Identity Woman

Internet Identity Workshop Fall - 3 events

Thursday 5 Aug 2010 by Kaliya Hamlin | No Comments
Filed under: IIW, Identity Commons, Identity Gang, Industry Developments Tags: IIW-East, IIW-Europe, Internet Identity Workshop

The Tenth Internet Identity Workshop in May, 2010 was the largest ever. We have had inquiries from community members on the East Coast of the US and in Europe have been lobbying us to bring the event to their locations. We are happy to confirm that we are going host IIW's in Washington, DC and London.

WE NEED YOUR HELP! Please take some action if you like IIW and are reading this. IIW is been about the community that attends and participates year round in the activities of groups that use the event to get real work done and move the industry and vision of user-centric identity that works for people forward.

So with these events upcoming Phil, Doc and I need your help in spreading the word to your collegues on the East Coast and in Europe who would enjoy the event.

To help you do this we have several tools and options.
Blog badges for specific events. (These are two of them their are more on the wiki)

For IIW-East September 9-10 in Washington DC

A Venue! the Josephine Butler Parks Center (a 10min walk from the Columbia Heights Metro)
an Invitation up online
Registration is up here and Early Bird ends August 6th.
an invitation designed to be send via e-mail
RSVP on Social Networks - LinkedIN, Upcoming, Facebook

For IIW-Europe, October 11 in London we have

A still being developed invitation up on the IIW site
Registration is live Early bird ticket sales end August 31
RSVP on Social Networks: LinkedIN, Upcoming, Facebook
Twitter List (it will be a bit small until we have more registrations)

For IIW #11 in Mountain View, November 9-11

We have a simple invitation up online
Registration is live Super Early bird ticket sales end August 31

If you value IIW and the conversations that happen there please take some initiative and reach out to colleagues to spread the word about these events. Because of the community focus of the events we rely strongly on community word of mouth to let people know about them.

It would be great to have community ideas put forward for the main IIW invitation articulating the current foci of conversations.

Privacy Identity and Innovation - pii & Women

Sunday 1 Aug 2010 by Kaliya Hamlin | No Comments
Filed under: Event Annoucements, Innovation, Privacy Tags: conference, Denise Tayloe, Eve Mahler, Identity, Innovation, Privacy, privo

The Privacy Identity and Innovation is coming up August 17-19th in Seattle, Washington.

This conference is the brain child of Natalie Fonseca who has run the Tech Policy Summit for several years.

I am speaking at the event on a panel about personal data stores (a new project I will write more about here soon). I am really proud to be amongst many other women industry leaders speaking. I know Natalie took proactive approach to recruiting women to speak and voila - their are women speakers at this technology conference.

Denise Tayloe, CEO of Privo
Marie Alexander, CEO of Quova
Linda Criddle, CEO of Reputation Share
Fran Maier, President of TRUSTe
Anne Toth, Chief Privacy Officer for Yahoo
Michelle Dennedy, VP at Oracle
Judith Spencer of GSA
Christine Lemke, CTO of Sense Networks
Betsy Masiello of Google
Heather West of Center for Democracy and Technology
Eve Maler of PayPal
Susan Lyon of Perkins Coie
Deborah Estrin of UCLA

It should be a great event - the guys on the program are equally cool.

Navigating the New Normal: John Seely Brown at Catalyst

Wednesday 28 Jul 2010 by Kaliya | No Comments
Filed under: Event Review, Future, Identity Gang, visionary Tags: Bob Blakley, Burton Group, Catalyst, Cloud, Data, Gartner, Identity, John Seely Brown

I am here this week at Burton Group Catalyst. The conference kicked off with a what was by all accounts good talk from John Seely Brown talking about "the New Normal".
NishantK: John Seely Brown: many of the things that made us successful in the 20th century will make us unsuccessful in the 21st century
jmatthewg1234: John Seely Brown - Thriving in a world of constant flux
bobblakley: John Seely Brown explains the shift from stores of info to flows of info at http://yfrog.com/5u8r3oj
bobblakley: "The cloud is much more disruptive than any of us have ever thought." John Seely Brown
bobblakley: "SalesForce disrupted Siebel; now being disrupted itself by SmallBusinessWeb. Things are moving that fast." John Seely Brown
NishantK: John Seely Brown: Good network is loosely coupled, trusted, not captive & filled w highly specialized nodes < basis of #cloud promise
bobblakley: "Moving to cloud requires factoring policy out of apps & making it a 1st class object." John Seely Brown
bobblakley "Policies must have version numbers." JohnSeely Brown
bobblakley: "Control-oriented flows won't work in federated clouds." John Seely Brown
jonathansander: Outside-in architectures start with the notion of an ecosystem. John Seely Brown
NishantK: John Seely Brown: Need to move from Inside-out to Outside-in architectures - less control, more trust, less predictable, more agile
bobblakley: Schemas are a hindrance in a world of unpredictability - John Seely Brown
bobblakley: "Data has tremendous inertia; don't bring data to the computer - bring the computer to the data!" JohnSeely Brown
bobblakley: "Web 3.0 will use social media for context sensitive exception handling." John Seely Brown
jonathansander: Policies are 1st class objects in enterprise 3.0, but so are exceptions. John Seely Brown
bobblakley: "Two things you don't want to lose control of are policy and data" John Seely Brown
bobblakley: "The edge pulls the core to it by exploiting cloud services and social media." John Seely Brown
drummondreed: John Seely Brown at Catalyst: the biggest innovation of the past 100 yrs is not the microprocessor but the Limited Liability Corp
This morning the conference kicked off for real with 5 tracks of amazing content. Those of you who know me, know I really am not a big fan of "regular talking heads conferences." I often tell folks this is the only talking heads conference I recommend attending. The quality of content and thought put into the analyst presentations and the industry people on stage is of a very quality.

When to share your real name? Blizzard and their Real ID plans.

Thursday 8 Jul 2010 by Kaliya Hamlin | 1 Comment
Filed under: Identitification, Identity Rights, Innovation, Privacy, Social Network, Tool Usage, Uncategorized, What is Identity?, reputation Tags: Anonymity, Blizzard, Context, creepy, gender, greifing, Real ID, target populations, Women, WoW

I was recently CCed in a tweet referencing this article "Why Real ID is a Really Bad Idea"about World of Warcraft implementing their version of a "Real ID" in a way that violated the trust of its users.

The woman writing the article is very clear on the identity "creep" that happened and got to the point of requiring users to use the Real ID account within the system to post on forums and EVEYWHERE they interacted on company websites.

She articulates clearly why this creates an unhealthy climate and a chilled atmosphere for many users.

Read the rest of this entry »

Internet Identity Workshop in DC

Wednesday 7 Jul 2010 by Kaliya Hamlin | No Comments
Filed under: Uncategorized

The Internet Identity Workshop is coming to the east coast for the first time - September 9-10, 2010 in Washington DC.

The theme for the event is Open Identity for Open Government. You can learn more about the event on the IIW website and register over on this site.

Internet Identity Workshop comes to DC!

Theme: Open Identity for Open Government.

Register Here!

Internet Identity Workshop East (IIW-East) is September 9-10, 2010 in Washington DC at the Josaphine Buttler Parks Center. This event immediately follows the Gov 2.0 Summit.

The Internet Identity Workshop has been held semi-annually in California since the Fall of 2005. The 10th IIW was held this past May and had the largest attendance thus far. There have been many requests to have an IIW on the East coast, and now the Open Identity for Open Government Initiative is providing a timely incentive to have one in Washington.

IIWs focus is on “user-centric identity”, addressing the technical and adoption challenge of how people can manage their own identity across the range of websites, services, companies, government agencies and organizations with which they interact. IIW-East will focus mainly on the government adoption of open identity technologies for use by government websites.

Unlike other identity conferences, IIW’s focus on the use of identity management approaches based on open standards that are privacy protecting. IIW is a unique blend of technology and policy discussions where everyone from a diverse range of projects doing the real-work of making this vision happen are able to gather to work intensively for two days. It is the best place to meet and participate with all the key people and projects such as:

OpenID
IMI Information Cards
GSA approved schemas for open identity protocols
Personal Data Stores
NIH pilot adoption of Open Identity technologies
Certification of industry open identity credentials
Business models for higher LOA open identity credentials
National Strategy for Trusted Identities in Cyberspace

The event has a unique format - the agenda is created live the day of the event. This allows for the discussion of key issues, projects and a lot of interactive opportunities with key industry leaders.

The event compiles a book of proceedings with the notes that are gathered from the conference. You can find the Book of Proceedings for IIW7, IIW8, IIW9 & IIW10 here. BTW these FOUR documents are your key to convincing your employer that this event will be valuable. As attendees register we ask about topics they wish to discuss.

Providing identity services between the general public and government websites is a different problem than providing authentication and authorization services within one or a few organizations (enterprise provisioning/termination or federation between two companies or government agencies).

As a community we are exploring these kinds of issues:

Questions Agencies Face:

How can open identity technologies enable open government
How can agencies leverage identity credentials generated by other organizations
How can the government leverage the efforts of social networking sites that offer user-centric identity credentials
What are the advantages to agencies of adopting open identity technologies
How can open identity technologies enable your websites to move beyond brochure-ware
How can we increase the speed in which government organizations can benefit from the use of open identity approaches
How to manage Federated Identity on an ever increasing scale
What are the implications of National Strategy for existing policy mandates
Should there be integrated political architecture
There are five distinct Cyber Security Bills in Congress now - what are the implications

Policy Considerations:

The relationship between FIPS (Federal Information Processing Standards) and identity management
What are the business cases for agencies to adopt Open Identity Technologies
What are the new legal constructs that make this work
How to use open identity technologies to preserve privacy while providing personalization
GSA standards for the use of open identity technology
Data Privacy Issues
Personal Data - how is it stored and shared with end users
How are these new approaches regulated

Technical Issues:

Open identity standards (identity and semantic)
What software is available to leverage open identity standards
How different standards and technical implementations interoperate
How agencies can accept identity credentials generated by other organizations
How open identity technologies can enable your website to move beyond brochure ware, without using cookies
How to leverage open identity technologies in your technology roadmap
How to implement Federal Identity
Tecnlogy issues involved in implementing existing Identity Management technology
Lessons learned - what are the most effective ways for Federal Agencies to build and employ identity systems

New Industry Developments:

Personal Data Stores/Data Banks with our digital footprints recorded
What new Identity Management technologies are on the horizon
National strategy for trusted identities in Cyberspace

Please join us at the Internet Identity Workshop

To consider all these and more!

It is the best place to meet and participate with all the key people and projects such as:

OpenID
IMI Information Cards
GSA approved schemas for open identity protocols
Personal Data Stores
NIH pilot adoption of Open Identity technologies
Certification of industry open identity credentials
Business models for higher LOA open identity credentials
National Strategy for Trusted Identities in Cyberspace

Thoughts on the National Strategy for Trusted Identities in Cyberspace

Friday 25 Jun 2010 by Kaliya Hamlin | 2 Comments
Filed under: Books/Papers on ID, Future, Government, ID Protocol, Identity Rights, National ID, Uncategorized Tags: authentication, authorization, identification, Identity Ecosystem, Identity Medium, individuals, Interoperability, National Strategy for Trusted Identities in Cyberspace, Non-Person Entity, NSTIC, organization, Trust Framework

Interestingly in paragraph two on the White House blog it says that NSTIC stands for "National Strategy for Trusted Initiatives in Cyberspace" rather than "National Strategy for Trusted Identities in Cyberspace".

