National! Identity! Cyberspace!: Why we shouldn’t freak out about NSTIC.

This is cross posted on my Fast Company Expert Blog with the same title.

I was very skeptical when I first learned government officials were poking around the identity community to learn from us and work with us.  Over the last two and a half years, I have witnessed dozens of dedicated government officials work with the various communities focused on digital identity to really make sure they get it right. Based on what I heard in the announcements Friday at Stanford by Secretary of Commerce Locke and White House Cybersecurity Coordinator  Howard Schmidt to put the Program Office in support of NSTIC (National Strategy for Trusted Identities in Cyberspace) within the Department of Commerce. I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative, like this from CBS News: Obama Eyeing Internet ID for Americans.

I was listening to the announcement with a knowledgeable ear, having spent the last seven years of my life focused on user-centric digital identity.Internet Identity Workshop Logo Our main conference Internet Identity Workshop held every 6 months since the fall of 2005 has for a logo the identity dog: an allusion to the famous New Yorker cartoon On the internet, nobody knows you are a dog. To me, this symbolizes the two big threads of our work: 1) maintaining the freedom to be who you want to be on the internet AND 2) having the freedom and ability to share verified information about yourself when you do want to.  I believe the intentions of NSTIC align with both of these, and with other core threads of our communities’ efforts: to support identifiers portable from one site to another, to reduce the number of passwords people need, to prevent one centralized identity provider from being the default identity provider for the whole internet, to support verified anonymity (sharing claims about yourself that are verified and true but not giving away “who you are”),  support broader diffusion of strong authentication technologies (USB tokens, one-time passwords on cellphones, or smart cards), and mutual authentication, allowing users to see more closely that the site they are intending to do business with is actually that site.

Looking at use cases that government agencies need to solve is the best way to to understand why the government is working with the private sector to catalyze an “Identity Ecosystem”.

[Read more...]

IIW is NOT an advocacy group – sigh “the media”

Facebook’s Online Identity War quotes me and labels IIW an advocacy group. IT IS AN INDUSTRY FORUM. Douglas MacMillan.

Sorry but I am still learning “how” to talk to reporters. They don’t like to quote me as “the identity woman” and link to my blog.

I “do” run the Identity Workshop with Phil and Doc but that doesn’t make it an “advocacy group”

Identity Commons & IIW have a purpose and principles believing in user/centric identity. The power of individuals to manage and control their own identities online. We don’t “advocate” for them – we create a convening space for people who want to work on this ideal.

Facebook does on some level “agree” with the idea of user-centric identity – Luke Shepard has participated in the community for quite a while & they hired David Recordon. They sponsor IIW.

I am clear that the opening up of previously controlled information with no warning “jives” with my understanding of user-centric control. It was more from my own point of view I was commenting. That is with my “identity woman” hat on… and the values I carry from Planetwork and the ASN… but the press hates that. Uggg. Chris Messina gets to be an “open web advocate”… that is what I do to but just about identity “open Identity advocate” (mmm…) but then that sounds like “just” OpenID and it isn’t just about that one particular protocol. sigh.

I am still wondering – How does one “belong” and have “titles” in a way the media can GROK when one does not have a formal position in a formal organization.

sigh – identity issues.

DiSo ideas are not that new.

Reading these:

A Perfect Storm Forming for Distributed Social Networking- Read Write Web

Evolution of Blogging – GigaOm

The Push Button Web – Anil Dash

The inside Out Social Network – Chris Messina

The Future Social Web – Jeremiah Owyang

I realize how incredibly ahead of the times I was along with many of the people I have been working with on open standards identity and social web standards.

I wrote this describing open standards for distributed social networking online in April of 2004f or the Planetwork Conference (from Archive.org)  that I was promoting.

———————— From Archive.org April 2004 ——————

ID Commons: Social Networking For Social Good: Creating Community Trust Infrastructure Through An Identity Commons

In 2003 the Planetwork LinkTank white paper The Augmented Social Network: Building Identity and Trust into the Next-Generation Internet proposed weaving new layers of identity and trust into the fabric of the Internet to facilitate social networking for social good – online citizenship for the information age.

The LinkTank white paper outlined three main objectives:

  1. Establishing a new kind of persistent online identity that supports the public commons and the values of civil society.
  2. Enhancing the ability of citizens to form relationships and self-organize around shared interests in communities of practice and engage in democratic governance.
  3. Creating an Internet-wide system for more efficient and effective knowledge sharing between people across institutional, geographic, and social boundaries.

Currently each site with a login or membership profile is like an island, or at worst a walled castle, as no common inter-operation is possible among large numbers of them. Creating a truly interoperable network will require an explicit social agreement that governs the operation of the trusted network, and implementation of a new software protocol consistent with that agreement.

