Value Network Mapping an Ecosystem Tool

My response, two years ago to the NSTIC (National Strategy for Trusted Identities in Cyberspace) Program Office issued Notice of Inquiry about how to govern an Identity Ecosystem included a couple of models that could be used to help a community of companies & organizations in an ecosystem co-create a shared picture. A shared co-created picture is an important community asset to develop early on because it becomes the basis for a real conversation about critical issues that need to be addressed to have a successful governance emerge.

The Privacy Committee within NSTIC has a Proactive Privacy Sub-Committee and before I went on my trip around the world (literally) a month ago.  I was on one of the calls and described Value Network Mapping and was invited to share more about the model/method and how it might be used.

Value Network Maps are a tool that can help us because both the creation of the map and its subsequent use by the companies, organizations, people and governments that are participating strengthens the network.   This is important because we are dealing with a complex problem with a complex range of players. In the map below we are in the top left quadrant – we NEED strong networks to solve the problems we are tasked with solving.  If we don’t have them we will end up with Chaos OR we will have a hierarchical solution imposed to drive things towards the complicated and simple but …given the inherent nature of the problem we will NOT fully solve the problem and fall off the “cliff” on the edge between simplicity and into chaos.

(In this diagram based on the cynefin framework developed by David Snowden architect of children’s birthday parties using complexity theory and the success of Apolo 13 )


So – what is a Value Network Map?

It models technical & business networks by figuring the roles in any given system and then understanding the value that flow between different roles.  Value flows include payment for the delivery of goods or services (these are tangible deliverables) but also intangible deliverables such as increased level of confidence because information was shared between parties (but was not contractually obligated and no payment was made).

Drawing from Verna’s book/site that lays out how to do it. There are four steps to a value network map.

1. Define the scope and boundaries, context, and purpose.

2. Determine the roles and participants, and who needs to be involved in the mapping.

3. Identify the transactions and deliverables, defining both tangibles and intangibles.

4. Validate it is complete by sequencing the transactions.


I’ve worked on several value network mapping projects.
I worked with the Journalism that Matters to document he old and new journalism ecosystem.I have lead several community Value Network Mapping efforts.

This projects highlights how the method can be used to talk about a present/past state about how things happen “now”. How do people today or 20 years ago share verified attributes with business and government entities one does business with?  If we understand the roles that exist in a paper based version/world How do those roles change in a future enable with technology and how do the value flows change and what new roles are created/needed?

A value networm map can be used to map the flow of rights and duties between different roles in an ecosystem can also be considered along with the flow of monetary and other value.

Two years ago I went with Verna Allee (the innovator of the method) to  the Cloud Identity Summit  to work on a map for my organization the Personal Data Ecosystem Consortium focused on the “present state” map to explain what currently happens when someone visits a website and clicks on an add to go buy something and then is asked to provide identity attributes.

We took this FCC submitted map that has the individual at the center and data flows to the businesses, government and organizations they do business with and is sold on to Data Brokers and then Data Users buy it to inform how they deal with the individual all without their awareness or consent.


PersonalData-VNA-NowMapWe added in a wrinkle to this flow and asked what happens when an individual has to prove something (an attribute) about themselves to make a purchase.

Our hope was to do this and then work on a future state map with a Personal Cloud provider playing  a key role  to enable new value flow’s that empower the  Individual with their data and enabling similar transactions.

This is best viewed in PDF so if you click on the link to the document it will download.

Creating this map was an interactive process involving involved two dozen industry professionals that we met with in small groups.  It involved using large chart paper paper and post-it notes and lines on the map.   We came into the process with some of the roles articulated, some new roles were added as we began mapping with the community.

An example to give you a sense of what it looks like when you do it in real life is this map that shows how trust frameworks & the government’s reduction of risk in the credit card system.

This was a small piece of the original map for the Personal Data Ecosystem (it did not end up getting included in the PDF version).  The roles are the orange flowers and the green arrows are tangible value flows and the blue arrows are intangible value flows.

