ID Collaboration Day

RSA is coming up in February and to celebrate Valentines Day Kantara and IIW/ID Commons are collaborating to put on a day of unconferencing to get work done across the user-centric, enterprise and government Identity efforts.

Because of the nature of the Monday of RSA with morning and afternoon activities – we are offering Morning and Afternoon tickets ad will make the agenda following lunch for the afternoon.

You can see the topics proposed so far here on the IIW wiki.

Here is the Announcement on the IIW Site

Cartoon of the year!

Infocards, while currently not enjoying broad adoption, are inevitable
Paul Madsen Cartoon

When I first saw this cartoon in my aggregator it made me laugh and sigh.

At the privacy event at MIT at the beginning of this month the word on the street was that both OpenID as we know it and information cards as we know it are both “dead”.

I am a bit afraid for naming this “whispered fact” in the public blogosphere. The reason I am doing it is because I am very interested in learning more from people who were at the event about what was covered and what they think is promising.

I do know that there is energy behind moving OpenID ABC forward and John Bradley & Nat Sakimura are working hard on it.

Identity and Personal Narrative & the Digital Age

One of the things you learn early on when diving into the subject of identity is that it means many things.
The sense of self is one of them.  Today I ran across this article via John Hage’s facebook.  Storytelling 2.0 when new narratives meet old brains.
“We are our narratives” has become a popular slogan. “We” refers to our selves, in the full-blooded person-constituting sense. “Narratives” refers to the stories we tell about our selves and our exploits in settings as trivial as cocktail parties and as serious as intimate discussions with loved ones. We express some in speech. Others we tell silently to ourselves, in that constant little inner voice. The full collection of one’s internal and external narratives generates the self we are intimately acquainted with. Our narrative selves continually unfold. [Read more…]

Personal Data Ecosystem Videos from Telco 2.0

I had a great week at Telco 2.0 the week before IIW.   STL partners has been running Telco 2.0 events for a few years focused on new business models for that industry.   They have honed in on the potential to provide services to people to collect and manage their own data.   This week they published interviews from three of the key speakers all of whom who also attended IIW the following week.  Much of the focus for both events was on the emerging Personal Data Ecosystem.

I recommend the content on the Telco 2.0 site and if you are interesting in visiting interesting innovative parts of the Telco world they have great events for that.

AT&T: to be a ‘Personal Information Agent’
Von Wright, VP Cloud & Wholesale Services, describes how AT&T plans to put consumers in control of their own data, and take the role of an agent or broker for their Personal Information

Google: Strategic ‘Co-opetition’ with Telcos on Consumer Data

The ‘Personal Information Economy’ will see a higher intensity of strategic co-opetition between Google and telcos according to Google’s Eric Sachs.

Microsoft: Why Telcos Must Act Now or Lose The Opportunity

Marc Davis, formerly Yahoo! Mobile’s Chief Scientist, now at Microsoft, and a key collaborator with both Telco 2.0 and the World Economic Forum’s ‘Re-Thinking Personal Data’ initiative, gives his unique perspective on the ‘Gold Rush’ for personal information, and why telcos must act now or lose the opportunity to take a valuable role in it.

The Emerging Personal Data Ecosystem

This week I am heading to Telco 2.0 because the conversations with telco’s about how they participate in the Personal Data Ecosystem are moving forward in interesting ways.   IIW #10 had several long sessions about the topic. IIW-East was full with each of the 8  time slots having a session about different aspects and IIW-Europe October 11th coincided with the announcement of the first community prototype personal data stores by MyDex.

Learning from one of the mistakes of the past – market confusion inhibiting understanding and adoption of user centric identity technologies. The Personal Data Ecosystem is going to be a “front door” for those seeking to understand the ecosystem overall with a simple message and clear picture of what is happening. It will also connect people to the community working on the aspect of the ecosystem relevant to them. Our focus is on developing the  core communities needed for success and fostring communication amongst them.  These communities include  end users, large personal data service providers, companies providing data to personal data services, developers and startups leveraging this new ecosystem, regulators and advocacy groups along with the legal community and their efforts to create the legal frameworks needed to really protect people.

We arleady have a number of projects working on key aspects around the ecosystem and we will support their success linking them together – Project VRM, ID-Legal, Project Nori, Higgins-Project, Project Danube, and IIW (they are linked at the bottom of the Personal Data Ecosystem site),   This is a big tent ANY OTHER projects that are related are welcome.  We don’t need another dot org to link efforts togethers so PDE is going to be chartered as part of IC3 (Identity Commons).

Right now the Personal Data Ecosystem site is aggregating content from blogs of those covering and building in the space.   This week we will be doing our first Podcast covering this emerging industry – Aldo Casteneda who you may remember from The Story of Digital Identity will be hosting it with me.

