We are not at War

I was the first person Van asked to speak at the Community Leadership Summit West Ignite talks. I was the last person to submit my slides. I have a lot to say about community but I had a hard time figuring out exactly what to say. I knew I wanted to talk about the identity community and our success in working together. Robert Scoble’s quote really got me going and I decided to use the talk to respond to the comment that was catalyzed by his facebook post/tweet “Who is going to win the Identity War of 2010”

This is completely the wrong frame to foster community collaboration.

RSA pr3: OSIS Interop

The OSIS interop was happened in a little room in the same hallway as the speaker lounge – but there was no signage to point people there :(

On Monday evening there was a OSIS steering committee meeting. The last one of these I sat in on was at Burton Group Catalyst. It was a good meeting – they talked about the European Identity Conference coming up in a few weeks where they will be again setting up and having interop demo’s based on the I3 work. Some of the European participants will be there. The agreement was that Interop4 would happen at Burton Group Catalyst continuing the work of I3 because it was not complete yet.

Roger Sullivan in his position as representing Liberty Alliance where he is President attended (he is also the Vice President of Business Development for Oracle Identity Management). I found it interesting that Roger said the word user when reffering to entities like Boeing and General Motors. I piped up and said that I felt that the use-cases and needs of ‘end-users’ were different then the needs of massive multi-national entities. He said that the ‘issues’ were all the same. I guess in one way that is true – in the end it is people at the end of the computer terminals. In another way it is different to log into an ‘enterprise environment’ (intense permissioning, lots of legal regulation etc) then it is to manage your personal shopping online. Out of this exchange came the differentiation between these two kinds of users – the larger being ‘deployers’ and the smaller being ‘users.’

As a community we had a good chance to talk about issues. The message that Roger did bring forward was that enterprise customers wanted less confusion in the market – because until it was clearer there would not be purchase of product. There will be more insight into this in the forth coming post about the the conversation I had with other executives at Oracle over a ‘blogger lunch’ on Thursday.

Major ISSUE – there was ‘apparently’ two competing interop events at the same conference. One was backed by a large and well funded organization with a PR staff to promote itself the other was a fabulous grassroots effort – doing huge amounts with very little. It was agreed that next time Concordia and OSIS would collaborate and have an interop in the same place and have one press release (or at least two press releases with mutual quoting) although with different use-case focuses. This is my drawing of the picture that became clear through the meeting.

OpenID Foundation and OSIS is a community group (there is serious consideration of changing our current description from “Working Groups” to “Community Groups”) of Identity Commons, the i-card foundation that is proposed would also be (there are some interesting questions about it).

I worked hard on Tuesday morning before the OSIS interop on some signage for Identity Commons. We had the new diagram that is on the front page of the wiki along with a this sentence that i think goes a long way to describe who we are.

We are a community of groups working on addressing the social, legal and technical issues that arise with the emerging, identity, data and social layer of the internet.

Johannes pointed out that after that some articulation of the issues we are tackling could be listed. This is a list I recently wrote up and shared with a reporter (and she actually said it was ‘clear’). I will put the high level questions we are trying to answer in the context of the ‘clear’ articulation I sent her.

Since the Web was built around “pages”, no tools or standards were created to control how the information about you was collected or used. We all agree that we need some kind of “open identity layer” for the Internet, but we don’t know exactly what that means or what it looks like. Our community has come together around some shared understanding of this and we continue to ’struggle’ with what it means and how it should work.

We are working as a Community, on the development of the next layer of the web—for people and their information—the social-data layer. It’s going to take time to figure out, and lots of people have already been working hard for several years and have made significant progress.
These are the questions we’re striving to answer:

  • What are the open standards to make it work? (identity and semantic)
  • What are technical implementations of those standards?How do different standards and technical implementations interoperate?
  • What are the new social norms and legal constructs needed to make it work?
  • What are the businesses cases / models that drive all this?

Identity Commons is the collection of groups where these conversations are happening.

All this takes time, and yes, interest is growing and movement is happening, but there is not ‘one answer’ or ‘one blueprint.’ As Doc Searls, one of the ‘grandfathers’ of this movement is fond of saying, it is a “market conversation.”

We need a broad and diverse range of participants. This layer once implemented will be as world changing as the World Wide Web of documents was for the Internet.

I also think it is important to remember and emphasize that we are in a phase where there is a lot to get figured out and there is not ‘one answer.’ I think we as a community can tell a clear compelling story to the market AND continue to foster a lively and diverse conversation about the issues that are arising (technical, legal, social). It is some times is hard to remember how unclear things were 2 years ago but they were very vague then – if we continue to progress I am confident a market can develop for these tools. Both the peer-to-peer sessions on this topic were interesting and had a range of enterprise folks looking at these tools (a blog post about those will also follow in this series).

