Core Concepts in Identity

One of the reasons that digital identity can be such a challenging topic to address is that we all swim in the sea of identity every day.  We don’t think about what is really going in the transactions….and many different aspects of a transaction can all seem do be one thing.  The early Identity Gang conversations focused a lot on figuring out what some core words meant and developed first shared understanding and then shared language to talk about these concepts in the community.

I’m writing this post now for a few reasons.

There is finally a conversation about taxonomy with the IDESG – (Yes! after over a year of being in existence it is finally happening (I recommended in my NSTIC NOI Response  that it be one of the first things focused on)

Secondly I have been giving a 1/2 day and 1 day seminar about identity and personal data for several years now (You can hire me!).  Recently I gave this seminar in New Zealand to top enterprise and government leaders working on identity projects 3 times in one week.  We covered:

  • The Persona and Context in Life
  • The Spectrum of Identity
  • What is Trust?
  • A Field Guide to Internet Trust
  • What is Personal Data
  • Market Models for Personal Data
  • Government Initiatives Globally in eID & Personal Data

[Read more...]

Getting Started with Identity

Welcome to the Identity Woman Blog

I am an advocate for the rights and dignity of our digital selves.

Top Posts:

How to Join NSTIC, IDESG: A Step-by-step Guide

How to Participate in NSTIC: A Step-by-step Guide

Where I am in the World:

I live on the East Bay of the San Francisco Bay.

ID360  April 9-10, Austin

NSTIC Management Council Retreat  April 22-23 in DC

Internet Identity Workshop - May 6-8, Mountain View, California.

SHARE: Catalyzing the Sharing Economy – May 13-14 in San Francisco

NSTIC 9th Plenary June 17-19 in DC

Cloud Identity Summit – July 19-22 in Monterey, California

Web of Change (tentative) Hollyhock, Cortez Island, BC, Canada

World Economic Forum - YGL Summit + Annual Meeting of New Champions – Sept 7-12 in Taijin, China

Internet Identity Workshop number 19, October 4-6, Mountain View California

Latest Media:

NSTIC in Tech President: In Obama Administration’s People-Powered Digital Security Initiative, There’s Lots of Security, Fewer People 

Article on the BC eID Citizen Engagement Panel in Re:ID. PDF: reid_spring_14-BC

Fast Company Live Chat: On Taking Back Your Data

Fast Company: World Changing Ideas of 2014: You Will Take your Data Back

Posts on NSTIC:

  • Participatory Totalitarianism! – My TEDxBrussels Talk about how if we don’t get this NSTIC stuff right we will end up in a really creepy world.  It references my struggles with Google+ to use the name I chose for my online self.

Posts about Identity:

  •  NymWars – My Personal Saga with Google in the [psuedo] NymWars to use the name I choose on their service – annotation of all my posts.
  • My speech at the Digital Privacy Forum in January 2011 articulating a vision that goes beyond “Do-Not-Track” vs. Business as Usual, creating a new ecosystem where people collect their own data.

Organizations and Events I share leadership in:

  • I am co-leading a new project – more details coming soon.
  • I am on the Management Council of the IDESG – the Identity Ecosystem Steering Group of NSTIC – the National Strategy for Trusted Identities in Cyberspace.
  • I co-founded, co-produce and co-facilitate the Internet Identity Workshop #18 May 6-8  in Mountain View, CA. This conference has focused on User-Centric Identity since 2005.
  • I am a steward of Identity Commons which keeps all the organizations and groups working on user-centric identity linked together.
  • I am the volunteer network director at Planetwork.net the civil society organization I have been affiliated with since 2003.
  • I founded She’s Geeky a women’s only unconfernece for those in Technology and STEAM fields (Science, Technology, Engineering, Art and Math)
  • I co-founded Digital Death Day and work with that community to continue to host events on the issue. You can see a video of me talking at Privacy Identity and Innovation about this. The next conference is in London on October 6th.
  • I own a business Unconference.net that designs and facilitations participant driven events for a range of clients (IIW, She’s Geeky and Digital Death Day are all Unconferences).

Is Google+ is being lynched by out-spoken users upset by real names policy?

Following my post yesterday Google+ says your name is “Toby” not “Kunta Kinte”, I chronicled tweets from this morning’s back and forth with  Tim O’Reilly and Kevin MarksNishant  KaushikPhil Hunt,  Steve Bogart and Suw Charman-Anderson.

I wrote the original post after watching the Bradley Horwitz (@elatable) – Tim O’Reilly (@timoreilly) interview re: Google+. I found Tim’s choice of words about the tone (strident) and judgement (self-righteous) towards those standing up for their freedom to choose their own names on the new social network being rolled out by Google internet’s predominant search engine disappointing.  His response to my post was to call me self-righteous and reiterate that this was just a market issue.