Next week we will be able to collect links submitted via delicious for the blog. I am working with the fabulous Sarah Dopp on website strategy and online community development and Van Riper is working with me on community management.

IIW coming up in a week is going to be a core community gathering for emerging developments.

IIW #11 in a Week

IIW begins in a week on Tuesday November 2nd. Election Day in the US (if you can vote we want you to remember to do that before leaving for IIW)

We are really excited about all the attendee’s who are registered so far. The list is diverse and interesting and includes, independents, startups, students and people from big companies. I encourage you to browse it at on the bottom of our registration page

We have one day tickets now available and regular registration ends Thursday at midnight. “IIW-Nov” is a discount code for 10% off that.

The emerging themes we have identified are reflected in the topics proposed on our wiki

  • User-Centric Identity applied (OpenID, OAuth, XRD, SAML, InfoCard, Activity Streams, etc.)
  • Personal Data Ecosystem
  • Federated Social Web
  • Vendor Relationship Management
  • Active Clients (tools in the browser and other clients)
  • Identity in the Cloud

We have Demo slots available for Wednesday after lunch.
There is more room for your project to share please let me know (kaliya[at] if you are interested in doing so. I need a name, link and 280 character description by Friday October 30th.  There are about 10 requests via registration.  Here is where the description will be posted once submitted.

Tuesday doors will open at 8AM for registration. Phil Windley will give the opening talk at 9am and we will begin agenda creation by 9:30. We will have 5 sessions per day. Dinner on Tuesday and Wednesday will be hosted and at local restaurants. You can find the schedule online. If you are wondering about how the unconference works please read this post on Kaliya’s unconference blog.

I pulled these from the topics wiki

Critical Topics to discuss with peers:

* I fear that Facebook Connect and Twitter Connect are the new AOL
* current and future business cases
* Need for web agent (browser) externsions. psuedonym, NSTC
* Understanding what has stabilized about protocols so we can standardize our partners on them
* Open Identity Trust Framework
* Future of authentication from a user perspective.
* What are the components of a personal data ecosystem? What rights and protections do we need to articulate in law and enforce through social norms?
* Best applications and issues for combining social information
* how do we want to represent identity in the OS/browser
* “all sorts of “”real world users”” issues and questions”
* How to make this stuff invisible
* “what are all stakeholder identity needs; what system “”metrics”” would help them”
* how/if their ideas apply when a domain name or IP address is the only identifier
* Where do we go from here?
* “How do we start the path to laws that give power to people over “”their data””
* What’s on the horizon, how are people bridging consumer & enterprise identity protocols, how does OAuth change things, what about Info Cards, etc., etc.
* zero password initiatives
* adoption of OpenID and OIX Trust Frameworks
* Personal data store interop
* “Multiple “”Identities”” and the requirement to be conscious of them”
* Full session life-cycle management
* UMA / Personal Datastore
* how to make this all user comprehensible

Vision & Principles for the Personal Data Ecosystem

This is an outline of a my Vision for Core Aspects of the Personal Data Ecosystem.

I along with others are working to catalyze, grow and launch this ecosystem – more posts will follow on that work.

Visions and Principles for the Personal Data Ecosystem

The future is at stake – without control over our own personal data, having a copy of all the digital bread crumbs we are leaving behind in the digital world, we leave ourselves to be tracked, and potentially manipulated by commercial interests without our knowledge.

This presents a vision for core aspects of the emerging interoperable, open standards based ecosystem of personal data services – rooted in the core functionality of a Personal Data Store – the vault/locker/services/broker where all an individuals data is collected and stored and managed.

Dignity of the Individual is Core
Human dignity must lie at the core of the Personal Data Ecosystem. People must be able to shape how they represent themselves in digital contexts. People need the freedom to shape how they present themselves and how the data they generate in their lives is collected and used.

Systems Must Respect Relationships
Relationships must be respected between people, between people and groups, and between groups and groups.  The Personal Data Ecosystem must respect that people and communities have different levels of publicness.  The relationships that people have with one another must be respected and the social context in which they are formed must be honored.

Remember the Greatness of Groups
Personal Data and control over it give people a core human dignity.  It also must be remembered that human social life and human identity is shaped by our participation and membership in groups. It is the core organizing form of our society. Fundamental functionality must enable people to organize in groups, and it must be abstracted from any particular service or domain space.

The Social Web is not Networked Individualism
People broadcasting what they do to their friends or followers does not make a social web; communities and groups do.

Protocols that Enable Broad Possibilities are Essential
Protocols matter deeply: they shape what is possible by their definition of use cases that are possible or not in a given protocol landscape.   To have a truly social and dynamic web, there is a role for protocols that are designed specifically for that purpose, not just to create web pages or send emails.

