloud but does so with a fiduciary duty to the end-user. The infomediary then works on their behalf in the market place to find relevant vendors and services.  It does not reveil specific personally identifying information to prospective service providers. It helps the individual have good choices and they decide who to transact with (thus reveling personal information).


The inBloom project sounds like an marketing project: companies will comb through the data base, find students to approach, and sell them with "education" products. The student data is up for grabs.


We need a better set of policies, technologies, and products that put parents and their kids at the center of and in control of their data. This single point of failure won't do.



Enhanced by Zemanta

WEF Report #3: Unlocking the Value of Personal Data!

[This is cross posted on the PDEC blog -]

The World Economic Forum released its third major report about Rethinking Personal Data: Unlocking the Value of Personal Data: From Collection to Usage. PDEC has worked with the WEF's Rethinking Personal Data project since before its first gathering in the Summer of 2010. It is really gratifying to see this third report come out and continue to move the issue forward.

The Rethinking Personal Data work is now within a larger umbrella WEF's calling "Hyperconnectivity," lead by Bill Hoffman, the original steward of the Rethinking Personal Data project.

Unlocking's executive summary highlighted what PDEC member startups have been building:

New ways to engage the individual, help them understand and provide them with the tools to make real choices based on clear value exchange.

and the path forward of

Needing to demonstrate how a usage, contextual model can work in specific real world application.

The report says we must solve simplicity and elegance of design for usability so people can see the data generated by and about them.
The last part of the executive summary calls for "stakeholders to more effectively understand the dynamics of how the personal data ecosystem operates. A better coordinated way to share learning, shorten feedback loops and improve evidence-based policy-making must be established."
The Rethinking Personal Data project convened six face-to-face events leading to the report. I participated in four of them in 2012 on behalf of PDEC: March in San Jose, June in London, September in Tianjin, and October in Brussels.

One of the meetings' themes was the challenge to rise to the Fair Information Practice Principles. The US FTC's FIPPs were written in the 1970's when citizens raised concerns to Congress about how they were ending up on catalogue mailing lists. This offline model is not an ideal basis for how to address the economic opportunities of personal data and the challenges it presents today.

The second chapter covers the context of data use, where everything surrounding data use affects people's privacy expectations and the choices of institutions using their data. It's great seeing this level of nuance brought to a general business audience.

This report is notable for highlighting the role of the personal data store in initatives put forward by the UK, French and US governments that mandate Data Handbacks, that data created by an individual when transacting with a government or business should be given back to the individual.


A few paragraphs stand out for me in looking ahead and the opportunity for PDEC companies.

Potentially, markets can encourage a “race to the top” in which user control and understanding of how data is used and leveraged become competitive differentiators. Various trust marks and independent scoring systems will help stimulate this kind of response.

Given the complexity of choices, there is also potential for the development of “agency type” services to be offered to help individuals. In such a scenario, parties would assist others (often for a commission or other fee) in a variety of complex settings. Financial advisers, real estate agents, bankers, insurance brokers and other similar “agency” roles are familiar examples of situations when one party exercises choice and control for another party via intermediary arrangements. Just as individuals have banks and financial advisers to leverage their financial assets and take care of their interests for them, the same type of “on behalf of” services are already starting to be offered with respect to data.

The last section of the report outlines thirteen different use-cases for personal data by a range of stakeholders, including two PDEC startup circle companies - Personal and


Enhanced by Zemanta

Super Trip Review from NSTIC to RSA

I've been on two super trips recently.  One went from before American Thanksgiving to early December. This last one was much of February beginning with NSTIC and ending with RSA. I wrote this in pen and paper last week and typed it up today.

One way I manage to get around is to piece together what could only be considered "super trips" - 18 days.

I actually started off at home on Feb 2nd helping Van Riper run the Community Leadership Summit West. Its an unconfernece for mostly technical  community leaders but also managers but was inclusive of other community based community leaders. I will have a blog post about it up on my site.

February 4th I headed to NSTIC's 3rd plenary in Phoenix. I presented the results of the Holistic Picture Visualization Sub-Committee printing out the images we found online.  Bob Blakley and Brett McDowell did a good job shaping the agenda and inviting plenary participants to connect with the big vision of NSTIC of 10 years out.

  • All implementation actions are complete, and all required policies, processes, tools, and technologies are in place and continuing to evolve to support the Identity Ecosystem.
  • A majority of relying parties are choosing to be part of the Identity Ecosystem.
  • A majority of U.S. Internet users regularly engage in transactions verified through the Identity Ecosystem.
  • A majority of online transactions are happening within the Identity Ecosystem.
  • A sustainable market exists for Identity Ecosystem identity and attribute service providers.

While at the same time reminding on the way to getting a man on the Moon we got a Monkey into the Ionosphere - so what is our monkey in an Ionosphere - at the plenary groups were invited to articulate this:

  • Relying parties from multiple sectors are demonstrating identity and strong authentication credential interoperability
  • Is easier to use than the broken user account and password methods
  • Licensed professionals now have a common way to express credentials and ongoing certification.   No longer do licensed professionals need to scan, fax or otherwise send paper copies proving their qualifications every time another client seeks to retain their services.
  • allows citizens to securely establish a multi-purpose single identity that will significantly reduce, and eventually eliminate, the need to create and maintain multiple passwords and PINs.
  • Secure web accounts for use in circles of on line providers by 10 banks, 15 insurance companies and 25 hospitals.

