Identity Faire? just come to IIW

David Kerns proposes an “Identity Faire”

Now, I do agree that we need more conferences of this type. We do have them in North America – things like Courion’s Converge, the Internet Identity Workshops and NetPro’s Directory Experts Conference come to mind

He forgets two more conferences DIDW and Burton Group Catalyst has a significant Identity component and Gartner had and Identity and Access Management Summit.

This idea was inspired by this comment by Symlabs’ Chief Architect Felix Gaehtgens.

He recently dropped me a note to tell me about a European Identity conference he’d attended, and what he found unique about it. In his own words:

“Last week, I was at the 1st European Identity Conference in Munich. This conference is organized by Kuppinger + Cole, a German Identity Analyst group. We know that a lot of new ID Conferences are springing up, since ID management is a hot topic, and many organizers are trying to cash in on numerous conferences out there. However, this conference had something truly unique.

“So what made this conference stand out? First of all, the scope of the presentations. This was something completely new that I haven’t seen before. Most conferences pitch (exclusively, unfortunately) to the CxOs, management and decision makers, and are therefore kept to the high level. This conference also addressed those needs with overviews, workshops and user/case study presentations. HOWEVER, and this is what I liked about it, this was the first conference (in my opinion) that had a broader scope by also addressing the needs of those techies and geeks that roam these types of conferences.

“There were several presentations and workshops that were very technical and ‘hands-on’, going into the real guts of the technology and implementations. I’ve been to a presentation where a person from a German bank talked about how to integrate Kerberos between Unix and Windows. That presentation was fantastic, and very lively. You could feel the electricity in the air with all those geeks like me talking technology. Then there was a real ‘how-to’ workshop on how to boot-strap the Liberty ID-WSF (Web Services Foundation) using two different implementations using a practical example and showing how everything fits together.”

Many of the Identity Gang / Commons folks I spoke to about the conference said it was really just the same conference they keep going to. Talking heads on the range of identity topics. I would put forward that more conferences with talking heads are not needed but an expansion of conferences with cross cutting themes and industry players that come to the Internet Identity Workshop who – do work together.

[The current conferences are] generally organized around a particular vendor, product or technology rather than as part of a conference covering a broad spectrum of identity. Maybe what we really need is an identity fair (or “identitie faire”) with PowerPoint presentations for those who need them and hands-on labs for those who don’t. Something for everyone, under the big top. Not just a “dog-and-pony” show, but a real three ring circus. Who’ll step up and organize this?

Eugene Kim , Phil and I have been thinking about IIW and how to make improvements for next time. We welcome community input on how to make it better – so write us.

I am very clear that we need to systemically as a community have and execute a strategy to reach out to other pockets of folks explicitly doing “identity” work AND to our neighboring fields like Semantic Technology and get them involved in IIW. I think it was good that the ITU folks joined us at IIW this time. There was a call from the floor for more Lawyers next time. I would love to see some proactive outreach to those technical/professional identity communities who you see should be involved in a ‘faire’ being explicitly invited to IIW.

Arrington and Cantor live event comentary.

Marc always has a lot to say…Arrington..well he is opinionated and his own unique style of ‘moderating panels’ listening to these two audio back channel while listening to presentations…now that is interesting. They are planning to do this at Next Web in Amsterdam June 1. I hope they livecast this and share broadly.

I missed Marc’s presence at IIW. It would have been fun to have his reality check world view present. I have to say there was a tone of real work that got done at the event. It always amazes me the progress of the community at each event. Next time is going to be AMAZING. I hope that it gets on folks calendars.. IIW #5 will be Dec 3-5 and IIW #6 will be May 12-15 both at the Computer History Museum in Mountain View California. Also Phil and I are open to hosting Identity Open Spaces in conjunction with other conferences.

Energetics of Identity

This is from Ping Via Johannes and basically does a great job of sums up the energetics of what is going on in the identity-standards world. I am not ‘techincal in the sense that I can’t read spec’s and don’t write code. I do read simplified flow chart diagrams and understand the tech of identity. I know all the people involved. This was very very funny. I hope that by Burton some more interesting combinations can happen.

The IIW2007a Spoken Word: CommunityIdentityAuthenticity


This community…has its challenges.

Harnessing its own enthusiasm and energy to affect real change

It’s a challenge…

Moving together

despite differences in the details

Getting the populace to understand

what we can barely understand and


between ourselves

It’s a challenge…

Communicating the understanding and importance of internet identity

to the average member

of society

It’s a challenge…


Divergence versus Convergence

Policy evaluation privacy evaluation

I just feel like shouting out …

My life
My terms:
Choice, Privacy and Control !

