So how did this all happen? Through a series of interesting coincidences in the 10 days (yes just 10 days) William got XDI to work for building working consumer facing applications. He showed the music meta-data application on Thursday evening and wowed many with the working name Nymble registry. The XDI [eXtneible Resource Identifier Data Interchange] standard has been under development at OASIS for over 10 years. Getting it to actually work and having the opportunity to begin to build applications that really put people at the center of their own data lives is a big step forward both for the Leola Group and the Personal Data community at large.
IIW is always a whirlwind and this one was no exception. The good thing was that even with it being the biggest one yet it was the most organized with the most team members. Phil and I were the executive producers. Doc played is leadership role. Heidi did an amazing job with production coordinating the catering, working with the museum and Kas did a fabulous job leading the notes collection effort and Emma who works of site got things up on the wiki in good order.
We had a session that highlighted all the different standards bodies standards and we are now working on getting the list annotated and plan to maintain it on the Identity Commons wiki that Jamie Clark so aptly called “the switzerland” of identity.
We have a Satellite event for sure in DC January 17th – Registration is Live.
We are working on pulling one together in Toronto Canada in
early February, and Australia in Late March.
ID Collaboration Day is February 27th in SF (we are still Venue hunting).
I am learning that some wonder why I have such strong opinions about standards…the reason being they define the landscape of possibility for any given protocol. When we talk about standards for identity we end up defining how people can express themselves in digital networks and getting it right and making the range of possibility very broad is kinda important. If you are interested in reading more about this I recommend Protocol: and The Exploit. This quote from Bruce Sterling relative to emerging AR [Augmented Reality] Standards.
If Code is Law then Standards are like the Senate.
When I first saw this cartoon in my aggregator it made me laugh and sigh.
At the privacy event at MIT at the beginning of this month the word on the street was that both OpenID as we know it and information cards as we know it are both “dead”.
I am a bit afraid for naming this “whispered fact” in the public blogosphere. The reason I am doing it is because I am very interested in learning more from people who were at the event about what was covered and what they think is promising.
I do know that there is energy behind moving OpenID ABC forward and John Bradley & Nat Sakimura are working hard on it.
This is really exciting news for the identity community since getting mainstream adoption of OpenID has been a challenge for the community. They worked with JanRain on implementing the project. Here is the RWW story.
I just went to the KMart site to “join”, and at first I thought it wasn’t there. Turns out the option to sign up with OpenID is below the fold; you have to scroll down to find it. This is disappointing – it turns out that many web users don’t actually know how to scroll! Facebook, Yahoo!, Google, AOL, Twitter, and MySpace are on the first set of options; OpenID and Windows Live ID are on the second.
I choose the OpenID option and entered my i-name (yes, I still use it) and it worked. I like the new “pop-up” method of supporting authentication – it does the redirection without taking you away from the website. I think the OpenID community is improving the UI by leaps and bounds.
One thing I don’t like is having to “pick a screen name” I always get stuck I went with Kaliya figuring that this would be a profile I would almost never use. I may delete it.
From their website:
Information and communication technologies (ICT) are a major enabler of the creation, distribution, diffusion, use, and manipulation of information and have a major impact on our quality of life, our working conditions and the overall competitiveness of our industries and services. In today’s society, information and information access plays a central role, economically, socially and individually.
However, open exchange of information and access to online services also pose challenges and threats. Service providers want to authenticate the identity of individuals requesting access, and determine the resources and services they are entitled to access. Users want their identity and personal data and privacy to be protected adequately, and the confidentiality of sensitive data they are submitting to be respected.
In today’s Internet and in many large private network infrastructures, heterogeneity and diversity are the rule rather than the exception. Security infrastructures need open standards and interoperability to scale to the huge deployments that are being rolled out. Many security standards from OASIS and other organizations support a model where identity authentication, access control, digital signature processing, encryption and key management are provided as services that can be distributed and shared.
I look forward to hearing what comes out of this event.
Kermit brought this annoucment to my attention via Twitter.