February 7th I headed to Washington DC to work with my colleague at PDEC Steve Greenberg who is based there. We came up with some great new metaphors to explain for what is happening on the Personal Data Ecosystem.  You will have to come to one of our seminars if you wanna know ;)

I logged in to find a place nearby via AirBnB and had to go through KBA to do so (I had a choice I could have held up my drivers licence beside my face and turn on my camera too).  They also strongly encourage people to login with Facebook.  Your username is prominently displayed and well I didn't get that in choosing Kaliya this was the case. I have to see if I can change this. I stayed with a great couple - they had just given up cable in exchange for Netflix and Hulu. We watched the first episode ever of Star Trek.

I took a BoltBus from Baltimore to NYC with 4h to get to JFK for my direct red-eye flight to Vienna. I was met by Rainer Hober at the airport. He and Markus Sabedello invited me to help them put on an unconfernece in the spirit of IIW - the name of it became the European Workshop for Trust and Identity.  Rainer did an amazing job of pulling it all together and Terrena folks were well represented along the 40 people. There were folks from at least 12 different countries.  You can see the notes here.

I was excited to learn new things and have new insights / clarity enough not so easy these days.  I will write a post about the insights from this particular session where I whiteboard some new understandings.

A key to super trips is to not make travel to stressful. So mid-day Wednesday I travelled to London. I went to my a friend's flat and headed to the Innovation Wearhouse to touch base with Tony Fish & Prep for the first ever seminar. It went well - I covered more material then I planned for the day.

We had:

  • 2 Consultants
  • 1 guy from a Telco
  • 1 Investor
  • 1 University Student
  • 1 Business guy

Three knew Tony well, 1 had seen our diagrams circulating and looked us up.

The next day I had the day off in London and met with Jon Sharman and his daughter about the idea of an identity film festival of both short and long films.  We had the idea of creating an identity game with trump cards. I went to the Muji Store <3 Then I met up with Peter Stepman from WPSChallenger for a drink and some food while we wandered to a new part of London.

I headed to DC mid-day Sunday and stayed with a friend from the identity community. I met up with Greg who runs myUSA. They are looking at how people can use personal clouds to fill out government forms.  We talked about Identity standards and what is emerging in the industry. I encouraged him to head out to IIW.  It turns out we met about 10 years ago at an event that Susan Mernit put on.

I headed to NYC for our now postponed Seminar there. I got to meet up with Allison Fine who invited me to contribute to the Anthology Rebooting America. She is working on a new project on how us being networked is impacting collective generosity.

I took a break and saw Avenue Q off broadway. It was super fun - basically Sesame Street for adults.

I was reminded by a friend about Brene Brown's work on whole hearted living. The only difference between those who experience whole hearted is that they believe they are worthy of love and belonging. I totally recommend all 3 of her TED talks and this other one.

The East Coast part of trip ended with my meeting up with a guy who pinged me from the internet because my blog is referenced in  the wikipedia Social Login article (with a rare direct link pointing to my identity spectrum post). It turns out the company has a product in the personal data space. I headed to Seattle and spent the morning with my colleague Bill Aal.



NSTIC in six simple parts

One of the challenges with the whole NSTIC thing is that it has a bunch of different parts. I wrote up this description as part of our What could Kill NSTIC paper.

NSTIC National Program Office. The NSITIC NPO operates within the Department of Commerce’s National Institute of Standards. It is lead by Jeremy Grant. The office has several full time staff and they are responsible for the transition of NSTIC from a US government initiative to an independent, public- private organization. They’re smart, talented, and they care.

Identity Ecosystem Steering Group (IDESG). The NPO invited many people, NGOs, government bodies, and companies to participate in building an identity ecosystem in the Identity Ecosystem Steering Group. All the people and organizations who sign up to be a part of this are together called “The Plenary.” The NSTIC NPO wrote IDESG’s charter and its first bylaws.

IDESG Management Council. The IDESG management council is elected by the members of the plenary who self-selected into stakeholder categories. Each stakeholder category elects a delegate to the Management Council. The entire plenary also elects two at-large positions and two leadership positions. The management council can create sub-committees to get its work done. I’m chaired one that collected holistic ecosystem pictures, for example.

Committees within the IDESG Plenary. These committees do the actual work of making the identity ecosystem’s vision a reality. New committees can be proposed by any member. Committee membership is open to all plenary members. The work and activity of the committees is shared openly. A few of the active committees are working on standards, privacy, trust frameworks, accreditation, and nymrights.

The Secretariat. The NSTIC NPO awarded a $2.5 million dollar contract to provide support services to the Identity Ecosystem Steering Group. Trusted Federal Systems won the contract to act as the IESG’s “Secretariat.” They coordinate meetings, manage listservs, and the like.

NSTIC Pilot Projects. In early 2011, the National Program Office put forward $10 million in funding for five pilot projects that worked to solve some of NSTIC’s challenges. Grants were awarded in September 2012 and run for one year. The pilot projects were set up before the IDESG existed and the IDESG had no input into the selection of the the winning pilots. 187 different initial pilot projects applied for grants, 27 were selected to submit full proposals, and five were selected. Applications for a second round of pilots are coming in Q1 2013.

Help co-create the Data Seder

Here is how I put forward the idea to a friend...

Me: Hey, so you know about Passover?

A: Yes, there is a meal... and its a jewish holiday

Me: Yes, its a religious service over a meal to retell the story of the jews escaping from Slavery in egypt 1000's of years ago.

It is a celebration of Freedom.

We are uptdating it for the contemporary struggle to free our data.