Like shouting…

One hundred and eighty passwords — and counting — is too many !!


Where’s the money?!

We need to get out of the technology ivory tower!


V R M!

I feel like shouting

We are all painting variations on the same picture!

— and it is hard

to see

what the image is.

And then I think, if I were the user, I would say

Don’t rock the boat!

I would say

Keep it simple and make it just…work.

Keep it simple !!!

Why can’t you make this easier for me?

I would say…

What is actually happening here?

Here is what I wish for the future:

I wish it would .. “just work” … for users.

Here’s what I hope for:

Something my dad can use and not get phished.

Here is my dream:

That we get how to engage in real-value, consensual transactions

Here is my dream:

Breaking down power structures

safe and powerful for everyone

in all contexts

Becoming invisible

and indispensable


— by Mark Aiken, Kevin Turner, Brad Fitzpatrick, Eddie Codel, Peter Davis, Ajay Madhok, Mike Jones, Johannes Ernst, Joe Andrieu, Mark Lentczner, David Recordon, Henrik Biering, Drummond, Reed, V. Gale, Gerald Beuchett, heathervescent, Weston Triemstra, Martin Atkins, Steve Williams, Paul Bryan and Lisa Heft

This spoken word piece was the closing for the
Internet Identity Workshop
May 15, 2007 — Mountain View, California, USA, Earth

NYTimes covers my comments on CFP Panel

For those of you coming from the NYTimes wanting to explore this middle ground I invite you check out the Vendor Relationship Management project that Doc Searls is leading. We will be talking about it at the Internet Identity Workshop that I am facilitating next week.

“Her solution is essentially to give consumers ownership of their data and the power to decide whether or not to share it with marketers”

Lets just be clear this is not ‘my solution’ but a solution that must be found in a marketplace with a huge diversity of stake holders to help make it real and to balance things out. It is one advocated by Attention Trust and being worked on by the Vendor Relationships Management project.

To date there are very limited ways for me to express my preferences to the market place and get information regarding products and things I might like to buy (and only information about those things not just being ‘targeted’ by advertisers). There are also limited ways that people can work together – to aggregate their purchasing power to make new choices – to express demand before a product is even made and sold. These are the sorts of possibilities that I hope can become more real.

To me it is quite interesting that the New York Times is covering Online Ads vs. Privacy because this past week they made a commitment to do deeper data mining of the people who come to their website to ‘improve’ the advertising.

This reporter/social media thing seems to be working. I was quoted for my audience participation in a session at CFP in an article that appeared in Wired. I was linked to and subsequently wrote about my experience of the panel and the point I was trying to make that there was a middle ground. This reflection in my blog was then picked up in the NYTimes.

From the article:
FOR advertisers, and in many ways for consumers, online advertising is a blessing. Customized messages rescue advertisers from the broad reach of traditional media. And consumers can learn about products and services that appeal directly to them.

But there are huge costs, and many dangers, warns Jennifer Granick, the executive director for the Stanford Law School Center for Internet and Society ( To approach individuals with customized advertising, you have to know who they are. Or at least, you have to gather enough personal information about them that their identity could be easily figured out….

Even if that is true, people like Kaliya Hamlin still say that collecting data about the online activities of individuals can amount to an invasion of privacy. Ms. Hamlin, known as The Identity Woman, is a privacy advocate and consultant. “My clickstream data is sensitive information,” she told Mr. Zaneis, “and it belongs to me.”

On her blog, though, Ms. Hamlin wrote that she found the whole affair frustrating. It was, she wrote, the “angry, progressive anticonsumer guy vs. the super-corporate marketing guy.”

The answers, she wrote, lie somewhere between those positions. “The ‘activist types’ tend to deny that we are people who actually might want to buy things in a marketplace,” she wrote. “The ‘corporate types’ tend to think that we always want to have ‘advertising’ presented to us at all times of day or night because we ‘want it.’ Neither view is really right.”

Her solution is essentially to give consumers ownership of their data and the power to decide whether or not to share it with marketers ( [[ Note to the NYTimes reporters – if you quote a blogger from their blog posts you should link to the actual blog post you are quoting not just the blog itself]]

Again regarding my identity – I am not sure I would describe myself as a ‘privacy advocate’ but rather an end-user advocate, for transparancy, disclosure and passionate about open standards.