This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.

The 2nd draft is posted on an DHS idea scale installation. There will be three weeks (until July 19th) for public comments.

The Document is 40 pages long and you can download it here. This is where citability.org would have come in handy to make comments... cause commenting in a threaded discussion on idea scale about the whole document will not be easy.

We will be hosting the Internet Identity Workshop in DC Sept 9-10 (Thursday-Friday) following Gov 2.0 Summit. See the announcement on the IIW site.

The White House post talks about the Identity Ecosystem. The document uses this phrase extensively.

I am reading it now and comments will follow here over the hour.

The subtitle is good - Creating Options for Enhanced Online Security and Privacy

Executive Summary Quotes and commentary:

In particular, the Federal Government must address the recent and alarming rise in online fraud, identity theft, and misuse of information online.

One key step in reducing online fraud and identity theft is to increase the level of trust associated with identities in cyberspace. While this Strategy recognizes the value of anonymity for many online transactions (e.g., blog postings), for other types of transactions (e.g., online banking or accessing electronic health records) it is important that the parties to that transaction have a high degree of trust that they are interacting with known entities.

It is good they are recognizing the value of anonymity for online transactions.

This Strategy seeks to identify ways to raise the level of trust associated with the identities of individuals, organizations, services, and devices involved in certain types of online transactions. The Strategy’s vision is: Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.

They are touching on key underpinnings of potential solutions understood by the user-centric identity community. The Identity Commons purpose is as follows: to support, facilitate, and promote the creation of an open identity layer for the Internet -- one that maximizes control, convenience, and privacy for the individual while encouraging the development of healthy, interoperable communities.

Ok, who let this many "identity ecosystems" out of the building? Ten in two paragraphs!!

Privacy protection and voluntary participation are pillars of the Identity Ecosystem. The Identity Ecosystem protects anonymous parties by keeping their identity a secret and sharing only the information necessary to complete the transaction. For example, the Identity Ecosystem allows an individual to provide age without releasing birth date, name, address, or other identifying data. At the other end of the spectrum, the Identity Ecosystem supports transactions that require high assurance of a participant’s identity. The Identity Ecosystem reduces the risk of exploitation of information by unauthorized access through more robust access control techniques. Finally, participation in the Identity Ecosystem is voluntary for both organizations and individuals.

Another pillar of the Identity Ecosystem is interoperability. The Identity Ecosystem leverages strong and interoperable technologies and processes to enable the appropriate level of trust across participants. Interoperability supports identity portability and enables service providers within the Identity Ecosystem to accept a variety of credential and identification media types. The Identity

Ecosystem does not rely on the government to be the sole identity provider. Instead, interoperability enables a variety of public and private sector identity providers to participate in the Identity

Ecosystem.

User-Centricity appears on the 2nd page of the Executive Summary:

User-centricity will allow individuals to select the interoperable credential appropriate for the transaction.

Sounds like they get what verified anonymity is and how it means that people don't have to share all their information when doing transactions online.

Here are the goals of the Strategy:

Develop a comprehensive Identity Ecosystem Framework
Build and implement an interoperable identity infrastructure aligned with the Identity Ecosystem Framework
Enhance confidence and willingness to participate in the Identity Ecosystem
Ensure the long-term success of the Identity Ecosystem

What is an Identity Ecosystem Framework? Maybe they were too afraid to use the word "trust framework"?

They have 9 proposed Actions to achieve these goals:

Designate a Federal Agency to Lead the Public/Private Sector Efforts Associated with Achieving the Goals of the Strategy
Develop a Shared, Comprehensive Public/Private Sector Implementation Plan
Accelerate the Expansion of Federal Services, Pilots, and Policies that Align with the Identity Ecosystem
Work Among the Public/Private Sectors to Implement Enhanced Privacy Protections
Coordinate the Development and Refinement of Risk Models and Interoperability Standards
Address the Liability Concerns of Service Providers and Individuals
Perform Outreach and Awareness Across all Stakeholders
Continue Collaborating in International Efforts

Introduction Quotes and Commentary:

They paint a rosy picture of the future saying this about what it will be like:

They have choice in the number and types of user-friendly identity credentials they manage and use to assert their identity online. They have access to a wider array of online services to save time and effort.

In this user centric world, organizations efficiently conduct business online by trusting the identity proofing and credentials provided by other entities as well as the computing environment in which the transactions occur.

The No2ID folks are not going to like the "envision" box on the first page....

Envision It!

An individual voluntarily requests a smart identity card from her home state. The individual chooses to use the card to authenticate herself for a variety of online services, including:

Anonymously posting blog entries, and Logging onto Internet email services using a pseudonym.

Credit card purchases,

Online banking,

Accessing electronic health care records,

Securely accessing her personal laptop computer,

To be clear, the user-centric identity community has not been focused on government-issued credentials or IDs - it has always been mostly about how people have aspects of their identities self-asserted and then validated by third parties, likely in the commercial sector not government.

The issue around identity theft is well articulated: the underlying data systems are poorly architected and change needs to happen at this level to solve the problem - not paying your bank or other entities "identity theft prevention or protection fees"

Criminals and other adversaries often exploit weak identity solutions for individuals, websites, email, and the infrastructure that the Internet utilizes. The poor identification, authentication, and authorization practices associated with these identity solutions are the focus of this Strategy.

The lack of User-centrism is touched on as a problem - yeah, they at least get some core aspects of the problem.

Further, the online environment today is not user-centric; individuals tend to have little control over their own personal information. They have limited ability to utilize a single digital identity across multiple applications. Individuals also face the increasing complexity and inconvenience associated with managing the large number of user accounts, passwords, and other identity credentials required to conduct services online with disparate organizations. The collection of identity-related information across multiple providers and accounts, coupled with the sharing of personal information through the growth of social media, increases opportunities for data compromise. For example, personal data used to recover lost passwords (e.g., mother’s maiden name, the name of your first pet, etc.) is often publicly available.

A very good resource to understand this broad set of issues around data systems architected badly is The Digital Person by Daniel Solove.

This is not about National ID:

[T]he Strategy does not advocate for the establishment of a national identification card. Instead, the Strategy seeks to establish an ecosystem of interoperable identity service providers and relying parties where individuals have the choice of different credentials or a single credential for different types of online transactions. Individuals should have the choice of obtaining identity credentials from either public or private sector identity providers, and they should be able to use these credentials for transactions requiring different levels of assurance across different sectors (e.g., health care, financial, and social transactions).

The Guiding Principles quotes and commentary:

What are the essential characteristics of solutions that support Trusted Identities in Cyberspace?

They articulate three kinds of interoperability:

Technical Interoperability – The ability for different technologies to communicate and exchange data based upon well-defined and widely adopted interface standards.

Semantic Interoperability – The ability of each end-point to communicate data and have the receiving party understand the message in the sense intended by the sending party.

Policy Interoperability – Common business policies and processes (e.g., identity proofing and vetting) related to the transmission, receipt, and acceptance of data between systems, which a legal framework supports.

Importantly, it highlights this key aspect of what is essential for interoperability the use of nonproprietary standards.

Identity Ecosystem will encourage identity solutions to utilize non-proprietary standards to help ensure interoperability.

Values and Benefits quotes and commentary:

They do a good job of defining some key identity terms.

The identity solutions identified in the vision are primarily associated with identification (establishing unique digital identities) and authentication (associating an individual with a unique identity) technologies and processes. Trusted and validated attributes provide a basis for organizations that offer online services to make authorization decisions.

New term bonanza (at least for user-centric ID community) in the ecosystem component:

A non-person entity (NPE) may require authentication in the Identity Ecosystem. NPEs can be organizations, hardware, software, or services and are treated much like individuals within the Identity Ecosystem. NPEs may engage in a transaction or simply support it.

The credential can be stored on an identity medium, which is a device or object (physical or virtual) used for storing one or more credentials, claims, or attributes related to a subject. Identity media are widely available in many formats, such as smart cards, security chips embedded in PCs, cell phones, software based certificates, and USB devices. Selection of the appropriate credential is implementation-specific and dependent on the risk tolerance of the participating entities.

On page 17, the phrase "trust framework" finally appears.

Looking across all three layers, the Identity Ecosystem will have the following characteristics:

Individuals and organizations choose the providers they use and the way they conduct transactions securely.
Participants can trust one another and have confidence that their transactions are secure.
Individuals can conduct transactions online with multiple organizations without sacrificing privacy.
Identity solutions are simple for individuals to use and efficient for providers.
Identity solutions are scalable and evolve over time.

Benefits are articulated for individuals, and the private sector.

The Identity Spectrum

Thursday 27 May 2010 by Kaliya Hamlin | No Comments
Filed under: Identitification, User Centrism, What is Identity? Tags: Anonymous Identity, Identity Spectrum, Pseudonymous Identity, Self-Asserted Identity, Socially Validated Identity, Verified Identity

I published V1 of this in a post on my Fast Company blog about the government's experiments with identity.
I did a more complete version for the opening talk of the Internet Identity Workshop

The Identity Spectrum gives a understanding of the different kinds of identity that are possible in digital systems. They are not exculsive - you can mix and match. I will define the terms below and discuss mixing and matching below.

Anonymous Identity is on one end of the identity spectrum--basically you use an account or identifier every time go to a Web site--no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don't reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give "fake" information or true information about yourself--it is up to you.

Socially Validated Identity is an identifier within the context of a social graph that is linked to and because of the social links it is acknowledged by others thus being socially validated

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.

Mixing and Matching on the Identity Spectrum
You could have a socially verified pseudonymous identity. That is people recognize and acknowledge a pseudonymous handle/avatar name by linking to it in a social graph. You can have verified anonymity where attributes about a handle/avatar are 'verified' but the all the information about the verified identity (full name, address, birthdate etc) is not reviled.

IIWX Internet Identity Workshop 10, Introductory Talk

Thursday 27 May 2010 by Kaliya Hamlin | No Comments
Filed under: Event Review, IIW, Identity Commons, Identity Gang, Identity Layer, Industry Developments, Presos/Podcasts/Videos, What is Identity? Tags: Identity Explained, Internet Identity Workshop, Introductory Talk

I gave this talk at the 10th Internet Identity workshop reviewing the shared history, language, understanding and work we have done together over the last 6 years of community life.

Internet Identity Workshop 10 - Introduction to the User-Centric Identity Community

View more presentations from Kaliya Hamlin.

Part of this presentation touched on a timeline of events in the community. Those and more are reflected on this timeline that is beginning to be developed here. IIW11 will be November 9-11 in Mountain View, CA The first ever IIW outside the Bay Area will be happening September 9-10 in Washington DC following the Gov 2.0 Summit with the theme Open Identity for Open Government. The first IIW in Europe will be happening in London likely October 9-10 (dates still to be confirmed) prior to RSA Europe. If you would like to know about when the next IIWs have registration open please join this announce list. TheIdentity Gang is the community mailing list where conversations are ongoing about identity. You can follow modest updates about IIW on twitter via our handle - @idworkshop You can see IIW 10 attendees on our registration page.