I myself have been the victim of a Google+ suspension since July 31st and yesterday I applied for a mononym profile (which is what it was before they insisted I fill out my last name which I chose to do so with my online handle and real life identity “Identity Woman”) 

In the thread this morning Tim said that the kind of pressure being aimed at Google is way worse then anything they are doing and that in fact Google was the subject of a “lynch mob” by these same people.  Sigh, I guess Tim hasn’t read much history but I have included some quotes form and links to wikipedia for additional historial context.

Update: inspired in part by this post an amazing post “about tone” as a silencing/ignoring tactics when difficult, uncomfortable challenges are raised in situations of privilege was written by Shiela Marie.  

I think there is a need for greater understanding all around and that perhaps blogging and tweeting isn’t really the best way to address it.  I know that in the identity community when we first formed once we started meeting one another in person and really having deep dialogues in analogue form that deeper understanding emerged.  IIW the place we have been gathering for 6 years and talking about the identity issues of the internet and other digital systems is coming up in mid-October and all are welcome.  The agenda is created live the day of the event and all topics are welcome.

Here’s the thread… (oldest tweets first)

 Note all the images of tweets in this thread are linked to the actual tweet (unless they erased the tweet).  [Read more...]

Google+ says your name is “Toby” NOT “Kunta Kinte”

This post is about what is going on at a deeper level when Google+ says your name is “Toby” NOT “Kunta Kinte”. The punchline video is at the bottom feel free to scroll there and watch if you don’t want to read to much.

This whole line of thought to explain to those who don’t get what is going on with Google+ names policy arose yesterday after I watched the Bradley Horwitz – Tim O’Reilly interview (they start talking about the real names issue at about minute 24).

[Read more...]

Lets try going with the Mononym for Google+

Seeing that Google+ is approving mononyms for some (Original Sai, on the construction of names Additional Post) but not for others (Original Stilgherrian Post Update post ).

I decided to go in and change my profile basically back to what it was before all this started.  I put a  ( . ) dot in the last name field.  In my original version of my google proflile my last name was a * and when they said that was not acceptable I put my last name as my online handle “Identity Woman”.

[Read more...]

“Million” Persona March on Google

Just reading more posts people are pointing at and surfacing re: google+ and erasure. I was “erased” today (from being able to use Google+ not my gmail account) but this isn’t about me, its about the Persona’s.

You know IRL (in real life) when people kill you they suffer legal consequence, here with real persona it’s open season.  Its not right.  (Just read Raef’s Declaration of the Rights of Avatars – among the many bills of rights re: online identity and privacy I have collected).

So lets organize a March on Google for the rights of people with Persona’s.

Google+ and my “real” name: Yes, I’m Identity Woman

When Google+ launched, I went with my handle as my last name.  This makes a ton of sense to me. If you asked most people what my last name is, they wouldn’t know. It isn’t “common” for me.  Many people don’t even seem to know my first name. I can’t tell you how many times I have found myself talking with folks at conferences this past year and seeing ZERO lighbulbs going off when I say my name “Kaliya”, but when I say I have the handle or blog “Identity Woman” they are like “Oh wow! You’re Identity Woman… cool!” with a tone of recognition – because they know my work by that name.

One theory I have about why this works is because it is not obvious how you pronounce my name when you read it.  And conversely, it isn’t obvious how you write my name when you hear it.  So the handle that is a bit longer but everyone can say spell “Identity Woman” really serves me well professionally.  It isn’t like some “easy to say and spell” google guy name like Chris Messina or Joseph Smarr or Eric Sachs or Andrew Nash. I don’t have the privilege of a name like that so I have this way around it.

So today…I get this

I have “violated” community standards when using a name I choose to express my identity – an identity that is known by almost all who meet me. I, until last October, had a business card for 5 years that just had Identity Woman across the top.

Display Name – To help fight spam and prevent fake profiles, use the name your friends, family, or co-workers usually call you. For example, if your full legal name is Charles Jones Jr. but you normally use Chuck Jones or Junior Jones, either of these would be acceptable. Learn more about your name and Google Profiles.

[Read more...]

The Trouble with Trust, & the case for Accountability Frameworks for NSTIC

There are many definitions of trust, and all people have their own internal perspective on what THEY trust.

As I outline in this next section, there is a lot of meaning packed into the word “trust” and it varies on context and scale. Given that the word trust is found 97 times in the NSTIC document and that the NSTIC governing body is going to be in charge of administering “trust marks” to “trust frameworks” it is important to review its meaning.

I can get behind this statement: There is an emergent property called trust, and if NSTIC is successful, trust on the web would go up, worldwide.

However, the way the word “trust” is used within the NSTIC document, it often includes far to broad a swath of meaning.

When spoken of in every day conversation trust is most often social trust.

[Read more...]

Alignment of Stakeholders around the many NSTIC Goals

 

The Many Goals for the Identity Ecosystem & NSTIC Governance

The NSTIC governance NOI articulates many key activities, qualities and goals for a governance system for NSTIC. NSTIC must:

  • convene a wide variety of stakeholders to facilitate consensus
  • administer the process for policy and standards
  • development for the Identity Ecosystem Framework in accordance with the Strategy’s Guiding Principles
  • maintain the rules of participating in the Identity Ecosystem
  • be private sector-led
  • be persistent and sustainable
  • foster the evolution of the Identity Ecosystem to match the evolution of cyberspace itself.

