IIW is early!! We are 20!! We have T-Shirts

Internet Identity Workshop is only a month away. April 7-9, 2015

Regular tickets are only on sale until March 20th. Then prices to up again to late registration.

I’m hoping that we can have a few before we get to IIW #20!!

Yes it’s almost 10 years since we first met (10 years will be in the fall).

I’m working on a presentation about the history of the Identity Gang, Identity Commons and the whole community around IIW over the last 10 years.

Where have we come from?…leads to the question…. where are we going?  We plan to host at least one session about these questions during IIW.

It goes along with the potential anthology that I have outlined (But have a lot more work to get it completed).

Internet Identity Workshop #20 is in April !!

IIW is turning 20 !

That is kind of amazing. So much has evolved in those 10 years.
So many challenges we started out trying to solve are still not solved.

I actually think it would be interesting as we approach this milestone to talk about what has been accomplished and what we think is yet to be accomplished.

I am working on organizing a crowd funding campaign to support completing an anthology that I have outlined and partially pulled together. I will be asking for your support soon. Here is the post on my blog about it.

In the mean time tickets for IIW are up and for sale! You can also order a special T-shirt we are designing especially for the occasion.

Recent Travels Pt1: IIW

IIW is always a whirlwind and this one was no exception. The good thing was that even with it being the biggest one yet it was the most organized with the most team members.  Phil and I were the executive producers. Doc played is leadership role.  Heidi did an amazing job with production coordinating the catering, working with the museum and Kas did a fabulous job leading the notes collection effort and Emma who works of site got things up on the wiki in good order.

We had a session that highlighted all the different standards bodies standards and we are now working on getting the list annotated and plan to maintain it on the Identity Commons wiki that Jamie Clark so aptly called “the switzerland” of identity.











We have a Satellite event for sure in DC January 17th – Registration is Live.

We are working on pulling one together in Toronto Canada in

early February, and Australia in Late March.

ID Collaboration Day is February 27th in SF (we are still Venue hunting).

I am learning that some wonder why I have such strong opinions about standards…the reason being they define the landscape of possibility for any given protocol. When we talk about standards for identity we end up defining how people can express themselves in digital networks and getting it right and making the range of possibility very broad is kinda important.  If you are interested in reading more about this I recommend Protocol:  and The Exploit. This quote from Bruce Sterling relative to emerging AR [Augmented Reality] Standards.

If Code is Law then Standards are like the Senate.













Join us for IIW – NSTIC, Nymwars, OpenID, Personal Data, and more.

Founded in 2005 by me, Doc Searls, and Phil Windley (Yes it is an odd but fun bunch), IIW is focused  on user-centric digital identity.   Registration is Open!

Internet Identity Workshop #13 October 18-20 in Mountain View

The Internet Identity Workshop focuses on “user-centric identity” and trying to solve the technical challenge of how people can manage their own identity across the range of websites, services, companies and organizations that they belong to, purchase from and participate with. We also work on trying to address social and legal issues that arise with these new tools.  This conference we are going to also focus some attention on business models that can make this ecology of web services thrive.

The NSTIC Stakeholder community has been invited.

[Read more…]

Is Google+ is being lynched by out-spoken users upset by real names policy?

Following my post yesterday Google+ says your name is “Toby” not “Kunta Kinte”, I chronicled tweets from this morning’s back and forth with  Tim O’Reilly and Kevin MarksNishant  KaushikPhil Hunt,  Steve Bogart and Suw Charman-Anderson.

I wrote the original post after watching the Bradley Horwitz (@elatable) – Tim O’Reilly (@timoreilly) interview re: Google+. I found Tim’s choice of words about the tone (strident) and judgement (self-righteous) towards those standing up for their freedom to choose their own names on the new social network being rolled out by Google internet’s predominant search engine disappointing.  His response to my post was to call me self-righteous and reiterate that this was just a market issue.