So how could the Proactive Privacy Sub-Committee use this method?

At an IIW11 one of the practitioners of value network mapping came to share the method and we broke up into smal groups to map different little parts of an identity ecosystem. We had a template like this picking four different roles and then beginning to map.

The exercise is written about here on Verna’s website.

Scott David was a community member there and really saw how it was a tool to understand what was happening in systems AND to have a conversation about the flow of rights and responsibilities flow.

The method is best done face to face in small groups.  It helps if the groups are diverse representing a range of different perspectives.  A starting point is a use-case a story that can be mapped – what are the roles in that story and then walking through the different transactions.

So how do we “do” it. Well a starting point is for those interested in helping lead it to identify themselves in the context of the pro-active privacy committee.  We should work together  to figure out how we lead the community using this process to figure out the privacy implications and see where the money flows for different proposed solutions.

We can try to do a session at the upcoming July or October plenary.

We could also organize to do some meetings at:

  • conferences in the next few months were we can identify 5-10 interested IDESG members to participate in mapping an ecosystem chunk for an hour or two.
  • in cities around the country where we identify 5-10 folks who want to spend an hour or two mapping an ecosystem chunk.

It would be great if we decide to do this that the Secretariat lead by Kay in her role as Executive Director of the IDESG can support us in organizing this (That is why we are paying htem 2.5 million buck s to help us  do the work of  organizing in a meaningful way.

I am friends with Verna Allee and can ask her for advice on this however I think the kind of help/advice we need to really use this method and do it WELL would behove us to actually use NSTIC IDESG moneys to hire Verna to engage with us in a serious way. When I wrote my NSTIC NOI I did so thinking that their would finally be monies available to pay people to do community conference building work like this.  Perhaps it is not to late to do so.



ID biz models “in the future maybe” says Johannes

Johanne Ernst is a builder of Identity technologies (and one of the clearest thoughtful thinkers about identity technologies and markets. He just posted a great post about business models in the identity space. I know he has at various times tried raise money as an entrepruner in this space – so he has thought a lot about the business models.

For those of you who don’t know Johannes he developed Light-Weight Identity (LID) a URL based ID system at the same time Brad Fitzpatrick did at Live Journal and then participated in merging it all together into YADIS discovery which became woven together with OpenIDv1, XRI/i-names  and sxip to become OpenIDv2. He also was the first drawer of the identity triangle (OpenID, SAML, InfoCards) which evolved into the Venn of Identity.

Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

The mot important sentence is this one – Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

I take heart with what he has to say especially because he addresses it to a big part of what I do – organize (un)conferences to continue momentum for the field.

From his post:

Value-added services:
Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

So the verdict here is: perhaps in the future.   

So what’s an analyst, or conference organizer, or entrepreneur, or venture capitalist to do?

My take: Hang in there, keep the burn rate low, make no major moves, would be my advice. (Believe it or not, sometimes I’m being asked about my advice on this.) All the signs are pointing in the right direction, the latest being Google’s major OpenID push. Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

Sooner or later, at least the value-added services opportunity will emerge. Perhaps others. But so far it has not yet.

Lessig on the FCC and Internet

Lessig is on to corruption this is quoted from a recent interview he gave on the subject:

One of the biggest targets of reform that we should be thinking about is how to blow up the FCC. The FCC was set up to protect business and to protect the dominant industries of communication at the time, and its history has been a history of protectionism — protecting the dominant industry against new forms of competition — and it continues to have that effect today. It becomes a sort of short circuit for lobbyists; you only have to convince a small number of commissioners, as opposed to convincing all of Congress. So I think there are a lot of places we have to think about radically changing the scope and footprint of government.

Most interesting to me was when I was doing research very early on about this, and I talked to someone who was in the Clinton administration. They were talking about Al Gore’s original proposal for Title VII of the Communications Act. Title II deals with telecom and Title VI deals with cable and Title VII was going to be an Internet title. And Title VII was going to basically say, no regulation except for minimal interconnect requirements — so it would be taking away both DSL and cable and putting them under one regulatory structure that minimized regulation of both. When this idea was floated on the Hill, it was shot down. The answer came back was, “We can’t do this! How are we going to raise money from these people if we’ve deregulated all of this?”

