This spring I attended the Executive Education program Leadership and Public Policy in the 21st century at the Harvard Kennedy school of government with fellow Young Global Leaders (part of the World Economic Forum).  A line of future inquiry that came to me by the end of that two weeks –

How do we design, create, get functioning and evolve governance systems?

The governance of governance systems = Meta-Goverancne. 

At the Kennedy program all they could talk about was “individual leadership” (with good advice from good teams of course) at the top of  Organizations.  They all waved their hands and said “Good luck young leaders, We know its more complicated now…and the problems are bigger then just organizational size but we don’t really know how what to tell you about how to interorgainzational collaborative problem solving and innovations…so “good luck”.

It was surreal because this inter-organizational, complex space is where I spend my work life helping design and facilitate unconferneces – it is in that complex inter organizational place.

I have this clear vision about how to bring my two main career bodies of knowledge together (digital identity + digital systems & design and facilitation of unconferneces using a range of participatory methods) along with a range of other fields/disciplines that I have tracked in the last 10 years.

Is Google+ is being lynched by out-spoken users upset by real names policy?

Following my post yesterday Google+ says your name is “Toby” not “Kunta Kinte”, I chronicled tweets from this morning’s back and forth with  Tim O’Reilly and Kevin MarksNishant  KaushikPhil Hunt,  Steve Bogart and Suw Charman-Anderson.

I wrote the original post after watching the Bradley Horwitz (@elatable) – Tim O’Reilly (@timoreilly) interview re: Google+. I found Tim’s choice of words about the tone (strident) and judgement (self-righteous) towards those standing up for their freedom to choose their own names on the new social network being rolled out by Google internet’s predominant search engine disappointing.  His response to my post was to call me self-righteous and reiterate that this was just a market issue.

I myself have been the victim of a Google+ suspension since July 31st and yesterday I applied for a mononym profile (which is what it was before they insisted I fill out my last name which I chose to do so with my online handle and real life identity “Identity Woman”) 

In the thread this morning Tim said that the kind of pressure being aimed at Google is way worse then anything they are doing and that in fact Google was the subject of a “lynch mob” by these same people.  Sigh, I guess Tim hasn’t read much history but I have included some quotes form and links to wikipedia for additional historial context.

Update: inspired in part by this post an amazing post “about tone” as a silencing/ignoring tactics when difficult, uncomfortable challenges are raised in situations of privilege was written by Shiela Marie.  

I think there is a need for greater understanding all around and that perhaps blogging and tweeting isn’t really the best way to address it.  I know that in the identity community when we first formed once we started meeting one another in person and really having deep dialogues in analogue form that deeper understanding emerged.  IIW the place we have been gathering for 6 years and talking about the identity issues of the internet and other digital systems is coming up in mid-October and all are welcome.  The agenda is created live the day of the event and all topics are welcome.

Here’s the thread… (oldest tweets first)

 Note all the images of tweets in this thread are linked to the actual tweet (unless they erased the tweet).  [Read more…]

Google+ says your name is “Toby” NOT “Kunta Kinte”

This post is about what is going on at a deeper level when Google+ says your name is “Toby” NOT “Kunta Kinte”. The punchline video is at the bottom feel free to scroll there and watch if you don’t want to read to much.

This whole line of thought to explain to those who don’t get what is going on with Google+ names policy arose yesterday after I watched the Bradley Horwitz – Tim O’Reilly interview (they start talking about the real names issue at about minute 24).

[Read more…]

The Trouble with Trust, & the case for Accountability Frameworks for NSTIC

There are many definitions of trust, and all people have their own internal perspective on what THEY trust.

As I outline in this next section, there is a lot of meaning packed into the word “trust” and it varies on context and scale. Given that the word trust is found 97 times in the NSTIC document and that the NSTIC governing body is going to be in charge of administering “trust marks” to “trust frameworks” it is important to review its meaning.

I can get behind this statement: There is an emergent property called trust, and if NSTIC is successful, trust on the web would go up, worldwide.

However, the way the word “trust” is used within the NSTIC document, it often includes far to broad a swath of meaning.

When spoken of in every day conversation trust is most often social trust.

[Read more…]

Ecosystem as the frame for NSTIC

What is an Ecosystem?

The National Strategy for Trusted Identities in Cyberspace paints a broad vision for an Identity Ecosystem. The strategy author’s choice to name the big picture vision an “ecosystem” is an opportunity not to be lost. An Identity Ecosystem construct will inform the choice of processes and structures appropriate to govern it.

An ecosystem is a biological environment consisting of all the organisms living in a particular area, as well as all the nonliving, physical components of the environment with which the organisms interact, such as air, soil, water and sunlight.

This definition reminds us that the context of an Identity Ecosystem is broad and goes beyond just the identities of people and devices but extends to the contexts in which they operate and interact, the network and indeed the wider world. When we discuss a person’s digital identity it should not be forgotten that we are each fundamentally biological beings living in complex social systems composed of groups, organizations and businesses, all socially constructed and embedded in a larger context, the biosphere surrounding the planet earth.

An overall Identity Ecosystem is needed because small islands of identity management online are working, but they have not been successfully woven together in a system that manages the tensions inherent in doing so to ensure long term thrivability of the overall system. [Read more…]

We are not at War

I was the first person Van asked to speak at the Community Leadership Summit West Ignite talks. I was the last person to submit my slides. I have a lot to say about community but I had a hard time figuring out exactly what to say. I knew I wanted to talk about the identity community and our success in working together. Robert Scoble’s quote really got me going and I decided to use the talk to respond to the comment that was catalyzed by his facebook post/tweet “Who is going to win the Identity War of 2010”

This is completely the wrong frame to foster community collaboration.