I myself have been the victim of a Google+ suspension since July 31st and yesterday I applied for a mononym profile (which is what it was before they insisted I fill out my last name which I chose to do so with my online handle and real life identity “Identity Woman”) 

In the thread this morning Tim said that the kind of pressure being aimed at Google is way worse then anything they are doing and that in fact Google was the subject of a “lynch mob” by these same people.  Sigh, I guess Tim hasn’t read much history but I have included some quotes form and links to wikipedia for additional historial context.

Update: inspired in part by this post an amazing post “about tone” as a silencing/ignoring tactics when difficult, uncomfortable challenges are raised in situations of privilege was written by Shiela Marie.  

I think there is a need for greater understanding all around and that perhaps blogging and tweeting isn’t really the best way to address it.  I know that in the identity community when we first formed once we started meeting one another in person and really having deep dialogues in analogue form that deeper understanding emerged.  IIW the place we have been gathering for 6 years and talking about the identity issues of the internet and other digital systems is coming up in mid-October and all are welcome.  The agenda is created live the day of the event and all topics are welcome.

Here’s the thread… (oldest tweets first)

 Note all the images of tweets in this thread are linked to the actual tweet (unless they erased the tweet).  [Read more…]

Google+ and my “real” name: Yes, I’m Identity Woman

When Google+ launched, I went with my handle as my last name.  This makes a ton of sense to me. If you asked most people what my last name is, they wouldn’t know. It isn’t “common” for me.  Many people don’t even seem to know my first name. I can’t tell you how many times I have found myself talking with folks at conferences this past year and seeing ZERO lighbulbs going off when I say my name “Kaliya”, but when I say I have the handle or blog “Identity Woman” they are like “Oh wow! You’re Identity Woman… cool!” with a tone of recognition – because they know my work by that name.

One theory I have about why this works is because it is not obvious how you pronounce my name when you read it.  And conversely, it isn’t obvious how you write my name when you hear it.  So the handle that is a bit longer but everyone can say spell “Identity Woman” really serves me well professionally.  It isn’t like some “easy to say and spell” google guy name like Chris Messina or Joseph Smarr or Eric Sachs or Andrew Nash. I don’t have the privilege of a name like that so I have this way around it.

So today…I get this

I have “violated” community standards when using a name I choose to express my identity – an identity that is known by almost all who meet me. I, until last October, had a business card for 5 years that just had Identity Woman across the top.

Display Name – To help fight spam and prevent fake profiles, use the name your friends, family, or co-workers usually call you. For example, if your full legal name is Charles Jones Jr. but you normally use Chuck Jones or Junior Jones, either of these would be acceptable. Learn more about your name and Google Profiles.

[Read more…]

Proactive Development of Shared Language by NSTIC Stakeholders

This is the “punchline section” (in my response it is after what is below…the history of collaboration in the identity community):

Proactive Development of Shared Language by NSTIC Stakeholders

In 2004-5 the Identity Gang (user-centric identity community) was 1/10 the size of the current NSTIC stakeholder community.  It took us a year of active grassroots effort to develop enough common language and shared understanding to collaborate. NSTIC doesn’t have 5-10 years to coalesce a community that can collaborate to build the Identity Ecosystem Framework. To succeed, the National Program Office must use processes to bring value and insight while also developing  shared language and understanding amongst stakeholders participating.

[Read more…]

Emerging Themes for IIW12

One of the reasons I love IIW is that really smart people with passion can come together, discuss hard problems AND make real progress towards solving them.  This is just my take – of course the workshop will be created by the people who attend.

OpenID “The Next Generation”:

In my last post I said some things that some people associated with particular technologies may have interpreted in a way that I didn’t intend.  I said “OpenID as we know it” was dead – but OpenID itself is very much alive and making progress to the next generation of OpenID. The work led by Nat Sakimura on Attribute Binding and the proposal to do an OpenID Connect by David Recordon have merged into OpenID-ABC.   They are making steady progress led by John Bradley and Nat with active participation from Microsoft, Google and Facebook.  My hope is that some more people from independent web perspectives – hint hint Evan and Sarah 😉  can get involved too.

