Enabling Multi-Stakeholder Consensus on Cybersecurity Issues

My friend Allen who was at Brookings got a job with NTIA to figure out what issues to focus on and how to get multi-stakeholder collaboration on cyber security issues.  Because he asked me to respond I took the time to give him my thoughts and input drawing on my experience with the attempts by NSTIC to do this same thing.  Here is the PDF document. IPTF-Kaliya-2

I will in time work to publish it in blog sized sections online so it is more internally linkable (starting with an index from this post). Until then enjoy.


Online Community Unconfernece “Its BACK!”

I am really excited to be working with a super awesome crew of leaders of the Online Community Manager Tribe – or OCTribe.  We have been considering reviving the event and the pieces have finally come together to do it.

May 21st at the Computer History Museum

Registration is Open!

I really love the other co-organizers who are all rockstar community managers.

The conference was originally produced by Forum One and I contracted with them to help design and facilitate. That event itself grew out of an invitational summit they hosted annually on online communities.  I actually attended one of these in 2004 as a replacement for Owen Davis who I worked for at the time at Identity Commons (1).

My firm Unconference.net is doing the production and facilitation for the event.

I plan to bring forward topics of digital identity forward at the event and hopefully get some of the amazing expertise on identity and reputation to participate in NSTIC.



Alignment of Stakeholders around the many NSTIC Goals


The Many Goals for the Identity Ecosystem & NSTIC Governance

The NSTIC governance NOI articulates many key activities, qualities and goals for a governance system for NSTIC. NSTIC must:

  • convene a wide variety of stakeholders to facilitate consensus
  • administer the process for policy and standards
  • development for the Identity Ecosystem Framework in accordance with the Strategy’s Guiding Principles
  • maintain the rules of participating in the Identity Ecosystem
  • be private sector-led
  • be persistent and sustainable
  • foster the evolution of the Identity Ecosystem to match the evolution of cyberspace itself.

Achieving these goals will require high-performance collaboration amongst the steering group and all self-identified stakeholder groups. It will also require earning the legitimacy from the public at large and using methods that surface their experience of the Identity Ecosystem Framework as it evolves.

[Read more…]

The Emerging Personal Data Ecosystem

This week I am heading to Telco 2.0 because the conversations with telco’s about how they participate in the Personal Data Ecosystem are moving forward in interesting ways.   IIW #10 had several long sessions about the topic. IIW-East was full with each of the 8  time slots having a session about different aspects and IIW-Europe October 11th coincided with the announcement of the first community prototype personal data stores by MyDex.

Learning from one of the mistakes of the past – market confusion inhibiting understanding and adoption of user centric identity technologies. The Personal Data Ecosystem is going to be a “front door” for those seeking to understand the ecosystem overall with a simple message and clear picture of what is happening. It will also connect people to the community working on the aspect of the ecosystem relevant to them. Our focus is on developing the  core communities needed for success and fostring communication amongst them.  These communities include  end users, large personal data service providers, companies providing data to personal data services, developers and startups leveraging this new ecosystem, regulators and advocacy groups along with the legal community and their efforts to create the legal frameworks needed to really protect people.

We arleady have a number of projects working on key aspects around the ecosystem and we will support their success linking them together – Project VRM, ID-Legal, Project Nori, Higgins-Project, Project Danube, XDI.org and IIW (they are linked at the bottom of the Personal Data Ecosystem site),   This is a big tent ANY OTHER projects that are related are welcome.  We don’t need another dot org to link efforts togethers so PDE is going to be chartered as part of IC3 (Identity Commons).

Right now the Personal Data Ecosystem site is aggregating content from blogs of those covering and building in the space.   This week we will be doing our first Podcast covering this emerging industry – Aldo Casteneda who you may remember from The Story of Digital Identity will be hosting it with me.

Next week we will be able to collect links submitted via delicious for the blog. I am working with the fabulous Sarah Dopp on website strategy and online community development and Van Riper is working with me on community management.

IIW coming up in a week is going to be a core community gathering for emerging developments.

We are not at War

I was the first person Van asked to speak at the Community Leadership Summit West Ignite talks. I was the last person to submit my slides. I have a lot to say about community but I had a hard time figuring out exactly what to say. I knew I wanted to talk about the identity community and our success in working together. Robert Scoble’s quote really got me going and I decided to use the talk to respond to the comment that was catalyzed by his facebook post/tweet “Who is going to win the Identity War of 2010”

This is completely the wrong frame to foster community collaboration.

Identity for Online Community Managers

I was asked by Bill Johnson of Forum One Networks to kick off the discussion on the next Online Community Research Network call this week with the topic Identity for Online Community Managers – drawing on the presentation that I put together for the Community 2.0 Summit. I cover the basics of how OpenID, OAuth and Information Cards work, who is “in” terms of supporting the projects and what community managers/platforms can do. We will discuss the implications of these new identity and data sharing protocols on the call.

Online Identity for Community Managers: OpenID, OAuth, Information Cards

View more documents from Kaliya Hamlin.
I will also be attending the Online Community Summit in October Sonoma and will be sharing about these and other technologies there.

Data Sharing Summit 2 – questions to figure out

So I am working hard to pull the details together for the 2nd Data Sharing Summit. This is not an easy task given it is a risk to make commitments to venues and vendors – to make it possible to host the event.

This is an option that would give more time to organize and dove tail nicely with related work in the identity community

OPTION 4 – have it begin Wednesday and continue Thursday May 14-15 immediately following the Internet Identity Workshop
There is also the possibility of having something near Web 2.0 Expo the weekend before seems to make more sense to people are not completely wiped out from a weekend of partying and conferencing.