Navigating the New Normal: John Seely Brown at Catalyst

I am here this week at Burton Group Catalyst. The conference kicked off with a what was by all accounts good talk from John Seely Brown talking about “the New Normal”.
NishantK: John Seely Brown: many of the things that made us successful in the 20th century will make us unsuccessful in the 21st century
jmatthewg1234: John Seely Brown – Thriving in a world of constant flux
bobblakley: John Seely Brown explains the shift from stores of info to flows of info at
bobblakley: “The cloud is much more disruptive than any of us have ever thought.” John Seely Brown
bobblakley: “SalesForce disrupted Siebel; now being disrupted itself by SmallBusinessWeb. Things are moving that fast.” John Seely Brown
NishantK: John Seely Brown: Good network is loosely coupled, trusted, not captive & filled w highly specialized nodes < basis of #cloud promise
bobblakley: “Moving to cloud requires factoring policy out of apps & making it a 1st class object.” John Seely Brown
bobblakley “Policies must have version numbers.” JohnSeely Brown
bobblakley: “Control-oriented flows won’t work in federated clouds.” John Seely Brown
jonathansander: Outside-in architectures start with the notion of an ecosystem. John Seely Brown
NishantK: John Seely Brown: Need to move from Inside-out to Outside-in architectures – less control, more trust, less predictable, more agile
bobblakley: Schemas are a hindrance in a world of unpredictability – John Seely Brown
bobblakley: “Data has tremendous inertia; don’t bring data to the computer – bring the computer to the data!” JohnSeely Brown
bobblakley: “Web 3.0 will use social media for context sensitive exception handling.” John Seely Brown
jonathansander: Policies are 1st class objects in enterprise 3.0, but so are exceptions. John Seely Brown
bobblakley: “Two things you don’t want to lose control of are policy and data” John Seely Brown
bobblakley: “The edge pulls the core to it by exploiting cloud services and social media.” John Seely Brown
drummondreed: John Seely Brown at Catalyst: the biggest innovation of the past 100 yrs is not the microprocessor but the Limited Liability Corp
This morning the conference kicked off for real with 5 tracks of amazing content. Those of you who know me, know I really am not a big fan of “regular talking heads conferences.” I often tell folks this is the only talking heads conference I recommend attending. The quality of content and thought put into the analyst presentations and the industry people on stage is of a very quality.

Thoughts on the National Strategy for Trusted Identities in Cyberspace

Update: This blog post was written while reading the first draft released in the Summer of 2010. A lot changed from then to the publishing of the document in April 2011.

Here is my answer to the NSTIC Governence Notice of Inquiry.

And an article I wrote on Fast Company: National! Identity! Cyberspace! Why you shouldn’t freak out about NSTIC.

Interestingly in paragraph two on the White House blog it says that NSTIC stands for “National Strategy for Trusted Initiatives in Cyberspace” rather than “National Strategy for Trusted Identities in Cyberspace”.

This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.

[Read more…]

Missing: Privileged Account Management for the Social Web.

This year at SXSW I moderated a panel about OpenID, OAuth and data portability in the Enterprise. We had a community lunch after the panel, and walking back to the convention center, I had an insight about a key missing piece of software – Privileged Account Management (PAM) for the Social Web – how are companies managing multiple employees logging in to their official Twitter, Facebook and YouTube accounts?

I thought I should also explain some key things to help understand conventional PAM then get to social web PAM in this post covering:

  1. regular identity management in the enterprise,
  2. regular Privileged Account Management in the enterprise
  3. Privileged Account Management for the Social Web.

1) IdM (Identity Management) in the Enterprise

There are two words you need to know to get IdM and the enterprise: “provisioning” and “termination“.

a) An employee is hired by a company. In order to login to the company’s computer systems to do their work (assuming they are a knowledge worker), they need to be provisioned with an “identity” that they can use to log in to the company systems.

b) When an employee leaves (retires, quits, laid off, fired), the company must terminate this identity in the computer systems so that the employee no longer has access to these systems.

The next thing to understand is logs.

So, an employee uses the company identity to do their work and the company keeps logs of what they do on company systems. This kind of logging is particularly important for things like accounting systems – it is used to audit and check that things are being accurately recorded, and who did what in these systems is monitored, thus addressing fraud with strong accountability.

I will write more about other key words to understand about IdM in the enterprise (authentication, authorization, roles, directories) but I will save these for another post.

2) Ok, so what is Privileged Account Management in the Enterprise?

A privileged account is an “über”-account that has special privileges. It is the root account on a UNIX system, a Windows Administrator account, the owner of a database or router access. These kinds of accounts are required for the systems to function, are used for day-to-day maintenance of systems and can be vital in emergency access scenarios.

They are not “owned” by one person, but are instead co-managed by several administrators. Failure to control access to privileged accounts, knowing who is using the account and when, has led to some of the massive frauds that have occurred in financial systems. Because of this, the auditing of logs of these accounts are now part of compliance mandates in

  • Sarbanes-Oxley
  • the Payment Card Industry Data Security Standard (PCI DSS),
  • the Federal Energy Regulatory Commission (FERC),
  • HIPAA.

Privileged Account Management (PAM) tools help enterprises keep track of who is logged into a privileged account at any given time and produce access logs. One way this software works is: an administrator logs in to the PAM software, and it then logs in to the privileged account they want access to. The privileged account management product grants privileged user access to privileged accounts [1].