The OpenID Summit on May 2 will be a place where people are gathering to focus on the technology and progress will be made at IIW following.

Media, Trust and the Freedom to Comment:

Issues surfacing around the release of Facebook Comments and the “protection” they in theory give against trolls – articulated here on TechCrunch.

Facebook Comments homes in on trolling by forcing real identity, but the end result isn’t just the silencing of trolls, it’s the silencing of everyone.

I have been surprised by the number of projects surfacing about how individuals share and connect information about media.  Bill Densmore has had a project called CircLabs for a while. Hypothes.is is a project that I just learned about that is in the research phase.


Personal Data – Legal and Technical Issues:

The buzz around various startups in the Personal Data Ecosystem is growing. Kynetx, Phil Windley’s company, has launched their new site for apps on the live web. This week TrustFabric put out Beta 3. Tara Hunt published an article about Personal Data on O’Reilly Radar.  Drummond & Joe are working on Connect.me. Azigo has new software out. Mydex has completed its community prototype in the UK. Personal.com has a site up but is not live yet. Statz.com has begun a board of trade for people’s data and lets them upload their data. Folks from the Locker Project will also be attending.

Last week was Personal Data 2.0 with many sessions about key issues – it was a great warmup for IIW and precursor for the same workshop a week after IIW in London the same day as a similar conversation at the European Identity Conference.  We are hosting Yukon Day, a day we are inviting investors to, on the third day of IIW.  There are many legal issues to be discussed around data and rights. Scott David wrote a post about why lawyers should come to IIW.

NSTIC: Making it Real

The National Strategy for Trusted Identities in Cyberspace is being announced today at the US Chamber of Commerce. I wrote about why we shouldn’t freak out about it after the program office was announced at Stanford. Government leaders working on actually implementing open standards for identity login at NIH and other agencies participated in our east coast satellite event last September in DC.  This coming IIW will be a great opportunity to make progress in the dialogue about the issues NSTIC raises and to get down to the nitty gritty of implementing.



Personal Data Ecosystem talk at Digital Privacy Forum, Jan 20th, 2011 in NYC

This is my talk presented to the Digital Privacy Forum produced by Media Bistro, January 20th, 2011 about Personal Data Ecosystem and the emerging consortium in the space.

Thanks for inviting me here to speak with you today.

The purpose of my talk is to share a new possibility for the future regarding users’ personal data that most have not yet explored. It sits between the two extremes of a familiar spectrum.

On one end, “Do not track” using technology and a legal mandate to prevent any data collection.


On the other end, “Business as usual” leaving the door open for ever more “innovative” pervasive and intrusive data collection and cross referencing.

There is a third possibility that aligns with peoples’ privacy needs as well as offering enormous business opportunities.

A nascent but growing industry of personal data storage services is emerging.  These strive to allow individuals to collect their own personal data to manage it and then give permissioned access to their digital footprint to the business and services they choose—businesses they trust to provide better customization, more relevant search results, and real value for the user from their data.

With other leading industry thinkers, I have come to believe that there is more money to be made in an ecosystem that allows users to determine which businesses have access to what data,and under what terms and conditions, than there is under present more diffused, scattershot, and unethical collection systems. Today I will articulate the broad outlines of this emerging “personal data ecosystem” and talk about developments in the industry.

Those of you who know me will find it unusual for me to have such a keen focus on making money on user data and emerging business models.

I am, after all, known as the “Identity Woman – Saving the World with User-Centric Identity”. Since first learning about issues around identity technologies online in 2003, I have been an end user advocate and industry catalyst.

[Read more…]

National! Identity! Cyberspace!: Why we shouldn’t freak out about NSTIC.

This is cross posted on my Fast Company Expert Blog with the same title.

