IIW Monday is FREE & program announced

If you are wondering what the Internet Identity Workshop is all about we have a new articulation posted on the main wiki page for our upcoming conference. It goes into the range of topics covered along with the technology and social issues. This is our 6th event and I think it will be a great one.

**** MONDAY IS FREE (beginning at 1PM) ****
We have Monday’s program figured out and Monday afternoon is FREE to anyone who wants to come and check out the emerging field. We will open at 1pm.

We will open with a ‘newbie’ perspective from Ryan Janssen who has been an amazing active reader of the community blogs and writing about it as Dr. Star Cat

Everyone will get a hand out of all the community project one pagers.

Presentations will then follow about five centers of gravity in the community that we see:
1) OpenID – David Recordon
2) SAML/Liberty Alliance – Paul Madsen
3) i-cards – Pamela Dingle

4) Data sharing/linking – Drummond Reed
5) Vendor Relationship Management Project – Chris Carfi

Between 3:30 and 4:00 we will be all together – considering “what useful things can we do” along with other questions please be there for this if you feel all up to speed on “everything”. We think that the presentations will be informative for those already familiar with the landscape it has moved forward since we last were together – so we encourage you all to get there at 1PM.

We are working on a blog push on Thursday May 1st – blog about it that day- (if you miss that day – blog about it anyways over the weekend)

Identity Commons Q1 2008 Report. DONE!

I am excited that our second set of “official” quarterly reports as been wrangled, compelled, edited and published on the IC blog and in PDF format. If you are wondering what all is happening in the communities work on user-centric identity technology this is the one thing to read and the best part is it is updated very three months. We welcome new groups joining the communityit is a simple process.

We are a community of groups working on addressing the social, legal and technical issues that arise with the emerging, identity, data and social layer of the internet.

Highlights from Q1 2008 Reports

The 6th Internet Identity Workshopis coming up May 12-14, immediately followed by a Data Sharing Summit.

The OpenID Foundation had 5 corporate members join the board – Google, Verisign, Microsoft, Yahoo and IBM. OpenID Japan was founded and guidelines for local chapters are being developed.

OSIS Open Source Identity Systems is working towards the completion of its third major Interop event (at RSA and the European Identity Conference) with 57 projects participating.

XRI 2.0 will be going to a vote within OASIS shortly.

Higgins 1.0 was released on Feb 21st.

Project VRMis leading a 1.5 day workshop at the European Identity Conference and has an active London Chapter. Work continues on the initial text case Personal Address Management

New Groups of Note:

Enterprise Positioning is a community of people inside enterprises who need to understand and explain the application of user-centric identity in that context. page 10

IC Evangelism and Marketing began to help develop clearer messaging for Identity Commons and develop a values statement. page 8

Newbies 4 Newbies have given invaluable feedback on the language used to articulate user-centric identity, helping to improve the Internet Identity Workshop announcement significantly. If you are new to User-Centric Digtial Identity – wondering what they heck is all this stuff – what do these acronyms mean – this is the group for you. page 10

The Photo Group started with three groups on Flickr 1) Identerati Portraits, 2) The Art of Identity and 3) Member Gallery with the photos they have taken. page 11

The Quiet Groups:
IC Collaborative Tools
XDI Commons
Identity Schema
Identity Rights Agreements
Identity Futures
IdMedia Review

PDF of Report

The most important news of the day

is the new data portability logo of course.

I am a big fan of having problems be solved in this problem space and just hosted the second collaborative ‘get it done’ workshop in this area in the last 8 months – on Friday and Saturday see the report all about what got done. We have another one coming up in a month – the DATA SHARING SUMMIT May 15th.

Data Sharing Workshop Report

We had an amazing group that gathered for the Data Sharing Workshop April 18 and 19 (Our Summit is coming up May 15th). It was as we had envisioned – a range of people from large portal companies, device manufactures and small startups.

We had 5 great sponsors Vidoop, Plaxo, BBC, Twine, and Broadband Mechanics. We met at the SFSU Center for the Next Generation Internet and collaborated with the dataportability.org community.

Attendees included those new to the space and veterans who have been working on the issues involved for years. We invited 9 different industry people to open our morning by sharing what they saw as the problem and where we were at.