Open Standards for Data and Metadata are Essential
It is vital that the personal data store ecosystem be interoperable with open standards so people are free to choose which personal data services they wish to use.  Just like people are free to pick which bank to hold their money and provide services to them in the financial realm.

Defaults Must Work for Most People Most of the Time
All systems have defaults.  The paradox of choice is that more options can overwhelm people and they end up not considering the choices they have. Real people need to have input into the creation and ongoing development of systemic defaults.

Norms and Practices in the Personal Data Ecosystem Must be Backed up by Law
Emerging technologies need to have legal agreements and frameworks innovated to match their functionality.  The work on the legal framework for this ecosystem is as important as the protocols and code that make it go.

Business Opportunities Abound in this New Personal Data Ecosystem
The paradigm of user collection, control and management of the personal data they are creating implicitly and explicitly around the web is a huge opportunity for services and ways of doing business. Creativity is needed to think through these new possibilities.

Diversity is Key to the Success of the Personal Data Ecosystem
Large companies and nimble startups are all needed for the success of this emerging ecosystem.

I originally outlined these on August 12th just before the XDI Retreat that happened in Whistler, Canada.
The guys stopped by on their way to that event and I handed them this sheet of paper.

UPDATE: Phil Windley posted the following IIW principles for the Personal Data X (with X being, store, service, locker, bank, broker, vault, etc.) following IIW-East in DC. At that event we had a session on personal data X in each of the 8 conference session time slots. They are very complementary. Principles for PDX.

IIW-East Introduction

This was the presentation I shared for the opening of IIW-East it covers an overview of the history of the community and where we are going next. Mary Ruddy’s presentation on Open Identity for Open Government followed this.

IIW-East Introduction to Identity Community

Mary Ruddy presented about Open Identity for Open Government.

IIW-East opens Thursday

Phil and myself just got back from our walk through at the Josaphine Butler Parks Center where IIW-East opens tomorrow.  He shot some photos of it (outside) (inside)

We are doing our first Internet Identity Workshop outside of the Bay Area and our first with a theme – Open Identity for Open Governmnet.

We have over 75 people attending from around the world – you can see the names at the bottom of the registration page.

The proposed topics shared so far as attendees register can be seen here on the wiki. They are amazingly diverse and center around key issues about policy, standards, legal frameworks and the path forward for those who care about creating an identity layer/infrastructure/platform that really works for people.

The actual agenda will be created tomorrow morning at 10 am following an introductory talk by Kaliya Young Hamlin and Mary Rudy at 9am.  We will make the agenda for Friday at 9am that day.

Personally I am passionate about the conversations that will be happening about personal data stores and their evolution.

We are not at War

I was the first person Van asked to speak at the Community Leadership Summit West Ignite talks. I was the last person to submit my slides. I have a lot to say about community but I had a hard time figuring out exactly what to say. I knew I wanted to talk about the identity community and our success in working together. Robert Scoble’s quote really got me going and I decided to use the talk to respond to the comment that was catalyzed by his facebook post/tweet “Who is going to win the Identity War of 2010”

This is completely the wrong frame to foster community collaboration.

Internet Identity Workshop Fall – 3 events

The Tenth Internet Identity Workshop in May, 2010 was the largest ever. We have had inquiries from community members on the East Coast of the US and in Europe have been lobbying us to bring the event to their locations.  We are happy to confirm that we are going host IIW’s in Washington, DC  and London.

WE NEED YOUR HELP! Please take some action if you like IIW and are reading this. IIW is been about the community that attends and participates year round in the activities of groups that use the event to get real work done and move the industry and vision of user-centric identity that works for people forward.

So with these events upcoming Phil, Doc and I need your help in spreading the word to your collegues on the East Coast and in Europe who would enjoy the event.

To help you do this we have several tools and options.
Blog badges for specific events. (These are two of them their are more on the wiki)

For IIW-East September 9-10 in Washington DC

For IIW-Europe, October 11 in London we have

For IIW #11 in Mountain View, November 9-11

If you value IIW and the conversations that happen there please take some initiative and reach out to colleagues to spread the word about these events.  Because of the community focus of the events we  rely strongly on community word of mouth to let people know about them.

It would be great to have community ideas put forward for the main IIW invitation articulating the current foci of conversations.

Privacy Identity and Innovation – pii & Women

The Privacy Identity and Innovation is coming up August 17-19th in Seattle, Washington.

This conference is the brain child of Natalie Fonseca who has run the Tech Policy Summit for several years.

I am speaking at the event on a panel about personal data stores (a new project I will write more about here soon).  I am really proud to be amongst many other women industry leaders speaking. I know Natalie took proactive approach to recruiting women to speak and voila – their are women speakers at this technology conference.