I was very skeptical when I first learned government officials were poking around the identity community to learn from us and work with us.  Over the last two and a half years, I have witnessed dozens of dedicated government officials work with the various communities focused on digital identity to really make sure they get it right. Based on what I heard in the announcements Friday at Stanford by Secretary of Commerce Locke and White House Cybersecurity Coordinator  Howard Schmidt to put the Program Office in support of NSTIC (National Strategy for Trusted Identities in Cyberspace) within the Department of Commerce. I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative, like this from CBS News: Obama Eyeing Internet ID for Americans.

I was listening to the announcement with a knowledgeable ear, having spent the last seven years of my life focused on user-centric digital identity.Internet Identity Workshop Logo Our main conference Internet Identity Workshop held every 6 months since the fall of 2005 has for a logo the identity dog: an allusion to the famous New Yorker cartoon On the internet, nobody knows you are a dog. To me, this symbolizes the two big threads of our work: 1) maintaining the freedom to be who you want to be on the internet AND 2) having the freedom and ability to share verified information about yourself when you do want to.  I believe the intentions of NSTIC align with both of these, and with other core threads of our communities’ efforts: to support identifiers portable from one site to another, to reduce the number of passwords people need, to prevent one centralized identity provider from being the default identity provider for the whole internet, to support verified anonymity (sharing claims about yourself that are verified and true but not giving away “who you are”),  support broader diffusion of strong authentication technologies (USB tokens, one-time passwords on cellphones, or smart cards), and mutual authentication, allowing users to see more closely that the site they are intending to do business with is actually that site.

Looking at use cases that government agencies need to solve is the best way to to understand why the government is working with the private sector to catalyze an “Identity Ecosystem”.

[Read more…]

ID Collaboration Day

RSA is coming up in February and to celebrate Valentines Day Kantara and IIW/ID Commons are collaborating to put on a day of unconferencing to get work done across the user-centric, enterprise and government Identity efforts.

Because of the nature of the Monday of RSA with morning and afternoon activities – we are offering Morning and Afternoon tickets ad will make the agenda following lunch for the afternoon.

You can see the topics proposed so far here on the IIW wiki.

Here is the Announcement on the IIW Site

The Emerging Personal Data Ecosystem

This week I am heading to Telco 2.0 because the conversations with telco’s about how they participate in the Personal Data Ecosystem are moving forward in interesting ways.   IIW #10 had several long sessions about the topic. IIW-East was full with each of the 8  time slots having a session about different aspects and IIW-Europe October 11th coincided with the announcement of the first community prototype personal data stores by MyDex.

Learning from one of the mistakes of the past – market confusion inhibiting understanding and adoption of user centric identity technologies. The Personal Data Ecosystem is going to be a “front door” for those seeking to understand the ecosystem overall with a simple message and clear picture of what is happening. It will also connect people to the community working on the aspect of the ecosystem relevant to them. Our focus is on developing the  core communities needed for success and fostring communication amongst them.  These communities include  end users, large personal data service providers, companies providing data to personal data services, developers and startups leveraging this new ecosystem, regulators and advocacy groups along with the legal community and their efforts to create the legal frameworks needed to really protect people.

We arleady have a number of projects working on key aspects around the ecosystem and we will support their success linking them together – Project VRM, ID-Legal, Project Nori, Higgins-Project, Project Danube, XDI.org and IIW (they are linked at the bottom of the Personal Data Ecosystem site),   This is a big tent ANY OTHER projects that are related are welcome.  We don’t need another dot org to link efforts togethers so PDE is going to be chartered as part of IC3 (Identity Commons).

Right now the Personal Data Ecosystem site is aggregating content from blogs of those covering and building in the space.   This week we will be doing our first Podcast covering this emerging industry – Aldo Casteneda who you may remember from The Story of Digital Identity will be hosting it with me.

Next week we will be able to collect links submitted via delicious for the blog. I am working with the fabulous Sarah Dopp on website strategy and online community development and Van Riper is working with me on community management.