On Identity and Centralization

Thursday 22 Apr 2010 by Kaliya Hamlin | 1 Comment
Filed under: Uncategorized Tags: centralization, Facebook, Freedom, Friends, ge, gender, race, real identity, standards, Women

I was asked for a quote today to comment on F8 developments and the continuing apparent "centralization" of identity on that platform. It is not new for me to say these things but perhaps more crystallized.....

The turning point of the web becoming more social was mentioned several times today.

The issue at hand is fundamentally about FREEDOM: the freedom to choose who hosts your identity online (with the freedom to set up and host your own), the freedom to choose your persona - how you present yourself, what your gender is, your age, your race, your sex, where you are in the world. A prime example of WHY these freedoms are vital is the story of James Chartrand - you can read for yourself her story of being a "him" online as a single mother seeking work as a copy editor. Having a male identity was the way she succeeded.

We did a whole session at She's Geeky the women's technology unconference about women, identity and privacy online. ALL the women in that session had between 3-5 personas for different aspects of life and purposes. Many of those personas were 'ungendered' or male. I have not talked to many people of color about their online lives and persona management but should. I imagine that like women they choose for some of their persona not to identify racially.

Your "friends" shouldn't be locked into a particular commercial context. This is where the work on client-side applications for identity management and social coordination for individuals are key. The browser was never designed to do these kinds of functions and I don't think trying to make it do them is wise.

We need open "friend" standards where people are autonomous, without their identity tied to a commercial silo - like Google, Yahoo, Facebook, Microsoft, AOL, or any company. This is a vision of a web where I can "peer friend" my friends, and then no entity has power over our relationship. This requires people to be first-class objects on the web. Not easy to do, but essential for us to figure out.

IIW Date Shift - May 17-19

Thursday 18 Feb 2010 by Kaliya Hamlin | No Comments
Filed under: Event Annoucements, IIW, Uncategorized Tags: Internet Identity Workshop

It turns out Google I/O is the week of IIW. We found out too late to shift weeks but early enough to shift days to only conflict 1 day (the 19th). Please mark your calendars accordingly.

Early Bird Registration is in effect for another month. Sponsorships and "big tickets" (for those who can expense a higher ticket price but can't get actual "sponsorship budget") are still available.

RSA Dinner for the Identity Community

Thursday 18 Feb 2010 by Kaliya | No Comments
Filed under: Community Dinner, Uncategorized Tags: Community Dinner, RSA, SF

There are a few events on the yearly calendar where a corum of identity folks come together - RSA is one of them.

We are organizing an informal community Dinner on Tuesday evening at 7pm.

Everyone is WELCOME! just RSVP here on eventbrite. It will be no-host but not that expensive. We are looking at Indian places near the main hotel cluster for RSA.

The hosted Ping Party will follow at a location TBD.

If you were ever a part of or are interested in knowing more about the Identity Gang, OpenID, Information Cards, Higgins, Project VRM, PubSubHubbub, Salmon, XRD, LRDD, XRI, XDI, Volunteered Personal Information, UMA, Kantara, DiSo, Open Social, augmented browsing, end user focused proctols for individual and community empowerment this event is for you.

ID-Legal - Mapping the Gap - Bridging Commumities

Thursday 18 Feb 2010 by Kaliya | 1 Comment
Filed under: Event Annoucements Tags: Collaboration, ID-Legal, Identity, Kantara, Lucy Lynch, Map the Gap, Robin Wilton, Scott David, Trent Adams

Next month we are hosting a gathering called Map the Gaps. It came out of a session I ran several IIW's ago asking the question what if there was a "Legal-IIW" the intent was always to cross communities and connect activities already in this area. The intent from the beginning was to connect with and work with PPEG at Liberty Alliance. I am happy to be working with Robin from Kantara who ran the PPEG group at Liberty Alliance. Lucy from the Internet Society has been a real champion of the event.

We are threading the needle of size and accessability. Our intent is to make as much as possible about the conversation public and report out. We also know that the energy is really different with 20-30 people vs. 100. We are seeking interest particularly from technologist who are interested in understanding how Lawyers think and how different aspects of law are going to end up impacting the technologies they build and how those technologies will change the law.

You can see the matrices we are looking to fill in here on the ID-Commons wiki.

Here is the invitation and this is a link to express interest in attending.

Identity Commons and The Kantara Initiative
present an identity workshop and symposium to
"Map the Gaps"
Sponsored by the Internet Society.
March 18th-19th, 2010, Washington DC

The event will be attended by representatives of the diverse identity communities to help “Map the Gaps” that currently exist between the policy/legal and technology views of digital identity and online privacy.

The intention of the “mapping” exercise is to benefit the overall identity community by cataloguing and examining the characteristics and approaches of various online identity-related technical and legal initiatives, so that they can be applied to find common ground to integrate the research and development initiatives in the identity space.

The infrastructure for online identity continues to evolve, and increasingly raises social and privacy questions which are large, complex, and cannot be solved either by technology alone, or by a “single-stakeholder” approach.

While technologists and lawyers have worked separately in the past, identity technologies are now bringing people together in ways that are so intimate and far-reaching that they change both the way humans relate to technology, and the technologically-mediated ways humans relate to each other. Many of those technologically-mediated interactions are the subject of various established laws, which must now be reviewed in the light of this evolution: the technology cannot properly develop without legal guidance and vice versa.

This effort will depend upon the identification and creation of common concepts, language and paradigms to guide future development in the area. Our aim is to bring technologists and legal and policy professionals together, establish a common understanding of each other's domains, and map out the gaps which subsequent work would aim to bridge.

The “Map the Gaps” event will provide participants with a forum to contribute various perspectives on identity-related themes, the output of which may be coordinated with American Bar Association events as well as within working groups at ID Commons and the Kantara Initiative.

Due to limited space, the event is being held by invitation only. There are, however, other ways to participate in this important work, including submitting written materials for inclusion in symposium online materials.

In order to assure that the broadest possible representation of interests is achieved to inform the work that will take place at the symposium, all submitted papers will be made available to attendees and others on the Identity Commons and Kantara symposium-related websites.

Limited spaces have been reserved at the symposium for a few additional invitations to be extended to individuals and institutional representatives based on a review of submitted papers. Additional invitations may be extended based on those papers that offer significant perspectives and insights that are perceived to be different than or complementary to those already represented by the existing symposium attendees.

Next steps:
The symposium will be interactive and participant-driven: we ask all persons who would like to attend the meeting as participants to contribute, in advance (and no later than February 28, 2010), a brief (250-500 words) position paper, analysis or other description of an interesting or pressing problem they have encountered in this field. Papers will be posted as noted above, and we will extend invitations for participation to the authors of those papers that satisfy the criteria indicated above.

To express interest in the “Map the Gaps” workshop and symposium:

https://www.isoc.org/isoc/conferences/registration/?id=19

Event Committee:

Scott David, K&L Gates LLC.
Lucy Lynch, Internet Society
Kaliya Hamlin, ID Commons
J. Trent Adams, Internet Society
Robin Wilton, Future Identity, Ltd.

Chris Messina at Google - Good for him, Google & The Identity/Social Web Community.

Monday 11 Jan 2010 by Kaliya Hamlin | 1 Comment
Filed under: Industry Commentary, Industry Developments, User Centrism Tags: Chris Messina, Data Libration, Facebook, Google, Identity Community, JP G, JP Rangaswami, Kevin Marks, OpenID

I was one of the first people to congratulate Chris Messina on his blog when he announced he was going to Google. It was a personal congratulations. I wasn't sure if it was good overall for the open web vision or the community as a whole. In the end after thinking about it for a few days I feel it is a good move for them, for Google and for the community. The rest of this post explains why.

With Chris going to Google it gives them three seats on the OpenID board (Joseph and Chris are both community board members and Google has a corporate paying board member seat filled by Eric Sachs). It concentrates a lot of power at Google and I agree with Eran's concerns from Marshall's RWW/NYTimes article ...why be "open" if you can just have an internal product meeting with Brad Fitzpatrick and a few other Googlers and "ship" a product without reaching out to others. I agree with the concern and I think there will be enough eyes on these individuals in particular and Google in particular to challenge them if they do that.

Thursday morning I sat at "geek breakfast" in Berkeley with a friend discussing Chris and Joseph's move to Google. We mused about how many people we knew who "get social" have been at Google and because "Google didn't get social" they were unhappy so they left, Kevin Marks being just the latest example leaving in the fall for British Telecom/Ribbit where he works for JP Rangaswami, the CIO who really gets open.
Given this, if "just" Joseph Smarr was going to Google he would be more "alone" trying to "do social right" at Google. Yes, he would have allies but no one quite as high profile as himself. With Chris Messina there too, there are now two major committed community leaders who can work the politics involved in helping Google to "get" social and actually do it right. If anyone has a hope inside that big company it is those two and I don't think either could be as effective alone.
If Chris and Joseph fail, that is if they get frustrated and leave (which they can at any time they want cause they are very "employable" because of their profiles by a whole range of companies in the valley) then is a sign that Google doesn't really "get" social and isn't moving in the right direction in terms of supporting the emergence of an open standards based, individually empowering & social web.
With Zuckerberg's statement's about privacy and the recent actions by Facebook to make user-information public, Google has a huge opportunity to live up to its slogan of "not doing evil". Over the fall Google made some promising statements on the meaning of open and took action spinning up the Data Liberation Front.
I know many people who currently are and have been at Google. All of them talk about how secure things are internally - it is not possible to go into their systems and "look up a user" and poke around at what they have in their e-mail, or what they have searched on or what is in their google docs. Algorithms look at people's stuff there, not people. Google takes their brand and reputation for protecting people's private information seriously. I am not particularly starry eyed about Google thinking they can do no evil - they are just a company driven by the need to make a profit. I worry that they might be becoming too dominant in some aspects of the web and that there are legitimate concerns about the monopoly power they have in certain market area.
I don't see this as a Google vs. Facebook fight either. Chris, Brad, Eric, Joseph are all at Google & David Recordon and Luke at Facebook; they are all good friends socially and are just six people in the overall identity community made up of about 1000 people at 100's of companies. Yahoo!, AOL, Microsoft (enterprise & MSN side), are all involved along with PayPal, Amazon, BT, Orange, Mozilla, Sun, Equifax, Apple, Axiom, Oracle, & many many more. They all come together twice a year at the Internet Identity Workshops and other events to collaborate on innovating open standards for identity on the social web.
I invite those who want to participate in the dialogue to consider attending the 10th Internet Identity Worskshop May 18-20.

I take the health of the identity community, its over all tone and balance quite seriously. I helped foster it from the beginning really starring in March of 2004 including 9 months from June of that year until January 2005 it was my first major job - evangelizing user-centric identity and growing the community to tackle solving this enormous problem (an identity and social layer of the web for people). I along with others like Doc Searls, Phil Windley, Drummond Reed, Bill Washburn, Mary Ruddy, Mary Rundle, Paul Trevithick, Dick Hardt, Eugene Kim & many others formed the identity community. Having put my heart, soul, sweat and tears into this community and working towards good results for people & the web, I don't say what I say in this post lightly.

The Age of Privacy is Over????