Identity Commons

[note this is a reference to the "first" Identity Commons - the current Identity Commons shares the values and some of the organizing principles of this first organization but evolved from it]

The Identity Commons is an open distributive membership organization, designed to develop and operate a common digital identity infrastructure standard based on the shared principle of protecting each user’s control of their own identity data. A common identity infrastructure must be embedded within a binding social agreement ensuring that the technology and its institutional users operate in accordance with core principles. In addition to developing this agreement, Identity Commons is managing the development and implementation of the new technology needed to achieve this as a fiscal project of Planetwork, a California 501(c)3 non-profit.

The Identity Commons is based on an implementation of two new OASIS standards:

XRI – a new identity addressing scheme fully compatible with URIs
XDI – specifies link contracts for shared use of data across the Internet

For more technical information see: http://xrixdi.idcommons.net

Once implemented, the Identity Commons infrastructure will:

  • Give individuals, organizations, and even ad-hoc groups persistent addresses (digital identities) that can be used in many ways. Each party can decide what their own address links to, and who can follow the links.
  • Provide single sign-on, enabling individuals to connect to multiple sites without having to provide a login and password to each.
  • Empower user/citizens to manage their own consolidated profiles, which will be likely to stay up to date as everyone maintains only their own master copy.
  • Generate network maps that enable communities to more efficiently understand their own membership, make connections, recognize patterns, filter messages, and self-organize around new topics and functions.
  • Provide collaborative filtering services based on knowledge and reputation databases where contributors can also control their own level of anonymity.
  • Enable group formation around common interests and affinities with reputation attributes for trusted communication, which could be the key to eliminate spam.

How is this different from what is already happening in the private sector?

Currently every web site has a privacy policy, but they vary widely, are rarely read, are only good until they are changed and are thus effectively useless.

The Identity Commons (IC) solves this by (1) replacing thousands of privacy policies with a single institutional membership agreement that simplifies the user experience. Every Identity Commons member site is party to a legally binding commitment that can only be changed by amending the IC membership agreement – which is governed by all IC members. And (2) by using electronic contracts to grant, record, and enforce data sharing across boundaries.

Ultimately there can only be one fully interoperable social network; just as email can travel anywhere on the Internet, your profile must also be able to do so. Microsoft would love to make this possible, and fully control it – their Passport system was designed to do just that. By hosting identity data for nearly everyone who has a computer Microsoft hopes to put themselves in the middle of every transaction they can.

In response to this, a group of large companies formed the Liberty Alliance which developed protocols that will allow institutions to “federate” data across company boundaries. Federation is an improvement over the Microsoft Passport model, however, both of these approaches treat individuals solely as consumers, and neither provide support for civil society, citizen collaboration or for individual citizens to control their own identity data.

The Identity Commons agreement and technical infrastructure is a way to correct this imbalance of power, allowing the Internet to fulfill its great potential as a “commons” in which individual citizens can interact freely and as equals everywhere on Earth.

————- end Identity Commons description from Planetwork’s 2004 site ———

Writing this document was the first work that I did as an evangelist for the proposed open standards for distributed digital identity to enable open distributed social networks.
I wrote it based on reading through all their work and listening to their vision of the founders of Identity Commons and those working together for 2+ years hoped for in the adoption of the open standards they were working on. These protocols are now all ratified in OASIS (one of three standards bodies for the internet the other two being IETF and W3C) – XRI, XDI along with XRD/XRD that spun out of XRI as it became incorporated in OpenIDv2 as a key part of what makes it work.

Identity that is user owned, controlled managed – and this includes the preferences, attention data, uterances, 1/2 of transaction data – is at the heart of what one needs to make this vision of distributed social networking work. I think until recently it has been misunderstood as esoteric and just talk – amazing progress has been made since the early days of the identity gang that community has grown and developed many of the conceptual understandings and protocols that are taken as givens.

Folks from what the identity community (and perhaps should consider “updating” its name to the identity and social web community).…invented – as in used for the first time these two words together Social and Web – SOCIAL WEB – (according to wikipedia)

With the title of this paper: The Social Web: Creating An Open Social Network with XDI

This paper was preceeded by the Augmented Social Network: Building and Trust into the Next Generation Internet

Like the Web or email, the ASN would be available to anyone. It would become a common part of the Internet infrastructure – a person-centered and group-centered service of the net. It will be implemented through the widespread adoption of technical protocols; any online community infrastructure could choose to be part of the ASN by implementing them. Central to its design are fundamental principles of openness, inclusivity, and decentralization — which are necessary for a thriving democracy. At the same time, the ASN would support the highest available forms of security to protect privacy.

The Identity Gang began talking/meeting in the later part 2004 and has continued to meet in the Internet Identity Workshop.

There is much wisdom that these communities have developed that can be useful in moving / re-articulating the vision… to be sure lessons are to be learned from understanding more about why certain approaches/standards/proposed ways of doing things didn’t happen (yet).

I think the market wasn’t ready for what the identity community was saying. As someone who has been evangelizing about this set of issues practically full time since 2004. In the first few years I would talk in a range of communities and at conferences about all these issues, user control, open standards the danger of the potential emergence of large silo’s that locked users in and people just “didn’t get” it was an issue or that there was even a need for these kinds of standards. Now the market is finally ready.