Genetic Non-Descrimination bill in house

From Slashdot….on New Scientist.

Soon it will be illegal to deny US citizens jobs or insurance simply because they have an inherited illness, or a genetic predisposition to a particular disease.

On 25 April, the House of Representatives voted 420 to 3 to pass the Genetic Information Nondiscrimination Act (GINA). The Senate is expected to endorse the act within a few weeks, which is also supported by President Bush. “I am so stunned by the majority,” says Sharon Terry, president of the Genetic Alliance, a charity lobbying for the rights of people with inherited illnesses.

“Clearly the House finally understood the incredible significance this has. The American public can now access genetic tests, feel safe about their genetic information not being misused and participate in research that involves genetic information.”

This is all good news. I also got me wondering about a form of discrimination that I think about regularly and face it is what I call “where I happened to emerge out of my mothers womb.” This fact my place of birth has incredibly little do with who I am the content of my character who I am where I fit in my social context how much I contribute to the society I live in but is regularly requested by institutions.

Comment from Scott Cadzow on “What is Identity?”

Scott Cadzow was at the first ITU meeting. Like me he is an independent consultant who spent a lot of time in standards land particularly with mobile efforts in Europe. He read my “What is Identity?” post and had this comment (sorry commenting doesn’t really work on my blog I have to get this fixed anybody know a good wordpress wiz?)

I wonder if identity as a social construct and identity as a transferable element are not getting confused? Who I am is too complex to summarise in a few sentences, maybe not even in an autobiography stretching across many volumes. In part this is because my perception of my identity is not what others perceive of my identity and as such any declaration of who I am is always false as the entity I declare it to will have a different end view. However if I give you my email address that allows access to the more complex part of identity. If a thief can gather sufficient pointers to your identity they may be able to masquerade as you, but whilst I could give all of my details to somebody they would fail to masquerade as me to someone who knows me in person (family or employer say).

In the ITU-T world identity has to be decomposed to what is available in their world and simply they cannot hope to maintain knowledge related to the societal you, only the knowledge that allows them to make connections to a possible you (telephone numbers address the telephone and not the person and quite simply I am not a telephone). However it is sufficient in the ITU-T space to say that the form of identity they deal with is sufficient to describe the thing that communicates (people use phones to make connections, the ITU-T makes sure that phones can make connections and they do not offer to make connections for people).

In my field of security, and securing identity as a task with it, there is no way that I can offer to protect your identity in all its societal richness. However I can make sure that you will be able to make decisions on the value of some parts of identity (the identifier) by allowing to verify its authenticity and its authority (if it is an authoritative identity). We certainly don’t need to go back to birth certificates for this proof (apart from anything else these can be forged).

Whilst I will agree that identity needs protection it also needs basic common sense (the power of real names in legend should be updated for the modern age – don’t release more data than essential and get systems to default to minimum release policies).

My point is that it is dangerous to conflate identity with identifiers and then say to the public you are your identifier and that the STATE has all the power to ‘validate’ who you are with those identifiers. This is a police state in the making and billions of people world wide have no ‘valid’ stat papers. It doesn’t mean they should not get on the network.

True and I hope nobody is trying to say identifier is identity in all contexts. What I want to note is that if the context is a phone call the only identity from the protocol view is the phone number, from the person using the phone the phone number does not equate to identity (different context, different identity). Rehash: Identity is relevant in context and not all contexts are the same so the value of identity is as varied as the contexts it is placed in.

Your suggestion that the state validates identifiers is harsh. The authority for an identifier is responsible for the validation and the authority need not be the state (most often isn’t). This is the reason behind my view of identity being authoritative or non-authoritative. In the real world we can only verify some identifiers as authoritative and not identity in the societal case (as we cannot have authoritative context although for forensic examination and recovery reasons we may wish to).

Prepare your Un-tallent

David Kerns just posted some great parody lyrics to the “Rainbow Connection” here. Eve Maler is again going to be the MC of the un-talent show on Tuesday evening at the Monte Carlo (formerly La Rioja, formerly formerly the Monte Carlo). Both original songs, poems, talent along with parody Lyrics to accompany Karaoke are welcome (and you can enlist the identity choir to sing with you).

You can ping her via e-mail or just talk to her onsite on Monday and Tuesday at IIW if you want to get up on stage.

In Wired about CFP

I just checked my visitors log and found a link from WIRED that mentions me.

While many websites do not collect names, addresses, Social Security numbers or other “personally identifiable information,” or PII, the information they do collect is extremely revealing. “They don’t need to know your name to know who you are,” Chester said.