Links to articles on PAM, [1] Burton Group Identity and Privacy Blog, KuppingerCole, Information Security Magazine.

3) Privileged Account Management on the Social Web.

Increasingly companies have privileged accounts on the social web. Dell computers has several for different purposes. Virgin America, (they link to the account from their website – thus “validating” that this is their real account), JetBlue, Southwest Airlines, Zappos CEO, (employees who twitter), Comcast Cares (Frank Eliason) (interestingly comcast on twitter is blank).

Twitter is just the tip of the iceberg – there are also “fan pages” on Facebook for brands. Coca-Cola, Zappos, NYTimes, Redbull, Southwest, YouTube Channels, Dunkin’ Donuts, etc, etc. on thousands of other platforms and yet-to-be-invented services.

These are very powerful accounts – they are managed and maintained by many employees around the clock and are the public voices of companies.

I have yet to see or hear of any software tools to enable enterprises to manage Social Web privileged accounts. How are companies managing access by multiple employees to these accounts?

Is there software that does this yet?

Is anyone working on these kinds of tools?

Leave your comments here or tweet with me @identitywoman

SSN’s can be guessed

This just in from slashdot:

“The nation’s Social Security numbering scheme has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth. The researchers used the information they gleaned to predict, in one try, the first five digits of a person’s Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003.

This is from the Wired coverage:

By analyzing a public data set called the “Death Master File,” which contains SSNs and birth information for people who have died, computer scientists from Carnegie Mellon University discovered distinct patterns in how the numbers are assigned. In many cases, knowing the date and state of an individual’s birth was enough to predict a person’s SSN.

“We didn’t break any secret code or hack into an undisclosed data set,” said privacy expert Alessandro Acquisti, co-author of the study published Monday in the journal Proceedings of the National Academy of Sciences. “We used only publicly available information, and that’s why our result is of value. It shows that you can take personal information that’s not sensitive, like birth date, and combine it with other publicly available data to come up with something very sensitive and confidential.”

Basically it means we shouldn’t be honest about our date of birth and home town on Facebook (or any other social network) or we are making ourselves vulnerable to discernment of our SSN’s. I wonder if they can figure out mine? I received my as an adult when I was attending college in California.

I decided to poke around and see what Facebook had up about Identity Theft. I did find a link to this study that created a profile by “Freddi Stauer,” an anagram for “ID Fraudster,”.

Out of the 200 friend requests, Sophos received 82 responses, with 72 percent of those respondents divulging one or more e-mail address; 84 percent listing their full date of birth; 87 percent providing details about education or work; 78 percent listing their current address or location; 23 percent giving their phone number; and 26 percent providing their instant messaging screen name.

Sophos says in most cases, Freddi also got access to respondents’ photos of friends and family, plus a lot of information about personal likes and dislikes, and even details about employers.

Facebook users were all too willing to disclose the names of spouses and partners, with some even sending complete resumes. One facebook user divulging his mother’s maiden name—the old standard used by many financial and other Web sites to get access to account information.

Most people wouldn’t give this kind of information out to people on the street but their guard sometimes seems to drop in the context of a friend request on the Facebook site, O’Brien says.

According to Sophos, the results of what it calls its Facebook ID Probe has significance for the workplace as well as personal life because businesses need to be aware that this type of social-networking site may pose a threat to corporate security.

I have tried to search the Facebook blog to see what they have to say about identity theft and apparently they haven’t mentioned it.

Evolution of the open web – big step today.

Today is a big day for the web. The Open Web Foundation was announced at OSCON (by David Recordon). A small dedicated group of developers, web innovators and community leaders have come together to create this place were spec’s can be incubated in an open process and have IPR dealt with upfront rather then an afterthought (clearing IPR has been a long and delaying process for OpenID). The model they like for cross-company collaboration on these things is like Apache Software Foundation does for open source projects.

This effort to normalize the community process (multi company) around truly open “standards” for the social web is an important step. It is completely aligned with the vision that inspired me to evangelize the ideas for an open Identity/social/relationship layer of the web after participating in the Planetwork community and reading the Augmented Social Network: Building Identity and Trust into the Next Generation Internet in 2003.

The big issue that I see arising and that I hope can be addressed is how the range of human experience and conditions can be well reflected in the outputs of the foundation. If the development process is driven largely by 20 something web guys in San Francisco then the applicability of the outputs will be limited.

I see continuing my role evangelizing these efforts to a diverse range of potential adopters and potential participants in the the processes that go into them.

Convening space for conversations from which good things arise is something I have already contributed and plan to continue.

  • The community that formed OpenIDv2 came together at the first Internet Identity Workshop in October 2005 that I co-produced and facilitated. It has been fun to participate in helping that effort grow and develop.
  • The “contacts in a standard format” (not sure what its official name is) that is one of the first three projects that are part of this Open Web Foundation got its start at the Data Sharing Workshop that I convened with Laurie Rae. I learned about the adhoc spec’s progression at SuperNova last month.

I wish I was at OSCON for this announcement having attended the previous 4. I am not there for a good reason today is the start of the World Open Space on Open Space in San Francisco and if OSCON is for coders the WOSonOS is for facilitators. For me it is a great opportunity to learn more about the arts of convening and helping communities collaborating together thrive.

I got little tingles on the drive from the East Bay to the Precido this morning thinking about how far things have come – reflecting back to when I first began in 2004 – I was SOOO… green and young and full of evangelistic energy for the work that Owen and Drummond and Victor and Fen were doing working on the i-name registry (at the time the only user-centric identity technology that the folks founding Identity Commons knew about). but that was a LONG time ago about 12 “web years”.