“A draft TC charter has been submitted to establish the OASIS Identity Metasystem Interoperability (IMI) Technical Committee. In accordance with the OASIS TC Process Policy section 2.2 the proposed charter is hereby submitted for comment. The comment period shall remain open until 11:45 pm ET on 7 August 2008.”
It is interesting to see who is behind the effort:.
* Abbie Barbir (Nortel)
* Adnan Onart (Nortel)
* Paul Knight (Nortel)
* Marc Goodner (Microsoft)
* Michael McIntosh (IBM)
* Anthony Nadalin, (IBM )
* John Bradley, (Individual)
* Richard (Dick) Brackney (US DoD – [NSA])
The Information Card Foundation launched around the time of Burton Group Catalyst. Here is the Information Card Foundation Community board member list:
* Kim Cameron
* Pamela Dingle
* Patrick Harding
* Andy Hodgkinson
* Ben Laurie
* Axel Nennker
* Drummond Reed
* Mary Ruddy
* Paul Trevithick
Business board members
OSIS is going into its 4th Interop at DIDW this September. Their is a huge list of participants (far to many to bullet point on this blog).
The good news is that it does what both the ICF and OSIS communities have been saying for a while is that the ISIP (the MS information card guide) needs to be a real standard — not something MS controls. This TC will support this happening.
To me it speaks to the value of the shared community meeting, collaboration and innovation space we have with the Internet Identity Workshop this November 10-12 all the more important.
I have skimmed highlights and links from the OASIS IMI TC below.
The TC will accept as input:
Identity Selector Interoperability Profile specification and associated guides as published by Microsoft, the July 2008 Web Services Addressing Endpoint References and
* Identity Selector Interoperability Profile V1.5, July 2008
* A Guide to Using the Identity Selector Interoperability Profile V1.5 within Web Applications and Browsers, July 2008
* An Implementer’s Guide to the Identity Selector Interoperability Profile V1.5, July 2008
Identity specification  published by Microsoft and IBM:
* Application Note: Web Services Addressing Endpoint References and Identity, July 2008
OSIS (Open Source Identity Systems) Feature Tests published by Identity Commons.
First Phase of TC Work will focus on producing an Identity Selector
Interoperability Profile and the supporting WS-Addressing Endpoint References and Identity specification.
* Identity Selector Interoperability Profile
* Information Card Format
* Information Card Transfer Format
* Information Card Issuance
* Token Request and Response
* Identity Provider Requirements
* Relying Party Requirements
* Self Issued Identity Provider
* Invoking Identity Selectors from Web Pages
* WS-Addressing Endpoint References and Identity
Second Phase of TC Work will work on how Information Cards work with other common claim dialects like WS-Federation 
Ongoing TC Work
The TC shall focus on interoperability test definitions and runs to validate its work on an ongoing basis.
Out of Scope for the TC
The following items are specifically out of scope of the work of the TC:
- Definition of the form and content of privacy statements.
- The establishment of trust between two or more business parties.
- Definition of new key derivation algorithms.
- Definition of claim type transformation rules or mappings to other formats
The TC will not attempt to define concepts or renderings for functions that are of wider applicability including but not limited to:
* Policy language frameworks and attachment mechanisms
* Reliable message exchange
* Transactions and compensation
* Secure Conversations
* Metadata Exchange
* Resource Transfer
Link to the Data Sharing Workshop and Summit.
There is a lot of energy right now around different ideas on how to share data across social media sites. Based on current discussions on the dataportabiltity.org lists and other places, it is clear that a range of potential standards and approaches are emerging.
The energy feels a lot like it did when Phil, Doc and I called the first Internet Identity Workshop – at that time there was a cluster of people thinking about and working on different technologies around user-centric identity. We had been meeting other conferences, but we had not spent time together to really hear different proposed approaches. They all had similar ideas. We recognized this and realized that if we brought them together, it would lead to the emergence of shared understanding and interesting alignments.