A very different perspective came from Mike Zaneis of the Internet Advertising Bureau. Dressed in a much better suit than any other CFP participant, and sporting a John Edwards-quality quaff and a smooth manner, Zaneis faced a hostile, privacy-loving crowd.

Zaneis stressed that profiling does not capture PII. But the audience appeared to agree with Chester that browsing history and search information was nonetheless private. “My clickstream data is sensitive information,” said privacy activist Kaliya Hamlin, known as the Identity Woman, “and it belongs to me.”

I am not sure that I would describe myself as a privacy activist but rather an end-user advocate passionate about open standards.

I found the panel described in the article frustrating. It was one angry progressive anti-consumer guy vs. the super corporate marketing guy. The ‘activist types’ tend to deny that we are people who actually might want to buy things in a market place. The ‘corporate types’ tend to think that we always want to have ‘advertising’ presented to us at all times of day or night because we ‘want it.’ Neither view is really right. I pointed out that there was an option to give users back their ‘attention’ (clickstream) data from the sites that they visit. There could be ways to actually express one’s market needs/preferences and get advertising related to that specific need (this is not enabled anywhere that I know of right now). The VRM (Vendor Relationship Management) discussion is getting interesting and hopefully we can talk more about the issues raised in the space in between privacy and advertising at IIW next week.

Map of Online Communities

I just found this on Boing Boing and thought it was very appropriate to re-broadcast. It is from xkcd: A webcomic of romance sarcasm, math, and language that is quite entertaining comic strip.

I think this map also reflects the nature of identity on the web…we show up in a lot of different places and need identities that work across them – with the freedom to link and de-link them. It also highlights how fundamentally identity is social and for engagement with people in community.

<img style=”border: 2px solid #000000″ src=””/>

Transgender issues with Privacy and Identity at CFP

Mara Keisling the Executive Director of the National Center for Transgender Equity presented about the privacy and identity issues faced by Transgender people.

Identification Documentation

What is important for that about transpeople? – It is mportant what it says and also what it refers to. For example my passport says – ‘this passport says that this was changed for male to female’
Why does this matter because the revelation of one’s transgenderness is a risk – that we know of in the US one transgender person per month is murdered. Violence is a issue.

There are economic consequences to be outed at work or as part of a job interview and fired or not given job in the first place. In San Francisco – over 50% were unemployed or had fragile employment.

The REAL ID ACT is a problem.
It has not been implemented yet but what is very obvious consistent ID documentation is hard to get – for low income people, transgender, homeless people, immigrants. It will make it increasingly difficult.

The data is interconnected across ALL law enforcement.
It mandates certain things be on the front it.
Gender is required.
The fact of name change required – obvious that they changed name from say Mark to Mara.
Will Fact of gender change will be required? It likely will be in database. Along with surgical records – will end up in database. This means it outs transgender people every time interact with law enforcement.
It also means any time one’s ID is checked electronically to get into a bar for a drink it will out people. This is not a big deal in a big city is it s BIG deal in small towns.

It is difficult. I have friends who say “‘you travel’ – you are willing to fly?”
The TSA currently has no policy specific to transgender people and their frisking at airports.
They do have policy regarding how they are to interact with ‘helper monkeys’ (seeing eye dogs etc.) TSO’s are not aloud to touch your helper monkey’s.
At the very least they would like guidelines for searching.

It is difficult to get a passport. They almost always require you to present proof of gender change with the presentation of surgical records. However almost none have genital surgery – they estimate only 5% the reason is that there are many contra indications (HIV status, age, pulminary issues) and it is very expensive.

There is no security interest in labeling as me as a male. They are going to have a hard time finding me…(she presents as female).
It is a privacy violation to have ‘surgery letter.’
Scatterback x-ray machines “strip” naked and covers gender. This security measure is creepy for everyone – creepy and dangerous for transgender people.

Employment Verification
Mapping all these databases – to monitor so the SSN administration sends ‘no match’ letters – new employee…is this person eligable to work. This is supposed to just be for name or social security number. However there s an Optional data-field in this database and they can end up with ‘non-match’ letters because of gender basically – “you think lily is a woman – we think Lily is man”

An example she gave was heart breaking. A man was working at as a Steelworker for 20 years. The company he worked for ran all its people through the process you do with SSN administration and his supervisor came out in front of the crew that he worked with on a daily basis and said “Social Security says your a woman.”
He quit his job and wondered if he was going to have to find a new job every quarter because of this.