Achieving these goals will require high-performance collaboration amongst the steering group and all self-identified stakeholder groups. It will also require earning the legitimacy from the public at large and using methods that surface their experience of the Identity Ecosystem Framework as it evolves.

[Read more...]

Proactive Development of Shared Language by NSTIC Stakeholders

This is the “punchline section” (in my response it is after what is below…the history of collaboration in the identity community):

Proactive Development of Shared Language by NSTIC Stakeholders

In 2004-5 the Identity Gang (user-centric identity community) was 1/10 the size of the current NSTIC stakeholder community.  It took us a year of active grassroots effort to develop enough common language and shared understanding to collaborate. NSTIC doesn’t have 5-10 years to coalesce a community that can collaborate to build the Identity Ecosystem Framework. To succeed, the National Program Office must use processes to bring value and insight while also developing  shared language and understanding amongst stakeholders participating.

[Read more...]

National! Identity! Cyberspace!: Why we shouldn’t freak out about NSTIC.

This is cross posted on my Fast Company Expert Blog with the same title.

I was very skeptical when I first learned government officials were poking around the identity community to learn from us and work with us.  Over the last two and a half years, I have witnessed dozens of dedicated government officials work with the various communities focused on digital identity to really make sure they get it right. Based on what I heard in the announcements Friday at Stanford by Secretary of Commerce Locke and White House Cybersecurity Coordinator  Howard Schmidt to put the Program Office in support of NSTIC (National Strategy for Trusted Identities in Cyberspace) within the Department of Commerce. I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative, like this from CBS News: Obama Eyeing Internet ID for Americans.

I was listening to the announcement with a knowledgeable ear, having spent the last seven years of my life focused on user-centric digital identity.Internet Identity Workshop Logo Our main conference Internet Identity Workshop held every 6 months since the fall of 2005 has for a logo the identity dog: an allusion to the famous New Yorker cartoon On the internet, nobody knows you are a dog. To me, this symbolizes the two big threads of our work: 1) maintaining the freedom to be who you want to be on the internet AND 2) having the freedom and ability to share verified information about yourself when you do want to.  I believe the intentions of NSTIC align with both of these, and with other core threads of our communities’ efforts: to support identifiers portable from one site to another, to reduce the number of passwords people need, to prevent one centralized identity provider from being the default identity provider for the whole internet, to support verified anonymity (sharing claims about yourself that are verified and true but not giving away “who you are”),  support broader diffusion of strong authentication technologies (USB tokens, one-time passwords on cellphones, or smart cards), and mutual authentication, allowing users to see more closely that the site they are intending to do business with is actually that site.

Looking at use cases that government agencies need to solve is the best way to to understand why the government is working with the private sector to catalyze an “Identity Ecosystem”.

[Read more...]

When to share your real name? Blizzard and their Real ID plans.

I was recently CCed in a tweet referencing this article “Why Real ID is a Really Bad Ideaabout World of Warcraft implementing their version of a “Real ID” in a way that violated the trust of its users.

The woman writing the article is very clear on the identity “creep” that happened and got to the point of requiring users to use the Real ID account within the system to post on forums and EVEYWHERE they interacted on company websites.

She articulates clearly why this creates an unhealthy climate and a chilled atmosphere for many users.

[Read more...]

The Identity Spectrum

I published V1 of this in a post on my Fast Company blog about the government’s experiments with identity.
I did a more complete version for the opening talk of the Internet Identity Workshop

The Identity Spectrum gives a understanding of the different kinds of identity that are possible in digital systems. They are not exculsive – you can mix and match. I will define the terms below and discuss mixing and matching below.

Anonymous Identity is on one end of the identity spectrum–basically you use an account or identifier every time go to a Web site–no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don’t reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give “fake” information or true information about yourself–it is up to you.

Socially Validated Identity is an identifier within the context of a social graph that is linked to and because of the social links it is acknowledged by others thus being socially validated

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.

Mixing and Matching on the Identity Spectrum
You could have a socially verified pseudonymous identity. That is people recognize and acknowledge a pseudonymous handle/avatar name by linking to it in a social graph. You can have verified anonymity where attributes about a handle/avatar are ‘verified’ but the all the information about the verified identity (full name, address, birthdate etc) is not reviled.

IIWX Internet Identity Workshop 10, Introductory Talk

I gave this talk at the 10th Internet Identity workshop reviewing the shared history, language, understanding and work we have done together over the last 6 years of community life.