Here is a photo of the interop in progress – next post – interop videos – coming tomorrow.

Over the next week I will work on the the 20 other posts that I have outlined this morning. – ok off to the airport now.

RSA pt2: Concordia Interop

Day One seems so long ago. I moved all my stuff over from the east bay on Sunday night – Pam was nice enough to let me room with her to save the 1 hour commute each way to home for the week.

I got up early and headed to the Concordia Interop – I got their early enough to see the OpenID logo on the sign. OpenID has not been actively participating in these Liberty lead efforts for a while now and asked that their logo be removed from the website etc. Shortly afterwards a guy with white tape came and covered it up.

This slide explained their current focus and next focus.

Eve handed the podium over to Mike Jones and he introduced the day and explained the three scenario’s they were demonstrating interoperability for. SAML and WS stuff with an emphasis on the enterprise use case.

They shifted into demo’s at the back of the room and presentations at the front.

Lena from FuGen presented this slide.

It presented the complexity of federation and the different shapes that it has. The same policy between a range of partners, different policies with different partners and

There was about 300 people in the introduction and this faded out.

Interopping times 2 at RSA

OSIS Interoperability Demonstrations
TUESDAY April 8th 11:00 AM – 6:00 PM
Moscone South, Mezzanine Level Purple Room 220

To be able to see this you need to get an expo pass. See below on how to get one.

OSIS User centric identity network interoperability between identity providers, card selectors, browsers and websites demonstrates how users can ‘click-in’ to sites via self-issued and managed information cards, or i-cards. Open ID, Higgins Identity Framework, Microsoft CardSpace, SAML, WSTrust, Kerberos and X.509 components interoperate within an identity layer from open-source parts.

I am really excited about this 3rd Interop – for one it is ALL Day not just an evening – I also heard they are going to have comfy chairs. To be able to see this you need to get an expo pass – one way to get it is to attend the other Interop Event.

This one is also exciting – put on by the Concordia project at RSA on Monday April 7th from 9am-12:30pm.

Registration is free of charge, and you must register for the workshop in order to attend the Concordia event, whether you’re an interop demo participant or not! Register for the workshop on the RSA registration site. Use the registration code 148CON. This will also give you a free expo pass that you can use to attend the tradeshow portion of the Conference Tuesday through Friday.

I will be attending both and I encourage everyone interested in the topic and tracking the evolving state of the technology to do so.

Data Interop: an open letter from the largest nonprofit vendor

Recently a report from a know tech publication was at a conference I was leading. She asked me
“what is interesting that is happening right now.”
I said “the nonprofit technology session.”
She said – “well I cover business issues.”
I shared with her that one of the largest vendor of nonprofit technology Kintera was a publicly traded company AND that there was big business opportunities for providing technology solutions in that sector. She looked at me surprised as if it had never occurred to her that you could make money in this sector. Recently the two other large vendors in the space merged – Get Active and Convio. They became just Convio and are now the largest vendor in the sector.

This month’s theme for NTEN’s Newsletter is Data Interoperability. This is the open Letter the published there.

Gene Austin, Chief Executive Officer, Convio and Tom Krackeler, VP, Product Management, Convio

It is incumbent on all software vendors serving the nonprofit sector to open opportunities for nonprofits to have greater choice and flexibility in pursuing their missions.

To meet the expectations of nonprofits today — and five years from now — software vendors need to facilitate interoperability between systems and enable integration between offline and online data and the new Web. And they should do so with one clear purpose in mind: to open the possibilities for nonprofits to find and engage constituents to support their missions.

The NTEN community has been leading the charge for openness. With Salesforce and Facebook, Convio has embraced openness as a way of doing business.

Software vendors should:

1. provide nonprofit organizations of all sizes and in any stage of Internet adoption the flexibility to integrate with other web or database applications to exchange constituent and campaign data.
2. make their Open APIs available to clients, partners, and a broad developer community.
3. expose Open APIs as part of their core product functionality.
4. proactively use APIs provided by other companies in additional to providing their own.
5. make their API documentation publicly available and provide a forum for sharing and discussing best practices and exchanging code examples.
6. publish a roadmap for their API development and encourage participation in the development of that roadmap.
7. make their APIs accessible to nonprofits at a level that does not require extensive technical expertise to leverage those APIs.

Interop was AMAZING!

The Interop Event last week at Burton Group Catalyst was a huge milestone. The event lived up to its name…

cat·a·lyst [kat-l-ist] -noun
A person or thing that precipitates an event or change.

The energy in the room was really high. Everyone was excited. People said there was interest from enterprises (the attendees at the conference who were not vendors) in the technology and how they could help them with identity management.