Everyone introduced themselves and then we dove into making a really great agenda wall.

We also had a Wall of Results. Each session was asked to out put an 11×17 piece of paper what they got done.

Here are some notes from those summaries and the wiki. (please feel free to add more to the wiki if you were in a session and took notes)

How to help you help yourself? was one of the opening sessions lead by Angus Logan of Microsoft. This was really focusing on how to get away from the give us your password and we will scrap your data for you method of users getting their data out.
* User Experience is Hard
* HOw do we get sites to adopt new methods?
o Make sure API’s are truly functional equivalent to scraping
o try to make the UX work well
o Get good PR and Goodwill from getting off passwords
o provide libraries, sample code tutorials
o Host hackathons
o be patient – everyone’s really busy

Being careful with the word own was a session lead by Gabe Wachob
The words we choose when talking about these topics because of the unintended consequences:
* if we define in terms of rights?
* frame the term for the public policy discussions that will come
* “control” has similar issues
We need Creative Commons like understandable controls for your data
We need to initiate conversations
* who “owns” your bank account balance

What is Identity Commons?
This covered a bit of the history and an explanation of our loose community structure. It is outlined on our wiki. We have 12+ community groups

The ecosystem conversation was interesting – the sense that people had was that we are in the age of “data sharing” similar to the time before cel phone number portability. Marc Canter highlighted formats that have become normative and should be abstracted out.
* Social Graph
* Contact list
* Media Gallery
* Ubiquitous Content
* ID – persona’s and groups
* LIVE WEB events
* Feed Actions
* Blogging – Regular and Micro
The following is needed: Marketing of what the benefits are to relying parties and to vendors. Turning the customer acquisition budget.

Questions were raised about what standards are in this space. There were some that were articulated Note that this list is not comprehensive. Please feel free to add more.

Feeds and OAuth:
* Start by trying to access feed as if it were public:
o username -> profile -> feed url
* Get 401 with auth resp. header if it’s only private, or 200 + link_rel to private version
* Do OAuth discovery or the profile/feed URL
* Perform OAuth -> Get token
* ask for feed with token in authorization headers

This was an interesting rambling conversation for 2.5 hours.

Clarity emerged around stakeholders and means of engagement. concerns were expressed about improving communication.

* Are data portability and OpenID apples and oranges? there was a healthy debate
* Where is the consensus -Today?

* Terminology heard in the converstaion
RSS, APML, i-card, Open Stack, Identity, Permission, Attention, Container, OAuth, owner, viral, openID, FUD, Interoperability, data sharing, data portability, OSIS.

* Means of Engagement
o specs-style reporting
o bi-weekly outreach
o more blogging
o pull input + commentary
o Don’t ask for comment
o date v. marry

* Concerns/ Threats / Challenges
o Hype v. Beef
o What is the story?
o Is DataPortability THE umbrella phrase?
o Politicizing + Emotion
o Lack of clarity on Scope

* Where is the consensus today?
This was not fully clear but there was a good conversation.

URLs are People too…Social Graph API
* Links are relationships
* Rel=”me” connects ourselves
* rel=”friend” etc. connects to friends
Social Graph API is a cache of the distributed social graph of the public web.

Open Social Q & A

  1. Portability by moving Apps to where the data is or bringing the apps to the users contexts.
  2. Networks as different countries * friends may be hidden * technology: 1 Google, 3 apis (people, friends, activities) — Not as border controls but to extend websites to where users are now
  3. Data: person info; viewer friends; page owner (can be viewer); page owner who’s not a person ; not relationships or thoughts but correlations between what people have already created
  4. User Experience: Apps centric, not in terms of google’s functionality or assumptions
  5. Container determines contxt when linking people and because the user builds the container(s), control is appropriately there
  6. Apps: Most successful will be basic data sharing that have universal applicability; word-of-mouth / engagement viral v. demographic targeting or size-of market targeting; to focus on mail functions is to serve the disease, which will eventually develop immunity
  7. Enables data portability by bringing the applications to where the data is.

OpenSocial — A foundation
* openID based
* Opensource problems
* myspace, orkut, are shipping now
* make doing social stuff easier

What is XDI ?
XDI = XRI data Interchange
XRI = eXtensible Resource Identifier.