Part of this presentation touched on a timeline of events in the community. Those and more are reflected on this timeline that is beginning to be developed here. IIW11 will be November 9-11 in Mountain View, CA The first ever IIW outside the Bay Area will be happening September 9-10 in Washington DC following the Gov 2.0 Summit with the theme Open Identity for Open Government. The first IIW in Europe will be happening in London likely October 9-10 (dates still to be confirmed) prior to RSA Europe. If you would like to know about when the next IIWs have registration open please join this announce list. TheIdentity Gang is the community mailing list where conversations are ongoing about identity. You can follow modest updates about IIW on twitter via our handle – @idworkshop You can see IIW 10 attendees on our registration page.

its that SXSW picking time of year

200908181123.jpg

This year there are 2200 panels submitted for 300 slots. It is great they are going with community generated ideas for the conference. It is also hard to tell what will be happening in our fast moving industry 7 months from now. PLEASE go to SXSW create an account and then vote for these two :)

I put a lot of thought in to what to put forward this year knowing it would be 9 months out. One of the trends that is just starting to emerge is identity verification – my hunch is that by March this will be a topic getting a lot of attention and worth exploring at SXSW.

Who are you? Identity trends on the Social Web.

“On the Internet Nobody Knows You’re a Dog” Is this famous New Yorker cartoon still true? Twitter is doing verified accounts. Facebook claims everyone using their “real name” gives strong social validation ‘proof’. Equifax is validating age with information cards (digital tokens). We will explore the current trends and their implications for the future.

  1. What is identity?
  2. Why are people doing identity validation?
  3. Who is doing identity validation?
  4. Why are websites seeking people who have had their identities validated?
  5. Is identity validation improving the web?
  6. What are the current open standards in this space?
  7. Are approaches by men and women different about idnetity presentation and validation?
  8. What kinds of businesses are requiring online identity validation for customers?
  9. Is identity validation going to squish “free speech”?
  10. How is this trend changing the web?

With my She’s Geeky hat on: What Guys are Doing to Get More Girls in Tech!

The point of this is to get beyond the women say there are issues in the field and guys say there isn’t – to have guys who know there is an issue and are proactively doing constructive stuff to address it.

Many tech fields have a low percentage of women. If you are a guy do you wonder what you can do about it? Learn about successful strategies and proactive approaches for supporting women you work with and participate in community with. We will even cover some well-intentioned efforts that have gone awry.

  1. How many women by percentage participate in different technical fields?
  2. Why does it matter that they are underrepresented in these fields?
  3. What are the cultural norms that men and women have about performance and self-promotion?
  4. What is Male Programmer Privilege?
  5. What can a guy do who has a sister that is math/science inclined but being steered away from the field?
  6. How have the men on the panel improved things in their workplaces?
  7. How have the men on the panel addressed the challenges that arise in open communities? (that is where you don’t have a boss that fires people for inappropriate behavior/comments)
  8. What are the qualities of a workplace that is friendly for women?
  9. How to go beyond tokenism in workplaces, communities and conferences?
  10. How to encourage women more?

Other interesting Preso/panels covering Identity topics:

The Politics & Economics of Identity Put forward by my friend Liza Sabature of Culture Kitchen and the Daily Gotham Identity Politics” has always been left to the realm of feminist, civil rights activists, aka “minority politics”. This panel will explore the social and political ramifications of the business of identity and reputation. We will talk about the good, the bad and the ugly and what social entrepreneurs, businesses and digital activists are doing to impact this new economy.

  1. What is identity?
  2. What is reputation?
  3. What is privacy?
  4. How have big business historical monetized privacy?
  5. How social media works on identity and reputation?
  6. Online surveillance in the US : DMCA, FISA, Patriot Act
  7. Facebook BEACON : a study on how not to spy on people for fun and profit
  8. Google Adsense or Spysense?
  9. What are Vendor-Relationship Management systems?
  10. Will we need “Identity Management Systems” instead of VRMs?

Distributed Identity: API’s of the Semantic Web Without much conscious thought, most of us have built identities across the web. We fill in profiles, upload photos, videos, reviews and bookmarks. This session will explore the practical use of Social Graph API and YQL to build new types of user experience combining identity discovery and data portability.

Online Gatekeeping: Who Died and Made You King? by Liz Burr As the web becomes more open via social networks, we’re adopting new rules of communication. But who creates these rules? How much does class, race and gender figure into social media policing? We’ll discuss how identity affects social networks, as well as look at how online communities police themselves as participation expands.

  1. Which groups are in control of what is worth sharing via social media?
  2. Are the under-25 community using social media differently?
  3. How do we recognize and confront social media ‘gatekeepers’?
  4. Is our behavior in online communities merely a reflection of offline stereotypes and experiences?
  5. What is the impact of the amplification of social stereotypes online on under-represented groups?
  6. How do we integrate previously, under-represented groups into this more social world?
  7. Is there really such a thing as a “digital ghetto”? If so, is it our responsiblity to combat it?

OpenID: Identity is the platform is put forward by Chis Messina.
I have to say it is really great to have this be put forward so plainly and simply – to “get religion” about user-centric tdentity and its central role in shaping the fugure the social web.