We want to raise consciousness about current data practices through a modern version of the Seder Meal

Join us on our mailing list (and soon on the wiki)

I am also going to be seeking input from leaders of multiple faiths about what their tradition has to say about identity and data rights in the digital age. Feel free to contact me if you know a faith leader we might approach for such a statement.

There will be a physical seder in Oakland - but we are hoping the service we develop can happen all over.


What could Kill NSTIC? PDEC White Paper Released

My colleague at the Personal Data Ecosystem Consortium, Phil Wolff, hosted sessions at the last two IIW's that invited community consideration of the risks to NSTIC. He has put together a paper that outlines the results of these two sessions that were titled "Death to NSTIC" the white paper is "What Could Kill NSTIC: A Friendly Threat Assessment". He has a video about it and you can download it from our website. 

It also has a Bonus Section I wrote that:

  • Explains some of the background of NSTIC
  • Articulates the 6 main parts of NSTIC and what they do
  • Explains the relevance of NSTIC to the companies in the Personal Data Ecosystem Consortium.

NSTIC and She's Geeky

I took the opportunity of the women's technology conference I run (She's Geeky) to host sessions about NSTIC.  This diagram was drawn.  It articulates the issue of attention and participation based on those in industry and those not "in" industry.


I'm running for Mayor* again!

I'm planning on running for Mayor * again (a position on the NSTIC Steering Group Management Council) - this time for a different "municipality" (delegate representative).

Currently I am the Consumer Advocate delegate - I'm going to shift my membership and join the IDESG with my hat as Executive Director of PDEC and run for the Small Business and Entrepreneur delegated on the Management Council.

If you want to be a part of the IDESG and VOTE in this round of elections you MUST register by February 14th.  

Go to to learn more about my campaign & register to vote OR just go to their site if you are new. If you registered last election you have to submit the new/updated membership agreement including signing it and sending it in.  Send an e-mail to: update your registration.

If you want updates from me put your e-mail here 

Why the shift in my mayoral race to a new stakeholder delegate category. Simply it creates greater alignment with the main focus of my day to day work on two fronts.

  • PDEC is a trade association of entrepenuers from around the world working developing personal clouds and services.
  • I myself am a small business owner is my conference design and facilitation business

It seems like it was just yesterday that I ran for Mayor * (The Consumer (and Citizen) advocacy delegate on the management council of the Identity Ecosystem Steering Group for the National Strategy for Trusted Identities in Cyberspace) but that was in August. Another round of elections is happening this spring.

I have been to all the Management Council meetings even those that happened at 3am local time when I was in China in September. Much of the energy and attention in this first period of of NSTIC was on the governance of the steering group but now we are focusing on getting real work done.

In December I was asked by Brett McDowell chair of the Management Council to chair a sub-committee of the Management Council focused on collecting Holistic Pictures.  We have completed our work you can see it here.

I also have been helping people who were involved in the NymWars who have an interest in ensuring that NymRights issues are represented within NSTIC.

Recently within NSTIC there has been a focus on business models for businesses and overall market models. I think that PDEC companies have a lot to offer in this effort and are really making privacy protecting, end user empowering business models.




European Workshop on Trust & Identity in Feb

I'm going to Vienna in Febuary to work with Rainer and Marks on an event they are pulling together (and invited me to help with).

The European Workshop on Trust and Identity 

February 12-13 in Vienna.

Registration is here.

Internet identity, identity federation and personal data online are complex, continually evolving areas. The event is inspired by similar events such as the Internet Identity Workshop(external link) in California, Identity North in Canada, and Identity Next in the Netherlands, with a focus on European perspectives and initiatives. At EWTI participants will seek deeper understanding, and better solutions to challenges like:

  • Technology. Developing feasible and open standards.
  • Trust Frameworks. Establishing new paradigms and policy sets.
  • Usability. How can users navigate different identities and understand their data?
  • Economy. How can identity services fit into businesses requirements and opportunities for all stakeholders?
  • Interoperability. On which levels and areas is interoperability necessary or feasible? This is a cross-cutting concern for technical, legal and business views.
  • Deployment and operation. How can different options be supported and exploited in the best way, given the whole range of places and devices.
  • EU project challenges. The European Commission’s projects related to trust and identity like STORK and eID regulation are landmarks on the roadmap. How do other actors relate to and utilize those projects?

Besides discussing specific topics in the above areas, there will also be plenty of opportunities for networking among solution providers and seekers, startups, investors and technology pundits. EIW provides a place where skilled people from a wide range of functions and projects in the identity ecosystem gather and work intensively for two days. The unconference format puts into the foreground what is important for the participants. How much attention topics receive is driven by active participation. Results will be collected and published at the and as proceedings. After the brief introduction on the first day there are no formal presentations, no keynotes, no panels. What happens then? We will make the schedule when we are face to face the first day of the conference. We use a method called Open Space Technology to support unconference where the topics most important to the participants that day are discussed. How much attention topics receive is driven by active participation. This supports a self-organized and self-responsible group unleashing the great creativity and passion of the participants. Results from sessions will be collected and published at the end as proceedings.

Communicate Across Initiatives

There are numerous IDM-related efforts and projects in both private and public sector. EIW is a place for direct talks skipping hours of time-consuming powerpoint presentations. Take the opportunity to form the contents yourself!