IIW coming up in a week is going to be a core community gathering for emerging developments.

IIW #11 in a Week

IIW begins in a week on Tuesday November 2nd. Election Day in the US (if you can vote we want you to remember to do that before leaving for IIW)

We are really excited about all the attendee’s who are registered so far. The list is diverse and interesting and includes, independents, startups, students and people from big companies. I encourage you to browse it at on the bottom of our registration page

We have one day tickets now available and regular registration ends Thursday at midnight. “IIW-Nov” is a discount code for 10% off that.

The emerging themes we have identified are reflected in the topics proposed on our wiki

  • User-Centric Identity applied (OpenID, OAuth, XRD, SAML, InfoCard, Activity Streams, etc.)
  • Personal Data Ecosystem
  • Federated Social Web
  • Vendor Relationship Management
  • Active Clients (tools in the browser and other clients)
  • Identity in the Cloud

We have Demo slots available for Wednesday after lunch.
There is more room for your project to share please let me know (kaliya[at]mac.com) if you are interested in doing so. I need a name, link and 280 character description by Friday October 30th.  There are about 10 requests via registration.  Here is where the description will be posted once submitted.

Tuesday doors will open at 8AM for registration. Phil Windley will give the opening talk at 9am and we will begin agenda creation by 9:30. We will have 5 sessions per day. Dinner on Tuesday and Wednesday will be hosted and at local restaurants. You can find the schedule online. If you are wondering about how the unconference works please read this post on Kaliya’s unconference blog.

I pulled these from the topics wiki

Critical Topics to discuss with peers:

* I fear that Facebook Connect and Twitter Connect are the new AOL
* current and future business cases
* Need for web agent (browser) externsions. psuedonym, NSTC
* Understanding what has stabilized about protocols so we can standardize our partners on them
* Open Identity Trust Framework
* Future of authentication from a user perspective.
* What are the components of a personal data ecosystem? What rights and protections do we need to articulate in law and enforce through social norms?
* Best applications and issues for combining social information
* how do we want to represent identity in the OS/browser
* “all sorts of “”real world users”” issues and questions”
* How to make this stuff invisible
* “what are all stakeholder identity needs; what system “”metrics”” would help them”
* how/if their ideas apply when a domain name or IP address is the only identifier
* Where do we go from here?
* “How do we start the path to laws that give power to people over “”their data””
* What’s on the horizon, how are people bridging consumer & enterprise identity protocols, how does OAuth change things, what about Info Cards, etc., etc.
* zero password initiatives
* adoption of OpenID and OIX Trust Frameworks
* Personal data store interop
* “Multiple “”Identities”” and the requirement to be conscious of them”
* Full session life-cycle management
* UMA / Personal Datastore
* how to make this all user comprehensible


IIW-East Introduction

This was the presentation I shared for the opening of IIW-East it covers an overview of the history of the community and where we are going next. Mary Ruddy’s presentation on Open Identity for Open Government followed this.

IIW-East Introduction to Identity Community

Mary Ruddy presented about Open Identity for Open Government.

IIW-East opens Thursday

Phil and myself just got back from our walk through at the Josaphine Butler Parks Center where IIW-East opens tomorrow.  He shot some photos of it (outside) (inside)

We are doing our first Internet Identity Workshop outside of the Bay Area and our first with a theme – Open Identity for Open Governmnet.

We have over 75 people attending from around the world – you can see the names at the bottom of the registration page.

The proposed topics shared so far as attendees register can be seen here on the wiki. They are amazingly diverse and center around key issues about policy, standards, legal frameworks and the path forward for those who care about creating an identity layer/infrastructure/platform that really works for people.

The actual agenda will be created tomorrow morning at 10 am following an introductory talk by Kaliya Young Hamlin and Mary Rudy at 9am.  We will make the agenda for Friday at 9am that day.