Monday 11 Jan 2010 by Kaliya Hamlin | 2 Comments
Filed under: Facebook, Industry Commentary, Industry Developments, Privacy Tags: Facebook, Privacy, Social Norms, Zuckerberg

ReadWriteWeb has coverage of Zuckerberg's talk with Arrington at the Crunchies. According to him, the age of Privacy is Over. This is the quote that is just STUNNING:

..we decided that these would be the social norms now and we just went for it.

When I first heard it in the interview in the video I did a major double take - "we decided" ?? seriously? The we in that sentence is Facebook and clearly with Zuckerburg is at the helm - He could have said "I decided" and he as the CEO of a social network has the power to "decide" the fate of the privately shared amongst friends in the context of this particular social network for millions of people (see my post about the privacy move violating the contract with users). It makes you wonder if this one platform has too much power and in this example makes the case for a distributed social network where people have their own autonomy to share their information on their own terms and not trust that the company running a platform will not expose their information.

It is clear that Zuckerberg and his team don't get social norms and how they work - people create social norms with their usage and practices in social space (both online and off).

It is "possible" to change what is available publicly and there for making it normal by flipping a switch and making things that were private public for millions of people, but it is unethical and undermines the trust people have in the network.

I will agree there is an emerging norm that young men working building tools in Silicon Valley have a social norm of "being public about everything", but they are not everyone. I am looking forward to seeing social tools developed by women and actual community organizers rather then just techno geeks.

I will have more to say on this later this week - I was quite busy Saturday - I ran the Community Leadership Summit, yesterday I flew to DC and today I am running the Open Government Directive Workshop. While I am here I hope to meet with folks about Identity in DC over the next 2 days.

Suicide Options for Facebook, LinkedIn and Twitter

Friday 1 Jan 2010 by Kaliya Hamlin | No Comments
Filed under: Facebook, Identity Rights, Legal Cases, Privacy, Social Network Tags: Facebook, LinkedIN, Online Suicide, Seppukoo, Twitter

I have another post up on ReadWriteWeb that went up just after Christmas covering people who are choosing to leave Facebook or considering doing so along with the tools to help them.

Fed Up with Facebook Privacy Issues? Here is how to End it All.

It highlights two different Web 2.0 suicide machines; one is an art project called Seppukoo.com .

The service creates a virtual memorial for you and posts you on a suicide wall & they give you points for how many friends you had and how many of them choose to follow you to the "after life". The leader board is here. You can see the RIP page for one of the creators of the service - Gionatan Quintini here.

It received a cease and desist from Facebook and responded.

The response is not covered in the article (it wasn't out when I wrote it). It has some great quotes that sound like language coming from the user-centric identity community.

5. My clients have the right to receive information, ideas, and photographs from those people whom are the legitimate proprietors of this data and can decide to share this data or to store it, with the prior consent of its respective owners. All of this is freedom of expression and the manifestation of thought and free circulation of ideas that is accepted and guaranteed in Europe and in the U.S.A.

6. Facebook cannot order the erasure of data that does not belong to it, acting against the free will of the owners of such data. This is not protection of privacy, but rather a violation of the free will of citizens that can decide freely and for themselves how to arrange their personal sphere.

We shall see how Facebook responds to this.

Web 2.0 Suicide Machine is more comprehensive - covering LinkedIn & Twitter as well.

Here is the previous Read Write Web post on the changes in what is and is not public.

IIW is NOT an advocacy group - sigh "the media"

Friday 18 Dec 2009 by Kaliya Hamlin | 1 Comment
Filed under: Facebook, IIW, Media Coverage, me Tags: AS, ASN, Facebook, Identity, Identity Commons, Media, mistaken identity, OpenID

Facebook's Online Identity War quotes me and labels IIW an advocacy group. IT IS AN INDUSTRY FORUM. Douglas MacMillan.

Sorry but I am still learning "how" to talk to reporters. They don't like to quote me as "the identity woman" and link to my blog.

I "do" run the Identity Workshop with Phil and Doc but that doesn't make it an "advocacy group"

Identity Commons & IIW have a purpose and principles believing in user/centric identity. The power of individuals to manage and control their own identities online. We don't "advocate" for them - we create a convening space for people who want to work on this ideal.

Facebook does on some level "agree" with the idea of user-centric identity - Luke Shepard has participated in the community for quite a while & they hired David Recordon. They sponsor IIW.

I am clear that the opening up of previously controlled information with no warning "jives" with my understanding of user-centric control. It was more from my own point of view I was commenting. That is with my "identity woman" hat on... and the values I carry from Planetwork and the ASN... but the press hates that. Uggg. Chris Messina gets to be an "open web advocate"... that is what I do to but just about identity "open Identity advocate" (mmm...) but then that sounds like "just" OpenID and it isn't just about that one particular protocol. sigh.

I am still wondering - How does one "belong" and have "titles" in a way the media can GROK when one does not have a formal position in a formal organization.

sigh - identity issues.

Demand for Web 2.0 suicides increasing

Friday 18 Dec 2009 by Kaliya Hamlin | No Comments
Filed under: Digital Death, Identity Rights, Industry Commentary, Industry Developments, Social Network, User Centrism Tags: Facebook, suicide, suicide machine, Web 2.0

I went to the suidicemachine and got this message

We apologize to all our users for the breakdown of our service! Within the last hours the huge demand for 2.0 suicides completely overblew our bandwidth resources!

We are currently considering relocating to another serverfarm. Please consider suicide at a later moment and accept our apologies!

You can still try to catch a free slot, but chances are quiet low at the moment!

Facebook Privacy Changes leave us "Socially Nude"

Tuesday 15 Dec 2009 by Kaliya Hamlin | 7 Comments
Filed under: Facebook, Industry Commentary, Industry Developments, Privacy, Social Network Tags: Social Contracts, Social Norms, Social Nudity

Read Write Web published a guest post by me about how the changes at facebook last week leave us Socially Nude.

Facebook's Privacy Move Violates Contract With Users

Your name, profile picture, gender, current city, networks, Friends List, and all the pages you subscribe to are now publicly available information on Facebook. This means everyone on the web can see it; it is searchable.

This represents just the latest instance of Facebook violating the contract it holds with its users. This is no small matter, either. Lots of people will have very real and valid objections to this arbitrary change to what's public and what's private on Facebook.

....an articulation of the nature of the social contract sites with social features have with users....

I wonder how many more times they will get strip us down, leaving our familiar social clothes and underware on the floor, and leaving us socially nude.

I think it is unethical and I agree with the concern that Jason Calacanis raises about how this will affect other Internet companies. "Facebook's reckless behavior is... simultaneously making users distrust the Internet and bringing the attention of regulators." This change will affect all of us working on building the new techno-social architecture of our society via the web.

She’s Geeky - January 29-31

Tuesday 15 Dec 2009 by Kaliya Hamlin | No Comments
Filed under: She's Geeky, Women Tags: CHM, Engineering, Science, She's Geeky, Technology, Women

SGLogo

She’s Geeky: Connecting Women in Tech

Returning to the Bay Area January 29, 30 & 31, 2010

@ the Computer History Museum in Mountain View

She's Geeky is just 7 weeks away! Early Bird Tickets are available for just 2 more weeks until December 20th.

http://shesgeekybayarea3.eventbrite.com/

www.shesgeeky.com

This event is for:

Women Working in Science, Technology, Engineering and Mathematic Fields.

Women into their gadgets and SciFi Fan’s.

Women students of the sciences, those training to be engineers, aspiring mathematicians and technology professions.

Women who are kernel hackers and all those who aspire to deepen their geekiness by learning how to code the php on their blogs.

Daughters, Nieces and mentees of all of the above

Women who are retired used to work in tech related fields.

What happens?

All the women who attend are invited to create the agenda live the day of the event.

Women can present/share about their area of professional expertise.

Women learn from one another.

Women discuss critical issues affecting them in the digital age.

Women talk about work place and community issues they face.

Women are inspired to follow their passion and believe in their own abilities.

Women find connections and support for their work and vision.

About The Format

She’s Geeky is an unConference (http://www.unconference.net/) where the agenda is created by all participants live the day the event happens. This format supports peer to peer learning, dialogue about the issues that are top of mind and networking. In this women’s only environment attendees have the opportunity to see their contribution to their field in a new light and gain confidence to step forward in their lives and careers.

Click here (http://shesgeeky.org/sg/2009/11/twitter-highlights-from-shes-geeky-dc/) for a dip into the Twitter Stream from the November 13 & 14, 2009, sold out, Washington, DC She’s Geeky Event to get a sense of the experience from those who attended! Or to read answers to the end of day question: ‘As a result of today…’ click here. (http://www.shesgeeky.org/wiki/Sg2009dc:Results)

About She's Geeky

She’s Geeky convenes to inspire women for the future, providing a gathering space to create enduring communities that foster collaboration and innovation, while promoting initiative and leadership among women tech professionals. Beginning with its resoundingly successful 2007 unConference in Silicon Valley, She’s Geeky attracts women from a broad spectrum of technological specialties, diverse social groups, generations, and levels of expertise. The inclusive quality of She’s Geeky events promotes discussion, furthers cooperation, and encourages learning. She’s Geeky advances systemic change in tech culture by disseminating effective practices to address the challenges of women working in Science, Technology, Engineering and Mathematics.

She’s Geeky isn’t a “women in tech group” and we don’t have chapters around the country. We are an unConference event that works to connect and promote existing tech groups. Currently we work with DevChix, LinuxChix, Women 2.0, Girls in Tech, Women Who Tech, Digital Sistas, Girl Geek Dinners, Gaming Angels, the Anita Borg Institute for Women in Technology.

She’s Geeky: THE UNCONFERENCE Connecting Women in Tech is returning to the Bay Area January 29, 30 & 31, 2010 @ the Computer History Museum in Mountain View

Early Bird Tickets are available until Friday December 20th.

This event is for:

Women Working in Science, Technology, Engineering and Mathematic Fields.
Women into their gadgets and SciFi Fan’s.
Women students of the sciences, those training to be engineers, aspiring mathematicians and technology professions.
Women who are kernel hackers and all those who aspire to deepen their geekiness by learning how to code the php on their blogs.
Daughters, Nieces and mentees of all of the above
Women who are retired used to work in tech related fields.

What happens?

All the women who attend are invited to create the agenda live the day of the event.
Women can present/share about their area of professional expertise.
Women learn from one another.
Women discuss critical issues affecting them in the digital age.
Women talk about work place and community issues they face.
Women are inspired to follow their passion and believe in their own abilities.
Women find connections and support for their work and vision.

About The Format:

She’s Geeky is an unConference where the agenda is created by all participants live the day the event happens. This format supports peer to peer learning, dialogue about the issues that are top of mind and networking. In this women’s only environment attendees have the opportunity to see their contribution to their field in a new light and gain confidence to step forward in their lives and careers. You can see proposed topics on our wiki.

See a dip into the Twitter Stream from the November 13 & 14, 2009, sold out, Washington, DC event to get a sense of the experience from those who attended! Or to read answers to the end of day question: ‘As a result of today…’ click here.

About She's Geeky:

If you are a guy please let your women colleagues know about the event. The event is for women only - we have thought a lot about this choice and why we made it - it is decidedly not about be being "anti-male" rather much of it is focused on creating a safe space for women who are geeky who have been shy to express themselves. If this makes you feel uncomfortable you can read more about this nuance and what we are about here.