Next Events in early 2013

I'm working on a few key focused things this year (more on that in the next post). One of them is being more proactive in posting where I am going to be.
This post has events of three types for the next 2 months.
Black BOLD: Will be attending
Red BOLD italics: Helping to Organize and will be attending/leading
* Interesting I wish I could go - not likely too.
I'm also sharing below that events I know I will be attending for the rest of the year - the interesting event post for the rest of the year.
* Cloud Computing Workshop and Big Data Forum, Gaithersburg, Maryland, January 15 - 17, 2013
* Strata Online, DataWarefare, January 22
* State of the Net Conference, Washington DC, January 22 - 23, 2013
NymRights Meeting at SudoRoom, Link, Wednesday January 23rd
Discussing the development of a Name Policy, generally AND put it forward into the NSTIC conversation

Online Community Manager Meetup link  San Francisco, January 23rd 

The core of this community are some amazing people who I really love and share the professional practice of doing community management online. Randy Farmer, Gail, Susan Tenby [personal hero for testifying before congress pro-social good use of second life and pro-nym and then having that picked up by the Daily Show, ] Bill Johnston, ,

* Cloud Security Alliance, Bay Area, January 24th

* Streams, Gardens, and Clouds: Visualizing Dynamic Data for Engagement, Education and the Environment: A CITRIS Data and Democracy Event to Celebrate Data Innovation Day link, Berkeley, January 24th

She's Geeky!!!! link Bay Area - Mountain View, January 25-27

I am super excited about this year - we have the amazing Kas Nettler executive producing. There are a bunch key topics and conversations I want to have including about

  • NSTIC - and getting involved for regular folks
  • Nym Rights,
  • Transgender Identity Issues Online,
  • Community and Conference Diversity including educating allies,
  • Considering possibility of doing healing circles in hacker/technical comunities.
* CFP Mini Conference in DC, January 28th
* Green Data Center Conference, San Diego, January 29-31
* Research Exchange talk by Tim O'Reilly at CITRUS, January 30th

Personal Cloud Evening Link in San Francisco, last week in San Francisco

Working with Johannes, Adrian, Adam along with PDEC members coming in from out of town Phil Windley and Drummond Reed.  It looks like an exciting line up.
* Computers, Privacy and Data Protection, Brussels, January 23-25


Community Leadership Summit linkSan Jose, 

Van Riper is the Community Leader - community leader.

NSTIC IDESG Face to Face, Phoenix, Feb 5-7

First of all you can register here - this will be the 3rd. I'll write more soon about NSTIC
* Lift Conference, Geneva, Feb 6-8

European Identity Workshop, LINK, Vienna, Feb 12-13

I'm working with Rainer Hober and Markus Sabedello to put this Unconfernece on. I'm really excited about it.
* Personal Digital Archiving, Maryland, Feb 21-22nd
* Wisdom 2.0, February 21-24th
* Future of  Banking Summit, Paris,  Feb 26th
* Strata Conference, Santa Clara, Feb 26 - 28th,

RSA Conference, San Francisco, Feb 25 - 29th

* Network & Distributed System Security Symposium,  San Diego, Feb 25-27,
Hosted by the Internet Society
 *  Public Interest Environmental Law Conference PIELC, Eugene, Feb 28 - March


Harvard Leadership Program with YGLs, link, Cambridge, April 2-12th

Future of Money and Technology, link, San Francisco, April ? 

UnMoney Convergence, link, San Francisco, April ?


Internet Identity Workshop #16, Mountain View, May 7-9


YGL Summit Mayanmar, and WEF East Asia link June 2 - 7 


Cloud Identity Summit, link, Napa, July 8 - 12
Hollyhock Invitational, link Cortez, July 



Digital Enlightenment Forum,  Europe, September 16-18,


Interent Identity Workshop #17, link, Mountain View, October



Looking Ahead to 2013

The month of January I'm spending at home in the Bay Area and focused on a few key things:

  • Working with Phil Wolff and Jean Russell on key systems for the Personal Data Ecosystem Consortium with an emphasis on the Startup Circle, Personal Cloud Gathering around the country, Educational Seminars and preparing to launch the Open Protocol Wire (to track all the open protocols relevant to the emerging space).
  • Doing year long planning and business development for the Unconference design, facilitation and production company with Bill Aal, Jennifer Holmes and Jean Russell.
  • Visioning how all the interests and themes I have been engaged with in my life's work are woven together in this coming year - a few more posts will follow to share current ideas/reflections.
The year will include:
  • Focusing on my personal human form sustainability and happiness.
  1. Including making space for bodily healing and regeneration
  2. moving and exercising
  3. growing my relationships with my chosen family
  4. spending quality and extended time with good friends
  5. making time for my art
  6. creating a beautiful and nurturing home environment
  7. having time to think and be away from home
  8. completing life homework (paperwork) that has been put off to long
  9. consciously connecting to my spiritual self
  10. reflecting and connecting with my ancestors and sharing more about them online
  • Growing the Personal Data Ecosystem into a Thriving Community and Organization Supporting it. 
  1. Spending more time with the Personal Data Ecosystem startups and growing the number we serve.
  2. Offering Seminars to get individuals, companies and funders up to speed.
  3. Getting great informational synthesis systems in place for news updates, white papers, events etc.
  4. Developing peer educational opportunities across the ecosystem (podcasts, webinars etc).
  5. Growing the number of Personal Cloud Meetups happening
  6. Helping coordinate joint activities and conversations including engaging with governments as they look at regulation.
  7. Working with Evan Prodromo and others on making real mutli-code base, open standards based interoperable Federated Social Web.
  8. Developing some socially responsible investing SRI and Corporate Social Responsibility guidelines for technology that go beyond "is the electricity in your data center green"
  9. Figuring out how
  • Engaging with the NSTIC process including attending the Phoenix meeting in early February (you are invited too). 
  1. Working with Aestetix on the NymRights efforts within and beside NSTIC.
  2. Completing the work of the holistic picture subcommittee I lead and seeing what is next.
  3. Working on getting citizen advocates who are diverse engaged in the  process
  4. Continuing to advocate for and provide ideas about how to actually put into practice inclusive, easy to participate in processes for NSTIC that get input from a broad range of stakeholders AND create enough space for industry folks used to enterprise identity management to actually "get" that this isn't about employee provisioning and termination.
  5. Inviting a focus within NSTIC to listening and responding to the complex system of the existing and emerging identity ecosystem rather then pursuing "plans" developed in committees of self appointed experts.
  6. Considering running again for the NSTIC Management Council seat in the elections coming up this spring.
Connecting & working with Young Global Leaders and WEF 