Ignore the hype over social networking platforms and web OS’s! The platform of the social web is identity. Facebook and Twitter Connect are just the beginning of the era of user-centric identity. I’ll go beyond the basics of OpenID and learn how to effectively incorporate internet identity into your apps.

Your Online Identity After Death and Digital Wills

If you died tomorrow, would someone take care of your internet accounts? How do you tell subscribers the blogger has died? Every day people die and no one can access their email. Let’s explore what can be done to manage your online identity after you pass on.

  1. What usually happens to email accounts when a person dies? Policies for Gmail, Yahoo, Hotmail and AOL
  2. What about WordPress.com and Blogger for digital policies concerning the death of a blogger?
  3. Do You have a digital will setup?
  4. Products and services to manage digital wills, electronic correspondence after death and auto replies.
  5. Grief, “You Have Mail” and online memorial services.
  6. Who owns blog content after the death of a blogger?
  7. How to calculate the worth of your website or blog.
  8. How can you manage your online accounts and passwords for easy access after you pass?
  9. What are some recent legal examples of online account ownership disagreements?
  10. How to keep your passwords safe?

How to Benefit from 1-Click Identity Providers by Luke Shepard from Facebook.

Sites across the Web are opening up to support open identity platforms, such as OpenID. How can companies at scale and those with large user bases successfully work with open standards including OpenID, Activity Streams and new social markup language specs? Can companies survive the challenges of incorporating OpenID into their websites?

  1. Are there any success stories with OpenID?
  2. What does the OpenID user experience look like?
  3. Who has implemented OpenID?
  4. What have been some of the failures of OpenID?
  5. What is OpenID?
  6. What are the user benefits of OpenID?
  7. How can websites educate users about open protocols?
  8. What are the privacy concerns around OpenID?
  9. What kind of user data is made available to sites when they implement OpenID?
  10. What will it take for OpenID to become mainstream?

Crime Scene: Digital Identity Theft


OpenID Momentum continues

Dave posted today on the OpenID.net blog articulating the accomplishments of the past year.

I think it is important to acknowledge the significant progress OpenID as an Open Standard for persistent digital identity across the web has made. It is amazing to think how far it has come in 2.5 years since IIW1.

Recently I was talking with a person knowledgeable about the identity community and OpenID in particular – they mentioned that some of the conversations amongst those running for the board didn’t help the community look “good”. I said to them you know a lot of communities have elections and there is 6 board seats open and 6 people running for them – so there really isn’t a dialogue, public conversation that has texture (a different word for conflicting points of view). I celebrate a community that can dive in and engage with a range of points of view and really have a meaty dialogue. This is to be celebrated – the pains of growing up.

Wired just did a detailed article on OpenID’s and Blog commenting. It closed with this… NB: Before you race to point out the irony that this particular blog doesn’t support OpenID logins for comments, I can assure you — we’re working on it.

It also said this:


It’s easier for blogs, which don’t need a lot of demographic information about a user, to let people jump in and start participating socially without filling out a registration form. Major media properties and newspaper websites, on the other hand, want age and income data they can use to sell more targeted ads. OpenID and its companion technologies have mechanisms for sites to collect that data from their users, but those mechanisms are largely left out of the blog commenting systems.

It makes me sad to see this. I was just signing up for a topica list – it asked me for my gender the year I was born and my zip code. It is trying to figure out who I am. What I don’t think is well understood is how information sharing happens over time. Asking people to give away PII (personally identifying information) to look at a newspaper is bad practice and encourages lying.

Identity events of the year – Part 2

This is part 2 and continues from part 1. I will re post this caveat again.

I am not going to do a “top ten list” – not really my style. I tend to take things as they are and appreciate the amazing, wonderful, mysterious, sensuous, intellectually stimulating but don’t “compare” in a sort of ordered list way. So just so there is clarity on the number of things I mention I will “number” them but this is NOT a top ten list – I wrote this post as a reflection without thought to order.

(un5) The emergence of Portable Contacts was a great development out of the Data Sharing Events that I put on with Laurie. The conversation between Joseph and the MSFT guys (Indu and Angus) lead to this – sort of a practical low hanging fruit thing to do – rather then solve everything – just how to get the list of contacts I have in one place out and importable to another. Joseph’s community leadership has really impressed me to. He is all about getting things done and finding the needed elements to make things happen.

(un6) I have enjoyed watching Marc draw on his fence – yes he does this literally - and talk about his vision of the social web evolving. He “published” a book containing some of what he has been talking about. You can describe Marc as many things but I for one respect him as a visionary – ahead of his time in seeing where things will be going on the web and what will be needed. (You can see his predictions for 2009 here) Just as an example of something he said that really struck me as original and important to think about looking ahead – he talked about how groups need to live autonomously – outside any one platform or silo – and that we need a language of social verbs that are open and standard across them. Maybe some more people will “get” what Marc has been saying in this regard and some open standards can evolve to address this.