So I completely agree. I think we’ve got to recognize that the way the system has functioned is to insinuate regulation in all sorts of places that aren’t necessary in order to fuel this political machine of fundraising. There’s this great speech of Ronald Reagan’s in 1965 where he talks about how every democracy fails, because once people realize they can vote themselves premiums, that’s what they’re going to do, and they’ll bankrupt the nation. Well, he had it half right, in the sense there’s a system where people realize they can vote themselves the benefits and destroy the economy. But it’s not the poor who gathered together and created massive force in Washington to distribute income to them. It’s this weird cabal of politicians and special-interest insiders that have achieved this effect. Basically, they can pervert the economy and growth in ways that protect and benefit certain interests.

Business 2.0 gets OpenID wrong

I read this in hard copy on the way to the plane just before heading home from BlogHer. I just about fell off my chair…

Tractis, its creators say, is no less than a comprehensive legal system for the Internet nation. “The biggest problem with online contracts now is enforcement,” says David Blanco, the Madrid-based CEO of Negonation. “If you reach an agreement with another person and something goes wrong, how do you enforce the contract and in which jurisdiction? How do you know the true identity of someone calling himself”

To solve that kind of problem, Tractis will offer a comprehensive range of trust and verification systems – and take advantage of controversial national ID cards. There are already 600,000 of the cards issued in Spain; similar ones are compulsory in Belgium, Germany, and Portugal. The United Kingdom is set to roll them out in 2010. Insert your ID card into a smartcard reader and Tractis will instantly verify it with your country’s database.

That doesn’t mean citizens of countries without national ID cards, like the United States, are left out. Tractis can also authenticate online identity via OpenID, a security standard now supported by Microsoft Vista, Firefox, and AOL. The final agreement can carry a digital certificate that in most countries, including the United States, has the same legal weight as a handwritten signature.

I wonder how they got it so wrong? Was it Tractis that said these things and the reporter didn’t bother checking the facts? or we is it us…the OpenID community not communicating clearly enough?

I mean OpenID is great It does do ‘authentication‘ in the technical sense. It is not a replacement for National ID card, it is not a ‘security standard’, It does not do validation (checking that you are linked to a ‘real’ identity that is yours) or enrollment (getting you signed into a system).

Maybe Negonation (the company behind Tractis) has plans to have a validated OpenID service? Hopefully they are going to come to DIDW and IIW.

They certainly have ambitious aims in creating trust on the web..

Negonation is commited to create secure and trustworthy electronic commerce, above the legislative islands. We’re aware that the words “secure” and “trustworthy” are difficult to define, more a subjective sensation than a concrete objective. The solution does not rely on using a standard, technology, hardware process or concrete legislation. It is a combination of many things, with no magic formula. A user will feel secure using Tractis or not. They will trust the service or not. We believe that the formation and support of this forum is a step in the right direction.

They Quote Richard Stallman on the top of their blog…

For businesses to have special political influence means that democracy is ill. The purpose of democracy is to make sure that wealthy people cannot have influence proportional to their wealth. And if they do have more influence than you or I, that means democracy is failing. The laws that they obtain in this way have no moral authority, but they have the capability of doing harm.

Maybe they are going to be using Open Source software so we can trust their system?

Why I don’t trust telco’s

This Horror story is why I don’t trust telco’s AT ALL. ($3000 bill for the iPhone) I am very willing to pay reasonable price for reasonable service. I am not sure why this is hard for them to GRASP but being raked over the coals.

THANK GOD FOR GOOGLE getting into the spectrum auction and forcing it to be for open usage.

