Thoughts on Community Engagement

A few days ago David sent me a link to his post responding to Stefan’s (very long) slam of OpenID. He did a great job articulating how many of those who have been critical of flaws in OpenID have been actively engaged with the community in finding solutions to the problems.

From Gnomedex one of the things I came away with was a deepened appreciation of the community that we have in technology generally and identity in particular. There are a lot of smart, good people working together despite our different personal world views, personal quirks technology backgrounds and visions for the future of the technology.

There are a lot of different perspectives in the social networking datasharing space. Marc Canter called the Data Sharing Summit to figure it out – face-to-face. (I raised my hand and said I would help facilitate). It is going to be Sept 7-8 in Richmond CA (Bay Area). Face-to-Face for a day can be like 6 months on a mailing list. It is invaluable and the text dialogue afterwards is improved in quality and effectiveness.

Ok back to Stefan:

Personally, I can’t be bothered much with a sign-on system for blog comments and social networks, but if it makes other people happy, great.

In fact social uses of persistent identity are actually interesting and just dismissing it as pithy isn’t really productive.

OpenID is a starter way to for websites to start using identity tools for people. Thousands of websites have adopted it – cause it is easy to do and it works. You could get up and praise OpenID for existing cause it is warming all those Relying Party sites to the idea there are identity tools and services they can offer to their user-bases. The challenge that Stefan and everyone else has with more complex visions of how things could/should work is how do you make it ‘easy’ – both for users and developers.

I think nuances that Stefan articulates are really important.

“selective disclosure, authenticated anonymity and pseudonymity (possibly with revocation capabilities), improve availability, enable privilege and entitlement management, and provide security against insider attacks originating from the Identity Provider,”

These need answers and they are not going to come from one company with one solution alone. Community engagement is needed – so I encourage all to put your solutions into the mix and lets see if we can figure this out.

It would be very worrisome to me, however, if a URL-based system (whether OpenID or a variant) would become the basis for “serious” identity and access management applications such as e-commerce, e-health, e-government, general credential systems, and so forth.

Your challenge is that people (consumers, business people, legislators) can readily comprehend identifier system that work like this. If you and others don’t want the world to work like this then it is up to you to figure out how you explain complex math in a way that doesn’t go into the detail but just explains it in a way that ‘makes sense.’ I have had the luxury of sitting down a few times and listening to you explain ‘how the math works’ and it still seems a bit ‘mind boggling’ but “I trust you” – basically it is where peoples trust lies…is it in ‘human’ trust (my openID provider isn’t going to take my password and log into places for me) or is it in ‘math trust’ (these really smart guys have these groovy algorithms that mean only “I” can access my stuff and I can share information with them without really telling them who I am). I hope the latter can work – that the systems can evolve and people will “get” them. However it is a communication challenge and an adoption challenge that is not easy.

I have encouraged Stefan to come to community events many times. . I do hope he takes up my invitation to come to the Internet Identity Workshop December 3-5. I hope you will all encourage him too.

Please Answer this Survey about the FUTURE of Internet Scale Identity

If you read this blog I would like input into the slice of scenario planning exercise that I am working on for the Sunday prior to Digital Identity World September 23.

We would like you to answer some or all of the questions here about the future of Internet scale identity. (thanks to Eugene Kim for helping with the logistics of doing this survey)

From these answers we will shape some headlines for future events that we will as a group process and think about on Sunday Afternoon. The results of this will be presented in a panel on Monday afternoon at DIDW on a panel about the Future of Internet Scale Identity.

You are welcome to answer the question even if you can’t make Sunday afternoon. It will be free and open to anyone in the community (exact time and place TBD still).

Sign up on the wiki if you are planning on coming or e-mail me kaliya (at) mac (dot) com if that doesn’t work.

Gnomedex Morning 1: The Highlights

I had a GREAT time at the party last night. There are so many great people here from SF and Seattle + a bunch of folks from all over the country – including Ohio

The Opening Keynote was by Robert Steele. I unfortunately had a conference call to plan for ShesGeeky - the women’s (only) tech conference in October – so I had to miss the presentation.

However I had some incling about what he might present since I first met Robert at Nexus for Change – people there largely in the granola crowd listened to him because of his connection to Tom Atlee from the Co-Intelligence Institute and author of the Tao of Democracy.

I spent several hours dialogging with him there. In my conversation with was interesting on the one hand he was talking about ground up citizens deliberation (see NCDD) BUT – these are THE 10 Threats, THE 12 Policies, THE 8 Players. [Here are some of the "jems" from his talks captured in a live blog this morning. Here and here.]

Part 2:
I got to hear most of Daren Barefoot present he covered some interesting topics including:
Gross National Happiness (they have conferences on thisI found a Frontline that covers it.
Build infrastructure if you want to make a difference.
He put forward several great online ‘do good’ projects
* I could Be
* GeekCorps
* Get a First Life
* Nothing But Nets

He highlighted Web of Change as an Awsome conference – He asked if anyone had been. I raised my hand, agreed yes it was AWSOME.

He pointed out NetSquared as a conference.

I put forward the Nonprofit Technology Network (NTEN) which is a great network of technologists working on social good stuff. Bouns: Their conferences are 50% women.

Personal Side Note related to IT and Changing the World:

Just this week I began planning for the next Planetwork Conference – and where to begin but around Themes. The one we are currently playing with is Infrastructure Patterns for Collaboration and Sustainability.