It was so inspiring after all these years to actually see the vision manifest so concretely. I was at my first ‘identity meeting’ in June of 2003 when Planetwork hosted an ‘extra day’ with Identity Commons (1). It was described this way by an attendee:

I attended the “extra” day of the conference today. I was in a session that could have been called: all digital identity, all day and all of the night.

So four years later it was really amazing. As Dick highlighted we are finally up to “the chasm“.

As I was there looking at the sign on the wall in the photo and feeling the energy and all the work I really wished that Owen Davis and Andrew Nelson were there to witness it all. Hopefully they can come to the Internet Identity Workshop this December (3-5). The social issues that this new technology raises was one of the main reasons they founded Identity Commons in 2001. These topics are just starting to become really important to deal with and working groups are beginning to emerge. The fact that Cryptographic trust does not equate to Social Trust was highlighted by Neuenschwander in his talk on the final day. (in googling cryptographic trust I came across Chris Allen’s essay on Progressive Trust). We still have lots to ‘talk about’ to get it all figured out (more shared language and understanding to be built – see the last three paragraphs of this post).

O’Reilly’s thoughts on Identity in the context of Web 2.0

I just read through Tim’s five pager on Web 2.0 and found the highlights that relate to Identity.

Meanwhile, startups like Sxip are exploring the potential of federated identity, in quest of a kind of “distributed 1-click” that will provide a seamless Web 2.0 identity subsystem…While the jury’s still out on the success of any particular startup or approach, it’s clear that standards and solutions in these areas, effectively turning certain classes of data into reliable subsystems of the “internet operating system”, will enable the next generation of applications.

A further point must be noted with regard to data, and that is user concerns about privacy and their rights to their own data. In many of the early web applications, copyright is only loosely enforced. For example, Amazon lays claim to any reviews submitted to the site, but in the absence of enforcement, people may repost the same review elsewhere. However, as companies begin to realize that control over data may be their chief source of competitive advantage, we may see heightened attempts at control.

Much as the rise of proprietary software led to the Free Software movement, we expect the rise of proprietary databases to result in a Free Data movement within the next decade. One can see early signs of this countervailing trend in open data projects such as Wikipedia, the Creative Commons, and in software projects like Greasemonkey, which allow users to take control of how data is displayed on their computer.

I hope that Identity Common’s who’s founding principles assert this Freedom loud and clear can lead the way on this.

Users must be treated as co-developers, in a reflection of open source development practices (even if the software in question is unlikely to be released under an open source license.) The open source dictum, “release early and release often” in fact has morphed into an even more radical position, “the perpetual beta,” in which the product is developed in the open, with new features slipstreamed in on a monthly, weekly, or even daily basis.

Lightweight Programming Models
There are several significant lessons here:
Think syndication, not coordination. Simple web services, like RSS and REST-based web services, are about syndicating data outwards, not controlling what happens when it gets to the other end of the connection. This idea is fundamental to the internet itself, a reflection of what is known as the end-to-end principle.

It’s easy to see how Web 2.0 will also remake the address book. A Web 2.0-style address book would treat the local address book on the PC or phone merely as a cache of the contacts you’ve explicitly asked the system to remember. Meanwhile, a web-based synchronization agent, Gmail-style, would remember every message sent or received, every email address and every phone number used, and build social networking heuristics to decide which ones to offer up as alternatives when an answer wasn’t found in the local cache.

New protocols … New Terms

Eric Hall just pointed me to a great post by dizzyd of Passel about the challenges of doing a new from the ground up protocol/technology and how you communicate to the rest of the world what it does. Some learnings in there for all of us in this identity space. Hopefully during the Internet Identity Workshop we can have a big list of terms and their definitions posted on the walls for us to collectively discern with greater clarity their meaning so we can all communicate with one another better.

I own my own Attention. Do you?

This week I joined Attention Trust. Steve Gilmore is the president and Mary Hodder is the Chair of the advisory board. It seems like a great application for the Identity systems we are working on.

What Matters?

What does matter is a pool of attention metadata owned by the users. This open cloud of reputational presence and authority can be mined by each group of constituents. Users can barter their attention in return for access to full content, membership priviliges, and incentives for strategic content. Vendors can build on top of that cloud of data with their own special sauce–the newbie crowd of MyYahoo, the pacesetter early adopters of Diller/Ask/Bloglines, the social attention farm of RoJo, and Google’s emerging Office service components orchestrated by the core GMail inforouter. And the media, which now includes publishers, analysts, researches, rating services, advertisers, sponsors, and underwriters, can use the data as a giant inference engine for leveraging the fat middle of the long tail.