From CNET:

The company is pushing the FCC to adopt rules in the upcoming 700-megahertz auction set to ensure that winners of certain spectrum licenses will have to adhere to four openness principles. These include guaranteeing that consumers can use any device or software on the network, as well as forcing winning bidders to offer spectrum at reasonable wholesale prices to ensure that small companies can get access to wireless capacity to build competitive wireless services.

CALEA in the news

So my legal namesake CALEA has been a source of interesting eyebrow raising for those who know its name when they are introduced to me.

Today it is in the news again.

Paul Kouroupas, vice president of regulatory affairs for Global Crossing, strongly criticized the Federal Communications Commission’s broadening of a 1994 law–originally intended to cover telephone providers–as disproportionately costly, complex, and riddled with privacy concerns. His company is one of the world’s largest Internet backbone providers.

“Our customers are large Fortune 500 companies–not too many of those companies are conducting drug deals or terrorist activities out of Merrill Lynch’s offices or using their phones in that way,” Kouroupas said at an event here sponsored by the DC Bar Association. “By and large we don’t get wiretap requests, yet we’re faced with the costs to come into compliance,” which he estimated at $1 million.

At issue is an order issued last fall by the Federal Communications Commission that set a deadline of May 14, 2007, by which most broadband and Internet phone providers are required to reengineer their networks for easier snooping by law enforcement. The move expanded the Communications Assistance for Law Enforcement Act, or CALEA, which Congress wrote to impose obligations on telephone companies, but not Internet providers.

on a business panel

In about an hour I will be up on stage at the Symposium on Social Architecture talking about the future of business and social software. In a way I am a perfect example of how these new tools have shaped a work life. I have had limited experience working in offices – those I did work in were tiny dysfunctional nonprofits. I got into social software to address the challenges these organizations have supporting their members staying connected after they met in person. Researching what I needed to know to build tools for my community I read the Augmented Social Network: Building Trust and Identity into the Next Generation Internet. It was hugely influential on my thinking and totally inspired me. I have been working since reading it to share its ideas and work for its manifestation.

I have been working “virtually” for three years using social software tools – basically via e-mail, wiki’s, conference calls, in person meetings and showing up at events/conferences. Both on behalf of Planetwork and as Identity Woman working for the ecology of folks using eXtensible Resource Identifiers [XRI] (i-names) and and XRI Data Interchange [XDI] to really build the Augmented Social Network.

The ASN paper has a focus on civil society uses of the internet. The principles of user controlled identity are at its core and have implications for business and how trusted deep relationships between buyers and sellers, costumers and companies can open up new opportunities. Here are some critical excerpts

Four main elements of ASNPersistent Identity
Enabling individuals online to maintain a persistent identity as they move between different Internet communities, and to have personal control over that identity. This identity should be multifarious and ambiguous (as identity is in life itself), capable of reflecting an endless variety of interests, needs, desires, and relationships. It should not be reduced to a recitation of our purchase preferences, since who we are can not be reduced to what we buy.

Interoperability Between Online Communities
People should be able to cross easily between online communities under narrowly defined circumstances, just as in life we can move from one social network to another. Protocols and standards need to be developed and adopted to enable this interoperability. This interoperability should include the ability to identify and contact others with shared affinities or complementary capabilities, and to share digital media with them, enabling valuable information to pass from one online community to the next in an efficient manner. To support ASN-type activity, modularized enhancements to the technical infrastructures of separate online communities will need to be developed and adopted.

Brokered Relationships
Using databased information, online brokers (both automated and “live”) should be able to facilitate the introduction between people who share affinities and/or complementary capabilities and are seeking to make connections. In this manner, the proverbial “six degrees of separation” can be collapsed to one, two or three degrees — in a way that is both effective and that respects privacy. Such a system of brokered relationships should also enable people to find information or media that is of interest to them, through the recommendations of trusted third parties.