Today feels like a great evolutionary step for the whole web and the initiatives that I have been participating in for years. GO OPEN WEB!

What the Heck is Identity Commons?

The purpose of Identity Commons is:

The purpose of Identity Commons is to support, facilitate, and promote the creation of an open identity layer for the Internet — one that maximizes control, convenience, and privacy for the individual while encouraging the development of healthy, interoperable communities.

This one sentence jams a lot into it – we tried to do that so the purpose didn’t go on and on – but was clear, broad and inclusive of the range of issues that need to be addressed and balanced. Jamming so much into that one sentence also creates a challenge – it has to be ‘parsed’ quite a bit to get what it all means. I worked with Chris Allen recently to separate out the values within the purpose and our community. This is our initial draft that is still evolving (wordsimthing suggestions are welcome).

We believe in the dignity of human individual in the context of the digital world.

In order to make this true we strive for a balance of factors and valuesas digital systems and tools evolve:

  • Individual control, convenience & privacy
  • Sharing of information when participating in community
  • Support for commercial and non-commercial exchange
  • Interoperability and openness between systems

We work to bring these values into practice by fostering a collaborative a community of individuals, organizations and companies share these values and are working together towards practical technical implementations.

We share a pragmatic idealism.

We work to practice what we preach and have openness and transparency in what we do.

We do know there are a lot of technical social and legal issues that arise and Identity Commons is a space that make it possible to in a non-directive non-hierachical way address them in a collaborative way.

We also have some shared principles mostly concerning how we organize ourselves and work together. Each has a sentence to articulate it further.

1. Self-organization
2. Transparency
3. Inclusion
4. Empowerment
5. Collaboration
6. Openness
7. Dogfooding

What the heck is an “open identity layer” – well we don’t exactly know but we do have a community that has come together some shared understanding and continue to ‘struggle’ with what it means and how it should work. Identity Commons provides a ‘common’ space to work on this shared goal by facilitating dialogue and collaboration.

Kim Cameron introduced the terminology “identity meta-system” and articulated what that might mean. The Laws of Identity were put forward by him along with some additional ideas by other community members.

There is no “decider” or group of deciders or “oversight committee” as part of Identity Commons ‘directing’ the development of the “open identity layer”.

We are a community collaborating together and working to exchange information about our independent but related efforts working towards the vision. The way we do this is via the working group agreement.

  1. Asking each working group to articulate its purpose, principles and practices by filling out a charter – this helps us be clear about how different groups work and what they do/are planning on doing
  2. Stewards review proposed working group charters – ask questions, consider were there are synergies, and see if they are aligned with the purpose and principles
  3. A vote of the stewards council is held
  4. Working Groups agree to report quarterly on their activities to remain active as groups of the organization – this also is our core ‘inter group communication mechanism – so that you don’t have to be on 20+ mailing lists to know what is going on in the community.

More about Stewards:
Each working group has one steward and an alternate for the stewards council.

The stewards are responsible for the things IC holds in common – the brand and its integrity and common assets (like the wiki and bank account). It does not ‘direct things’.

Stewards have (an optional) monthly phone calls and discuss and make decisions on a mailing list (that anyone can join).

More about Working Groups:
There are working groups within Identity Commons that support the community collaborating – the stewards council does not ‘run’ these groups but they serve the community and our efforts together- The Internet Identity Workshop, IC Collaborative Tools, Idnetity Futures, Id Media Review, Identity Gang, Marketing and Evangelism.

Working Groups come in several forms:
They can be an group of people with a passion to address something they feel needs to be addressed to get to the big vision. They want some wiki space and a mailing list to talk about the issues. Examples include Enterprise Positioning, Inclusive Initiatives, Identity Rights Agreements.

They can be an existing project that are part of a larger organization, Higgins is an example of this – they are a project of the Eclipse Foundation.

They can be something that grew out of conversations in the Identity Commons community and found a home within another organization like Project VRM (charter) has as part of the Berkman Center and will likely become its own ‘organization’ independent of Berkman by the end of the year.

They can be completely independent nonprofit organizations with their own boards, governance, bank account etc. examples include and OpenID.

Some just get technical stuff done as part of IC like OSIS (doing its 3rd Interop at RSA in a month), and Identity Schemas.

Benefits to being explicitly a part of the IC Community.

clarity about each groups purpose, principles, and practices – so that collaboration is easier.

sharing of information via the collaborative tools and lists, along with the required quarterly reporting,

We “don’t know” what an identity layer looks like but we do know it needs to have certain properties to make it work for people the extensible nature of IC gives people the freedom to start a new group that addresses an aspect of the vision. This is the page on the IC wiki that explains our organizational structure.

We are a community.
We are a community more then “an organization” and joining does not mean subsuming a group identity under IC but rather stating a commitment to a shared vision, common values and commitment to collaboration.

A touch of formalism can help create great clarity of group pratices (governenace), leadership, intention, and focus. Not needed for small groups of 12 people doing one thing- helpful when you scale to the 1000’s of people working on the big vision. IC through its groups structure has 1000’s of people participating helping to innovate the technology and think about the social and legal implications.

We are not about “a solution” or “a blue print” there will be multiple operators and multiple standards – yes like the web there may one day be ‘standard’ that emerges just like TCP/IP did and HTML/HTTPS – however it is way to early to promote or be behind “one” thing, it is not to early to start collaborating and building shared meaning and understanding and interoperability between emerging efforts.