Denise Tayloe, CEO of Privo
Marie Alexander, CEO of Quova
Linda Criddle, CEO of Reputation Share
Fran Maier, President of TRUSTe
Anne Toth, Chief Privacy Officer for Yahoo
Michelle Dennedy, VP at Oracle
Judith Spencer of GSA
Christine Lemke, CTO of Sense Networks
Betsy Masiello of Google
Heather West of Center for Democracy and Technology
Eve Maler of PayPal
Susan Lyon of Perkins Coie
Deborah Estrin of UCLA

It should be a great event – the guys on the program are equally cool.

Navigating the New Normal: John Seely Brown at Catalyst

I am here this week at Burton Group Catalyst. The conference kicked off with a what was by all accounts good talk from John Seely Brown talking about “the New Normal”.
NishantK: John Seely Brown: many of the things that made us successful in the 20th century will make us unsuccessful in the 21st century
jmatthewg1234: John Seely Brown – Thriving in a world of constant flux
bobblakley: John Seely Brown explains the shift from stores of info to flows of info at
bobblakley: “The cloud is much more disruptive than any of us have ever thought.” John Seely Brown
bobblakley: “SalesForce disrupted Siebel; now being disrupted itself by SmallBusinessWeb. Things are moving that fast.” John Seely Brown
NishantK: John Seely Brown: Good network is loosely coupled, trusted, not captive & filled w highly specialized nodes < basis of #cloud promise
bobblakley: “Moving to cloud requires factoring policy out of apps & making it a 1st class object.” John Seely Brown
bobblakley “Policies must have version numbers.” JohnSeely Brown
bobblakley: “Control-oriented flows won’t work in federated clouds.” John Seely Brown
jonathansander: Outside-in architectures start with the notion of an ecosystem. John Seely Brown
NishantK: John Seely Brown: Need to move from Inside-out to Outside-in architectures – less control, more trust, less predictable, more agile
bobblakley: Schemas are a hindrance in a world of unpredictability – John Seely Brown
bobblakley: “Data has tremendous inertia; don’t bring data to the computer – bring the computer to the data!” JohnSeely Brown
bobblakley: “Web 3.0 will use social media for context sensitive exception handling.” John Seely Brown
jonathansander: Policies are 1st class objects in enterprise 3.0, but so are exceptions. John Seely Brown
bobblakley: “Two things you don’t want to lose control of are policy and data” John Seely Brown
bobblakley: “The edge pulls the core to it by exploiting cloud services and social media.” John Seely Brown
drummondreed: John Seely Brown at Catalyst: the biggest innovation of the past 100 yrs is not the microprocessor but the Limited Liability Corp
This morning the conference kicked off for real with 5 tracks of amazing content. Those of you who know me, know I really am not a big fan of “regular talking heads conferences.” I often tell folks this is the only talking heads conference I recommend attending. The quality of content and thought put into the analyst presentations and the industry people on stage is of a very quality.

When to share your real name? Blizzard and their Real ID plans.

I was recently CCed in a tweet referencing this article “Why Real ID is a Really Bad Ideaabout World of Warcraft implementing their version of a “Real ID” in a way that violated the trust of its users.

The woman writing the article is very clear on the identity “creep” that happened and got to the point of requiring users to use the Real ID account within the system to post on forums and EVEYWHERE they interacted on company websites.

She articulates clearly why this creates an unhealthy climate and a chilled atmosphere for many users.

[Read more…]

Internet Identity Workshop in DC

The Internet Identity Workshop is coming to the east coast for the first time – September 9-10, 2010 in Washington DC.

The theme for the event is Open Identity for Open Government. You can learn more about the event on the IIW website and register over on this site.

Internet Identity Workshop comes to DC!

Theme: Open Identity for Open Government.

Register Here!

Internet Identity Workshop East (IIW-East) is September 9-10, 2010 in Washington DC  at the Josaphine Buttler Parks Center.  This event immediately follows the Gov 2.0 Summit.

The Internet Identity Workshop has been held semi-annually in California since the Fall of 2005. The 10th IIW was held this past May and had the largest attendance thus far. There have been many requests to have an IIW on the East coast, and now the Open Identity for Open Government Initiative is providing a timely incentive to have one in Washington.

IIWs focus is on “user-centric identity”, addressing the technical and adoption challenge of how people can manage their own identity across the range of websites, services, companies, government agencies and organizations with which they interact. IIW-East will focus mainly on the government adoption of open identity technologies for use by government websites.