(un7) In a year end review it would be a mistake to not name the IDTBD conversation that happened this summer. You can read the whole thread of the e-mail conversation in the google group – it is public. There were in the end two different ways to look at how to organize (and I think they can complementary) one put organizational form and structure first and the other put relationship and community first and said that needed form and structure could emerge from that. In the middle of the conversation we were referred to Clay Shirky’s work – both this video about LOVE in technical communities and how it is very long lasting and sustaining and his book - the power of organizing without organization. (He also has another talk about Coordination Costs that is informative). Identity Commons is an organization being held together with many of the new super low cost tools that mean organizational overhead that was needed to organize people as organized as we are isn’t needed like it was 5-10 years ago. Having said this there is much to be improved and in the survey we sent out after IIW we asked about IC and the community wanted us to focus on supporting/providing better communication between groups and also increased PR/outside world awareness of the collaborative work happening in the community.

(un8) The OpenID Foundation part of the Identity Commons community held its first elections for the community seats on the board.

(un9) Information Card Foundation launched and is part of the community of Identity Commons. I have been quite impressed with the energy and evangelism of Charles Andres. (they too are using a low organizational overhead model for getting things done). I actually got a the Azigo card selector working on my Mac and downloaded a “managed” card from an early behind the scenes trial of CivicID. I also failed at getting an “I’m over 18 card from Equifax” – Actually the experience of their knowledge based authentication made me think my identity has been “stolen” it asked me about a bunch of loans I haven’t taken out. So now I have a bunch of personal identity detective work to do this year (I will be blogging about those adventures).

(un10) Parity Communications shipped some pretty amazing stuff and it has been a long time coming*. They are behind the Equifax I’m over 18 card issuing site using their service called Card Press for issuing information cards. (as an aside I “get the whole stock photo with people holding their hands in a card shape – but why the girl with no top on?)

* Some background I first talked to Paul Trevithic and Mary Ruddy in the winter of 2004 while working for Identity Commons I knew I had to go out and meet them – to learn what they were up to and hopefully link/sync it with what Owen, Andrew & Drummond&Co. were up to around user-centric identity. They were into Social physics along with John Clippinger and both Paul and John were at the 2004 Planetwork Conference.

Over all it was an amazing year and it seems that the coming year will continue to have this field evolve.

I am working hard on pulling together two events before the next IIW (May 18-20 – put it on your calendars). One is specifically focused on “What are the Business Models” we should have an announcement about that next week but the dates will be the last week of Feb.

The other is focused on the intersection of identity technologies and the legal realm – I am meeting face to face with Lucy Lynch from ISOC in Eugene this week to work on details for that.

The Identity Futures group continues to percolate along and is working on developing a proposal to do some scenario visioning/planning.

I am hoping to spend some more time thinking about and talking to women to understand more about their needs and practices around identity online. Just in the last week while organizing She’s Geeky (the women’s only tech conference happening at the end of January) two women have mentioned they have had online stalker experiences recently. Several also have very particular ways of presenting themselves one example is a woman who professionally they use their first initial and last name – when they submit resume’s etc and in their general life online/socially they use their First name and last initial – to ensure that they are not findable at least by an employer initially doesn’t know their full name and thus their gender.

Identity events of the year – Part 1

I am not going to do a “top ten list” – not really my style. I tend to take things as they are and appreciate the amazing, wonderful, mysterious, sensuous, intellectually stimulating but don’t “compare” in a sort of ordered list way. So just so there is clarity on the number of things I mention I will “number” them but this is NOT a top ten list – I wrote this post as a reflection without thought to order.

This morning while swimming I got to reflecting about the year in identity and it did seem appropriate to share some of them.

(un1) Bob’s Relationship paper (that I hope Burton Group will release into the world) was put forward in draft form at IIW#7 (2008a) and the Data Sharing Summit in May. It framed the problem of identity and articulated some missing pieces to the puzzle we are solving – supporting an identity layer emerge. He high lighted the fact that identity happens in the context of relationship and finding ways to document the terms and conditions in a relationship – making the relationship itself its own node and not just a line in a social graph. Since the paper is mostly been available to enterprise clients of the Burton Group and some folks in the identity community this missing piece – the node of relationship itself has not been taken up. I am hopeful it will emerge. I think some of what the Higgins project is proposing as an R-Card – a place to co-manage relationship data between two parties in a transaction could for fill this.

Update: I spoke with Bob since this post and Burton will be releasing this paper in Q1.

(un2) Facebook’s emergence as the dominant social networking service and this being the anti-pattern that the communities that I have been participating in for 6 years now had articulated was a danger that needed to be addressed preemptively with open standards that worked between silo’s.

(un3) Related to this – I am remember that summer at the invitational gathering at Hollyhock (a retreat center in Canada I love and I became the accidental poster child for) I got to meet with colleagues who lead workshops there some of whom I have known for years. They knew I was into the web and social things there – “digital identity” but this year they “got” more of what I was talking about. The reason was because of issues they themselves had – one had pictures and e-mails and other things the community had put forward around someone’s life threatening illness. They found they couldn’t get the data out. … it wasn’t there. People informally in conversations I overheard were kinda freeked out by the service (you need to remember that in Canada Facebook has incredibly high penetration into the lives of “normal” folks about 40% of all Canadians are on it – so more normal folks then in the US).