Personally I am passionate about the conversations that will be happening about personal data stores and their evolution.

We are not at War

I was the first person Van asked to speak at the Community Leadership Summit West Ignite talks. I was the last person to submit my slides. I have a lot to say about community but I had a hard time figuring out exactly what to say. I knew I wanted to talk about the identity community and our success in working together. Robert Scoble’s quote really got me going and I decided to use the talk to respond to the comment that was catalyzed by his facebook post/tweet “Who is going to win the Identity War of 2010”

This is completely the wrong frame to foster community collaboration.

Internet Identity Workshop Fall – 3 events

The Tenth Internet Identity Workshop in May, 2010 was the largest ever. We have had inquiries from community members on the East Coast of the US and in Europe have been lobbying us to bring the event to their locations.  We are happy to confirm that we are going host IIW’s in Washington, DC  and London.

WE NEED YOUR HELP! Please take some action if you like IIW and are reading this. IIW is been about the community that attends and participates year round in the activities of groups that use the event to get real work done and move the industry and vision of user-centric identity that works for people forward.

So with these events upcoming Phil, Doc and I need your help in spreading the word to your collegues on the East Coast and in Europe who would enjoy the event.

To help you do this we have several tools and options.
Blog badges for specific events. (These are two of them their are more on the wiki)

For IIW-East September 9-10 in Washington DC

For IIW-Europe, October 11 in London we have

For IIW #11 in Mountain View, November 9-11

If you value IIW and the conversations that happen there please take some initiative and reach out to colleagues to spread the word about these events.  Because of the community focus of the events we  rely strongly on community word of mouth to let people know about them.

It would be great to have community ideas put forward for the main IIW invitation articulating the current foci of conversations.

Internet Identity Workshop in DC

The Internet Identity Workshop is coming to the east coast for the first time – September 9-10, 2010 in Washington DC.

The theme for the event is Open Identity for Open Government. You can learn more about the event on the IIW website and register over on this site.

Internet Identity Workshop comes to DC!

Theme: Open Identity for Open Government.

Register Here!

Internet Identity Workshop East (IIW-East) is September 9-10, 2010 in Washington DC  at the Josaphine Buttler Parks Center.  This event immediately follows the Gov 2.0 Summit.

The Internet Identity Workshop has been held semi-annually in California since the Fall of 2005. The 10th IIW was held this past May and had the largest attendance thus far. There have been many requests to have an IIW on the East coast, and now the Open Identity for Open Government Initiative is providing a timely incentive to have one in Washington.

IIWs focus is on “user-centric identity”, addressing the technical and adoption challenge of how people can manage their own identity across the range of websites, services, companies, government agencies and organizations with which they interact. IIW-East will focus mainly on the government adoption of open identity technologies for use by government websites.

Unlike other identity conferences, IIW’s focus on the use of identity management approaches based on open standards that are privacy protecting. IIW is a unique blend of technology and policy discussions where everyone from a diverse range of projects doing the real-work of making this vision happen are able to gather to work intensively for two days. It is the best place to meet and participate with all the key people and projects such as:
  • OpenID
  • IMI Information Cards
  • GSA approved schemas for open identity protocols
  • Personal Data Stores
  • NIH pilot adoption of Open Identity technologies
  • Certification of industry open identity credentials
  • Business models for higher LOA open identity credentials
  • National Strategy for Trusted Identities in Cyberspace

The event has a unique format – the agenda is created live the day of the event. This allows for the discussion of key issues, projects and a lot of interactive opportunities with key industry leaders.

The event compiles a book of proceedings with the notes that are gathered from the conference. You can find the Book of Proceedings for IIW7IIW8,  IIW9IIW10 here. BTW these FOUR documents are your key to convincing your employer that this event will be valuable. As attendees register we ask about topics they wish to discuss.

Providing identity services between the general public and government websites is a different problem than providing authentication and authorization services within one or a few organizations (enterprise provisioning/termination or federation between two companies or government agencies).