Unlike other identity conferences, IIW’s focus on the use of identity management approaches based on open standards that are privacy protecting. IIW is a unique blend of technology and policy discussions where everyone from a diverse range of projects doing the real-work of making this vision happen are able to gather to work intensively for two days. It is the best place to meet and participate with all the key people and projects such as:
  • OpenID
  • IMI Information Cards
  • GSA approved schemas for open identity protocols
  • Personal Data Stores
  • NIH pilot adoption of Open Identity technologies
  • Certification of industry open identity credentials
  • Business models for higher LOA open identity credentials
  • National Strategy for Trusted Identities in Cyberspace

The event has a unique format – the agenda is created live the day of the event. This allows for the discussion of key issues, projects and a lot of interactive opportunities with key industry leaders.

The event compiles a book of proceedings with the notes that are gathered from the conference. You can find the Book of Proceedings for IIW7IIW8,  IIW9IIW10 here. BTW these FOUR documents are your key to convincing your employer that this event will be valuable. As attendees register we ask about topics they wish to discuss.

Providing identity services between the general public and government websites is a different problem than providing authentication and authorization services within one or a few organizations (enterprise provisioning/termination or federation between two companies or government agencies).

As a community we are exploring these kinds of issues:

Questions Agencies Face:

  • How can open identity technologies enable open government
  • How can agencies leverage identity credentials generated by other organizations
  • How can the government  leverage the efforts of social networking sites that offer user-centric identity credentials
  • What are the advantages to agencies of adopting open identity technologies
  • How can open identity technologies enable your websites to move beyond brochure-ware
  • How can we increase the speed in which government organizations can benefit from the use of open identity approaches
  • How to manage Federated Identity on an ever increasing scale
  • What are the implications of National Strategy for existing policy mandates
  • Should there be integrated political architecture
  • There are five distinct Cyber Security Bills in Congress now – what are the implications

Policy  Considerations:

  • The relationship between FIPS (Federal Information Processing Standards) and identity management
  • What are the business cases for agencies to adopt Open Identity Technologies
  • What are the new legal constructs that make this work
  • How to use open identity technologies to preserve privacy while providing personalization
  • GSA standards for the use of open identity technology
  • Data Privacy Issues
  • Personal Data – how is it stored and shared with end users
  • How are these new approaches regulated

Technical Issues:

  • Open identity standards (identity and semantic)
  • What software is available to leverage open identity standards
  • How different standards and technical implementations interoperate
  • How agencies can accept identity credentials generated by other organizations
  • How open identity technologies can enable your website to move beyond brochure ware, without using cookies
  • How to leverage open identity technologies in your technology roadmap
  • How to implement Federal Identity
  • Tecnlogy issues involved in implementing existing Identity Management technology
  • Lessons learned – what are the most effective ways for Federal Agencies to build and employ identity systems

New Industry Developments:

  • Personal Data Stores/Data Banks with our digital footprints recorded
  • What new Identity Management technologies are on the horizon
  • National strategy for trusted identities in Cyberspace

Please join us at the Internet Identity Workshop

To consider all these and more!

It is the best place to meet and participate with all the key people and projects such as:

  • OpenID
  • IMI Information Cards
  • GSA approved schemas for open identity protocols
  • Personal Data Stores
  • NIH pilot adoption of Open Identity technologies
  • Certification of industry open identity credentials
  • Business models for higher LOA open identity credentials
  • National Strategy for Trusted Identities in Cyberspace

Thoughts on the National Strategy for Trusted Identities in Cyberspace

Update: This blog post was written while reading the first draft released in the Summer of 2010. A lot changed from then to the publishing of the document in April 2011.

Here is my answer to the NSTIC Governence Notice of Inquiry.

And an article I wrote on Fast Company: National! Identity! Cyberspace! Why you shouldn’t freak out about NSTIC.

Interestingly in paragraph two on the White House blog it says that NSTIC stands for “National Strategy for Trusted Initiatives in Cyberspace” rather than “National Strategy for Trusted Identities in Cyberspace”.

This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.

[Read more…]

The Identity Spectrum

I published V1 of this in a post on my Fast Company blog about the government’s experiments with identity.
I did a more complete version for the opening talk of the Internet Identity Workshop

The Identity Spectrum gives a understanding of the different kinds of identity that are possible in digital systems. They are not exculsive – you can mix and match. I will define the terms below and discuss mixing and matching below.

Anonymous Identity is on one end of the identity spectrum–basically you use an account or identifier every time go to a Web site–no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don’t reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give “fake” information or true information about yourself–it is up to you.

Socially Validated Identity is an identifier within the context of a social graph that is linked to and because of the social links it is acknowledged by others thus being socially validated

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.

Mixing and Matching on the Identity Spectrum
You could have a socially verified pseudonymous identity. That is people recognize and acknowledge a pseudonymous handle/avatar name by linking to it in a social graph. You can have verified anonymity where attributes about a handle/avatar are ‘verified’ but the all the information about the verified identity (full name, address, birthdate etc) is not reviled.