Employers with a large number of employees can do this via computer but small employers who do this via the phone – the operators are taught to ask for gender to enhance the match.

Health Privacy
Transgender people are turned away from hospitals all the time

A passing (not out) trasngender nursing student in florida as part of their training they were given specific information about what to do for man and women in certain situations. She asked
“What do you do with transgender people? are there any special considerations?” The trainer said “When I was in ER in New York we just let those people die.” You can be murdered because of your transgenderness in the health system.

Prescription records – many transgender people have histories that out them. Old data remnants matched with my old self with my new self (estrogen taking).

Freaked out about this passports because of information that will be shared. I don’t want this to flash on every screen when cross boarders.
Clothing that is worn or bought what if was from a credit card that I got got when male.

Data Permanence
Examples given.

Said in front of city council – I am a man with no penis. It was written up by the Philadelphia Inquirer – now when you google this person this is the first hit. it will be there forever.

Susan Stantant – Fired as city manager in Florida. Someone commented in the paper that now shows up in google “because she is taking estrogen no longer get erections”.

A woman was fired because court transcripts of parents custody battle from when she 10 years old. Someone else had fraudulently used her SSN and there for she was a ‘high security risk’ and denied her job.

What is Identity?

Last week at the ITU-T meeting in Geneva there were some folks making the assertion that Identity was all about one’s credentials starting first and foremost with one’s birth certificate. Clearly credentials that are abstract representations of our selves have value in our world and let us do things that we were not able to do when identity was just social. Much like the fact
Hernando DeSoto points out in the Mystery of Capital that abstract representations of ownership of things (like deeds of ownership of houses – that say you own your house) has value because now you can do new things you couldn’t do before when ownership was just social (my neighbors know I own my house because I do – no piece of paper says this).

I think loosing the understanding that Identity is first and foremost a social construction would be disastrous. We had a great conversation last week in Brussels with Doc and JP in the ‘because of effect’ I will work on writing up my notes from that while at CFP today.

I am staying at a friend’s house in Montreal and picked up Oppenhimer: The Tragic Intellect on the coffee table. In the Preface the author says this:

The recent biographies all, in different ways, place Oppenheimer’s life in the context of the transformation of science and American society and politics during the Cold War. My aim in this book has been to provide a biography that draws together individual character structure and social structure, looking at the social processes and collective work through which the individual identity is constituted. It is sociological biography, which looks at the collaborative and interactional shaping of the individual in the web of relationships. In that sense, it aims to break down the division between individual and context, treating both in terms of social processes. This is a difficult task. Sociologist Norbert Elias has written, ” Whenever one looks, one comes across the same antinomics: we have a certain traditional idea of what we mean when we say ‘society.’ But these two ideas, the consciousness we have of ourselves as society on the one hand and as individuals on the other, never entirely coalesce…What we lack, let us be clear about it, are conceptual models and, beyond them, a total vision with the aid of which our ideas of human beings as individuals and as societies can be better harmonized.” This study attempts to use the narrative form of a sociologically conceptualized biography to weave together the threads of the “individual” and the “social.”

I continued reading it last night as I went to sleep and found another paragraph I will post tomorrow.

Privacy Commissioner of Canada opens CFP

Computers Freedom and Privacy opened with the Privacy Commissioner of Canada Jennifer Stoddart. It was a great talk and here is what I captured from it –

We are endanger of loosing our rights.

She gave an introduction to the state of privacy in Canada. There has been a Privacy Act since 1983 that gives the privacy commissioner authority under the act.

  • Fixed Term for independence from the government of the day.
  • Reports directly to parliament.
  • Advocacy through parliament.
  • People who have been denied privacy in some way can complain
  • Oversight of 150 federal government agencies including – RCMP (National Police), CSIS (Canadian CIA), Communications Security Establishment (surveys foreign communication)

She highlighted the case of Maher Aror an innocent Canadian citizen deported to Syria from the US and part of the reason for this was that the Canaidan government provided misleading information.

Canada more recently passed the Personal Information Protection and Electronic Documents Act – PIPEDA which was Introduced in response to the EU Data Protection Directive requirements.

Canada one of few countries out side of the EU that has ‘adequate’ privacy protections and is a place were EU data can be exported here.

Privacy Commissioner of Canada responsible for the application PIPEDA and has the power to:

  • Investigate complaints
  • Go to Court
  • Conduct audits
  • Produce reports
  • Liaise with industry, consumer groups and parliament.