We have sponsorships available at the community level, individuals and small companies and corporate levels.

We have some cool banners up on our website too.

You can find us on twitter @shesgeeky

You can contact us - info@shesgeeky.org

IIW9 Highlights - IIW10 Reg Open

Saturday 12 Dec 2009 by Kaliya Hamlin | No Comments
Filed under: Event Annoucements, Event Review, IIW, Identity Commons, Uncategorized Tags: Active Clients, Hammer-Stack, IIW, OAuth, Social Consent, Trust Framework, WRAP, XRD

I am really pleased to share that the notes for IIW9 are available in PDF form now. All sessions also have a wiki page too.

Heidi Nobantu Saul did an amazing job collecting notes and we managed to get all session notes except a very few on the last day.

Highlights include:

The session on Active Clients that went for several hours on Wednesday that was preceded by the presentation of an OpenID Selector by MSFT on Tuesday and followed by What should Identity Support in the browser look like? led by Johannes Ernst.
The Conversation about Social Consent
Action Cards continuing to develop with Kynetx & Joe Andrieu presented on Portable Contexts.
Progress made on moving activity streams forward.
The OAuth-WRAP conversations which are continuing. Facebook also led a session on why they don't support today's OAuth.
The continued evolution of WebFinger, XRD, LRDD & what is becoming know as the Hammer-Stack
Salmon-Protocol to support comments "swimming upstream"
The Trust Framework activity with OpenID Foundation, Information Card Foundation and the Federal Government.

The 10th Internet Identity Workshop is May 18-20.
Registration is Open Now and Extra Early Bird Rates are in effect until January 31.

What are identifiers in the digital context?

Thursday 3 Dec 2009 by Kaliya Hamlin | No Comments
Filed under: Reputation Currents Tags: Identifiers, Jean Russell, OpenID, Reputation Currents

Jean Russell and I continued our conversation on What are Identifiers this time focusing on the digital context.

We cover what user-names are, how they are not portable, what it means to have a portable identifier - and talk about the open standard that enables portability - OpenID.

It is up on the Reputation Currents Blog.

What are Identifiers?

Tuesday 1 Dec 2009 by Kaliya Hamlin | No Comments
Filed under: Reputation Currents, Uncategorized Tags: curreny, identifier, Jean Russell, reputation, Reputation Currrents

Jean Russel and I just posted the first of many conversations we area planning to explore, Identity, Reputation, and Currencies.

What is an Identifier? is up on Reputation Currents blog.

Fire Fox and Identity in the Browser

Saturday 28 Nov 2009 by Kaliya Hamlin | No Comments
Filed under: Active Clients, IIW Tags: browser, firefox, fr, Identity, Read Write Web, slective discolosure, Untitled

ReadWriteWeb reports this week:

Decrying redirects and iframes, Raskin tells of a brave new world where an in-browser button that defies navigational difficulties allows for something closer to true identity portability than we've seen yet:Identity will be one of the defining themes in the next five years of the Web. Nearly every site has a concept of a user account, registration, and identity. Searching for "sign in" on Google yields over 1.8 billion hits. And yet, the browser does nothing to make this experience better save for some basic auto form filling. The browser leaves websites to re-implement identity management, and forces users to learn a new scheme for every site... Your identity is too important to be owned by any one company. Your friends are too important to be owned by any one company.

Finally! They said it!

Comments in reaction to the ReadWriteWeb post highlight Information Cards & CardSpace are not mentioned - I point out in my comment that the work is all connected ant pointed to the IIW conversations about Active Clients attended by all.

Aza open their post with this paragraph:

Identity will be one of the defining themes in the next five years of the Web. Nearly every site has a concept of a user account, registration, and identity. Searching for “sign in” on Google yields over 1.8 billion hits. And yet, the browser does nothing to make this experience better save for some basic auto form filling. The browser leaves websites to re-implement identity management, and forces users to learn a new scheme for every site.

They make these key points following the images they have (you should check the images out)

• Identity is part of where you are, and what you are looking at (Amazon looks different depending on if you are signed in or not). That’s why we put it in the URL Bar.

• For most sites, you’ll probably only have one identity, so login will be a single click or automatic.
• Putting verbs into the navigation bar isn’t new. See Taskfox.
• To increase visibility, webpages should be able to make a Javascript call that opens the login/signup bubble.
• For webpages that want to own the login-process, the account creation simply acts as the ultimate form-fill. For those interested in the evolution of the idea, you can see an early mockup with comments as well as Alex Faaborg’s similiar mockups.

They also make this point...

Chris Messina and others has been advocating for a model which follows the Facebook Connect lead: a single verb, to connect. Once connected, you decide exactly what information to share in an asynchronous manner. Unfortunately this bleeds information — your name is known to all websites which which you connect. We’d like to explore what a connect metaphor in combination with the ability to remain anonymous but connected means.

I agree with the firefox folks. Having a way to do verified anonymity is essential.

"Selective Disclosure" is the name for technologies that do this.

The firefox team should check out Stefan's U-Prove Technology that may be released shortly by MSFT that acquired it over a year ago -

(seems like Stefan killed his blog when he moved to MSFT..mmm..anyways.)

Firefox folks invite people to get involved here.

Internet Identity Workshop Details + Regular Registration Ends Wednesday

Saturday 24 Oct 2009 by Kaliya Hamlin | No Comments
Filed under: Event Annoucements, IIW, Uncategorized Tags: Internet Identity Workshop

This is cross posted on the IIW Blog

Regular Registration ENDS NEXT WEDNESDAY - October 28th at Midnight. Prices go up $100 after that.

The Internet Identity Workshop #9 Tuesday - Thursday, November 3-5 in Mountain View, CA Computer History Museum

Please blog/tweet about the conference. The hash tag is #iiw , our twitter handle is @idworkshop

Proposed Topics List is here. We all make the agenda together beginning at 1 on Tuesday and again on Wednesday and Thursday morning. If you want to know more about how to prepare for an unconference check out this piece called “unconferencing” by Kaliya Hamlin (@identitywoman) the facilitator of the workshop.

You can see the specific times of sessions.

Tuesday Morning Opening talks will cover: * The Identity Trust Framework activities - Drummond Reed and Don Thibeau * Data Portability releasing their EULA work * Action Cards - Phil Windley and Paul Trevithick * Discovery etc. - Eran Hammer-Lahav * Activity Strea.ms etc. - * A VRM update * We might cover activity happening in the healthcare sector * We are working on having Vivek Kundra the CIO of the US join us via skype - as yet this is unconfirmed.

They won’t cover - OpenID 101, Information Cards 101 or SAML 101 If you are unfamiliar with these topics we recommend reading these papers/watching these videos. There is a lot of information online covering these topics on the foundations/organizations respective websites.

OpenID - http://openid.net/ OpenID video about it - http://www.youtube.com/

Information Cards - http://informationcard.net/ Video - http://informationcard.net/watch-the-video

SAML - http://en.wikipedia.org/wiki/SecurityAssertionMarkup_Language Video - Ping Identity on SAML 101

All together now - the Venn of Identity The paper - by Drummond and Eve the update - The Zen of Venn

Demo Hour: We still have Demonstration slots available you must sign up ahead of time to Demo. It is Wednesday after lunch short 5min demos will be happening throughout the hour - throughout the room. Please e-mail Kaliya[at]mac.com to get a table and more information about how it will work.

Food: I forgot to ask if there were any special dietary requirements. Please let me know if you have any - this is what we have in store for you.

Tuesday - Burrito Bar, Tied House Wednesday - Indian, Italian Thursday - BBQ Boys

Thank you to our Sponsors:

Without their contributions this conference would not be possible. (we still have sponsorship opportunities available)

About the Notes Taking Procedures: In our effort to document the whole confernece and give all attendees access to all the happenings in sessions we have a notes taking procedure:

If you convene a session it is your responsibility to get a note taker for your session.

The note taker needs to use the NOTE TAKING FORM - found here in digital form (the paper version will be avaliable in each break out space too). When notes are complete, the note taking form must be e-mailed to iiwnotes@gmail.com OR transfered to a USB key at Documentation Center OR if paper notes are taken transcribed by the notes taker on computers provided in Documentation Center

We will also be collecting a more immediate list of results from each session on 11x17 sheets.

We are looking forward to seeing you next Tuesday!

let us know if you have any other questions,

-Kaliya, Phil and Doc

Identity Dispute on Twitter

Friday 2 Oct 2009 by Kaliya Hamlin | No Comments
Filed under: Legal Cases, Social Network, Tool Usage, reputation Tags: Identity, Twitter

From Slashdot

SpuriousLogic spotted this story on the BBC, from which he excerpts:

"The High Court has given permission for an injunction to be served via social-networking site Twitter. The order is to be served against an unknown Twitter user who anonymously posts to the site using the same name as a right-wing political blogger. The order demands the anonymous Twitter user reveal their identity and stop posing as Donal Blaney, who blogs at a site called Blaney's Blarney. The order says the Twitter user is breaching the copyright of Mr. Blaney. He told BBC News that the content being posted to Twitter in his name was 'mildly objectionable.' Mr. Blaney turned to Twitter to serve the injunction rather than go through the potentially lengthy process of contacting Twitter headquarters in California and asking it to deal with the matter. UK law states that an injunction does not have to be served in person and can be delivered by several different means including fax or e-mail."

ReadWrite Real-Time Web Summit Announced

Tuesday 15 Sep 2009 by Kaliya Hamlin | No Comments
Filed under: Event Annoucements, unconferences Tags: Read Write Web, Real Time

The ReadWrite Real-Time Web Summit announcement is live. I am working on this with them as the facilitator. The event is modeled on the format we use at the Internet Identity Workshop to get a lot done and have real discussions about emerging topics in industry.

ReadWriteWeb has offered high quality coverage of this area for a long time and they seem like a natural convener of real conversation. Of course Identity is key to this industry but so are many other things.

Learn more here

FastCo Post on Governemnt Experiments with Identity Technologies

Saturday 12 Sep 2009 by Kaliya Hamlin | No Comments
Filed under: Articles in other Publications, Industry Commentary, Industry Developments Tags: Fast Company, Identity, Information Cards, OpenID

This is cross posted on Fast Company.

The Obama administration open government memorandum called for transparency participation, collaboration and federal agencies have begun to embrace Web 2.0 technologies like blogs, surveys, social networks, and video casts. Today there are over 500 government Web sites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government Web sites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.

Yesterday the United States Government in collaboration with industry announced a few pilot projects using emerging open identity technologies for citizens to use when interacting with government sites. I use the word interacting very deliberately because the government doesn't want to know "who you are" and has gone great lengths to develop their implementations to prevent citizens from revealing personally identifiable information (name, date of birth etc).

How would you use this?--well imagine you are doing an in depth search on an NIH (National Institute of Health) Web site--and you went back to the site many times over several months. Wouldn't it be great if the site could "know" it was you and help you resume your search where you left off the last time. Not your name and where you live but just that you were there before.

The Identity Spectrum helps us to understand how it all fits together.