IIWX Internet Identity Workshop 10, Introductory Talk

I gave this talk at the 10th Internet Identity workshop reviewing the shared history, language, understanding and work we have done together over the last 6 years of community life.

Part of this presentation touched on a timeline of events in the community. Those and more are reflected on this timeline that is beginning to be developed here. IIW11 will be November 9-11 in Mountain View, CA The first ever IIW outside the Bay Area will be happening September 9-10 in Washington DC following the Gov 2.0 Summit with the theme Open Identity for Open Government. The first IIW in Europe will be happening in London likely October 9-10 (dates still to be confirmed) prior to RSA Europe. If you would like to know about when the next IIWs have registration open please join this announce list. TheIdentity Gang is the community mailing list where conversations are ongoing about identity. You can follow modest updates about IIW on twitter via our handle – @idworkshop You can see IIW 10 attendees on our registration page.

On Identity and Centralization

I was asked for a quote today to comment on F8 developments and the continuing apparent “centralization” of identity on that platform. It is not new for me to say these things but perhaps more crystallized…..

The turning point of the web becoming more social was mentioned several times today.

The issue at hand is fundamentally about FREEDOM: the freedom to choose who hosts your identity online (with the freedom to set up and host your own), the freedom to choose your persona – how you present yourself, what your gender is, your age, your race, your sex, where you are in the world. A prime example of WHY these freedoms are vital is the story of James Chartrand – you can read for yourself her story of being a “him” online as a single mother seeking work as a copy editor. Having a male identity was the way she succeeded.

We did a whole session at She’s Geeky the women’s technology unconference about women, identity and privacy online. ALL the women in that session had between 3-5 personas for different aspects of life and purposes. Many of those personas were ‘ungendered’ or male. I have not talked to many people of color about their online lives and persona management but should. I imagine that like women they choose for some of their persona not to identify racially.

Your “friends” shouldn’t be locked into a particular commercial context. This is where the work on client-side applications for identity management and social coordination for individuals are key. The browser was never designed to do these kinds of functions and I don’t think trying to make it do them is wise.

We need open “friend” standards where people are autonomous, without their identity tied to a commercial silo – like Google, Yahoo, Facebook, Microsoft, AOL, or any company. This is a vision of a web where I can “peer friend” my friends, and then no entity has power over our relationship. This requires people to be first-class objects on the web. Not easy to do, but essential for us to figure out.

IIW Date Shift – May 17-19

It turns out Google I/O is the week of IIW.  We found out too late to shift weeks but early enough to shift days to only conflict 1 day (the 19th).  Please mark your calendars accordingly.

Early Bird Registration is in effect for another month. Sponsorships and “big tickets” (for those who can expense a higher ticket price but can’t get actual “sponsorship budget”) are still available.

RSA Dinner for the Identity Community

There are a few events on the yearly calendar where a corum of identity folks come together – RSA is one of them.

We are organizing an informal community Dinner on Tuesday evening at 7pm.

Everyone is WELCOME! just RSVP here on eventbrite. It will be no-host but not that expensive. We are looking at Indian places near the main hotel cluster for RSA.

The hosted Ping Party will follow at a location TBD.

If you were ever a part of or are interested in knowing more about the Identity Gang, OpenID, Information Cards, Higgins, Project VRM, PubSubHubbub, Salmon, XRD, LRDD, XRI, XDI, Volunteered Personal Information, UMA, Kantara, DiSo, Open Social, augmented browsing,  end user focused proctols for individual and community empowerment  this event is for you.

ID-Legal – Mapping the Gap – Bridging Commumities

Next month we are hosting a gathering called Map the Gaps. It came out of a session I ran several IIW’s ago asking the question what if there was a “Legal-IIW” the intent was always to cross communities and connect activities already in this area.  The intent from the beginning was to connect with and work with PPEG at Liberty Alliance. I am happy to be working with Robin from Kantara who ran the PPEG group at Liberty Alliance. Lucy from the Internet Society has been a real champion of the event.

We are threading the needle of size and accessability. Our intent is to make as much as possible about the conversation public and report out.  We also know that the energy is really different with 20-30 people vs. 100.   We are seeking interest particularly from technologist who are interested in understanding how Lawyers think and how different aspects of law are going to end up impacting the technologies they build and how those technologies will change the law.

You can see the matrices we are looking to fill in here on the ID-Commons wiki.

Here is the invitation and this is a link to express interest in attending.

Identity Commons and The Kantara Initiative
present an identity workshop and symposium to
“Map the Gaps”
Sponsored by the Internet Society.
March 18th-19th, 2010, Washington DC

The event will be attended by representatives of the diverse identity communities to help “Map the Gaps” that currently exist between the policy/legal and technology views of digital identity and online privacy.