Public Interest Matching Technologies
The Semantic Web is perhaps the best known effort to create a global “dictionary” of shared terms to facilitate finding information online that is of interest to you. Within the ASN, a public interest initiative around matching technologies, including ontologies and taxonomies, will enable you to find other people with whom you share affinities — no matter which online communities they belong to. These matching technologies need to be broad and robust enough to include the full range of political discussion about issues of public interest. They should not be confined to commercial or narrowly academic topics; NGOs and other public interest entities need to be represented in the process that determines these matching technologies.


Building your online identity
Underlying this report is the assumption that every individual ought to have the right to control his or her own online identity. You should be able to decide what information about yourself is collected as part of your digital profile, and of that information, who has access to different aspects of it. Certainly, you should be able to read the complete contents of your own digital profile at any time. An online identity should be maintained as a capability that gives the user many forms of control. Without flexible access and control, trust in the system of federated network identity will be minimal.

To date, online identity is treated the same way as an individual’s credit history — as information that exists as a result of commercial transactions, and so is the proprietary data of the company that captures it. These companies then have the legal right to do with this data as they see fit, including making it available to massive databases that centralize this information for resale. At the same time, your rights as a citizen to access and effect this same information are limited — as anyone who has ever had to sort out errors in his official credit history can attest.

A digital profile is not treated as the formal extension of the person it represents. But if this crucial data about you is not owned by you, what right do you have to manage its use? At the moment, it seems, this right would have to be granted by the corporations that have captured your data for their own purposes. They may perhaps choose to give you a measure of control over what they do with it. But as long it is their choice to grant you control, rather than your right as a citizen to assert control, the potential for abuse is of grave concern. Just as overly burdensome intellectual property laws threaten to dampen innovation on the Internet, as Lawrence Lessig has described, legacy twentieth century laws regarding proprietary information about “customers” could undermine efforts to create a civil society-oriented persistent identity. This could, in turn, strictly limit the forms of trusted relationships that might take place online.

The digital profiles that Internet stores like Amazon have developed of their customers follow a common pattern. Have you ever seen the information about your sales history that Amazon bases its personal recommendations on? Not to suggest that Amazon is a nefarious organization, or that it uses what it learns about customers in an improper way. But you cannot gain access to your Amazon profile, even if you wanted to. Nor do you even have the right to ask for it. Today, for most people, this does not pose a problem. Most of us are glad to get Amazon’s recommendations (sometimes they are even useful). But a decade hence, as the tools for creating online profiles become far more sophisticated, and stores like Amazon cross-reference their proprietary customer information with that of thousands of other companies, we will be in a very different territory.

Let’s take a moment to consider the ways that data about you can be gathered and entered into a digital profile. There are basically three:

First, as with the Amazon example, your online decisions can be traced, entered into a database, and interpreted according to a pre-determined algorithm. This form of automated information gathering, by compiling a database of significant actions, is the most unobtrusive way to build a profile. At the same time, you — the profile subject — may be unaware that your actions are being followed and interpreted in this way. It is important that ethical standards are established so that you know when your behavior is being tracked, and when it isn’t. Moreover, you should be aware who is tracking your behavior, and what they will do with that information. Most importantly, you should always be given the option to not have your behavior tracked — this option should be a fundamental right in a free society. By tracked we mean the recording and retention of activity that is retained beyond a certain time limit, transferred to others, and/or retained for future use.

Secondly, you can deliberately enter information about yourself into a digital profile. For example, some online communities have complex registration forms that each new member must fill out in order to participate. Once a member makes clear that she prefers Bob Dylan and Tom Waits to N’Synch and Britiney Spears, she is then led into an online discussion area with others who expressed similar interests. The advantage to profiles compiled like this is that you know exactly what you have chosen to express about yourself, and what you have not. The downside, however, is that filling out forms is cumbersome; most of us prefer to avoid doing it.

The third method is perhaps the most traditional form of information gathering, and least preferred: Having others report on your actions without your knowledge. Depending on who controls your digital profile, and how it is used, this method might play a minimal role in federated network identity, or it might be central to it. The more control each individual has over his or her own profile, however, the less likely it is that undesirable or unnecessary reports by others will be a key element. A user should have some ability to determine under what circumstances other people’s opinions about his actions might precede him when he enters new situations.