  1. XDI is a “PDF for Data” – a portable format for sharing data across applications and services
  2. XDI is also a simple RESTful protocol for sharing data using XDI documents
  3. XDI includes portable permissions called XDI Link contracts

An Open Address Book – we had several folks in attendance telco’s and handset makers. they talked about the big idea – ” We need a single schema for person information” then asked Is this realistic? Finally concluding Death of the phone address book? (Long live the phone address book!)

Semantic Web and Data Sharing
* rich
* low interop
* links internal/proprietary/ not at all

* Highly interoperable
* standardized links
* semi-structured

* rich description
* ? interop
* no links other then correlation
* not structured

* Rich
* High Interop
* Fully Linked
* Fully Structured

LLLI/Kintera Use Case and Solution:
In this session we explored the OpenID, XRI and XDI solution deployed to satisfy the Le Leche League International distributed data requirements. The software solutions provider Kintera has been a partner with ooTao in this effort. Kintera hosts 128 Million individual profiles so can help create significant adoption figures on its own.

We saw how each individual member and every system component was given an XRI identifier. In the case of individuals the XRIs – i-names were associated with OpenID services for authentication and in the case of system components the XRIs were given public/private key pairs in order to authenticate to other system components.

The result of the LLLI work is a WORKING distributed data management system that leverages distributed identity for its authentication and authentication mechanisms. For more information contact Andy Dale via his iPage at =andy

Restful Data Addressing
Mike Mell Led this session articulating a proposed syntax for Restful data addressing. He articulated these goals:

  • pure HTTP requests
  • UserAgent to server
  • server to server
  • secure
  • Fine grained addressing and permissioning of any data node

The wiki outlines specific elements in the syntax along with Response and Authentication Modes.

Doable Now and Soon
This was one of the sessions on Saturdays – with a calm group that had been through a really intense day Friday. There was agreement on the ‘dobale now’ and likely doable soon if the right conversations were had.

Dobale Now
* Portable Identities (OpenID, LiveID, FB-ID)
* OAuth (sever to server) delegated auth.
* Contacts Portability (FOAF, XFN, Microformats, like MicroID)
* Sync (feed sync)
* Social Network Portability (Open Social FB platform)
* Social Application Portability

Doable Soon
* Standard Schema for Profile
* Standard Schema for Address books
* Media portability + metadata + permissions
* Linking ID’s of different ecosystems?

The event was full a success. Many people travelled on planes just to be at this event. Some even from Europe. Since the last summit a lot of clarity emerged around what the problem space was and how different approaches could work on addressing the issues.

Key Areas to be addressed at the Summit on May 15th include:

* more conversation about the business value to vendors to allow user-data out of their systems.

* We want to focus on schemas for profile data and address books, not as much on the social graph at this point.

* Demo’s likely we will have speed geeking at lunch.

* Work is happening on an ‘alpha’ version of an executive briefing . Some thoughts: We are moving in to an interconnected world where implementation decisions are not tied to the technologies. That is, how you participate is not tied to the technologies. We are not just talking about future proofing, but about providing a relatively easy way to give yourself options to work in the various scenarios that analysts are already saying are happening. You can increase the value of your offerings by building on offerings provided by others without needing to throw a lot of money at bringing it together. The objective is to make things easier to interconnect. In part by just defining the nature of the interactions that you want.

* We also need to consider targeting legal and policy decision makers. Perhaps from the EEF? other organizations. We don’t necessarily want to target legal departments in large organizations, but different external bodies involved in policy-making.

* We want to gather a larger group from the different companies involved, especially more product managers and other decision makers from companies such as AOL, Microsoft, Google, Myspace (if possible), etc.
* We welcome further input into the goals and outcome for the Summit – the agenda will be determined by the people who attend. Please contribute on the wiki to the Proposed Topics page.

We had a quite closing on Saturday and people were asked what the got out of the event and what their next actions were. You can click through to see what they answered.

I am really looking forward to the Summit following the Internet Identity Workshop – it is going to be even more amazing then this event was and move the whole field forward.

Movie about “Fursona’s” coming out

From Boing Boing:

Furries get no respect. Usually, when you hear about people who dress up like life-sized stuffed animals, it’s in the context of an unfriendly internet joke, a sex gag on Entourage, or an insult that ends with “yiff in hell.”