The intention of the “mapping” exercise is to benefit the overall identity community by cataloguing and examining the characteristics and approaches of various online identity-related technical and legal initiatives, so that they can be applied to find common ground to integrate the research and development initiatives in the identity space.

The infrastructure for online identity continues to evolve, and increasingly raises social and privacy questions which are large, complex, and cannot be solved either by technology alone, or by a “single-stakeholder” approach.

While technologists and lawyers have worked separately in the past, identity technologies are now bringing people together in ways that are so intimate and far-reaching that they change both the way humans relate to technology, and the technologically-mediated ways humans relate to each other. Many of those technologically-mediated interactions are the subject of various established laws, which must now be reviewed in the light of this evolution: the technology cannot properly develop without legal guidance and vice versa.

This effort will depend upon the identification and creation of common concepts, language and paradigms to guide future development in the area.  Our aim is to bring technologists and legal and policy professionals together, establish a common understanding of each other’s domains, and map out the gaps which subsequent work would aim to bridge.

The “Map the Gaps” event will provide participants with a forum to contribute various perspectives on identity-related themes, the output of which may be coordinated with American Bar Association events as well as within working groups at ID Commons and the Kantara Initiative.

Due to limited space, the event is being held by invitation only.  There are, however, other ways to participate in this important work, including submitting written materials for inclusion in symposium online materials.

In order to assure that the broadest possible representation of interests is achieved to inform the work that will take place at the symposium, all submitted papers will be made available to attendees and others on the Identity Commons and Kantara symposium-related websites.

Limited spaces have been reserved at the symposium for a few additional invitations to be extended to individuals and institutional representatives based on a review of submitted papers.  Additional invitations may be extended based on those papers that offer significant perspectives and insights that are perceived to be different than or complementary to those already represented by the existing symposium attendees.

Next steps:
The symposium will be interactive and participant-driven: we ask all persons who would like to attend the meeting as participants to contribute, in advance (and no later than February 28, 2010), a brief (250-500 words) position paper, analysis or other  description of an interesting or pressing problem they have encountered in this field.  Papers will be posted as noted above, and we will extend invitations for participation to the authors of those papers that satisfy the criteria indicated above.

To express interest in the “Map the Gaps” workshop and symposium:

Event Committee:

  • Scott David, K&L Gates LLC.
  • Lucy Lynch, Internet Society
  • Kaliya Hamlin, ID Commons
  • J. Trent Adams, Internet Society
  • Robin Wilton, Future Identity, Ltd.

Chris Messina at Google – Good for him, Google & The Identity/Social Web Community.

I was one of the first people to congratulate Chris Messina on his blog when he announced he was going to Google. It was a personal congratulations. I wasn’t sure if it was good overall for the open web vision or the community as a whole. In the end after thinking about it for a few days I feel it is a good move for them, for Google and for the community. The rest of this post explains why.

With Chris going to Google it gives them three seats on the OpenID board (Joseph and Chris are both community board members and Google has a corporate paying board member seat filled by Eric Sachs). It concentrates a lot of power at Google and I agree with Eran’s concerns from Marshall’s RWW/NYTimes article …why be “open” if you can just have an internal product meeting with Brad Fitzpatrick and a few other Googlers and “ship” a product without reaching out to others. I agree with the concern and I think there will be enough eyes on these individuals in particular and Google in particular to challenge them if they do that.

Thursday morning I sat at “geek breakfast” in Berkeley with a friend discussing Chris and Joseph’s move to Google. We mused about how many people we knew who “get social” have been at Google and because “Google didn’t get social” they were unhappy so they left, Kevin Marks being just the latest example leaving in the fall for British Telecom/Ribbit where he works for JP Rangaswami, the CIO who really gets open.
Given this, if “just” Joseph Smarr was going to Google he would be more “alone” trying to “do social right” at Google. Yes, he would have allies but no one quite as high profile as himself. With Chris Messina there too, there are now two major committed community leaders who can work the politics involved in helping Google to “get” social and actually do it right. If anyone has a hope inside that big company it is those two and I don’t think either could be as effective alone.
If Chris and Joseph fail, that is if they get frustrated and leave (which they can at any time they want cause they are very “employable” because of their profiles by a whole range of companies in the valley) then is a sign that Google doesn’t really “get” social and isn’t moving in the right direction in terms of supporting the emergence of an open standards based, individually empowering & social web.
With Zuckerberg’s statement’s about privacy and the recent actions by Facebook to make user-information public, Google has a huge opportunity to live up to its slogan of “not doing evil”. Over the fall Google made some promising statements on the meaning of open and took action spinning up the Data Liberation Front.
I know many people who currently are and have been at Google. All of them talk about how secure things are internally – it is not possible to go into their systems and “look up a user” and poke around at what they have in their e-mail, or what they have searched on or what is in their google docs. Algorithms look at people’s stuff there, not people. Google takes their brand and reputation for protecting people’s private information seriously. I am not particularly starry eyed about Google thinking they can do no evil – they are just a company driven by the need to make a profit. I worry that they might be becoming too dominant in some aspects of the web and that there are legitimate concerns about the monopoly power they have in certain market area.
I don’t see this as a Google vs. Facebook fight either. Chris, Brad, Eric, Joseph are all at Google & David Recordon and Luke at Facebook; they are all good friends socially and are just six people in the overall identity community made up of about 1000 people at 100’s of companies. Yahoo!, AOL, Microsoft (enterprise & MSN side), are all involved along with PayPal, Amazon, BT, Orange, Mozilla, Sun, Equifax, Apple, Axiom, Oracle, & many many more. They all come together twice a year at the Internet Identity Workshops and other events to collaborate on innovating open standards for identity on the social web.
I invite those who want to participate in the dialogue to consider attending the 10th Internet Identity Worskshop May 18-20.