Identity problems in the digital realm are as much about technical issues as they are about the social implications and legal issues. Identity Commons explicitly makes space for the social and legal issues to be deal with in relationship to the technologies as it evolves.

In closing there is a background (shorter) and a history (longer) written about the community as it evolved.

IC and Data Portability

Here are some question asked in a recent conversation on the lists about IC along with my responses.

Maybe the Identity commons should be trying to set boundaries as being purely about identity?

An “open identity layer” that touches so much and there needs to be a “common space” to nash through the vastness of the problem – to deal with the technical, social and legal issues around people sharing their information in community and business contexts. We have this ultra extensible form and broad purpose to enable this to happen – there is “no committee in charge” no “one” or “company” or “group” is deciding what we “do” – we are a loose conglomeration that shares vision and values. Working independently but connectedly and commited to collaboration. It It is an ‘unconventional’ model that that is working to supposed and connect diverse conversations and technical efforts together.

Can we instead resolve that we promise to incorporate any decisions made by Identity commons as being part of our blueprint?

There are no “decisions made by Identity Commons” read our principles – we are a cluster of working groups that work independently.

Your blueprint (as a side note why there is still ‘one blueprint’ and not ‘blueprints’ plural at the very least or preferably ‘reference implementations’ in the plural form is still a mystery to me) will likely draw on tech stuff groups in IC have been working on for a while. Why not be a part of the ‘commons’ that they are a part of?

My perception of IDCommons is that it’s about Identity, and in your words, interoperable user-centric identity.

Most of the people who have been involved for the past several years got involved to help people have control of their ‘data’ – their identity the informatoin about them is part of what composes their identity. they didn’t get involved to ‘invent’ an identifier layer that didn’t “do” anything

I see DataPortability being about data sharing (in a technical sense)Identity is clearly a very important part of that but I don’t see much at all on IDCommons about data sharing. It’s as though DP has a wider scope of which IDCommons is a major part.
The exceptions to this view are

  • Identity Schemas group
  • Photo Group
  • Data Sharing group

None of which seem to have much activity.

* OpenID has attribute exchange and Discovery in it – all about data sharing.
* Higgins & Bandit and the Pamela project ALL about infrastructure for card based tools that are all about data sharing for people.
* Project VRM all about how to create a new industry model to revolutionaize CRM and put individuals in charge of their data in radical new ways when relating to companies they do business with.
* I-brokers – their job is to stor data about people and have it be trusted.
* IRA – Identity Rights Agreements – all about how we create human understandable terms of service and norms in this area (it is a huge project and has interested folks but really needs a multi hundreds of thousands of dollars in legal work to ‘do it’).
* XRI and XDI two standards with roots in IC all about data sharing that can be applied to both peoples personal data and other forms of data that have nothing to do with people.
* OSIS is the Open Source Identity System and having its 3rd Interop event at RSA (The major security conference) in April with over 200 tests between relying parties, identity providers and (user-agents) card selectors. this group is ‘only’ a working group of IC (it does not have its own independent legal entity/or affiliation with another one as a project). People moving data around is what all this card stuff is about.

So. I am not sure where we have groups that are not in some way focused on this problem area.

DP is just the latest in a long line of initiatives that recognises the same underlying problem but none of the previous initiatives have captured mind share or really got traction.

Our goal is not to ‘capture [public] mind share’ (does the W3C, OASIS or IETF capture public mind share?) our goal is to facilitate the range of technical, social and legal initiatives that all need to happen to get and identity layer of the web – that shares people’s data in privacy protecing, conveninent and under their control. It is a huge problem – with many elements – having a loose community structure (with a slight bit of formalization) is actually working in some way to move this forward.

I think we’d be missing a lot if we scoped DP as a specialization of an “open identity layer”.

What do you think moving peoples personal information arournd – data portability is about. It is about building an ‘identity layer’ of the internet – for people and people’s DATA.

Chris has said a few times the scope of DP is to be narrow for now and focused on solving the data portability issue between mainstream social networks. This seems like something that fits into the purpose quite well.

Yes all data for all things needs to be moved around AND a good deal of data is created by people for people about people and the things the they do – hence the synergy.

Seems like semanitcs – when we wrote this purpose about two years ago this was the best we could do to describe this ‘vision’ it is VERY broad.

If DP wants to go beyond ‘people’ data that needs to move around GREAT – however much of that will be created by organizations and companies (that have identities).

Related Posts: What is Data
What the Heck is Identity Commons?

After The Crash Tomorrow

Apparently the markets are going to crash tomorrow.

It should make for an interesting time at O’Reilly’s next conference Money:Tech – Where Web 2.0 meets Wall Street.

I have also been reading this week Fooled By Randomness. I very much enjoyed The Black Swan and would recommend both books.

The Crash is sort of depressing to think about – but so is the conventional money system that got us to this place in the first place. This weekend Raines shared this video about the Story of Stuff. Makes you think hard about the overall ecology of the system we are all living in.

Knowing that the economy was not doing so well I have been working with Chris Lindstrom on a conference that considers Money and value exchange in our economies.
It builds on a conference that Chris produced in 2004 about Local Currency (there are details about the topics covered in their Conference Report).

It will be an unconference about money. But not ‘regular money’ instead about these topics:

We are going to have a special focus on digital tools and systems for mutual credit creation, value measurement and wealth acknowledgment.