Brooklyn-based filmmaker Marianne Shaneen has spent more than two years following these people around, capturing their lives in and out of their “fursonas.” She’s working on a documentary film called AMERICAN FURRY: Life, Liberty and the Fursuit of Happiness.

The Venn of Identity is published

This is a great article and I have been talking about it for several months when presenting about digital identity. It was written by Drummond Reed and Eve Maler and I read it in December.(I am doing this more and more now). It has finally been published here is the abstract but it actually costs $19 – uggg.

Digital identities can be associated with everything from people to software applications to entire companies, but human digital identities prove the most interesting and challenging. Human digital identities can simplify network usage and enable new classes of applications, but they also introduce security and privacy risks. Federated identity management addresses scenarios in both enterprise and consumer contexts by defining how to dynamically distribute identity information and delegate identity tasks across security domains. This article explains federated identity’s components, discusses security and privacy risks and architectural challenges, surveys the SAML, OpenID, and InfoCard protocols, and reviews new developments in federated identity management.

RSA pr3: OSIS Interop

The OSIS interop was happened in a little room in the same hallway as the speaker lounge – but there was no signage to point people there :(

On Monday evening there was a OSIS steering committee meeting. The last one of these I sat in on was at Burton Group Catalyst. It was a good meeting – they talked about the European Identity Conference coming up in a few weeks where they will be again setting up and having interop demo’s based on the I3 work. Some of the European participants will be there. The agreement was that Interop4 would happen at Burton Group Catalyst continuing the work of I3 because it was not complete yet.

Roger Sullivan in his position as representing Liberty Alliance where he is President attended (he is also the Vice President of Business Development for Oracle Identity Management). I found it interesting that Roger said the word user when reffering to entities like Boeing and General Motors. I piped up and said that I felt that the use-cases and needs of ‘end-users’ were different then the needs of massive multi-national entities. He said that the ‘issues’ were all the same. I guess in one way that is true – in the end it is people at the end of the computer terminals. In another way it is different to log into an ‘enterprise environment’ (intense permissioning, lots of legal regulation etc) then it is to manage your personal shopping online. Out of this exchange came the differentiation between these two kinds of users – the larger being ‘deployers’ and the smaller being ‘users.’

As a community we had a good chance to talk about issues. The message that Roger did bring forward was that enterprise customers wanted less confusion in the market – because until it was clearer there would not be purchase of product. There will be more insight into this in the forth coming post about the the conversation I had with other executives at Oracle over a ‘blogger lunch’ on Thursday.

Major ISSUE – there was ‘apparently’ two competing interop events at the same conference. One was backed by a large and well funded organization with a PR staff to promote itself the other was a fabulous grassroots effort – doing huge amounts with very little. It was agreed that next time Concordia and OSIS would collaborate and have an interop in the same place and have one press release (or at least two press releases with mutual quoting) although with different use-case focuses. This is my drawing of the picture that became clear through the meeting.

OpenID Foundation and OSIS is a community group (there is serious consideration of changing our current description from “Working Groups” to “Community Groups”) of Identity Commons, the i-card foundation that is proposed would also be (there are some interesting questions about it).

I worked hard on Tuesday morning before the OSIS interop on some signage for Identity Commons. We had the new diagram that is on the front page of the wiki along with a this sentence that i think goes a long way to describe who we are.

We are a community of groups working on addressing the social, legal and technical issues that arise with the emerging, identity, data and social layer of the internet.

Johannes pointed out that after that some articulation of the issues we are tackling could be listed. This is a list I recently wrote up and shared with a reporter (and she actually said it was ‘clear’). I will put the high level questions we are trying to answer in the context of the ‘clear’ articulation I sent her.

Since the Web was built around “pages”, no tools or standards were created to control how the information about you was collected or used. We all agree that we need some kind of “open identity layer” for the Internet, but we don’t know exactly what that means or what it looks like. Our community has come together around some shared understanding of this and we continue to ’struggle’ with what it means and how it should work.

