Identity interoperability @ Net2

In the panel on Social Networking here at Net2.

Identity and profile sharing between sites is critical to using these tools in civil society. Planetwork where I am Network Director has been a long time advocate for open standards in this sector – the Augmented Social Network paper outlined the vision. We are excited about Open Standards from OASIS - XRI (I-names) and XDI to support identity and data sharing. They are cooperating with the with OpenID on Yadis too.

Planetwork is working on a project to build out open source, open standards based infrastructure to make it all work.

I am also working on i-tags to support identity in tagging.

Technorati Tags: , , , , , , , ,

I-Tags at Net2

I am at the Net2 session on Tagging.Here is how I described the value itags to Beth Kanter.

I have been working with Mary Hodder, Drummond Reed and Andy Dale on itags. It is an open adhoc standard we are proposing for alowing people to use their identity while they tag. This could be a URL they ‘own’ (OpenID) an i-name (XRI) they have or another UUID.

Creators of content could use this to assert CC licenses and provide a long term persistent way to have attribution. People can assert tags across silos – multiple blogs that one posts on and multiple media tagging sites that one tags on.

Technorati Tags: , , , , , ,

viva data liberation @ Net Squared today

I am connecting up to the social change and technology part of my persona today at Net Squared. Tomorrow I am going to be leading a session on identity in the ‘making it happen’ part of the conference.

The opening session mentioned the emergence of the Social Web – I was like wow – we have been using that to describe what happens when identity becomes part of the web.

At the conference
Seven sectors are participating:

  • Philanthropists
  • International NGO
  • American Nonprofits
  • Infratech – the big companies
  • Web Services companies
  • Digerati
  • Nonprofit Technology Assitance Providers the “Helper community”
  • The opening speaker is Angela Glover CEO of Policy Link – Black Woman for the opening keynote. Well it is certainly out of the norm of regular tech conferences – Hopefully the rest will be out of the box too.She began by talking about the regional context. The economy setting the stage for opportunity – not just income support and raising minimum wage but how to build wealth and assets. Technology is how we achieve what we want to achieve – in light of need for democratic participation.

    She did call it two point zero…maybe that is not under Tim’s Trademark.

    (almost) Direct quote from Angela Glover – We need to liberate Data – structured DATA SHARING.

  • I was so excited when I heard this – I wrote and ad hoc banner for the table
  • Viva – data liberation.
    Free the Data Use Open Standards
    XDI (XRI Data Interchange)
  • Beth Kanter has a picture of it.
  • She closed by saying that we want people to be agents for change on their own behalf.

Technorati Tags: , , , , , , , , ,

Publish all SSN eliminate the ‘secret’

A radical identity solution – publish all SSN eliminate the ‘secret’:

It’s time to eliminate the SSN façade. The solution to the problem of identity theft is a “cold turkey” one: publish all SSNs to ensure that no organization has the opportunity to suggest that their secrecy can be maintained. The Social Security Administration should pick a date 2-3 years in the future and announce that on that day it will publish the SSNs to the world.

The most obvious objection here is also the point: What about all the companies, and perhaps most importantly the Social Security Administration, that rely on the SSN as a secret? Won’t that really change the way they do business today? I sincerely hope not (because they should have stronger controls today), but I suspect so (because they don’t). There is a big difference (in controls) between the initial use of the SSN as validation of identity for a financial transaction (say, to get a credit card or purchase a car) and the ongoing relationship between an individual and an organization that retains the SSN.

The organizations currently using SSNs have other information available to them from their existing customer base – mutually-agreed upon “secrets” and transaction histories among others – and methods of “out-of-band” verification like sending verifying mail to the address-of-record. These techniques are more useful with the history of a relationship; often, setting up an account relies on information being provided by the consumer (or prospective fraudster).

A government mandate is the only way to build out a much stronger program for identity protection – one built on mathematics rather than on 150 thousand people keeping a secret. Otherwise, the laws for protecting the SSN will continue to grow in volume and complexity, organizations will continue to build in more controls, and we will continue to have our identities compromised.

Perilocity is also writing about this:

What’s your social?” How many times have you heard that question, from credit card companies, doctors’ offices, and just about every other type of organization? Perhaps you were confident that all these organizations are keeping your “social” completely confidential.

Security experts held a contest this month to show just how quick and effective Google hacking can be. During a technology security-industry meeting in Seattle, contestants using only Google for less than an hour turned up sensitive information — potentially useful for financial fraud — on about 25 million people. They dug up various combinations of people’s names, dates of birth, Social Security numbers, and credit-card information, including some card numbers apparently left exposed by the U.S. Department of Justice.

The big problem is that so many organizations collect too much such information and then don’t bother to secure it.

I think it would be most useful if some organization were to organize a reputation system that made it its business to discover which entities had the most such information visible via the Internet and findable via google or Yahoo! Such an organization could report first to the affected entities, with a time limit before it would make the information public. I don’t know how potential liability would be handled in such a case, but once over that little hurdle, such an organization would be doing a great public service and could probably make a bundle advising organizations on what not to publish.

And of course the biggest identity leaks don’t come through web search engines, anyway. They come through companies mailing unencrypted tapes or keeping back data on disks that are then stolen.

Where is ‘the line’ – the freedom to socialize

Ohan Pinto picked up on my post about the proposed law by the suburban caucus to ban access to social networking sites in Public Libraries and Schools. (oh and my name is spelled Kaliya – not Kalia) She said this:

I am not against social networking, but I have kids, and I am concerned… especially when I’m aware that kids today do things without thinking of the consequences. I do not see this move as a bad move by the feds. It may very well turn out to be good. This post by Michael Miller on Warning children about online dangers gives a nice insight on the real dangers of social networking sites and how “minors” can get exploited.

One needs to draw the line somewhere….

That “somewhere” is not by inhibiting the freedom to organize and gather in online space – by people using . Adults who don’t have access to computers at home go to libraries to surf the web, get email an social network. Increasingly online networking tools will be used to organize to make change – they are places where people gather and the 1st amendment applies

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

Dana Boyd has done a lot of ethnographic research with young adults to understandwhat they are doing in online space. She has this to say about the legislation. If you are concerned about your children’s behavior get involved in their life enough that they share what they are up to and you have open communication channels to share with them what is and is not acceptable. One of the critical parts is an ‘autonomous’ space – they are connecting and communicating with one another as peers – see her Bill O’Reilly Interview.