Because it is about money – but not just ‘regular’ money – we are calling it the unMoney Convergence. (we haven’t even got our logo up yet but I thought I would announce it given the forthcoming events of tomorrow) It will be in Seattleon April 14-16 following the Green Festival.

The unMoney unConference would have been a silly name.

Soon we will know what you are thinking

This came through Slashdot and was on the BBC:

Since 9/11, some of the best scientific minds in the defence industry have switched their concentration from tracking nuclear missiles to tracking individuals such as suicide bombers.

This quote is in the side bar make it sound all OK. Opinion polls, both in the US and Britain, say that about 75% of us want more, not less, surveillance



Ian Kitajima flew to Washington from his laboratories in Hawaii to show me sense-through-the-wall technology.

“Each individual has a characteristic profile,” explained Ian, holding a green rectangular box that looked like a TV remote control.

Using radio waves, you point it a wall and it tells you if anyone is on the other side. His company, Oceanit, is due to test it with the Hawaiian National Guard in Iraq next year, and it turns out that the human body gives off such sensitive radio signals, that it can even pick up breathing and heart rates.

“First, you can tell whether someone is dead or alive on the battlefield,” said Ian.

“But it will also show whether someone inside a house is looking to harm you, because if they are, their heart rate will be raised. And 10 years from now, the technology will be much smarter. We’ll scan a person with one of these things and tell what they’re actually thinking.”

Please Answer this Survey about the FUTURE of Internet Scale Identity

If you read this blog I would like input into the slice of scenario planning exercise that I am working on for the Sunday prior to Digital Identity World September 23.

We would like you to answer some or all of the questions here about the future of Internet scale identity. (thanks to Eugene Kim for helping with the logistics of doing this survey)

From these answers we will shape some headlines for future events that we will as a group process and think about on Sunday Afternoon. The results of this will be presented in a panel on Monday afternoon at DIDW on a panel about the Future of Internet Scale Identity.

You are welcome to answer the question even if you can’t make Sunday afternoon. It will be free and open to anyone in the community (exact time and place TBD still).

Sign up on the wiki if you are planning on coming or e-mail me kaliya (at) mac (dot) com if that doesn’t work.

The future of VRM – serving community not profits

This incident went by on a few mailing lists I am on. The CEO of Craigslist talking to “Wall Street types ” who were “Confused capitalists wondering how a company can exist without the urge to maximize profits.” (ZDNet)

From the NYTimes:
Mr. Buckmaster took questions from the bemused audience, which apparently could not get its collective mind around the notion that Craigslist exists to help Web users find jobs, cars, apartments and dates and not so much to make money.

Wendy Davis of MediaPost describes the presentation as a “a culture clash of near-epic proportions.” She recounts how UBS analyst Ben Schachter wanted to know how Craigslist plans to maximize revenue. It doesn’t, Mr. Buckmaster replied (perhaps wondering how Mr. Schachter could possibly not already know this). “That definitely is not part of the equation,” he said, according to MediaPost. “It’s not part of the goal.”

“I think a lot of people are catching their breath right now,” Mr. Schachter said in response.

From ZDNet:
On text ads: Buckmaster, who says he’s only taken one economic course in his life, reiterated that the company “is not trying to maximize revenue.” Although Craigslist has been approached by the likes of Google and Yahoo about deploying text ads the decision comes back to what’s best for users, says Buckmaster.

“No users have been requesting we run text ads so that’s the end of the story,” says Buckmaster.

From NYTimes:
Following the meeting, Mr. Schachter wrote a research note, flagged by Tech Trader Daily, which suggests that he still doesn’t quite get the concept of serving customers first, and worrying about revenues later, if at all (and nevermind profits). Craigslist, the analyst wrote, “does not fully monetize its traffic or services.”

Polar Rose soon to search photos for faces on the web

This story comes from Slashdot. A startup Polar Rose is about to launch a face search tool.

Polar Rose relies on a combination of our unique face recognition algorithms and the collective intelligence of our users….we don’t and can’t rely exclusively on face recognition, but also harness the collective intelligence of our users who help train our software and tag names on people we haven’t seen before.

We will open up for a royalty-free use of our API’s, which will allow for partners to integrate the Polar Rose functionality into existing sites or create stand-alone applications of Polar Rose, for example:

* A news site that wants to let users help tag photos, and link stories together based on who appears in photos.
* A photo-sharing site that wants to let users automatically tag new uploads, and search and sort archives based on the people in a photo.
* A social networking or dating site that wants to wants to help users find more pictures of a person, elsewhere on the net or just in the photos of the person’s friends.

The only significant requirements we put for the use of the APIs, is that the Polar Rose signature rose is used, and data that users generate is passed back to us on a non-exclusive basis. The reason being that every piece of data helps train our engine.

Some have privacy concerns. I certainly do – when Riya was pitching similar face recongintion for a flickr like tool I was creeped out. They are now doing a visual search engine so you can put in a purse or boot that you like and it searches for purses and boots like that.

Privacy concerns from New Scientist:

Polar Rose and future developments that make facial recognition available to the masses risk encroaching on people’s privacy, warns Yaman Akdeniz, director of the UK non-profit group Cyber-Rights & Cyber-Liberties.

“Although this sounds like a great idea, I would not like to be searchable in this way, or so easily tracked without my consent,” says Akdeniz. The database compiled by Polar Rose is similar to the kind of biometric database some governments wish to use, he points out.

“I wonder whether they have a right to build such a database,” says Akdeniz, he suggests people think twice before embracing such potentially intrusive tools, and consider which photos of themselves they allow online.