We are working as a Community, on the development of the next layer of the web—for people and their information—the social-data layer. It’s going to take time to figure out, and lots of people have already been working hard for several years and have made significant progress.
These are the questions we’re striving to answer:

  • What are the open standards to make it work? (identity and semantic)
  • What are technical implementations of those standards?How do different standards and technical implementations interoperate?
  • What are the new social norms and legal constructs needed to make it work?
  • What are the businesses cases / models that drive all this?

Identity Commons is the collection of groups where these conversations are happening.

All this takes time, and yes, interest is growing and movement is happening, but there is not ‘one answer’ or ‘one blueprint.’ As Doc Searls, one of the ‘grandfathers’ of this movement is fond of saying, it is a “market conversation.”

We need a broad and diverse range of participants. This layer once implemented will be as world changing as the World Wide Web of documents was for the Internet.

I also think it is important to remember and emphasize that we are in a phase where there is a lot to get figured out and there is not ‘one answer.’ I think we as a community can tell a clear compelling story to the market AND continue to foster a lively and diverse conversation about the issues that are arising (technical, legal, social). It is some times is hard to remember how unclear things were 2 years ago but they were very vague then – if we continue to progress I am confident a market can develop for these tools. Both the peer-to-peer sessions on this topic were interesting and had a range of enterprise folks looking at these tools (a blog post about those will also follow in this series).

Here is a photo of the interop in progress – next post – interop videos – coming tomorrow.

Over the next week I will work on the the 20 other posts that I have outlined this morning. – ok off to the airport now.

RSA pt2: Concordia Interop

Day One seems so long ago. I moved all my stuff over from the east bay on Sunday night – Pam was nice enough to let me room with her to save the 1 hour commute each way to home for the week.

I got up early and headed to the Concordia Interop – I got their early enough to see the OpenID logo on the sign. OpenID has not been actively participating in these Liberty lead efforts for a while now and asked that their logo be removed from the website etc. Shortly afterwards a guy with white tape came and covered it up.

This slide explained their current focus and next focus.

Eve handed the podium over to Mike Jones and he introduced the day and explained the three scenario’s they were demonstrating interoperability for. SAML and WS stuff with an emphasis on the enterprise use case.

They shifted into demo’s at the back of the room and presentations at the front.

Lena from FuGen presented this slide.

It presented the complexity of federation and the different shapes that it has. The same policy between a range of partners, different policies with different partners and

There was about 300 people in the introduction and this faded out.

RSA pt1: What a week

Wow – what a week. I was not expecting the conference to be as intense as it was. I was able to give more to the conference and get more out of it.

It made me realize how much I have learned about the “enterprise & security scene” in the last 3 years. Three years ago I walked by RSA by accident – it was on at Moscone – theme was 1930’s gangsters. I saw Sxip’s logo on the signs for sponsors and I picked up an agenda. I of course didn’t have a pass at all. The next year as it approached I figured it would be a good learning opportunity and I asked if I could help cover the event for Digital Identity World. It was ALL new to me – I was overwhelmed by the acronyms and I just remember not understanding anything on the show floor – I often had to ask them to ‘explain their thing’ to me. There was certainly no formal talk of user-centrism in at the conference either.

Last year we had the big OpenID, MSFT cooperation announcement – it is nice to see that this was real – with their recent joining of the board (along with other big players). I am not sure there were any presentations about it at the event though. I knew more when wondering the show floor but still had to ask a lot of questions.

This year was amazing – this next series of posts will cover the range of things that happened and my reflections. I really could write for a whole two days – however I only have this morning – I am headed to Seattle today for the Green Festival and a conference I am co-producing and co-facilitating about people stepping outside of the box of regular money. I am back here on Wednesday and will be facilitating the Data Sharing Workshop. I am really excited about this event – last fall we had this event prior to the IIW and it really helped sync up the different things happening that are aligned but have different starting points.

John McCrae of Plaxo wrote a great post about it yesturday that features both “Identity Dog” and our “Data Sharing Snail”.

Oh YEAH! OpenID is now apparently working on my blog for comments – so try it out we shall see if it works.

what about Flickr?

I don’t want to get to emotional about this

But this is how I feel about the Microsoft letter and flickr. I am not even that big a flickr user but I like it – I joined when all my friends in the tech world were signing up and sharing photos and I wanted to to. It was at the time an independent company and was subsequently acquired by Yahoo! Now with this hostile take over situation with MSFT it could be owned by THEM. It is really devastating to think that all the energy I and others put into this space would be owned by THEM. BTW this also applies to Delicious – I don’t use it that much but I like it.