So back to the open standards working between sites – putting at least doors between walled gardens – it seems that finding the agreement and finding adoption of such open standards is difficult – or perhaps more to the point it is not a “high business priority” – it is easy to have a big network just grow and become the default. I think the efforts of the open stack community are noble and I hope they succeed. I also think they need to address some of the things that facebook messes up. These include mushing all my worlds together- (water polo from when I was in highschool, kindergarten class at school, water polo from college, water polo from the national team, highschool, elementary school 1, elementary school too, my process facilitator community, the identity community, the all the worlds I am in they are all FLAT – my social reality isn’t flat. People and the topics I am interested in at any one time come closer and go out father. I have divers interests and everyone I know is not interested in everything I do. I know this. I am not trying to “hide” anything or “be secret” I just want to respect the attention of my friends. I hope this nuanced social understanding can be grasped by someone building these tools. It is not that complex.

It may be that this kind of nuance will show up in smart clients. I am hopeful that this year there will be at least one for twitter. (I want to have two kinds of twitter friends – the ones that I read ALL their tweets (scrolling back to see what happened when I was not online) and those that i will watch passively when I happen to be online too.

(un4) TWITTER really broke on to the scene this year. I started tweeting because of Phil Windley’s comment about how it got him connected to his remote team – as a water cooler replacement – to know what they were up to in daily life (I had had an account for about a year before but hadn’t gotten into it). I was also at a talking heads forum on collaboration for a day in January and several friends were there who were tweeters so I did the laborious work of finding people to follow (back then there was no people search – you sort of found people by who you saw following people you knew).

I have several more thoughts about big things of the year. I will continue to write in the next few days. I am going to get back into blogging. These last 8 months since IIW#7 2008a I have had some rather significant personal life background noise. It is why I haven’t been writing or getting out much. So one of my resolutions for the year is to blog more.

It continues here with Part 2.

Cybersecurity report covers Identity

Lucy Lynch posted this “The CSIS Commission on Cybersecurity for the 44th Presidency ” to the ID-Legal e-mail list.

We are actually going to discuss it on our upcoming call along with figuring out our steward to Identity Commons. Lucy and I will be spending 2 days at the end of December face to face in Eugene planning strategy/execution/deliverables around having at least event in DC this winter/spring before the next IIW.

The CSIS Commission on Cybersecurity for the 44th Presidency has released its final report, “Securing Cyberspace for the 44th Presidency.” The Commissions three major findings are:

1. Cybersecurity is now one of the major national security problems facing the United States;

2. Decisions and actions must respect American values related to privacy and civil liberties; and

3. Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will improve the situation.”

There is a section on: Identity Management for CyberSecurity (page 67) that folks will want to read. CSIS is a Washington think tank, so this
is only advisory, but interesting to see some old models coming around again.

“CSIS was launched at the height of the Cold War, dedicated to the simple but urgent goal of finding ways for America to survive as a nation and prosper as a people. During the following four decades, CSIS has grown to become one of the nations and the worlds preeminent public policy institutions on U.S. and international security.”

Identity – poem found in film.

I have often thought about how my work in this field has made me look at the world differently – I almost always have “identity” glasses on. I notice how people use the word. I notice when people talk about authentication and authorization, validation, verification and enrollment (often mixing all those all together or calling one something else).

Today I am watching a random Netflix movie that came (I have not been shepherding my que very well) It is called Notebook on Cities and Cloths – it is about a Japanese fashion designer. To my surprise it is opening with a poem by the film maker Wim Vinders – part way through well it turned to identity ….

“Identity”…
of a person,
a thing,
a place.

“Identity”.
The word itself gives me shivers.
It rings of calm, comfort, contentedness.
What is it, identity?
To know where you belong?
To know your self worth?
To know who you are?
How do you recognize identity?
We are creating an image of ourselves,
we are attempting to resemble this image…
Is that what we call identity?
The accord
between the image we have created
of ourselves
and … ourselves?
Just who is that, “ourselves”?

We live in the cities.
The cities live in us…
time passes.
We move from one city to another,
from one country to another.
We change languages,
we change habits,
we change opinions,
we change clothes,
we change everything.
Everything changes. And fast.
Images above all.

the recitation shifts into prose continues over the film as it begins….

Net Squared Talk about Identity

Last week I presented at the Net Squared Conference they have a focus on ‘remixing the web for social change’ – it was fun to be invited to speak at the event by the “Jon Steward Famous” Susan Tenby(she was on the show for her testimony in front of congress about her role as the head of the Nonprofit Commons in Second LIfe – in her testimony she said her Avatar name Gliteractitca Cookie – and well this fun identity fact was what got her on John Stewart).

SlideShare | View | Upload your own

There was great live bloging coverage of my on the Net Squared blog posted by Brenda that you can read along with while you watch.