The 9th Internet Identity Workshop  is this November – and REGISTRATION IS OPEN!

There is a whole conversation on the DiSo list where I highlighted this context/history. There might be a beer meetup in Berkeley this evening at Triple Rock at 7:30.

On Social Web TV

I was down in Mountain View yesterday to appear on Social Web TV. I was a special guest as Chris and David were both at FOWA in London. We got to talk about the community process around the Internet Identity Workshop and Data Sharing events that has helped moved the standards for the open social web forward.

I hope you enjoy the episode – I clearly need to practice being on “TV” a bit more but hey – don’t we all.

Reality: this [OpenID] is big

Getting in the game on OpenID standards: A conversation with Kaliya Hamlin, Identity Woman was published today on Net Squared. Marshall interviewed me via e-mail and then wrote up this story. He does a great job of explaining how identity brokers work and how people can use identifiers within contexts.

The social web, Web 2.0 or whatever you want to call it, is supposed to be all about web services, interactivity and data portability. In this context, Open ID standards will be increasingly important.

Reality: this is big

I thought that big vendors considered it in their best interests to lock us in to their systems with non-open Identities. Kaliya says that’s no longer the case. “They are all getting that identity is a ‘commons’ that no one can own,” she says. “They are seeing the end of usefulness in approaching the world through silos. The whole corporate tech world is a big exercise in sticking things together…standards really make this less expensive.”

Law and Order SVU: Identity Use Case

Last night I was on JetBlue from NYC to Vegas. I don’t watch TV normally but JetBlue I get to :) last night I – mostly watched Law and Order. In one of the episodes an interesting use case comes up. They are investigating a murder. The victim has a stamp on his arm from a gay club. They go an investigate the club and who was there. Turns out that the club scans everyones drivers licenses and keeps a log of all the people who go in. I wonder how prevalent these identity scanning systems are – does anyone know or know where to find out. What are the regulations about their use and what is the ‘agreement’ that people who are scanned. The Club owners say that the system cost $11,000 and the reason they got it was because they were busted for serving alcohol to a 15 year old girl. The police investigators look through list of people who were at the club that night. It turns out that the cop’s son is on the list.

NY Times sues DoD over NSA spying…woohoo

This is a bright light on the horizon.

The Times wants a list of documents including all internal memos and e-mails about the program of monitoring phone calls without court approval. It also seeks the names of the people or groups identified by it.

The Times in December broke the story that the NSA had begun intercepting domestic communications believed linked to al Qaeda following the September 11 attacks. That provoked renewed criticism of the way U.S.
President George W. Bush is handling his declared war on terrorism.

Bush called the disclosure of the program to the Times a “shameful act” and the U.S. Justice Department has launched an investigation into who leaked it.

The Times had requested the documents in December under the Freedom of Information Act but sued upon being unsatisfied with the
Pentagon’s response that the request was “being processed as quickly as possible,” according to the six-page suit filed at federal court in New York.

Identity and privacy …. falling google stock price

From Slashdot.
While the company says it isn’t worried about the stock price correction, there are other issues at hand.” From the article: “Google is under mounting pressure from many traditional industries: telecommunications companies do not like its plan for free internet phone calls, book publishers and newspapers have filed a lawsuit to try to prevent it from digitising library materials, governments are worried about its satellite-imaging service Google Earth and privacy advocates have a growing list of concerns about everything from its e-mail service to its desktop search function, both of which may make it easier for hackers or government agencies to gather information about individuals without their consent.”

Drupal Meetup Sucess!!!

We had a huge turnout for the Drupal meetup around 36 people came at it peak. Pictures here. I posted the overall notes for the meeting here. There were two break out specific sets of notes Media and Community. It was fun to facilitate the meeting. about 1/3 of the folks are going to be at the DrupalCon. I hope that we can build on some of the issues that arose in the meeting.

Technorati Tags:

Bumper Sticker: Bush Cheney 1984

My good friend had a Bush Cheney sticker on his car bumper…I did a double take…he didn’t vote for Bush, they are not running again…ahh the year 1984. Subtle but to the point. The latest wire tapping scandal is not cool. Mitch Radcliff sums it up well.

Bush says he signed NSA wiretap order
Adds he OK’d program more than 30 times, will continue to do so
In acknowledging the message was true, President Bush took aim at the messenger Saturday, saying that a newspaper jeopardized national security by revealing that he authorized wiretaps on U.S. citizens after September 11.

“Yesterday the existence of this secret program was revealed in media reports, after being improperly provided to news organizations. As a result, our enemies have learned information they should not have, and the unauthorized disclosure of this effort damages our national security and puts our citizens at risk.”

Look at that. It’s disgusting.
The President broke the law, based on repeated rulings of the courts for decades that prohibit surveillance of U.S. citizens within the United States without court orders. Now, he’s trying to blame the messenger who revealed his continued flaunting of civil rights. Just more of the same hypocrisy, the same fear-mongering, the same wiping of his nose on the Constitution.