Facebook's Problem = FSW Opportunity

ReadWriteWeb's social Blog has an articule up referencing a conversation the author had with Mark Cuban about Facebook's business model and integrity challenges.

Apparently Facebook is now going to charge brands a huge amount to reach the base of fans they have accumulated on facebook.

I’ve heard anecdotally about a huge brand that was complaining recently because it has spent four years building a following of millions of people, promoting its Facebook presence (and, by implication, Facebook itself) on expensive television ads - and now Facebook has flipped a switch and, overnight, their reach dropped by 40%.

So now they’re done. They’ve been burned, and, like Cuban, they’re looking elsewhere.

A few weeks back I as in a tweeted to a woman complaining how Facebook was shaping which of her friend's updates she saw and even asking her to pay money to have her updates go to more of her friends. I said that when we had a federated social web she wouldn't have this problem we would choose which of our friends we would follow and get updates from.

I attended my 3rd out of three federated social web summits last week eek it feels like last week it was 2 weeks ago just after IIW 15. Evan Prodromo pulled together an amazing group of folks working on key aspects of the challenge.

Phil Wolff and I presented about the emerging Personal Cloud offerings coming out of our community of companies (the Personal Data Ecosystem Startup Circle)

Tantek shared POSSE - Publish On your Own Site Syndicate Everywhere.

Even gave an update on where OStatus the stack of protocols that gives you twitter and facebook like functionality across services.

We learned about many other projects. too (you can see them on the wiki here).

I'm glad that folks like Mark Cuban are waking up to the fact there is an issue with Facebook and they should be looking elsewere. Facebook is to social what AOL and Compuserve were to e-mail. It will be disrupted by the Open Standards based infrastructure must of it based on Open Source code. People will have their own personal node on the network - a personal cloud where they will connect to others and to organizations they want to share with, connect with and do business with.

It would be great to see some big investments in core open infrastructure that can then be leveraged to make money afterwards. This is what Doc Searls is always saying you make money because of it not with it.  We need the web to continue extending to being the type that Nobody Owns, Everyone can Use it and Anyone improve it.  Open Standards are the key to this. I argue they are more important then open source code alone (look at diaspora open source but rolled its own way of doing things...and didn't interoperate with other projects/efforts doing similar things)

If you were to ask me what would get us to the future fastest though it is open source implementations of those open standards are invaluable and what "investors" like Mark Cuban and others who are now seeing the danger of one company "owning" the social profiles and identities of a billion people should consider funding now with no strings attached.

I was asked by an investor group that I gave a day long briefing to about the the emerging Personal Data Ecosystem. I said I would give Evan Prodromo 12 million dollars no strings attached (as in you are not seeking a return on the money with more money) the deliverable for that money would be a working federated social web in 1 year. On that web one can build a huge variety of businesses and services in new ways not possible on today's web (or at least not possible without creepy stalking and trackers and paying middle men like facebook to talk to your "fans").  That web itself...shouldn't be "owned" it needs to be created though.





IDESG: Governance beyond "us" Challenge 2 for NSTIC

Second Challenge:  How are we meaningfully and regularly checking in with those outside the community of self selected stakeholders - to regular citizens who have to use the currently broken systems we have today and hopefully will be enthused and inspired to adopt the outcomes of this whole effort?

The openness of NSTIC overall was inspired by the Open Government memo (  signed first day in office. It inspired a lot of my colleagues in the dialogue and deliberation community. (Yes, I have another life/carreer doing facilitation see

They went to work figuring out how to be sure that coherent resources and tools were available to those who were now mandated to "do" open government and have more public participation would have really good resources available.  Tom Atlee the person I co-wrote the Governance section of my NOI was one of the leaders of this working with the NCDD (the National Coalition for Dialogue and Deliberation) to define 7 core principles of public engagement.

Blog post that outlines them: (

Read the rest of this entry »

IDESG Governing "us": Challenge 1 for NSTIC

I am posting to this blog the two posts I made to the NSTIC IDESG governance list on Tuesday. Here is the first one on Governing "us" (that is the word "us" not U.S.)

I only got on the [governance] list over the weekend despite raising my hand to be a part at some point in the Chicago meetings.

I am working to track all that is being discussed and I also want to breath and step back a bit. I want to share two bigger challenges and perspectives.

First Challenge how are we we connecting/structuring and governing the interested stakeholders who ARE showing up to engage.  How are we as Bob just asked creating ways, systems, processes and tools forward to create alignment and agreement?

Second Challenge  How are we meaningfully and regularly checking in with those outside the community of self selected stakeholders - to regular citizens who have to use the currently broken systems we have today and hopefully will be enthused and inspired to adopt the outcomes of this whole effort?