As a community we are exploring these kinds of issues:

Questions Agencies Face:

  • How can open identity technologies enable open government
  • How can agencies leverage identity credentials generated by other organizations
  • How can the government  leverage the efforts of social networking sites that offer user-centric identity credentials
  • What are the advantages to agencies of adopting open identity technologies
  • How can open identity technologies enable your websites to move beyond brochure-ware
  • How can we increase the speed in which government organizations can benefit from the use of open identity approaches
  • How to manage Federated Identity on an ever increasing scale
  • What are the implications of National Strategy for existing policy mandates
  • Should there be integrated political architecture
  • There are five distinct Cyber Security Bills in Congress now – what are the implications

Policy  Considerations:

  • The relationship between FIPS (Federal Information Processing Standards) and identity management
  • What are the business cases for agencies to adopt Open Identity Technologies
  • What are the new legal constructs that make this work
  • How to use open identity technologies to preserve privacy while providing personalization
  • GSA standards for the use of open identity technology
  • Data Privacy Issues
  • Personal Data – how is it stored and shared with end users
  • How are these new approaches regulated

Technical Issues:

  • Open identity standards (identity and semantic)
  • What software is available to leverage open identity standards
  • How different standards and technical implementations interoperate
  • How agencies can accept identity credentials generated by other organizations
  • How open identity technologies can enable your website to move beyond brochure ware, without using cookies
  • How to leverage open identity technologies in your technology roadmap
  • How to implement Federal Identity
  • Tecnlogy issues involved in implementing existing Identity Management technology
  • Lessons learned – what are the most effective ways for Federal Agencies to build and employ identity systems

New Industry Developments:

  • Personal Data Stores/Data Banks with our digital footprints recorded
  • What new Identity Management technologies are on the horizon
  • National strategy for trusted identities in Cyberspace

Please join us at the Internet Identity Workshop

To consider all these and more!

It is the best place to meet and participate with all the key people and projects such as:

  • OpenID
  • IMI Information Cards
  • GSA approved schemas for open identity protocols
  • Personal Data Stores
  • NIH pilot adoption of Open Identity technologies
  • Certification of industry open identity credentials
  • Business models for higher LOA open identity credentials
  • National Strategy for Trusted Identities in Cyberspace

IIWX Internet Identity Workshop 10, Introductory Talk

I gave this talk at the 10th Internet Identity workshop reviewing the shared history, language, understanding and work we have done together over the last 6 years of community life.

Part of this presentation touched on a timeline of events in the community. Those and more are reflected on this timeline that is beginning to be developed here. IIW11 will be November 9-11 in Mountain View, CA The first ever IIW outside the Bay Area will be happening September 9-10 in Washington DC following the Gov 2.0 Summit with the theme Open Identity for Open Government. The first IIW in Europe will be happening in London likely October 9-10 (dates still to be confirmed) prior to RSA Europe. If you would like to know about when the next IIWs have registration open please join this announce list. TheIdentity Gang is the community mailing list where conversations are ongoing about identity. You can follow modest updates about IIW on twitter via our handle – @idworkshop You can see IIW 10 attendees on our registration page.

IIW Date Shift – May 17-19

It turns out Google I/O is the week of IIW.  We found out too late to shift weeks but early enough to shift days to only conflict 1 day (the 19th).  Please mark your calendars accordingly.

Early Bird Registration is in effect for another month. Sponsorships and “big tickets” (for those who can expense a higher ticket price but can’t get actual “sponsorship budget”) are still available.

IIW is NOT an advocacy group – sigh “the media”

Facebook’s Online Identity War quotes me and labels IIW an advocacy group. IT IS AN INDUSTRY FORUM. Douglas MacMillan.

Sorry but I am still learning “how” to talk to reporters. They don’t like to quote me as “the identity woman” and link to my blog.