Others agree. Simon Davies, director of the campaign group Privacy International and a specialist in technology and privacy at the London School of Economics, UK, says face-searching technology is valuable but must be used responsibly.

He fears Polar Rose could help identity thieves or stalkers, or even be used by the police to monitor protesters. “They could use the service to find where people have been, what their activities are, or who they associate with,” he says.

Search engines should allow users to prevent their photos being searched, says Davies. “There should be a way to put code in a webpage that signals you want to opt out,” he told New Scientist.

The Trustable Web(log) begins

I met Mike for the first time at IIW2006a in May. I am not totally sure how he got there (I am sure that is a subject of a few blog posts) but some how it was through the Imergence project.

He is a non-engineer and relative “newbie” in the community. In discerning what identity is all about he has come to the conclusion that it is about the “trustable” web….“the continued evolution of the Internet to the point that it can deliver what I want, how I want it, in a way that I can control…and trust.”

The third great evolutionary phase will be a “full service” phase. This will be characterized by letting “others” do the work or provide the service, without an undue amount of work on the part of the individual receiving the benefit. This is the “set it and forget it” model where we get what we want, when we want it. This phase will be enabled by technology, but it will rely more on how people come to “trust” those with whom they interact. This is the “trustable” web.

The trustable web will come about as the result of three fundamental changes: one technical, one structural, and one relational. The combination will result in a new user-experience, where an individual can “empower” or “trust” the “network” to do things that simplify, enrich, and improve everyday life. The trustable web will be: (1) user-centric, (2) user-controlled, and (3) user-empowered.

I have had a few conversations with him about the intellectual and market framework outlined. It is quite exciting and I can’t wait to keep reading in the new year.

2006 Predictions: How good were they?

Last year’s predictions included this:

4. Collaboration applications will get in the identity game.
One of the areas that will suddenly find itself in the middle of the identity conversation will be collaboration applications — by that we mean blogs, feedreaders, wikis, etc. The new “social networking” applications will start to seriously go after the identity game in 2006.

Grade: 1.
Reasoning: I could argue that this prediction should be graded higher in light of the blogosphere’s adoption of identity protocols, but alas, my general sense is that collaboration applications (and those in the “web 2.0” world) are still largely seeing identity as somebody else’s problem.

I think that this year will see collaboration tools begin to adopt. It took a while for this to happen because OpenID was not there yet and none of the collaboration tool folks want to worry about which protocol will win they just want it to work. With my position on the ground in the Web2.0 market I have had conversations with small ecologies of companies who ‘get’ that their users are shared with other companies. The Office 2.0 crowd was very enthusiastic about the potential for OpenID to offer SSO to their ecology.

5. URL-based identity will gain some traction.
Yes, we’re following the URL-based identity work. Yes, we think its important. Yes, we think it will accomplish some interoperability tests in 2006. Yes, we think it will gain some traction with the alpha geek community — and stop just short of a critical mass. Watch for URL-based identity to create a deeper understanding of identity for a larger community.

Grade: 5.
Reasoning: OpenID, OSIS, Higgins, Cardspace, Sxip — the list goes on and on. The work happening in the URL-based identity space is now not only driven by the smaller players, but the larger ones (like Verisign) as well. URL-based identity made an *awful* lot of progress in 2006, but didn’t reach critical mass.

Yep. Lot so of good stuff happened this year. Congratulations to everyone on working hard together to make all this good stuff happen.

6. Identity comes to Search.
Call this one something that happens in an alpha state in 2006. Either Yahoo!, Microsoft or Google will either announce or release an early version of a search product that brings identity profiles to bear. Somebody get me Vint Cerf on the phone! 😉

Grade: 1.
Reasoning: Another one that I *wished* would’ve happened, but didn’t. While Yahoo!, Microsoft and Google all made some pushes into personalized search (close), no one truly launched identity-based search based on profiles (but no cigar).

Yes this certainly didn’t happen this year. I think that all will happen is market setting so it can maybe happen in 2008. With Doc’s work on VRM and the coming of several identity across the web aggregation tools (ones that you do like ClaimID and ones that happen to you like Wink, and Spock). The ground work is being laid for this to become more real.

10. The Divide between User-centric and Enterprise Identity management is the number one conversation in 2006.
Its something we’ve identified and focused on for some time — the two different conversations that are “user-centric” identity and “enterprise identity.” The historical gap between these two areas is now being addressed by serious folks in the identity game — and 2006 will see this be the most powerful conversation in the land.

Grade: 5.
Reasoning: I’d give us a “10” on this one if I could. User-centric identity dominated the discussion in nearly all identity circles in 2006.

We were the talk of the town this year. It was fun to have so many great conversations at so many event. Next year hopefully more of the legal folks will join in so we can get some of the governance right. Code 2.0 goes on and on about the coming identity layer and governance.

Highlights from Accelerating Change:6 (Brains, Spirit, Sex, Knowledge)

From Dr. Amen: Brain protection is essential. The Brain is very soft like tofu and the skull is really hard. Brain injuries matter and we need to take care of young brains (like not let kids play football).

The conference took a spiritual theme at the end with the presentation by the chair of the leading private university in Taiwan with a major focus on Future Studies. Their conference coming up is Global Soul, Global Mind, Global Action.

Spiritual Technology is essential to support us slowing down enough to absorb and process the accelerating change of technical technology. Janardhan Chodagam presented about the Brahmin Kumari World Spiritual Organization and highlighted how meditation can transform deep rooted personality we don’t like.