Spectrum of ID Anonymous Identity is on one end of the identity spectrum--basically you use an account or identifier every time go to a Web site--no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don't reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

The government pilot is focused on supporting citizens being able to have pseudonymous identities that function only at one Web site--the same citizen interacting with several different government Web sites needs to use a different identifier at each one so their activities across different government agencies do not have a correlation.

It is likely that some readers of this blog know about and understand typical OpenID. Almost all readers of this blog do have an openID whether they know it or not because almost all the major Web platforms/portals provide them to account holders--MySpace, Google, Yahoo!, AOL etc.

So how does this work with OpenID?

Typical OpenID Typically when logging in with OpenID on the consumer Web you share your URL with the site you are logging into--they redirect you to where that is hosted on the Web--you authenticate (tell them your password for that account) and they re-direct you back to the site you were logging in. (see this slide show for a detailed flow of how this works). Using OpenID this way explicitly links your activities across multiple sites. For example when you use it to comment on a blog-- it is known your words come from you and are connected to your own blog.

Using the OpenID with Directed identity--de-links your the identifiers used across different sites but still lets you use the same account to login to multiple sites.

When you go to login to a site you are asked to share not "your URL" but just the name of the site where your account is--Yahoo! or Google or MySpace etc. you are re-directed to that site and from within your account a "directed identity" is created--that is a unique ID just for that Web site. Thus you get the convenience of not having to manage multiple accounts with multiple passwords and you get to store preferences that might be shared across multiple ID's but you don't have identifiers that correlate--that are linked across the Web.

How does this work with Information Cards?

This is a complementary open standard to OpenID that has some sophisticated features that allow it to support verified identities along with pseudonymous & self asserted identities. It involves a client-side piece of software called a selector--which selector helps you manage your different identifiers using a card based metaphor, with each digital "card" representing a different one. Citizens can create their own cards OR get them from third parties that validate things about them.

The government is creating a privacy protecting "card profile" to be used in the pilot program. It is NOT issuing identities.

Trust Framework are needed to get it all to work together.

From the press release yesterday:

"It's good to see government taking a leadership role in moving identity technology forward. It's also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon--it's a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate," said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. "Today's announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it's impossible to know whether a received identity is reliable."

The OpenID Foundation and Information Card Foundation wrote a joint white paper to describe how they are working on developing this. From the abstract:

[They] are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.

These frameworks, based on the model developed by the InCommon federation for higher education institutions, will enable government Web sites to accept identity credentials from academic, non-profit, and commercial identity providers that meet government standards. These standards are critical as they represent the government's resolution of the challenging and often competing issues of identity, security, and privacy assurance. Open trust frameworks not only pave the way for greater citizen involvement in government, but can enable even stronger security and privacy protections than those typically available offline.

These are all exciting developments but there is much more to do.

Looking (far) ahead there may be the opportunity to do selective disclosure--combining anonymity with verified identity.

How do these go together--you can take a verified identity claim say your birth date then using cryptography strip the specifics away and just have a claim that says you are "over 21". Then using an anonymous identifier you have selectively disclosed your age without giving away your date of birth.

You could imagine this would be handy for citizens wanting to communicate their opinions to their member of congress without revealing their actual name and address - they could "prove" using a verified claim they live in the district but not reveal who they are. This aspect of what is possible with the technology is VERY forward looking and will take many years to get there. There is enormous potential to evolve the Web with this emerging identity layer.

I would like to invite all of you interested in being involved/learning more to attend the Internet Identity Workshop in Mountain View California November 3-5. I have been facilitating this event since its inception in 2005. It is truly amazing to see how far things have progressed from when we were 75 idealistic technologist talking about big ideas. at the Hillside Club in Berkeley. It is also some what daunting to think about how much farther we have to go.

Open Identity for Open Government Explained

Wednesday 9 Sep 2009 by Kaliya | 1 Comment
Filed under: Government, ID Protocol, Industry Commentary, Industry Developments Tags: Information Cards, Open ID

Today the United States Government with digital identity industry leaders announced the development of a pilot project with NIH and related agencies using two of the open identity technology standards OpenID and Information Cards.

This is, as a friend said to me, a "jump the shark moment" - these technologies are moving out from their technologists technology cave into mainstream adoption by government agencies. We are seeing the convergence of several trends transform the way citizens participate in and communicate with government:

Top-down support for open government
The proliferation of social media
The availability of open identity technologies

Today there are over 500 government websites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government websites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.

The challenge is that supporting this kind of citizen interaction with government via the web means that identity needs to be solved. On the one hand you can't just ask citizens to get a new user-name and password for all the websites across dozens of agencies that they log in to. On the other you also can't have one universal ID that the government issues to you and works across all government sites. Citizens need a way to interact with their government pseudonymously & in the future in verified ways.

So how will these technologies work?

Those already familiar with OpenID know that typically when users login with it they give their own URL - www.openIDprovider.com/username. (see this slideshare of mine if you want to see OpenID 101) There is a little known part of the OpenID protocol called directed identity - that is a user gives the name of their identity provider - Yahoo!, Google, MSN etc - but not their specific identifier. The are re-directed to their IdP and in choosing to create a directed identity they get an identifier that is unique to the site they are logging into. It will be used by them again and again for that site but is not correlatable across different websites / government agencies. The good news is it is like having a different user-name across all these sites but since the user is using the same IdP with different identifiers (unlinked publicly) but connected to the same account they just have to remember one password.

Information Cards are the new kids on the identity block in a way - this is their first major "coming out party" - I am enthusiastic bout their potential. It requires a client-side tool called a selector that stores the user's "digital cards". Cards can be created by the end user OR third parties like an employer, financial institution, or school can also issue them.

In essence, this initiative will help transform government websites from basic "brochureware" into interactive resources, saving individuals time and increasing their direct involvement in governmental decision making. OpenID and Information Card technologies make such interactive access simple and safe. For example, in the coming months the NIH intends to use OpenID and Information Cards to support a number of services including customized library searches, access to training resources, registration for conferences, and use of medical research wikis, all with strong privacy protections.

Dr. Jack Jones, NIH CIO and Acting Director, CIT, notes, “As a world leader in science and research, NIH is pleased to participate in this next step for promoting collaboration among Assurance Level 1 applications. Initially, the NIH Single Sign-on service will accept credentials as part of an “Open For Testing” phase, with full production expected within the next several weeks. At that time, OpenID credentials will join those currently in use from InCommon, the higher education identity management federation, as external credentials trusted by NIH." In digital identity systems, certification programs that enable a site — such as a government agency — to trust the identity, security, and privacy assurances from an identity provider are called trust frameworks. The OIDF and ICF have worked closely with the federal government to meet the security, privacy, and reliability requirements set forth by the ICAM Trust Framework Adoption Process (TFAP), published on the IDManagement.gov website. By adopting OpenID and Information Card technologies, government agencies can cost effectively serve their constituencies in a more personalized and user friendly way.

"It's good to see government taking a leadership role in moving identity technology forward. It's also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon -- it’s a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate," said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. "Today's announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it's impossible to know whether a received identity is reliable."

Under the OIDF and ICF's open trust frameworks, any organization that meets the technical and operational requirements of the framework will be able to apply for certification as an identity provider (IdP). These IdPs can then supply authentication credentials on behalf of their users. For some activities these credentials will enable the user to be completely anonymous; for others they may require personal information such as name, email address, age, gender, and so on. Open trust frameworks enable citizens to choose the identity technology, identity provider, and credential with which they are most comfortable, while enabling government websites to accept and trust these credentials. This approach leads to better innovation and lower costs for both government and citizens.

The government is looking to leverage industry based credentials that citizens already have to provide a scalable model for identity assurance across a broad range of citizen and business needs - doing this requires a trust framework to assess the trustworthiness of the electronic credentials; see Trust Framework Provider Adoption Process (TFPAP). A Trust Framework Provider is an organization that defines or adopts an online identity trust model involving one or more identity schemes, has it approved by a government or community such as ICAM, and certifies identity providers as compliant with that model. The OIDF and ICF will jointly serve as a TFP operating an Open Trust Framework as defined in their joint white paper, Open Trust Frameworks for Open Government.

Both the OpenID and Information Card Foundation have been working very hard on this for many months - last night I was fortunate to their boards at a history first ever joint dinner.

There are two women in particular though who have driven this forward: Judith Spencer of the Federal Identity, Credential, and Access Management Committee on the government side and Mary Ruddy of Meristic Inc on the industry side. Both of them will be speaking about the project at the Gov 2.0 Summit on Thursday.

Personally this announcement shows how far things have come since I facilitated the first Internet Identity Workshop in 2005 with 75 idealistic identity technologies talking about big ideas for use-centric identity. I am really looking forward to discussing these developments at the forthcoming 9th Internet Identity Workshop in November.

Celebrating with OIDF & ICF

Tuesday 8 Sep 2009 by Kaliya Hamlin | No Comments
Filed under: Community Dinner, Event Review Tags: Dinner, Information Cards, OpenID

This evening I was fortunate enough to be invited to attend the joint OpenID and Information Card Foundation dinner. It was fun to connect with everyone and it really meant a lot to me to be there. It has been a long journey as a community since the first Internet Identity Workshop in Oct 2005.

Thomas Friedman on the lesson from Van Jones - "Watch out for the participatory panopticon"

Sunday 6 Sep 2009 by Kaliya Hamlin | 2 Comments
Filed under: Media Commentary, Privacy, reputation Tags: Future, Identity, Participato panopticon, Thomas Freedman, Van Jones

Thomas Friedman of the NYTimes on Meet the Press today talking about several recent incidents including what happened to Van Jones.

When everyone has a cell phone, everyone is a photographer, when everyone has access to YouTube, everyone is a filmmaker, and when everyone is a blogger everyone is a newspaper.

When everyone is a photographer, a newspaper and a filmaker everyone else is a public figure. Tell your kids ok, be careful every move they make is now a digital footprint. You are on candid camera and unfortunately the real message to young people from all these incidents... (he says holding his hands closely together) is really keep yourself tight - don't say anything controversial, don't think anything controversial, don't put anything in print - you know what ever you do just kind of smooth out all the edges (he says moving his hands in a streamlining motion down) and maybe you too - you know when you get nominated to be ambassador to Burkina Faso will be able to get through the hearing.

What does this capacity to document "everything" digitally mean to free thinking, and free speech? It seems that is having a quelling effect.

I have written about the participatory panopticon several times, a term coined by Jamais Cascio.

* Participatory Panopticon strikes Michael Phelps

* We Live in Public – a movie

* “sousveillance” coming to NYC and Big Brother coming to NYC

* Participatory Panopticon tracking the CIA’s Torture Taxi

* Condi Caught by Emerging Participatory Panopticon

* Accelerating Change Highlights: 1 (Jon Udell)

The first time I spent a whole day with technologists working on the identity layer of the web in 2003 I asked publicly at the end of the day - how do we forgive in these new kinds of tools in place? How do we allow for people to change over time if "everything" is documented?

I hope we can have a dialogue about these kinds of issues via the blogosphere and also face to face at the 9th Internet Identity Workshop coming up in November.

IIW IX is open for business

Thursday 27 Aug 2009 by Kaliya Hamlin | No Comments
Filed under: Event Annoucements, IIW Tags: IIW, Information Cards, Internet Identity Workshop, OpenID, Registration

Internet Identity Workshop number 9 is coming up in about 10 weeks. November 3-5 (Tuesday to Thursday) in Mountain View California at the Computer History Museum.