One of the reasons for this is that I know people come from out of town to attend Web 2.0 expo and some for several weeks so that there will be people in town who would not otherwise come ‘just for this event’.

We currently have 2 venue/time/space options

1) in Downtown SF but only can have at maximum 120 people and only 3 breakout rooms beyond the main space – this would be for Friday and Saturday the 18th and 19th. We would be restricted tot use from 8-5 pm.

2) in Mountainview at the Computer History Museum – a beautiful space that we would have to pay for but could hold up to 500 people and would only be for Saturday the 19th. It could go from 8 am to 8 pm+ even. We could feed folks breakfast lunch and dinner along with a barista.

Either way we will be charging money for the event about $100 – and working on raising sponsorship money. I believe events should be funded both by the people who do attend AND by sponsors. This helps create balance and by paying money to come people make a commitment to ‘be there’ for the event and the organize can plan for their attendance.

I am trying to get a read on what will work best.

I am still asking Lucy to put in OpenID for commenting on my blog and she still can’t get it to work even in dialoguing with Pam about it. So if you want to chime in you need to email me kaliya (at) mac (dot) com.

The third option people have put forward it so have it on an ‘large’ tech companies campus and I have said that doesn’t work cause the topic is neutral – so this is not an option in my mind.

Thoughts on Community Engagement

A few days ago David sent me a link to his post responding to Stefan’s (very long) slam of OpenID. He did a great job articulating how many of those who have been critical of flaws in OpenID have been actively engaged with the community in finding solutions to the problems.

From Gnomedex one of the things I came away with was a deepened appreciation of the community that we have in technology generally and identity in particular. There are a lot of smart, good people working together despite our different personal world views, personal quirks technology backgrounds and visions for the future of the technology.

There are a lot of different perspectives in the social networking datasharing space. Marc Canter called the Data Sharing Summit to figure it out – face-to-face. (I raised my hand and said I would help facilitate). It is going to be Sept 7-8 in Richmond CA (Bay Area). Face-to-Face for a day can be like 6 months on a mailing list. It is invaluable and the text dialogue afterwards is improved in quality and effectiveness.

Ok back to Stefan:

Personally, I can’t be bothered much with a sign-on system for blog comments and social networks, but if it makes other people happy, great.

In fact social uses of persistent identity are actually interesting and just dismissing it as pithy isn’t really productive.

OpenID is a starter way to for websites to start using identity tools for people. Thousands of websites have adopted it – cause it is easy to do and it works. You could get up and praise OpenID for existing cause it is warming all those Relying Party sites to the idea there are identity tools and services they can offer to their user-bases. The challenge that Stefan and everyone else has with more complex visions of how things could/should work is how do you make it ‘easy’ – both for users and developers.

I think nuances that Stefan articulates are really important.

“selective disclosure, authenticated anonymity and pseudonymity (possibly with revocation capabilities), improve availability, enable privilege and entitlement management, and provide security against insider attacks originating from the Identity Provider,”

These need answers and they are not going to come from one company with one solution alone. Community engagement is needed – so I encourage all to put your solutions into the mix and lets see if we can figure this out.

It would be very worrisome to me, however, if a URL-based system (whether OpenID or a variant) would become the basis for “serious” identity and access management applications such as e-commerce, e-health, e-government, general credential systems, and so forth.

Your challenge is that people (consumers, business people, legislators) can readily comprehend identifier system that work like this. If you and others don’t want the world to work like this then it is up to you to figure out how you explain complex math in a way that doesn’t go into the detail but just explains it in a way that ‘makes sense.’ I have had the luxury of sitting down a few times and listening to you explain ‘how the math works’ and it still seems a bit ‘mind boggling’ but “I trust you” – basically it is where peoples trust lies…is it in ‘human’ trust (my openID provider isn’t going to take my password and log into places for me) or is it in ‘math trust’ (these really smart guys have these groovy algorithms that mean only “I” can access my stuff and I can share information with them without really telling them who I am). I hope the latter can work – that the systems can evolve and people will “get” them. However it is a communication challenge and an adoption challenge that is not easy.

I have encouraged Stefan to come to community events many times. . I do hope he takes up my invitation to come to the Internet Identity Workshop December 3-5. I hope you will all encourage him too.

Office 2.0 begins

I was at the Office 2.0 pre-conference reception this evening…another very .com experience… EVERYONE was given an 2G ipod nano. It was sort of unbelievable (I thought initially I just got one because I am a speaker). I already have one (I bought it the first week they were out a year ago). I was thinking since I lost my camera at DIDW and I am really missing it (A Cannon Elph SD600) that I would trade the nano with someone who had a digital camera (perhaps if they are upgrading to something else). Just e-mail me if you are up for it.

From an OpenID/iname perspective people really liked to hear that there was an SSO solution. Ramana Rao who is on one of the closing panels said they were musing about the what where the things that if they didn’t happen would mean that this office 2.0 stuff would not succeed…Single-Sign-On was one of the things they had already thought of.

I met Robert Mao from UUZone a Social Network site in China with 6 million users. He is going to be giving them all OpenID’s and has convinced the ‘flickr of china’ to also adopt OpenID. They will both accept and issue OpenID’s. He also tole me about about OpenID.cn (they have a fun logo). I encouraged him to let people know about the Internet Identity Workshop in December – so who knows maybe we will have some more people from Asia there.

It was fun to see Mark Finnern along with his wife Marie and their baby Nina..yes a baby at a cocktail party it was really nice to see.