They are two quite different but related challenges. This e-mail will deal with challenge 1. The next one with Challenge 2.

Read the rest of this entry »

Consensus Process and IDESG (NSTIC)

In my governance NOI response I proposed several different methods be used to solicit input from a wide variety of stakeholders and bring forward from those processes clear paths for making a real strategy that take input from a wide range of stakeholders.

When the first governance drafts came out of the NPO, they articulated that the steering committee would operate via consensus BUT then it also articulated a whole set of voting rules for NOT abiding by consensus.

When I asked about their choice of using the term consensus to define a particular methodology - they came back and said well we didn't actually mean to suggest the use of a particular proces.

But consensus IS a process method I said...and they said we didn't mean to proscribe a method. So we were sort of in a loop.

Now that we are in this stage that is considering governance and systems for the community of self identified stakeholders (and people beyond this group who will be the users of the outputs).  What I don't know is if people really know what real consensus process is or if we have anyone who is experienced in leading actual consensus processes? It keeps feeling to me like we are using Roberts Rules of Order and then getting everyone to agree - thus having "consensus".  That isn't consensus process.

Tree Bressen who was the leader of the Group Pattern Language project (I participated along with many others in its development) has an amazing collection of resources about conensus process including a flow chart of consensus process and Top 10 mistakes to avoid them.

Are we using consensus process?

One of the big issues of our democracy today (in the liberal west broadly) is that we have this tendency to believe that "voting" is the thing that makes it democratic. Voting is a particular method and one that by its nature sets up an adversarial dynamic. There are other methods and ways of achieving democracy and we can go well beyond the results of our current systems by using them. Tom has done a lot of research into them over the years at the Co-Intelligence Institute and has published two books The Tao of Democracy and Empowering Public Wisdom. 

I am glad methods outside what has been the normative frame of "Roberts Rules of Order" as Democracy are being considered...however we need to be clear on what processe we are using.




NSTIC Governance....Privacy Interests

This past weekend I finally got onto a bunch of mailing lists for NSTIC including the governance one. (you can too)

It is a generally accepted best practice that governance systems should be developed by the communities that need to live by them. With NSTIC the stakeholders were handed a charter and bylaws created (primarily driven by the vision of one guy) in the NSTIC National Program Office.  They kept saying "there is consens" around the charter and bylaws...but there wasn't they were sort of thrust upon us and not developed by us.  We chose to accept them for now and are now in the process of re-visiting the bylaws handed to us and we agreed to for a short period to get things going.

The draft by-laws include a privacy standing committee that has veto power over the outcomes of Identity Ecosystem Steering Group.

One theory about why this is, I have heard more then once from industry folks involved with NSTIC, is that the privacy constituency "got" this committee and its veto power as a deal to participate in NSTIC.  We don't know ... cause the process of how this idea of having this committee have a veto was not transparent or open.

If we are committed to actually having a consensus based process then no one group committee needs a veto.

I said on the chat during the call that there was a misttrust issue.  I don't trust giving the privacy advocates a veto in part because they don't currently show up and engage with industry in the development of the tools and technologies.  I have regularly invited privacy advocates to participate in the Internet Identity Workshop and I regularly have those invitations declined. I will call out the specific groups the ACLU of Northern California and the EFF.  (Having received a cool shoulder from them I haven't pursued inviting other groups however the woman from the World Privacy Forum who spoke today on the governance call would be great to have at IIW) Both claim "nonprofit" poverty and say lack of budget to attend such events. (IIW has an early bird ticket price of $150 and includes three meals a day for three its not expensive). Both have multi-million dollar budgets and choose not to invest, as part of how then spend their resources, on showing up in forums like IIW with industry "making the sausage" of open standards for how identity will work for people on the internet.

Organizations like this tend to spend their money on lawsuits against companies who have violated privacy. I don't disagree that EPIC and other groups should be holding Google and Facebook accountable for changing their settings in ways that violated user expectations and therefore one version of waht privacy is. However if that is all they do...(sue and file complaints with government agencies) then it is like investing in prisons instead of schools.  If you invest in schools you won't need prison's later to hold the citizens who become criminals because they didn't get a good education.

If they chose to invest in the fora where technical standards are made and work with industry to ensure that the interoperable systems they design are in alignment with core functional requirements that give people control of the flow of information about them in digital systems (what we might call privacy). Then they wouldn't have to file so many law suits down the road cause they would work well.

There is also the issue that "Privacy" isn't ONE THING.

See: Solove - Taxonomy of Privacy 

Until it is clearer what the groups who are pro-privacy mean and how they see it being instantiated in the standards that becoms the code that will be the basis for the ecosystem.  It feels really hard to engage or trust them with a veto.

My fear is that a structure for IDESG that includes a privacy committee with a veto will continue to foster the current pattern of of industry interaction. The privacy interested groups will stay away from really engaging with technology developments as they are done BECAUSE they have a veto over them .. at the end of the process. They will stand on the sidelines and then swoop in and kinda "gotcha" those in industry who have been working together.





Kaliya for Mayor!...nope NSTIC

Update August 18th: 

Thank you to all the people and organizations who vote for me in the NSTIC election - I WON! .  I ran with my association to Planetwork and I am the Consumer and Citizen Advocate delegate for the next 6 months on the Management Council of the Steering Committee of the National Strategy for Trusted Identities in Cyberspace. You can learn more about my candidacy and the election on this post.  You can track the group/community progress at

I will be working hard with the AARP to grow the number of citizen and consumer advocate groups who are participating in the NSTIC process.