I take the health of the identity community, its over all tone and balance quite seriously. I helped foster it from the beginning really starring in March of 2004 including 9 months from June of that year until January 2005 it was my first major job – evangelizing user-centric identity and growing the community to tackle solving this enormous problem (an identity and social layer of the web for people). I along with others like Doc Searls, Phil Windley, Drummond Reed, Bill Washburn, Mary Ruddy, Mary Rundle, Paul Trevithick, Dick Hardt, Eugene Kim & many others formed the identity community. Having put my heart, soul, sweat and tears into this community and working towards good results for people & the web, I don’t say what I say in this post lightly.

The Age of Privacy is Over????

ReadWriteWeb has coverage of Zuckerberg’s talk with Arrington at the Crunchies. According to him, the age of Privacy is Over. This is the quote that is just STUNNING:

..we decided that these would be the social norms now and we just went for it.

When I first heard it in the interview in the video I did a major double take – “we decided” ?? seriously? The we in that sentence is Facebook and clearly with Zuckerburg is at the helm – He could have said “I decided” and he as the CEO of a social network has the power to “decide” the fate of the privately shared amongst friends in the context of this particular social network for millions of people (see my post about the privacy move violating the contract with users). It makes you wonder if this one platform has too much power and in this example makes the case for a distributed social network where people have their own autonomy to share their information on their own terms and not trust that the company running a platform will not expose their information.

It is clear that Zuckerberg and his team don’t get social norms and how they work – people create social norms with their usage and practices in social space (both online and off).

It is “possible” to change what is available publicly and there for making it normal by flipping a switch and making things that were private public for millions of people, but it is unethical and undermines the trust people have in the network.

I will agree there is an emerging norm that young men working building tools in Silicon Valley have a social norm of “being public about everything”, but they are not everyone. I am looking forward to seeing social tools developed by women and actual community organizers rather then just techno geeks.

I will have more to say on this later this week – I was quite busy Saturday – I ran the Community Leadership Summit, yesterday I flew to DC and today I am running the Open Government Directive Workshop. While I am here I hope to meet with folks about Identity in DC over the next 2 days.

Suicide Options for Facebook, LinkedIn and Twitter

I have another post up on ReadWriteWeb that went up just after Christmas covering people who are choosing to leave Facebook or considering doing so along with the tools to help them.

Fed Up with Facebook Privacy Issues? Here is how to End it All.

It highlights two different Web 2.0 suicide machines; one is an art project called .

The service creates a virtual memorial for you and posts you on a suicide wall & they give you points for how many friends you had and how many of them choose to follow you to the “after life”. The leader board is here.  You can see the RIP page for one of the creators of the service – Gionatan Quintini here.

It received a cease and desist from Facebook and responded.

The response is not covered in the article (it wasn’t out when I wrote it). It has some great quotes that sound like language coming from the user-centric identity community.

5. My clients have the right to receive information, ideas, and photographs from those people whom are the legitimate proprietors of this data and can decide to share this data or to store it, with the prior consent of its respective owners. All of this is freedom of expression and the manifestation of thought and free circulation of ideas that is accepted and guaranteed in Europe and in the U.S.A.

6. Facebook cannot order the erasure of data that does not belong to it, acting against the free will of the owners of such data. This is not protection of privacy, but rather a violation of the free will of citizens that can decide freely and for themselves how to arrange their personal sphere.

We shall see how Facebook responds to this.

Web 2.0 Suicide Machine is more comprehensive – covering LinkedIn & Twitter as well.

Here is the previous Read Write Web post on the changes in what is and is not public.