Identity Futures Dinner in South Bay Tonight

Sorry for this late notice on the blog but I just figured out where we are eating.

At the Internet Identity Workshop 2 weeks ago one of the session was about the Identity Futures work that we started last fall. We went over the events that we developed – see here.

John Kelly my collaborator developing them and those exercises couldn’t make IIW and we had a corum of folks who were in centered in the South Bay so we are having a meeting this evening over indian food to talk about next steps for this work.

If you are interested in this you are most welcome to attend. We are meeting at

We are meeting at 6 PM at Heritage of India 167 S Main St, Milpitas, CA 95035

PLEASE RSVP to me kaliya (at) Mac.com

Identity Talk at Net Squared Year Three

Here are the relevant links from my talk on Identity at Net Squared.

US, Our Organizations and The Web: Leveraging Identity Tools for Collaboration

Why is user-centric Digital Identity Important?
Augmented Social Network: Building Identity and Trust into the Next Generation Internet 2003, Ken Jordan, Jan Hauser, Steven Foster.

OpenID
OpenID

Data Linking

Standards
XRI Wikipedia at OASIS
XDI Wikipedia at OASIS

Companies
Strong Eye
Kintera & XDI
GoLightly
ooTao

i-cards
Identity Blog – Kim Cameron MSFT Identity Architect
Higgins Project at Eclipse
OSIS – Open Source Identity Systems (interop work with over 50 companies and projects)

Vendor Relationship Management
Project VRM at the Berkman Center, Harvard

Collaboration Community for the Evolving Identity and Relationship Layer
Identity Commons

EVENTS I INVITE YOU TO
Vendor Relationship Management Workshop
July 10-12, Boston

Internet Identity Workshop #7
November 10-12, Mountain View
Data Sharing Summit #3
September?


BONUS RESOURCES

Identity Community Foundational Resources

Laws of Identity

OECD Paper: At the Crossroads: Personhood and Digital Identity in the Information Society

Additional White Papers of Interest

Accountable Net: Peer Production of Internet Governance

Appropriating Technology for Social Change

Movement as Network

Network Centric Advocacy 2003

Simple Open Standards you can adopt now
OAuth
Microformats
XRDS – Simple
Open Social

Identity Commons Q1 2008 Report. DONE!

I am excited that our second set of “official” quarterly reports as been wrangled, compelled, edited and published on the IC blog and in PDF format. If you are wondering what all is happening in the communities work on user-centric identity technology this is the one thing to read and the best part is it is updated very three months. We welcome new groups joining the communityit is a simple process.

We are a community of groups working on addressing the social, legal and technical issues that arise with the emerging, identity, data and social layer of the internet.

Highlights from Q1 2008 Reports

The 6th Internet Identity Workshopis coming up May 12-14, immediately followed by a Data Sharing Summit.

The OpenID Foundation had 5 corporate members join the board – Google, Verisign, Microsoft, Yahoo and IBM. OpenID Japan was founded and guidelines for local chapters are being developed.

OSIS Open Source Identity Systems is working towards the completion of its third major Interop event (at RSA and the European Identity Conference) with 57 projects participating.

XRI 2.0 will be going to a vote within OASIS shortly.

Higgins 1.0 was released on Feb 21st.

Project VRMis leading a 1.5 day workshop at the European Identity Conference and has an active London Chapter. Work continues on the initial text case Personal Address Management

New Groups of Note:

Enterprise Positioning is a community of people inside enterprises who need to understand and explain the application of user-centric identity in that context. page 10

IC Evangelism and Marketing began to help develop clearer messaging for Identity Commons and develop a values statement. page 8

Newbies 4 Newbies have given invaluable feedback on the language used to articulate user-centric identity, helping to improve the Internet Identity Workshop announcement significantly. If you are new to User-Centric Digtial Identity – wondering what they heck is all this stuff – what do these acronyms mean – this is the group for you. page 10

The Photo Group started with three groups on Flickr 1) Identerati Portraits, 2) The Art of Identity and 3) Member Gallery with the photos they have taken. page 11

The Quiet Groups:
IC Collaborative Tools
XDI Commons
Identity Schema
Identity Rights Agreements
Identity Futures
IdMedia Review

PDF of Report

The Venn of Identity is published

This is a great article and I have been talking about it for several months when presenting about digital identity. It was written by Drummond Reed and Eve Maler and I read it in December.(I am doing this more and more now). It has finally been published here is the abstract but it actually costs $19 – uggg.

Digital identities can be associated with everything from people to software applications to entire companies, but human digital identities prove the most interesting and challenging. Human digital identities can simplify network usage and enable new classes of applications, but they also introduce security and privacy risks. Federated identity management addresses scenarios in both enterprise and consumer contexts by defining how to dynamically distribute identity information and delegate identity tasks across security domains. This article explains federated identity’s components, discusses security and privacy risks and architectural challenges, surveys the SAML, OpenID, and InfoCard protocols, and reviews new developments in federated identity management.