We are excited about all the developments in the industry with protocol evolution in the social web space AND larger and larger scale deployments of open identity technologies including OpenID and Information Cards.

There will be much to talk about at this fall’s event.

Early REGISTRATION is Open! UNTIL SEPTEMBER 16 then prices go up by $50-75

Early Bird Prices are....

$274 regular tickets
$148 for independents
$ 50 for students

We need to get 75 people registered by September 16 to make a final confirmation for our conference space at the Computer History Museum.

Special this year we have the "BIG" ticket for those can expense $998 (but can't convince marketing to sponsor). This is a GREAT way to support IIW!

IIW is a completely community driven event - we don’t pay anyone for marketing - the community is our marketing.

Please put our LOGO ON our blog our WEBSITE.

Follow IIW on Twitter - @idworkshop

SPONSORSHIP OPPORTUNITIES ARE STILL AVAILABLE!!! Please contact Phil if you are interested in learning more phil@windley.org

JOIN THE COMMUNITY MAILING LIST

THE INVITATION TO IIW!

The Internet Identity Workshop focuses on “user-centric identity” and netizen empowerment on the social web trying to solve the technical challenge of how people can manage their own identity and social activity across the range of websites, services, companies and organizations that they belong to, purchase from and participate with.

This is where everyone from a diverse range of projects doing the real-work of making this vision happen gather and work intensively for three days. It is the best place to meet and participate with all the key people and projects. This is a comprehensive list of the technology communities that are covered.

The event does not have a pre-set agenda instead as people register they are asked what they would like to present about, learn and discuss with peers/industry experts. These are all collected here . The first morning of the conference will be introductory orientation about key projects and technologies in the community. After that the community creates the agenda itself using the Open Space Method. Dinner both Tuesday and Wednesday are a big part of the conference.

Here are links to notes that cover most of the sessions from the last two conferences IIW #8 spring of 2009 IIW #7 fall of 2008

These documents are great resources for convincing your boss of the value of this event.

The heart of the workshop is a practical idealism in working towards the shared vision of a decentralized, user-oriented identity layer for the Internet.

Because the web was built around “pages”, no tools or standards were created to control how the information about you was collected or used. At the Internet Identity Workshop we bring the people creating these tools and standards so people can safely manage their online identity and control their personal data.

It is not about any one technology – rather it is a place to discuss multiple interoperating (and possible competing) projects, standards, and networks for identity, data sharing, and reputation.

As part of Identity Commons, the Internet Identity Workshop creates opportunities for both innovators and competitors. We provide an open forum for both the big guys and the small fry to come together in a safe and balanced space.

There are a wide range of projects in the community:

Open conceptual, community, and governance models.
Open standards and protocols.
Open source projects.
Commercial projects.
Projects to address social and legal implications of these technologies.
Efforts to rethink the business models and opportunities available with these new technologies.

User-centric identity is the ability:

To use one’s identifier(s) on more than one site
To control who sees what information about you
To selectively share presence and profile information
To maintain multiple identities and personas in the contexts you wish
To aggregate attention, navigation, and purchase history from the sites and communities you frequent
To move and share your personal data, relationships, documents, and other publications as you wish

All of the following are active topic areas at each IIW:

Improving Existing Legal Constructs Privacy Policies Terms of Service
Creating New Legal Constructs - Limited Liability Personas, Identity Rights Agreements
Creating New Business Models - Identity Oracle, I-Brokers
New Citizenship Perspectives - Activism Community, Event Coordination, Community Identity and Data Sharing

The Internet Identity Workshop (IIW) was founded in the fall of 2005 by Phil Windley, Doc Searls and Kaliya Hamlin. IIW is a working group of Identity Commons The event has been a leading space of innovation and collaboration amongst the diverse community working on user-centric identity.

Identity for Online Community Managers

Wednesday 19 Aug 2009 by Kaliya Hamlin | No Comments
Filed under: Community Management, ID Protocol, Presos/Podcasts/Videos Tags: Identity, Information Cards, OAuth, OpenID

I was asked by Bill Johnson of Forum One Networks to kick off the discussion on the next Online Community Research Network call this week with the topic Identity for Online Community Managers - drawing on the presentation that I put together for the Community 2.0 Summit. I cover the basics of how OpenID, OAuth and Information Cards work, who is "in" terms of supporting the projects and what community managers/platforms can do. We will discuss the implications of these new identity and data sharing protocols on the call.

Online Identity for Community Managers: OpenID, OAuth, Information Cards

View more documents from Kaliya Hamlin.

I will also be attending the Online Community Summit in October Sonoma and will be sharing about these and other technologies there.

Freedom to Aggregate & Disaggregate oneself online.

Wednesday 19 Aug 2009 by Kaliya Hamlin | No Comments
Filed under: Freedom, Non-US, Presos/Podcasts/Videos Tags: Conference Presentation, Free, Freedom, Identity, Oxford, social issues

I presented this slide show at the Oxford Internet Institute meeting in April that considered A Global Framework for Identity Management.

You could sum it up this way - "stuff happens in peoples lives and the need the freedom to go online and get support for those things and not have it all linked back to their "real identity."

The slides are moving (drawing from post secret post cards) and it is worth watching if you don't think people need this freedom.

Freedom to Aggregate, Freedom to Disaggregate

View more documents from Kaliya Hamlin.

its that SXSW picking time of year

Tuesday 18 Aug 2009 by Kaliya Hamlin | No Comments
Filed under: Event Annoucements, Presos/Podcasts/Videos, She's Geeky, What is Identity?, Women Tags: authentication, Identity, OpenID, panel, Social Web, sxsw, validation, voting, VRM

This year there are 2200 panels submitted for 300 slots. It is great they are going with community generated ideas for the conference. It is also hard to tell what will be happening in our fast moving industry 7 months from now. PLEASE go to SXSW create an account and then vote for these two

I put a lot of thought in to what to put forward this year knowing it would be 9 months out. One of the trends that is just starting to emerge is identity verification - my hunch is that by March this will be a topic getting a lot of attention and worth exploring at SXSW.

Who are you? Identity trends on the Social Web.

"On the Internet Nobody Knows You're a Dog" Is this famous New Yorker cartoon still true? Twitter is doing verified accounts. Facebook claims everyone using their "real name" gives strong social validation 'proof'. Equifax is validating age with information cards (digital tokens). We will explore the current trends and their implications for the future.

What is identity?
Why are people doing identity validation?
Who is doing identity validation?
Why are websites seeking people who have had their identities validated?
Is identity validation improving the web?
What are the current open standards in this space?
Are approaches by men and women different about idnetity presentation and validation?
What kinds of businesses are requiring online identity validation for customers?
Is identity validation going to squish "free speech"?
How is this trend changing the web?

With my She's Geeky hat on: What Guys are Doing to Get More Girls in Tech!

The point of this is to get beyond the women say there are issues in the field and guys say there isn't - to have guys who know there is an issue and are proactively doing constructive stuff to address it.

Many tech fields have a low percentage of women. If you are a guy do you wonder what you can do about it? Learn about successful strategies and proactive approaches for supporting women you work with and participate in community with. We will even cover some well-intentioned efforts that have gone awry.

How many women by percentage participate in different technical fields?
Why does it matter that they are underrepresented in these fields?
What are the cultural norms that men and women have about performance and self-promotion?
What is Male Programmer Privilege?
What can a guy do who has a sister that is math/science inclined but being steered away from the field?
How have the men on the panel improved things in their workplaces?
How have the men on the panel addressed the challenges that arise in open communities? (that is where you don't have a boss that fires people for inappropriate behavior/comments)
What are the qualities of a workplace that is friendly for women?
How to go beyond tokenism in workplaces, communities and conferences?
How to encourage women more?

Other interesting Preso/panels covering Identity topics:

The Politics & Economics of Identity Put forward by my friend Liza Sabature of Culture Kitchen and the Daily Gotham Identity Politics" has always been left to the realm of feminist, civil rights activists, aka "minority politics". This panel will explore the social and political ramifications of the business of identity and reputation. We will talk about the good, the bad and the ugly and what social entrepreneurs, businesses and digital activists are doing to impact this new economy.

What is identity?
What is reputation?
What is privacy?
How have big business historical monetized privacy?
How social media works on identity and reputation?
Online surveillance in the US : DMCA, FISA, Patriot Act
Facebook BEACON : a study on how not to spy on people for fun and profit
Google Adsense or Spysense?
What are Vendor-Relationship Management systems?
Will we need "Identity Management Systems" instead of VRMs?

Distributed Identity: API’s of the Semantic Web Without much conscious thought, most of us have built identities across the web. We fill in profiles, upload photos, videos, reviews and bookmarks. This session will explore the practical use of Social Graph API and YQL to build new types of user experience combining identity discovery and data portability.

Online Gatekeeping: Who Died and Made You King? by Liz Burr As the web becomes more open via social networks, we're adopting new rules of communication. But who creates these rules? How much does class, race and gender figure into social media policing? We'll discuss how identity affects social networks, as well as look at how online communities police themselves as participation expands.

Which groups are in control of what is worth sharing via social media?
Are the under-25 community using social media differently?
How do we recognize and confront social media 'gatekeepers'?
Is our behavior in online communities merely a reflection of offline stereotypes and experiences?
What is the impact of the amplification of social stereotypes online on under-represented groups?
How do we integrate previously, under-represented groups into this more social world?
Is there really such a thing as a "digital ghetto"? If so, is it our responsiblity to combat it?

OpenID: Identity is the platform is put forward by Chis Messina.
I have to say it is really great to have this be put forward so plainly and simply - to "get religion" about user-centric tdentity and its central role in shaping the fugure the social web.

Ignore the hype over social networking platforms and web OS's! The platform of the social web is identity. Facebook and Twitter Connect are just the beginning of the era of user-centric identity. I'll go beyond the basics of OpenID and learn how to effectively incorporate internet identity into your apps.

Your Online Identity After Death and Digital Wills

If you died tomorrow, would someone take care of your internet accounts? How do you tell subscribers the blogger has died? Every day people die and no one can access their email. Let's explore what can be done to manage your online identity after you pass on.

What usually happens to email accounts when a person dies? Policies for Gmail, Yahoo, Hotmail and AOL
What about WordPress.com and Blogger for digital policies concerning the death of a blogger?
Do You have a digital will setup?
Products and services to manage digital wills, electronic correspondence after death and auto replies.
Grief, "You Have Mail" and online memorial services.
Who owns blog content after the death of a blogger?
How to calculate the worth of your website or blog.
How can you manage your online accounts and passwords for easy access after you pass?
What are some recent legal examples of online account ownership disagreements?
How to keep your passwords safe?

How to Benefit from 1-Click Identity Providers by Luke Shepard from Facebook.

Sites across the Web are opening up to support open identity platforms, such as OpenID. How can companies at scale and those with large user bases successfully work with open standards including OpenID, Activity Streams and new social markup language specs? Can companies survive the challenges of incorporating OpenID into their websites?