Original Post:

I'm Running for Mayor NSTIC!
Learn how to vote for me and get involved at Kaliya for Mayor .org

Here is the video!

Read the rest of this entry »

It's NSTIC election time!

So it's NSTIC election time!

I'm running for the Consumer (And Citizen) Advocacy delegate position on the Management Council of the Steering Committee for the National Strategy for Trusted Identities in Cyberspace!  Learn how to vote for me and get involved at and see my campaign video.


I, like many in the identity community, have been paying attention to and tracking this since the first draft of the proposal two summers ago.

They wrote a draft we gave input. They announced they would be launching a strategy in Silicon Valley then they launched the Strategy.

They wrote a Strategy and then hosted a Governance  and Privacy technical "workshop".   Both were poorly designed and kinda ineffective but non-the-less well intentioned. 

They asked us how it should be governed with a "Notice of Inquiry" about that last summer (I submitted my ideas    others did too).

The technical meeting about NSTIC was woven in with IIW #13 last fall.

They had a briefing about the Grants for pilot projects (I attended via webinar).

They ( the NSTIC National Program Office) put forward a charter and by-laws. They have an Identity Ecosystem Steering Group webinar.

Real Names vs Nyms at Quora & Unconferences

I am again in a #nymwar [wikipedia & Botgirl's] situation that I actually care about. I have been denied full participation in Quora for a long long time now because my last name was listed as IdentityWoman (ironically my answer to why having control over your identity and personal data online matters did go through but then was put into suspension when they insisted on changing my name to a WASPonym).

Now there is a thread all about an unconfernece for women of Quora and they have mentioned both my business and She's Geeky that I founded in the threads. I for this one important conversation bow to the "feudal lord"  of Quora as their humble "content producing servent" share my so-called real name...and help them have a good unconference and raise the issues of real name requirements within the context of real human beings who engage with the site all the time and hopefully staff as well.  Until we have the freedom to choose our names for public interactions on the web - to define our own identities based on our context and how we wish to appear where - we do not live in a free society.


Before they "banned" me for having the wrong color skin name. I got to write an eloquent to this question (posted below since it isn't on their site).

Why does owning one's own online identity and personal data matter?

and was voted to the top (with 5 votes) by others...but now that answer isn't there cause I didn't use my real name.

So now you can't see it...this is akin to not letting me sit somewhere in a public space because the color of my skin is the wrong one OR I happen to sit in a wheel chair to get around and there isn't room in our restaurant and they are in violation of American's with Disabilities Act.

The women of Quora are talking about organizing an unconfernece and found two of my organizations/sites and are enthusiastic about them. I am totally unable to talk to them about their ideas or my sites unless I pass their "real names" know like a pole tax ... that Bob and I talked about in our Cloud Identity Summit closing Keynote about Identification and Social Justice (slides and videos will be online soon).

My answer to:

Why does owning one's own online identity and personal data matter?

We own our own bodies - we have freedom and autonomy to move around the physical world.  We have rights and freedoms; If our physical lives are terminated there are consequences.

In the digital world many people are not the primary "owner" of their own identity (in digital space the equivalent of a physical body is a persistent identifier like an e-mail address or a URL or phone number).  Most people's identity on the web is "under" terms and conditions of a private company and they can terminate people's accounts, their identities, without recourse.

Many companies with which people have their identities "under" choose to in exchange for providing identity provisioning services and things like e-mail. They also track and aggregate user's activities on their services and across the web via cookies and other beacons.  This profile of activity has real value and is being used by the companies to profile them and then sell abstract versions of the profile information on ad exchanges.

Some have said we live in an age of digital feudalism, where we are serfs on the lords' manors (the large web portals).

Having the freedom and autonomy to choose who we are online and how we express ourselves is important to ensuring a free society  with rights and liberty.

Adding some more: About one's social graph... The links in your social graph in the current architecture of the web exist within particular contexts - you have friends in Facebook or Followers on Twitter or Professional Contacts on LinkedIN. Those links, those connections in a "social graph" are ulitmately owned by the company within which you made those links. If you choose to leave any one of those networks - all your links to those people are terminated.

This is an architecture of control. You are locked into those systems if you don't want to loose the links to others in them. To own your own identity would be to have an identity that would give you the freedom to not loose the links to your contacts, they would be peer to peer autonomous of any particular service.

The next time there is a major social revolution like in Egypt governments are not going to try and turn of the internet or mobile phone system it is likely they will simply call facebook ans ask them to terminate the accounts of dissidents.



Summer -> Fall Talks/Plans

Today is my first talk for the summer. I am speaking at the Berkeley Cybersalon with a great cast of characters. Lost and Found on the Social Web.

I head to Europe on Wednesday; you can see the outline for that trip here: European Travel and Podcasts this Summer

I return on the 27th and speak the next day at the  SDForum Women's SIG on the topic of Women, Identity and Data - exploring what women want in these realms. It will be interactive.

I will be travelling to Portland for the Community Leadership Summit on July 14 and 15th along with my partner Bill Aal.

I head to Denver/Vail for the Cloud Identity Summit July 16-19th and will be giving the closing Keynote with Bob Blakley on Identity and Social Justice.

The WEF Young Global Leader Silicon Valley Summit 2.0: Shaping the future of entrepreneurship and innovation is July 25-27th. You can see the outline of the program here - it focuses on Google, Facebook and Zynga. I'm hoping we can also connect with some open source and open standards efforts.