Ray thinks we are going to have sex in new ways with nanotechnology and sensations evoked with direct nerve inputs over riding our regular sensory inputs. I really can’t imagine real sexual activity between real people being replaced by nanobots.

Ray highlighted some key elements of what makes human is how knowledge it transfered from generation to generation. It is this transfer of knowledge that is expanding exponentially and why computers and other tools are needed to cope.

Spaces for Identity

This was from the Future Salon:

Outer Space (the world around us: science, the natural and built environment, universal systems theory)

Human Space (the human world: our bodies, behavior, minds, human systems theory)

Inner Space (the world below: energy, small tech, computer “bodies”, inner systems theory)

Cyber Space (the virtual world: computer “behavior”, computer “minds”, cyber systems theory)

Hyper Space (the world beyond: new paradigms, phase transitions, hyperphysics, hyper systems theory)

Relationships are the crossing of boundaries between things.
This happens within our selves and between others.
Maintaining right relationship and boundaries between these is what helps energy flow well.

Cato: Radical Evolution – Joel Garreau Pt 1

So this a reprint… it was on my old blog.
To clarify for those of you confused my comments are indented and in italics. I never did get to publishing part two either. Hopefully this week.

I heard this talk on June 17 at the Cato Institute / The Economist Luncheon LIberty, Technology and Prosperity in San Francisco by Joel Garneau author of Radical Evolution.
Joel’s introduction was given by The Economist SF corespondent.
He has five hats the most interesting of those seemed to be a TROLL as in the norse mythological figure who hangs out in the woods and looks after the forest.

He is editor of the Washington Post Style section. Is a scenario planner at the Global Business Network. He also has a consulting firm the Garneau group – with him and his best sources. He also dabbles in Academia.
He has authored three books – The

Nine Nations of North America, Edge City – life on the new frontier and the topic of today’s talk Radical Evolution: The Promise and Peril of Enhancing Our Minds, Our Bodies and what it means to be human.

Joel Garneau

We are at turning point in human history because of the fundamental changes in what it means to be human in the next 10-20-30 years. The change in the technologies we are working on today is that they are not focused outward on – fire, cloths,
They are focused inward on us – Modifying our minds, memory, metabolism our kids and what it means to be human.
These changes in science have significant political implications. They are changing VC’s have to look at the world.

When I heard this I mentally noted the oddity of it being the next statment. It sort of implied that there was a way in which their decisions had a profound effect on the future – and perhaps they do but should they have this big a power to shape it – how do we discuss and discern about these issues that affect the whole of society?

Their will be changes in cultures and values on our watch in real time. The future is being driven by the curve of accelerated change. How many people have heard of Moores Law – about 1/2 of the audience raised their hands. The data point on this is that normally only 10% of the audience does. We have had 29 doublings of computing since 1959 – that is 40,000,000 times.
This curve did not suddenly start out with the chip. We are in a third sort of evolution of what it means to be human. Darwin and chimps it took 8,000 years to get reading and writing.

Technosis is a great book to understand ‘writing’ as a technology that profoundly shaped culture.

To give perspective rail roads changed everything they touched and the number of miles of rail road miles was only 14 times.
In 1800 we started the industrial age an example of this curve is that in 1903 we had the first flight and 66 years later we were on the moon.
These changes are exponential and change all of society. This curve that we are riding – I don’t see where it levels off.
The limitations are – Quantum Mechanics – The Marketplace – Human ingenuity (he sees no limits to these three)

Finally our willingness to shape culture and values. I am interested in human relationship and love and lies.
We are charging the shape of what it is to be human.
Fleet of technology – affect how mind, memory and metabolism works.

I spent a year with DARPA Spent Year with DARPA. They see the week link in the war fighting machine as us – humans themselves. Lets meet the first telekinetic monkey who can move objects through her thoughts.

We hook her on computer games moving a cursor with a joyce stick.
Drill hole in head near motor quartex and put in a mesh of extremely fine Wires that connect with neurons.
See the patterns in the mind when operating the joyce stick
Disconnect the joyce stick.
Just use mind to move the cursor
Hook up robot arm that moves with cursor movements.
The defense reason that F22 is difficult to control with joyce stick. If you could control with mind <-> machine connenction. Feeding information into skull real time…blur line between made and born. That is the official reason we are doing this. The real reason is the guy who heads the lab has a daughter with ceribal palsy who can’t walk on her own and what if she could control machines with her thoughts that moved he legs? This is a dramatic change in what it means to be human.
The Berry Bonds – steroid controversy – is the tip of the iceberg in terms of what does it mean to be enhanced? – what are the social implications? Should he have an asterix next to his name because he is not the same type of human being as those who’s records he broke?
There will be people who are delighted to adopt these advances.
There will be NATURALS who are like todays vegetarians
The REST – for reasons of geography or economics are not enhanced and will envy and despise those who are. THIS HAS POLITICAL CONSEQUENCES.
What is driving this is GRIN – Genetics, Robotics, Information and Nanotechnology.
To be continued…

Next gen phone aps – interesting future identity use.

Found in this article about next generation phone apps with interesting identity applications.

Curious about the people around you? Pantopic takes the openness, and, well, ‘browseability’ of an online community into the real world. Once you install pantopic, your phone becomes like a webpage that only people in your immediate area can read.

The fun part comes when you link up with pantopic groups in your area. Once you do, you’ll be able to get information about who your friends are hanging out with, and where. It’s going to be a few years before a lot of people have this technology. Pantopic tries to solve the saturation problem by focusing on seeing activity in your groups.

Neighbor node