This is a good law because there is:

  • No requirement to register databases (as in Europe).
  • No yearly fees to remit.
  • No reports to files to data commissioner.
  • No authorization to export data.

There is no named constitutional right of privacy however the canadian courts have interpreted Canadian charter of rights and freedoms to provide this.
There is a tangle and it is a challenge to address privacy.
Country only legislation is not enough International cooperation is needed. She is involved in the OECD where she is the chair volunteer group on transboarder privacy enforcement.

Canada’s response to Anti-Terro Legislation-

Trying to find the right balance between privacy and security
Anti-terrorism Act of 2001 has impacted privacy rights through:

  • Broadened surveilance powers
  • Weekened constraints on use of powers
  • Reduced accountability and transparancy of governmnet

Lack of facts and evidence to suggest that the measures in the Act are necessary
Parliament has not acted on the expressed concerns.

She highlighted the UK information Commissioner talking about Working Together

  • Too many different privacy controls in different parts of the world.
  • Inconsistency cause complexity, increased costs, and reduced consumer trust and confidence.
  • Consistency reduces the trans-boarder data flow and protects information.
  • The US and EU should work together.

Substantive agreement on privacy recognized rather then details about how it happens.

We need to question government policies that encroach on freedoms
Is surveillance a long term solution?

We must look at how these threats to us come about. Are we just perpetuating anamosity that leads to people wanting to cause harm to us?

How do these threats to our security come about and what are alternatives do we have to massive surveillance.?

We must explore new contours for privacy.

Oh yes…she also pointed out the US had prohibited entry of a Canadian researcher who had in the 60’s taken LSD as part of experiments at Stanford that he found out when he ‘googled’ the guy when he was crossing the boarder and reading the article that came up describing this. It was covered in TheTyee just last week.

SHE DIDN’T talk about the Canadian Government doing the same thing to US Citizens with minor criminal records. Covered in the San Francisco Chronicle in February. She is coming back and we can ask her questions hopefully she will also turn the spotlight on her own countries behavior with regard to this. It is all happening because of the sharing of criminal records cross boarder.

Take the case of 55-year-old Lake Tahoe resident Greg Felsch. Stopped at the border in Vancouver this month at the start of a planned five-day ski trip, he was sent back to the United States because of a DUI conviction seven years ago. Not that he had any idea what was going on when he was told at customs: “Your next stop is immigration.”

Felsch was ushered into a room. “There must have been 75 people in line,” he says. “We were there for three hours. One woman was in tears. A guy was sent back for having a medical marijuana card. I felt like a felon with an ankle bracelet.”

Or ask the well-to-do East Bay couple who flew to British Columbia this month for an eight-day ski vacation at the famed Whistler Chateau, where rooms run to $500 a night. They’d made the trip many times, but were surprised at the border to be told that the husband would have to report to “secondary” immigration.

There, in a room he estimates was filled with 60 other concerned travelers, he was told he was “a person who was inadmissible to Canada.” The problem? A conviction for marijuana possession.

In 1975.

Welcome to the new world of border security. Unsuspecting Americans are turning up at the Canadian border expecting clear sailing, only to find that their past — sometimes their distant past — is suddenly an issue.

Identity Panel at Mix07

We had a great panel at Mix07 Microsoft’s Developers Conference. It was moderated by Marc Canter, with Kim Cameron, Scott Kveton and myself.

We opened with a context setting presentation (up on slideshare) that I put together to help get us started.

Marc hammered the point home that Single-Sign-On was not ‘enough’ we all agreed.

We talked about security issues and how CardSpace was one option to address the challenge of phishing.

We talked about how Authentication (SSO) was different then data sharing and how we need to figure out how people connect data between different sessions.

I said we needed “myAPI” so that we could let people conntect their data and not give away their username and password to connect stuff up (like they have to do today).

Marc said that the IIW was just a talk fest that he would not go to. I pointed out that the IOS in Brussels last week OpenID and ID-WSF

Marc criticized Facebook for the terms that they release face-book data under saying it could not be shown to anyone except Facebook members. The Facebook guy stood up and said that he was misinterpreting the meaning of it – what it really said was that if a user had certain people who could see different things those preferences needed to be respected.

Marc got down on his knees and apologized while singing the end of an aria – it was very entertaining.

We also got to hear about Sharks and Toasters. Many people are afraid of sharks but more people die every year because from using a toaster but no one is afraid of toasters.

Over all it was a great session. Thanks to all who participated.