Nick Bradbury puts it this way:

I want personalized search. I want my attention data to help tools and services find the stuff that matters to me so I can cut down on information overload. But I only want this if:
1 It’s done in a way that protects my privacy
2 The service that collects my attention data lets me get it back, so I can share it with other services

Aldo agrees

Much of what they have to say jibes with my thoughts on digital identity and new collaborative finance models and reputation systems and all that abstract stuff that is still too messy for me to explain with much clarity…..I’ll continue to work on that….in the mean time please read Nick’s piece.

Technorati Tags: , , , ,

Identity and Gaming

To prepare to talk with Susan Crawford I thought I would scan her three year old blog for any menitons of Identity. It turns out that Susan has done some extensive thought about identity and in particular in the context of online gaming. She has a link to a paperWho’s in Charge of Who I am?: Identity and the Law Online. Here are some good quotes…

Online identities are emergent. Identity is by definition a group project, something created by the context in which the identified operates.

Online walled gardens will be come more prevalent, as concerns about security, viruses, spam and the unknown increase, as valuable content is made accessible only to those who have been permissioned to see it, and as hardware and software systems made available to the masses increasingly taken on “trusted” aspects. Online games are precursors of these future more serious, walled garden online worlds. Key characteristics of both games and walled worlds are limited access, clear boundaries, rules, roles/players, and feedback mechanisms that create reputation. … These characteristics of games make them ideal laboratories for experimentation with rulesets.

This is a great mention of the word – rulesets. I have been thinking a lot about them ever since I read Thomas Barnett’s book – The Pentagon’s New Map. How we as a society and how institutions that govern us determine what the ruleset’s are is important to think about. With the complexifying world we live in – robust, legitimate and fair systems to create good rulesets are needed. This is particularly true in the online space that is really built by and for us. I hope that all the effort that has gone into creating the Identity Commons structure can be just such a place.

Back to Susan…

Who owns identity? who owns reputation? From the intermediary’s perspective, software creates rules that control what social context can be moved elsewhere. Your identity is “really” a database entry, and the intermediary can argue that your identity is their intellectual property, not yours. You may attach great importance to it, but this identity (and its reputation) will not as a practical matter survive outside the world in which it was formed. Walled world designers have incentives to raise switching costs and capture all the vale of this reputation. In other words, controllers of online worlds are gods. But users may defect from environments and attempt to constrain them in how persistent their reputations and identities are. The difficult task for developers/intermediaries is how much freedom to give their users. This takes us from the realm of risks to the realm of opportunities.

AS real work becomes a more common online activity, identity created in connection with groups will be more and more meaningful.

Human nature will always tend toward group-ness.

  • What would be made visisble? The fact that someone’s identity has been taken away, and the reasons why? Or speech-related actions of the intermediary that have an impact on identity (but are less then “disappearing” someone?)
  • What about reputation? Is it right that a user must leave her reputation behind when she leaves a particular online world? Is “reputation portability” possible? Or is reputation so context-dependent that the online world should be permitted to own it? And what does the online world own exactly? A group-created construct?
  • Is this entire problem avoided by staying out of “walled gardens” and maintaining our own domains? Will this be possible, as online worlds become more and more attractive, and as hardware and software increasingly intertwine?

In the end, it boils down to the fact that the best government is the one that you can trust, which will be the one you know personally: the people close to you in your virtual community, who are held accountable precisely because of community ties. Your best government is going to be each other, because the man behind the curtain isn’t going to know any more than you know him.

We are still in the early stages of the first two steps dealing with any technology: fear and opportunism. Enlightenment is not far away. I want to suggest that we skip quickly through the fear, linger on the opportunism, and move on to human betterment. This social benefit may come (as so many things do) from playfulness. Games have a great deal to teach us about how we establish and maintain identity. Now we need to consider who is in charge of these identities. It may be, in the end, that we are.

We need to forge a direct link between how we live and work online (especially within walled gardens) and how we structure control over online resources. If the new mode of work online is collaborative peer-production of resources, who will own a shared online space of identities? This ownership may have to be collective. The fundamental problem that is yet to be address is that while reputations and identities are group projects, legal ownership of collectively-created intangible identities currently appears to reside (by default) in online intermediaries. We may need to make some noise about this and ensure a better fit. Perhaps the game should belong to the players.

She raises some interesting questions for us to think about. I think looking at the governance and how to actualize that – this is what the distributed governance form of Identity Commons is designed to do. I didn’t really realize that she was involved with XNSORG several years back. She really liked you all and mentioned Bill Washburn and Drummond Reed by name.

While talking with her about identity and her paper she mentioned her connection to the State of Play conferences. The third one is coming up this fall and is entightled Social Revolution. Two panels look very relevant:

  • Collective Action in the Metaverse: Groups, Community and Power
  • Identity in the Metaverse: On-Line Identity in Virtual Worlds

It is the day after Web 2.0 but might be worth the trip :)