The thing I wonder about is – could the fans of flickr (and delicious) raise enough money to buy them from Yahoo! to prevent them being owned by MSFT. I bet you there would be enough community support (read money) that would come forward to prevent the sale. I really could care less about Yahoo!’s home page or its search or even its mail services – MSFT can have them for all I care. I do care about the products and services I use and have an emotional resonance with me cause I LIKE THEM. How can community space be owned by communities – could flickr become the first consumer cooperative on the web? I know I am dreaming big and this is not likely but I just had to put it out there.

Update: I am making a strong distinction between the acquisition of Yahoo! the internet portal/services company and the identity efforts that MSFT is an active participant.

So let me be totally clear I completely respect all the people that I have met at MSFT working on user-centric digital identity.

Every promise Kim Cameron has made to the community about openness and disclosure has happened. There has been real collaboration between the OpenID community and MSFT culminating with their joining the board. At RSA last week MSFT was a very active participant and supporter of the OSIS interop. Mike Jones is doing amazing work to weave all the efforts together so a real identity meta-system with plurality can emerge.

All the MSFT participants have been more then good community actors since the identity gang began over three years ago now.

I distinguish between their work in the field of identity AND the potential aquision/takeover of the same company one of the major internet portals – that I happen to have a strong personal relationship with. Last time I checked it wasn’t the “great” identity guys that would be in charge of the new Yahoo! acquisition – I am happy to be proven wrong though.

I don’t feel it is right to ask me to be silent about my discomfort regarding this impending acquisition.

What is the problem?

At MashupCamp 6 I lead a session about Data Sharing. Asking what is the scope of this problem. Dusty created this diagram from the session. I am going to take the Whiteboard and translate it into a diagram shortly. This conversation could have gone on for at least another hour. It is a big elephant and I hope we can get clearer on it and solve some of the problems at the Data Sharing events.

Are VRM ideas gaining traction?

This is from Zallas Technologies:

“Conventional wisdom has focused on customer identification as the foundation for one-to-one marketing campaigns,” says Adam Sarner, principal analyst at Gartner. “The reality of Generation V creating anonymous online personas, and the sheer power of their growing influence in an online environment, mean companies must change their methods of acquisition and relationship building.” He believes that CRM-focused companies and particularly their marketing departments must take notice of this change and engage with these “online personas” rather than with the actual customers who stand behind them.

“Going forward, customers’ true identities will have less importance, and instead companies will need to understand the role or persona that customers are playing at any given time and treat them accordingly,” says Sarner, who further believes that providers of third-party customer data, business intelligence, and analytic tools will shift toward consumer applications and eventually arm companies with automated, artificial intelligence and self-learning “persona bots” to seek customers’ needs and desires.

there are 6 things they list CRM focused companies need to do – this is one of them

Develop a mutually beneficial relationship. Use the information that you gather from your customer base (through data collection and communication) to create a two-way flow of information between your “persona” customers and your company. Use that input to hone your offerings to match various “persona” wants.

Dinner for RSA Wed Apr 9th @ 7:30

We are organizing an Identity Commons community Dinner on April 9th beginning at 7:30 for drinks – dinner at 8:00. The location will be the same as last year Sauce at 131 Gough (a sort cab ride from Moscone). This is a great place – wonderful wine, good food at reasonable prices. We have the whole back room reserved (up to 40 people).

Please RSVP on the Identity Gang Wiki. If you can’t do that for some reason you can e-mail me kaliya *(At) Mac.com.

John McCain headed to Blackrock City

This is my favorite April Fools so far

From the Burning Man Site:

“We’re in this race to win,” said McCain, a decorated war veteran, “and if it takes coming out to a place like Burning Man, and mixing with … these … people … to do it, well … I figure I’ve been held captive in a North Vietnamese POW camp … how bad could this really be?”

This year most of my burning man camp Sustainabilaville is not going to the ‘main’ Burning Man in August but to the Regional event in June. I am still thinking about going to BM but need to find a good camp to be with. Maybe it is the year for ‘identity camp’ :).