I “do” run the Identity Workshop with Phil and Doc but that doesn’t make it an “advocacy group”

Identity Commons & IIW have a purpose and principles believing in user/centric identity. The power of individuals to manage and control their own identities online. We don’t “advocate” for them – we create a convening space for people who want to work on this ideal.

Facebook does on some level “agree” with the idea of user-centric identity – Luke Shepard has participated in the community for quite a while & they hired David Recordon. They sponsor IIW.

I am clear that the opening up of previously controlled information with no warning “jives” with my understanding of user-centric control. It was more from my own point of view I was commenting. That is with my “identity woman” hat on… and the values I carry from Planetwork and the ASN… but the press hates that. Uggg. Chris Messina gets to be an “open web advocate”… that is what I do to but just about identity “open Identity advocate” (mmm…) but then that sounds like “just” OpenID and it isn’t just about that one particular protocol. sigh.

I am still wondering – How does one “belong” and have “titles” in a way the media can GROK when one does not have a formal position in a formal organization.

sigh – identity issues.

IIW9 Highlights – IIW10 Reg Open

I am really pleased to share that the notes for IIW9 are available in PDF form now. All sessions also have a wiki page too.

Heidi Nobantu Saul did an amazing job collecting notes and we managed to get all session notes except a very few on the last day.

Highlights include:

The 10th Internet Identity Workshop is May 18-20.
Registration is Open Now and Extra Early Bird Rates are in effect until January 31.

Fire Fox and Identity in the Browser

ReadWriteWeb reports this week:

Decrying redirects and iframes, Raskin tells of a brave new world where an in-browser button that defies navigational difficulties allows for something closer to true identity portability than we’ve seen yet:Identity will be one of the defining themes in the next five years of the Web. Nearly every site has a concept of a user account, registration, and identity. Searching for “sign in” on Google yields over 1.8 billion hits. And yet, the browser does nothing to make this experience better save for some basic auto form filling. The browser leaves websites to re-implement identity management, and forces users to learn a new scheme for every site… Your identity is too important to be owned by any one company. Your friends are too important to be owned by any one company.

Finally! They said it!

Comments in reaction to the ReadWriteWeb post highlight Information Cards & CardSpace are not mentioned – I point out in my comment that the work is all connected ant pointed to the IIW conversations about Active Clients attended by all.

Aza open their post with this paragraph:

Identity will be one of the defining themes in the next five years of the Web. Nearly every site has a concept of a user account, registration, and identity. Searching for “sign in” on Google yields over 1.8 billion hits. And yet, the browser does nothing to make this experience better save for some basic auto form filling. The browser leaves websites to re-implement identity management, and forces users to learn a new scheme for every site.

They make these key points following the images they have (you should check the images out)

• Identity is part of where you are, and what you are looking at (Amazon looks different depending on if you are signed in or not). That’s why we put it in the URL Bar.

• For most sites, you’ll probably only have one identity, so login will be a single click or automatic.
• Putting verbs into the navigation bar isn’t new. See Taskfox.
• To increase visibility, webpages should be able to make a Javascript call that opens the login/signup bubble.
• For webpages that want to own the login-process, the account creation simply acts as the ultimate form-fill. For those interested in the evolution of the idea, you can see an early mockup with comments as well as Alex Faaborg’s similiar mockups.

They also make this point…

Chris Messina and others has been advocating for a model which follows the Facebook Connect lead: a single verb, to connect. Once connected, you decide exactly what information to share in an asynchronous manner. Unfortunately this bleeds information — your name is known to all websites which which you connect. We’d like to explore what a connect metaphor in combination with the ability to remain anonymous but connected means.

I agree with the firefox folks. Having a way to do verified anonymity is essential.

“Selective Disclosure” is the name for technologies that do this.

The firefox team should check out Stefan’s U-Prove Technology that may be released shortly by MSFT that acquired it over a year ago

(seems like Stefan killed his blog when he moved to MSFT..mmm..anyways.)

Firefox folks invite people to get involved here.