At IIW 1 the first day involved participants presenting their different approaches to user-centric identity. The second day was open space – an organized way to support critical conversations that emerged out from listening to all the presentations the day before. It was on that day that the serious conversation between Brad Fitzpatrick & David Recordon’s OpenID(1), Johannes Earnst’s LID, Drummond Reed’s xri/inames all had a conversation that lead to a commitment to meet up a month later and that conversation became Yadis – a group that was joined by SXIP a few months later and then a few months later this was all folded in and became OpenIDv2.
Another outcome of the Internet Identity Workshop has not matured yet but it is coming along. The card selector metaphor, interfaces and client code to do it are starting to be tested and deployed. The cooperate between Kim Cameron and his Microsoft team with IBM and the Higgins & Bandit open source projects has been fostered at these events. The OSIS (Open Source Identity System) Project and Concordia projects are both doing workshops interoperability testing at the forthcoming RSA conference. OSIS has over 200 test in their Interop. The range of actors (standards efforts, open source projects, commercial projects and companies) collaborating is impressive.
Phil, Doc and I didn’t know that these would be an “outcomes” of the event and certainly did not have it as a “goal.” What we did know was that by getting people together to share their ideas, technology approaches and standards, some good would happen – that is, collaboration, synergy and actual investment in and diffusion of user-centric technologies. We also chose a format with open space that left an open playing field – we were not deciding who got to talk, about what or when. This explicitly neutral unpolitical way of organizing also facilitated the collaborative environment.
My goal for the 2nd Data Sharing Summit is to bring together participants from
1) the large companies with 10s of millions of users like Microsoft, Google, Yahoo!, MySpace, Facebook, AOL, Amazon, eBay etc.
2) Small and Medium sized ‘web 2.0′ sites like LinkedIn, RapLeaf, Eventful, Dopplr, Linquia, Dabble, 30Boxes, Magnolia the whole range of Web 2.0 startups that are focused on services for people that involves peoples data.
3) The Standards Guys (Both adhoc and formal) Those putting forward a range of different approaches being proposed for managing the personal data/social network problem. This includes people from the user-centric identity efforts, semantic web standards and tools,
4) Social/Legal/Policy Implications Those thinking about and addressing the social and legal implications of the emerging technologies.
Bringing this range of people together will be key ingredient to getting this gathering be fruitful – I know because of who they are and the passion they have for the topic it will be. I am not going to define ahead of time “what the fruit looks like”
My hope is that there are some similar approaches that can discover each other “now” rather then a year from now when they are ‘going to market’ and decide to cooperate and merge efforts sooner rather then later (like happened with OpenID).
I asked two colleagues who will be attending what he thought the goals were:
* To establish shared consensus about the meaning of data sharing and portability for Internet users.
* To articulate a roadmap for how this can be achieved (and for determining “when we are there”).
* To understand what parts of this roadmap are technical and which are business/social/political/legal.
* To understand which technologies are available and which are emerging to achieve the roadmap.
* To determine how to move forward on the business/social/political/legal challenges.
* get disparate orgs ot work together
* get consensus on standards – and feedback
* identify missing standards
* get testing and compatibility labs -set up!
* and from an evangelistic POV – get Opt-In include din all systems
I think all of these will move forward in the format of Open Space and the collective participation and discernment at the beginning middle and end of the conference.
You can add goals here.
When I think about this gathering the big questions include:
* how do people link their information together across platforms with different services?
* how are permissions managed?
* what are the policies that apply?
* what standards exist?
* what code / frameworks are available to do this?
* what does it mean when my blog is the center of my network?
* is there a standard way to update presence?
* how do the identity tools (openID, oAuth, card selectors, data linking) apply?
* how do semantic web frameworks apply?
I hope to create a high-level professional community that is very engaged with these issues because they want to empower their users to have a copy of their data, to be aware of how it is used and to be able to use their data in interesting ways.
I also hope that a community will emerge that will work together, compete over different options and in the end solve the challenging set of problems that need to be addressed to get data sharing to work.
I have been thinking a lot about how the different communities working on different aspects of open standards innovation for the web can understand how they are working together with each other – in relationship.
Community Diplomacy is the name I propose for a set of patterns and practices that already happens. By naming it and recognizing the people who do it – clarity could emerge.