Guy Kawasaki closed of the morning asking us what we wanted him to talk about. We chose Evangelism.

1) Make Meaning
2) Make Mantra (2-3 words)
3) Roll the Dicee
* Deep 1.0 is plenty good eg. Fanning (Reef)
* Intelligent [DESIGN MATTERS]
* Complete
* Elegant
* Emotive
4) Niche Thyself (high and to the right. Value that is Unique).
5) Let a Hundred Blossoms Bloom
6) Make it Personal
7) Find the True Influnencers
8) Enable Test Drives
9) Look for agnostics, not atheists [or the religious]
10) Provide a Slippery Slope
11) Don’t let the bozos grind you down

Business 2.0 gets OpenID wrong

I read this in hard copy on the way to the plane just before heading home from BlogHer. I just about fell off my chair…

Tractis, its creators say, is no less than a comprehensive legal system for the Internet nation. “The biggest problem with online contracts now is enforcement,” says David Blanco, the Madrid-based CEO of Negonation. “If you reach an agreement with another person and something goes wrong, how do you enforce the contract and in which jurisdiction? How do you know the true identity of someone calling himself”

To solve that kind of problem, Tractis will offer a comprehensive range of trust and verification systems – and take advantage of controversial national ID cards. There are already 600,000 of the cards issued in Spain; similar ones are compulsory in Belgium, Germany, and Portugal. The United Kingdom is set to roll them out in 2010. Insert your ID card into a smartcard reader and Tractis will instantly verify it with your country’s database.

That doesn’t mean citizens of countries without national ID cards, like the United States, are left out. Tractis can also authenticate online identity via OpenID, a security standard now supported by Microsoft Vista, Firefox, and AOL. The final agreement can carry a digital certificate that in most countries, including the United States, has the same legal weight as a handwritten signature.

I wonder how they got it so wrong? Was it Tractis that said these things and the reporter didn’t bother checking the facts? or we is it us…the OpenID community not communicating clearly enough?

I mean OpenID is great It does do ‘authentication‘ in the technical sense. It is not a replacement for National ID card, it is not a ‘security standard’, It does not do validation (checking that you are linked to a ‘real’ identity that is yours) or enrollment (getting you signed into a system).

Maybe Negonation (the company behind Tractis) has plans to have a validated OpenID service? Hopefully they are going to come to DIDW and IIW.

They certainly have ambitious aims in creating trust on the web..

Negonation is commited to create secure and trustworthy electronic commerce, above the legislative islands. We’re aware that the words “secure” and “trustworthy” are difficult to define, more a subjective sensation than a concrete objective. The solution does not rely on using a standard, technology, hardware process or concrete legislation. It is a combination of many things, with no magic formula. A user will feel secure using Tractis or not. They will trust the service or not. We believe that the formation and support of this forum is a step in the right direction.

They Quote Richard Stallman on the top of their blog…

For businesses to have special political influence means that democracy is ill. The purpose of democracy is to make sure that wealthy people cannot have influence proportional to their wealth. And if they do have more influence than you or I, that means democracy is failing. The laws that they obtain in this way have no moral authority, but they have the capability of doing harm.

Maybe they are going to be using Open Source software so we can trust their system?

Cel phone Forensics Kit…for all your personal spying needs.

My husband recently got a new free phone from his cell phone company (because his 600 treo finally bit the dust).

While searching around for the wires needed to connect his phone to his mac…He noticed this little $3000 gadget the ‘secure view kit for forensics’.

Secure View for Forensics is the ultimate software and hardware solution which provides law enforcement, corporate security and forensics consultants with logical data extraction of the content stored in the mobile phone. Investigators can now gain access to vital information in seconds without the need to wait for crime reports.

There is this nice little note at the bottom of the page:

Note: Features other than Phonebook Manager are based on phone model (check phone support before purchase). DataPilot product family is for personal use only. You can connect and transfer data to a maximum of 8 different handsets.

Big Brother coming to NYC

NYC Real world Tracking one step closer:

New York City is seeking funding for a multi-million dollar surveillance system modeled on the one used in London. Police in the city already make use of the network of cameras in airports, banks, department stores and corporate offices — an arrangement used in cities across the country. This new project would augment that network with a city-wide grid. ‘The system has four components: license plate readers, surveillance cameras, a coordination center, and roadblocks that can swing into action when needed. The primary purpose of the system is deterrence, and then an investigative tool.’ But is it necessary? Steven Swain from the London Metropolitan Police states ‘I don’t know of a single incident where CCTV has actually been used to spot, apprehend or detain offenders in the act. Asked about their role in possibly stopping acts of terror, he said pointedly: “The presence of CCTV is irrelevant for those who want to sacrifice their lives to carry out a terrorist act.”

From the Article:

The implementation of the plan, called the Lower Manhattan Security Initiative, will require about $90 million, New York City Police Commissioner Ray Kelly said. It will cost about $8 million a year to maintain.

The city so far has raised about $25 million. Part of it has come from the Homeland Security Department and the rest from city coffers.

Donna Lieberman, the executive director of the New York Civil Liberties Union, said she was alarmed by the prospect of government and law enforcement officials having records of a person’s daily activities.

“It wasn’t that long ago that J. Edgar Hoover was up to his dirty tricks using government spying to interfere with lawful dissent, undermine critics and pursue an unlawful agenda,” she said.

However, police officials repeatedly note there is no expectation of privacy in a public area and it is not a constitutional right.