August is currently open and will likely involve a trip to/through the NorthWest (Portland, Seattle, Vancouver, Salt Spring, Hollyhock)

September is "Summer Davos" in China where there may be some programmatic activity covering the Personal Data Ecosystem.

October is the National Coalition for Dialogue and Deliberation national conference in Seattle. I plan to put in a proposal/workshop covering online identity and the nuances/issues surrounding it.  For those of you who have been tracking my work, this community is the world's leading forum (+Canadian Equivalent C2D2) for truly innovative, deliberative public methods that provide the opportunity for collective wisdom to come forward.  It is these types of methods that we need to solve the "NSTIC governance" challenges relative to a complex system.  I worked with one of their leading members, Tom Atlee, founder of the Co-Intelligence Institute, on the chapter in my NSTIC response about governance.


We are working with the W3C on having the Federated Social Web Summit be the day before October 22nd somewhere near IIW.

Identity.Next in The Hague is Nov 21-22; hopefully it will have an unconference within it.

I have been invited to speak in Brussels on November 29th.


European Travel and Podcasts this Summer

I'm heading to Europe on Wednesday.  The travel plans and events are below. One of the main reasons I am going is to connect with the people and communities in Europe working on identity and personal data.  I want to come back with about 10 podcasts recorded with key people from the community that I meet along the way - these will be edited on my return and posted on the web publicly.

I will also be inviting/encouraging participation with PDEC in the two main ways we have so far to engage.

* If you are a startup or a proejct focused on how people are in charge of their personal data you can apply to be part of the Startup Circle.

* If you are in an enterprise or just interested you can subscribe to the Journal.

Please don't be afraid to reach out and connect with me if you are in Europe or know some folks in Europe I should be sure to connect with on this trip.  txt:510472-9069  Skype: Identitywoman


  • June 7th I arrive in London and have meetings/social things
  • June 11th is an Identity, Personal Data & Personal Clouds Unconference I am facilitating and Tony Fish is organizing - You're INVITED!
  • June 12th is the OIX Event
  • June 12-13th is New Digital Economics
  • June 14th is WEF Tiger Team Day
  • June 15-17 Netherlands
  • June 18-19 is the Digital Enlightenment Forum
  • June 20th I plan to travel to Paris
  • I might travel to Geneva..
  • June 25-27th in Berlin
  • June 27th I fly out of Berlin to SF.

Info Sharing Agreements! Support it! Make it Real!

Joe Andrieu and the Information Sharing Working Group has put a lot of work and effort into creating a Standard set of Information Sharing Agreements represented by a standard label. They want to invest in user -research to make it really work.

I am putting in $100 and I encourage all of you to do the same. They need to raise $12000 in the next 8 days.

See the Kickstarter Campaign here.

UnMoney Convergence Topics

Tomorrow is the UnMoney Convergence - an un-conference about all sorts of topics related to money, currency, land, value, reputation, identity.

Here are the topics that people are hoping to discuss:

  • Collaborative Consumption and Sharing
  • new currencies
  • How we can work together to make the movement for community currencies stronger and more synergistic.
  • BACE Timebank- open source currency
  • What are the best ways we can move from the current debt based, imperial economic system towards a life serving, peaceful, gift economy?
  • where are the most inspiring, promising, transition currencies being conceptualized, implemented, how can we work together to help them go viral and allow people to move their money from the old system towards creating a better alternative structure.
  • Fostering robust public debate on creating "public money" so that legitimate governments can fund activities which serve people and planet rather than threaten them.
  • Deep Wealth and new currencies as an emerging language of value. A Living Systems Model of Wealth
  • The role of co-operatives in startup investment.
  • how to enable trust agility?
  • governance, mobile payments oauth/opentransact
  • Designing Intentional Community Economic Systems
  • "Co-Creating Community Economics as a Path of the Heart"
  • Working together, can we do more than just taking care than our respective unmoney "babies/pets".
  • Going from niches to relevance.
  • Emotions in money experiments: dealing with fears
  • Crowdfinancing! technical development values based investing
  • How are other people designing an ecosystem of currencies to create engines of social action?
  • designing currencies as/like games
  • social ecosystem design and the use of currencies
  • work-share
  • micro credit;
  • time dollars
  • How to manage debt in a web based on distribution of small composable documents.
  • Ripple, Metacurrency, actual usage
  • What does unmoney tell us about changing relationships between incentives and motivation? How unmoney works as incentive and /or motivation
  • What does unmoney tell us about changing relationships between incentives and motivation?
  • How unmoney works as incentive and /or motivation
  • How do we teach about these alternative forms of currency and economics to potential early adopters?
  • Which of these different approaches are approaching reality?
  • What are the most pragmatic and useful? Who is making progress on deployment?
  • Teaching about money in a Sustainable MBA curriculum.
  • What kinds of alternative currencies are being used and thriving in local communities?
  • What are all the alternative types of currency - i.e. time banking, etc. Perspective of a young person coming of age and recognizing there are different ways to engage with money, currency and economics.
  • What is a sensible balance between social customs and accounting systems in the economics of the near future?
  • Currency backing methods
  • Mutual credit systems, small-scale democracy
  • What is the best example of alternative currency active today?
  • What is the best model that needs to be tested?
  • Where are the communities of trust willing to test a promising model?
  • Friendly Barter - A model of a cashless online payment developed with Tom Greco this last Winter.
  • How to share deeper value and wealth together and build an economy based on this sort of wealth.
  • How to share deeper value and wealth together and build an economy based on this sort of wealth.
  • Particularly interested in alternative and parallel currencies The potential for mobile phones to disrupt in the alternative currency space