Again, ethical standards need to be agreed to that protect citizens against abuses of this kind, which the technology could easily facilitate.

Technorati Tags:

Revolutionizing Marketing: The Business Case for XRI/XDI

Dear Marketing: An Open Letter From Your Customer
by Chris Maher of Fosforus


Over the years, I have had an uneasy relationship with you. I’ve not cared one bit for being your prospect. And, as it seems that being your customer is just an extension of a permanent, unrelenting and ever-more-intrusive marketing campaign, I’m not nuts about being your customer, either.

He quotes David Glen Mick from a paper Searching for Byzantium: A Personal Journey into Spiritual Questions that Marketing Researchers Rarely Ask

Another set of spiritual questions we seldom ask ourselves concerns the effects of marketing and consumption on human character. By character I do not mean human values, but rather our psychological temperament as we go about our daily activities. What kind of person does marketing and consumption encourage or discourage?

Mick’s answers include examples of qualities of temperament that are, in his opinion, encouraged by marketing and consumption: impatience, incivility, judgmentalism and distrust.

He continues to articulate the problems with marketing and gets to the heart of the matter by offering a new model.

What I’m recommending is the creation of (what I will call) a “custnomer”: a data alias or new “name” for that me that gets profiled by your computer systems.

At a minimum, this will mean that my customer records and data won’t have my real name appended to them. There are too many thieves and scammers out there who are seeking to use my good name and the records attached to it. Grab your nearest CIO and Chief Privacy Officer (and maybe the Chief Security Officer, though that person is probably on Zoloft at present) by their lapels and strongly encourage them to begin in-depth research into the promising work on Extensible Resource Identifiers (XRI) and XRI Data Interchange (XDI).

The Daddy of XRI, Drummond Reed, is someone I consider a friend …is, without question, the darned nicest and most patient technology visionary that you will ever come across. There isn’t an ounce of ego in his dealings with us woefully common folk.

Warning: XRI/XDI is not some obscure, trivial “tech thing” that will only be meaningful to those who mumble to themselves and spend half their lifetimes slaughtering innocents and evil-doers… virtually, that is. XRI/XDI has encoded within it is a simple, powerful idea that will come true over time and will change your business: “My private data is mine.”

He goes on to highlight data anonymity and the work of Latanya Sweeney, Assistant Professor, Institute for Software Research International at Carnegie-Mellon University.

Here’s how Sweeney describes what she does:

Perhaps the biggest clash between technology and society involves privacy. The task of maintaining privacy and confidentiality in a globally networked, technically empowered society is quite difficult, tricky and fun.

Data privacy (or more precisely, data anonymity) is emerging as a new study within computer science that is the study of computational solutions for releasing information about entities (such as people, companies, governments) such that certain properties (such as identity) are controlled while the data remain practically useful. While these problems have been studied, in part, by statisticians and earlier computer scientists, their solutions have been rendered insufficient in today’s technically empowered society. So, in data anonymity, we develop new approaches and tools for today’s computational environment.

My colleagues and I (in the Laboratory for International Data Privacy, for which, I am the director) take a two-prong approach to data anonymity. On the one hand, we work as data detectives and on the other hand, we also work as data protectors.”

The best part is he finished up with the new business model.

I’m thinking that there’s probably some trustworthy business entity—although, I’m hard-pressed to figure out which it might be—that could serve as my proxy. (Now, banks and/or credit card companies, before you leap to any conclusions, take a long look at your information assurance practices and see the part of this article about the Trusted Computing Group.)

I would willingly provide just enough information, credentials and data that authenticate who I am and which, say, establish my credit-worthiness to a “trusted relationship proxy”: some government-certified, insured, audited, secure entity that would establish and manage the data version of “me” and would become the “gateway” to all (or many) of my most important business relationships. Think of this proxy as an agent who serves as a buffer between me and you.