Are there any success stories with OpenID?
What does the OpenID user experience look like?
Who has implemented OpenID?
What have been some of the failures of OpenID?
What is OpenID?
What are the user benefits of OpenID?
How can websites educate users about open protocols?
What are the privacy concerns around OpenID?
What kind of user data is made available to sites when they implement OpenID?
What will it take for OpenID to become mainstream?

Crime Scene: Digital Identity Theft

ID biz models "in the future maybe" says Johannes

Tuesday 18 Aug 2009 by Kaliya Hamlin | No Comments
Filed under: Business Cases, Industry Commentary, Past Lessons Tags: BizModels, Identity, Identity Triangle, Information Cards, LID, OpenID, questions, SAML, Venn of Identity, XDI, XRD, XRI, YADIS

Johanne Ernst is a builder of Identity technologies (and one of the clearest thoughtful thinkers about identity technologies and markets. He just posted a great post about business models in the identity space. I know he has at various times tried raise money as an entrepruner in this space - so he has thought a lot about the business models.

For those of you who don't know Johannes he developed Light-Weight Identity (LID) a URL based ID system at the same time Brad Fitzpatrick did at Live Journal and then participated in merging it all together into YADIS discovery which became woven together with OpenIDv1, XRI/i-names and sxip to become OpenIDv2. He also was the first drawer of the identity triangle (OpenID, SAML, InfoCards) which evolved into the Venn of Identity.

Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

The mot important sentence is this one - Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

I take heart with what he has to say especially because he addresses it to a big part of what I do - organize (un)conferences to continue momentum for the field.

From his post:

Value-added services:
Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

So the verdict here is: perhaps in the future.

So what’s an analyst, or conference organizer, or entrepreneur, or venture capitalist to do?

My take: Hang in there, keep the burn rate low, make no major moves, would be my advice. (Believe it or not, sometimes I’m being asked about my advice on this.) All the signs are pointing in the right direction, the latest being Google’s major OpenID push. Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

Sooner or later, at least the value-added services opportunity will emerge. Perhaps others. But so far it has not yet.

Identity & Gov and & Open Standards

Monday 17 Aug 2009 by Kaliya Hamlin | No Comments
Filed under: Event Annoucements, Government Tags: conference, Government, Identity, OASIS

I am really happy to let you all know about this forth coming OASIS ID-Trust Identity Management 2009 event September 29-30.

The theme of the event will be "Transparent Government: Risk, Rewards, and Repercussions."

The U.S. National Institute of Standards and Technology (NIST) will be hosting it in Gainthersburg, Maryland.

In the why attend the reference part of a directive by Barack Obama to the National Security Council and Homeland Security Council.

"to defend our information and communications infrastructure, strengthen public/private partnerships, invest in cutting edge research and development and to begin a national campaign to promote cyber-security awareness and digital literacy." The U.S. federal government aims to accomplish all of this while becoming increasingly open and transparent.

The program is now available - and looks quite good.

There is a discount available until August 31. There are special registration proceedures for non-US citizens.

Web Finger! moving out into world

Friday 14 Aug 2009 by Kaliya Hamlin | No Comments
Filed under: ID Protocol, IIW, Industry Developments Tags: Google, Identity, IIW, webfinger, Yahoo

I love the Internet Identity Workshop! it is where innovative ideas are hatched, answers to hard problems are vetted and standards consensus emerges. This is just the latest in amazing collaborations that have emerged.

Web Finger was covered on Tech Crunch today with this headline - Google Points At WebFinger. Your Gmail Address Could Soon Be Your ID.

At IIW in May they had a session lead by John Panzer. The notes were not filled out that much but (All the Notes from IIW)

but there is a white board of their conversation and a link to what google had up.

Chris Messina spliced it together

XRD the discovery protocol is part of how Web Finger works. This spun out of XRI.

Techcrunch didn't explicitly pick up on the fact that Eran Hammer-Lahev has been a key collaborator and is at Yahoo! (they did link to the mailing list where he is posting). He has been really driving XRD forward lately.

All exciting stuff.

DiSo ideas are not that new.

Friday 14 Aug 2009 by Kaliya Hamlin | 3 Comments
Filed under: ID Protocol, Industry Commentary, Industry Developments, Media Commentary, Media Coverage Tags: ASN, DiSo, Identity, Planetwork

Reading these:

A Perfect Storm Forming for Distributed Social Networking- Read Write Web

Evolution of Blogging - GigaOm

The Push Button Web - Anil Dash

The inside Out Social Network - Chris Messina

The Future Social Web - Jeremiah Owyang

I realize how incredibly ahead of the times I was along with many of the people I have been working with on open standards identity and social web standards.

I wrote this describing open standards for distributed social networking online in April of 2004f or the Planetwork Conference (from Archive.org) that I was promoting.

------------------------ From Archive.org April 2004 ------------------

ID Commons: Social Networking For Social Good: Creating Community Trust Infrastructure Through An Identity Commons

In 2003 the Planetwork LinkTank white paper The Augmented Social Network: Building Identity and Trust into the Next-Generation Internet proposed weaving new layers of identity and trust into the fabric of the Internet to facilitate social networking for social good – online citizenship for the information age.

The LinkTank white paper outlined three main objectives:

Establishing a new kind of persistent online identity that supports the public commons and the values of civil society.
Enhancing the ability of citizens to form relationships and self-organize around shared interests in communities of practice and engage in democratic governance.
Creating an Internet-wide system for more efficient and effective knowledge sharing between people across institutional, geographic, and social boundaries.

Currently each site with a login or membership profile is like an island, or at worst a walled castle, as no common inter-operation is possible among large numbers of them. Creating a truly interoperable network will require an explicit social agreement that governs the operation of the trusted network, and implementation of a new software protocol consistent with that agreement.

Identity Commons

[note this is a reference to the "first" Identity Commons - the current Identity Commons shares the values and some of the organizing principles of this first organization but evolved from it]

The Identity Commons is an open distributive membership organization, designed to develop and operate a common digital identity infrastructure standard based on the shared principle of protecting each user’s control of their own identity data. A common identity infrastructure must be embedded within a binding social agreement ensuring that the technology and its institutional users operate in accordance with core principles. In addition to developing this agreement, Identity Commons is managing the development and implementation of the new technology needed to achieve this as a fiscal project of Planetwork, a California 501(c)3 non-profit.

The Identity Commons is based on an implementation of two new OASIS standards:

XRI - a new identity addressing scheme fully compatible with URIs
XDI - specifies link contracts for shared use of data across the Internet

For more technical information see: http://xrixdi.idcommons.net

Once implemented, the Identity Commons infrastructure will:

Give individuals, organizations, and even ad-hoc groups persistent addresses (digital identities) that can be used in many ways. Each party can decide what their own address links to, and who can follow the links.
Provide single sign-on, enabling individuals to connect to multiple sites without having to provide a login and password to each.
Empower user/citizens to manage their own consolidated profiles, which will be likely to stay up to date as everyone maintains only their own master copy.
Generate network maps that enable communities to more efficiently understand their own membership, make connections, recognize patterns, filter messages, and self-organize around new topics and functions.
Provide collaborative filtering services based on knowledge and reputation databases where contributors can also control their own level of anonymity.
Enable group formation around common interests and affinities with reputation attributes for trusted communication, which could be the key to eliminate spam.

How is this different from what is already happening in the private sector?

Currently every web site has a privacy policy, but they vary widely, are rarely read, are only good until they are changed and are thus effectively useless.

The Identity Commons (IC) solves this by (1) replacing thousands of privacy policies with a single institutional membership agreement that simplifies the user experience. Every Identity Commons member site is party to a legally binding commitment that can only be changed by amending the IC membership agreement – which is governed by all IC members. And (2) by using electronic contracts to grant, record, and enforce data sharing across boundaries.

Ultimately there can only be one fully interoperable social network; just as email can travel anywhere on the Internet, your profile must also be able to do so. Microsoft would love to make this possible, and fully control it – their Passport system was designed to do just that. By hosting identity data for nearly everyone who has a computer Microsoft hopes to put themselves in the middle of every transaction they can.

In response to this, a group of large companies formed the Liberty Alliance which developed protocols that will allow institutions to “federate” data across company boundaries. Federation is an improvement over the Microsoft Passport model, however, both of these approaches treat individuals solely as consumers, and neither provide support for civil society, citizen collaboration or for individual citizens to control their own identity data.

The Identity Commons agreement and technical infrastructure is a way to correct this imbalance of power, allowing the Internet to fulfill its great potential as a “commons” in which individual citizens can interact freely and as equals everywhere on Earth.

------------- end Identity Commons description from Planetwork's 2004 site ---------

Writing this document was the first work that I did as an evangelist for the proposed open standards for distributed digital identity to enable open distributed social networks.
I wrote it based on reading through all their work and listening to their vision of the founders of Identity Commons and those working together for 2+ years hoped for in the adoption of the open standards they were working on. These protocols are now all ratified in OASIS (one of three standards bodies for the internet the other two being IETF and W3C) - XRI, XDI along with XRD/XRD that spun out of XRI as it became incorporated in OpenIDv2 as a key part of what makes it work.

Identity that is user owned, controlled managed - and this includes the preferences, attention data, uterances, 1/2 of transaction data - is at the heart of what one needs to make this vision of distributed social networking work. I think until recently it has been misunderstood as esoteric and just talk - amazing progress has been made since the early days of the identity gang that community has grown and developed many of the conceptual understandings and protocols that are taken as givens.

Folks from what the identity community (and perhaps should consider "updating" its name to the identity and social web community)....invented - as in used for the first time these two words together Social and Web - SOCIAL WEB - (according to wikipedia)

With the title of this paper: The Social Web: Creating An Open Social Network with XDI

This paper was preceeded by the Augmented Social Network: Building and Trust into the Next Generation Internet

Like the Web or email, the ASN would be available to anyone. It would become a common part of the Internet infrastructure – a person-centered and group-centered service of the net. It will be implemented through the widespread adoption of technical protocols; any online community infrastructure could choose to be part of the ASN by implementing them. Central to its design are fundamental principles of openness, inclusivity, and decentralization -- which are necessary for a thriving democracy. At the same time, the ASN would support the highest available forms of security to protect privacy.

The Identity Gang began talking/meeting in the later part 2004 and has continued to meet in the Internet Identity Workshop.

There is much wisdom that these communities have developed that can be useful in moving / re-articulating the vision... to be sure lessons are to be learned from understanding more about why certain approaches/standards/proposed ways of doing things didn't happen (yet).

I think the market wasn't ready for what the identity community was saying. As someone who has been evangelizing about this set of issues practically full time since 2004. In the first few years I would talk in a range of communities and at conferences about all these issues, user control, open standards the danger of the potential emergence of large silo's that locked users in and people just "didn't get" it was an issue or that there was even a need for these kinds of standards. Now the market is finally ready.

The 9th Internet Identity Workshop is this November - and REGISTRATION IS OPEN!

There is a whole conversation on the DiSo list where I highlighted this context/history. There might be a beer meetup in Berkeley this evening at Triple Rock at 7:30.

Internet Identity Workshop comes to DC!

Theme: Open Identity for Open Government.

Questions Agencies Face:

Policy Considerations:

Technical Issues:

New Industry Developments:

Please join us at the Internet Identity Workshop

To consider all these and more!

Archives

Recent Comments

@ other sites

Tags

Links

Categories