Community Diplomat This is perhaps a new ‘role’ that if named in community can help bring clarity. These people can some times be called ‘evangelist’ but not necessarily. They are ‘sent out’ by one community on a mission to connect with and build relationship with another.
An example of this would be how Thomas Roessler Security Activity Lead at W3C have both done this for our respective communities. I first met Thomas at the W3C workshop Toward a More Secure Web – W3C Workshop on Transparency and Usability of Web Authentication. I instigated the writing of two papers that articulated activity going on in our ‘user-centric’ community one about Yadis and one about Identity Rights Agreements. I was bringing news from my community and taking back information from the gathering.
A few months later Thomas came to the Identity Open Space (Like Internet Identity Workshops but produced in partnership with other groups lie Liberty Alliance and DIDW) in Vancouver following a Liberty Alliance Meeting. He contributed to our meeting and took information from there back to his community (W3C).
Neither of us was going to become ‘full members’ the other community but we quite explicitly were there to grow mutual understanding and increase information exchange between our two communities.
I think there are a few more terms to help us be clear about terms and intentions. To talk about how we and the communities we are connected to can inter-relate.
Community Bridges These are people who are explicitly working to link different communities together – using social network analysis we see that communities have a core and a periphery. I know people are a part of many many communities – for the sake of this post I will just talk about the links between two communities.
So there are several forms of being a bridge you can be:
At the core of both
At the core of one and periphery of another
At the periphery of both
It is important to remember the language of social network analysis is descriptive – cores are not better than periphery. The core of a network is the engine that ‘gets stuff done’ together they have strong ties – meaning the communication on those pathways is frequent AND they are all interlinked to each other. The periphery of a network has links to people in the ‘core’ but not to as intensely these are also called weak ties because communication happens less frequently. The periphery of a community is where new ideas come in through it is as important to healthy functioning as a connected core.
Drummond Reed is a great example of someone who is rooted in several communities and fully participates in them. He is at the core of the XRI/XDI community and is a very active participant in OpenID (he is on the board). He is at the core of both.
Adriana Lukas who is in the VRM community leadership is a great example of someone who is very active in the core of one community – AND participating at the margins of several others related to aspects of the identity and technology that are needed for VRM.
I would describe myself as being in the periphery of two communities the Nonprofit Tech Community and the Open Source Community. I relationships with people who’s day to day work is deeply focused in these areas. I have attended both their major conferences for the past several years and my work relates to both but I am not at the Core of either community.
Community Cultivators – these people sit at the core of a community and work to grow and take care of it. They are looking out for new people who might contribute and helping them find a niche in the system. While researching this article I found my friend Jean’s article about Field Building that describes this process too.
Examples from the past week of work:
I inviting the two guys I met at the identity meetup Ryan and Tony we had in NYC to join Newbies 4 Newbies cause they are both new to the community & interested in learning more. I also connected with Mike Ozburn a long time community member via phone and in talking with him thought he would be a great fit for the Enterprise Positioning Group as he is currently working with Sprint.
Community to Community Diplomats and Diplomacy in Action
I think that if we name these practices it will be easier to trust/know that we have informational and relational links between communities via articulating these articulated – not formal but at least named connections.
I am watching the dataportability.org group begin a research initiative to understand what communities efforts relate to their goals. I know that I did and still do a lot of research and outreach for the Identity Commons community dating back to 2004 – out reaching to the SocialPhysics project at Berkman, to Doc Searls etc….
I hope the language put forward here can help us all be able to understand how we are linked and seek to build bridges between our efforts. There will never be ‘one’ organization or effort that links everything – there will always be many different ‘attractors’ that have different missions, strengths and purposes. I would like to see some further articulation of the practices and patterns that people who play these rolls do.
Identity Commons structure is designed to support the kinds of links – the people to people – community to community along with explicit information flow between groups to foster loose connection and space for collaboration between groups. Heallth of the overall identity commons community can be measured by the number and nature of cross community linkages (people). I have a post coming out shortly about the balance between parts (working groups) and the whole and how the balance we have is working and how it can be maintained.