ID Anthology – the community “cannon”

A few years ago I pulled together the start of a community anthology.
You could think of it as a cannon of key blog posts and papers written in the Identity Gang and circulated around the Internet Identity Workshop and other conferences back in the day like Digital Identity World.

I think with IIW coming into its 10th year and #20 and #21 happening this year the time is right to make a push to get it cleaned up and actually published.

We need to make the important intellectual and practical work done thinking and outlining digital identity that this community has done .  I also have included works that highlight key issues around user-centrism and identity that originated from outside the community of the identerati.

I am working on organizing a crowd funding campaign to raise a small amount to work with a professional editor and type setter get the needed copyright clearances so we can have a “real” book.

In the mean time I have this outline below of articles and pieces that should be included.

I would love to hear your suggestions of other works that might be good to include. It may also be that we have So many that choose to do more then one volume. For this first one my focus is more on early works that were foundational to a core group early on – essays and works that we all “know” and implicitly reference but may not be known or accessible (because they are 6-10 years ago in blogosphere time and that is eons ago) or may not even be on the web any more.

You could comment on this blog. You could use the hashtag #idanthology on twitter. You could e-mail me Kaliya (at) Identitywoman (dot) net. Subject line should include IDAnthology

The book would be dedicated to the community members that have died in the last few years (I am open to including more but these are the ones that came to my mind).

  • Nick Givitosky
  • RL “Bob” Morgan
  • Bill Washburn
  • Eno Jackson

 

Digital Identity Anthology

Context and History from the User-Centric Identity Perspective

edited by Kaliya “Identity Woman”

Forward, Preface, Introduction – TBD

Openning Essay – by Kaliya

Contextualizing the Importance of Identity

Protocols are Political – Excerpts from Protocol: How Control Exists after Decentralization

Identity in Social Context

Identity in Digital Systems

The “Words” – taking time to contextualize and discuss the meaning of words with broad meaning often used without anchoring the particular meaning the author is seeking to convey.

Identity
Trust
Reputation
Privacy
Security
Federation

 

Pre-Identity Gang Papers

Building Identity and Trust into the Next Generation Internet (10 page summary)

Accountable Net (summary or key points)

Cluetrain Manifesto by Doc Searls et al. (some key highlights)

The Support Economy (some key excerpt?)

Identity Gang Formation

Andre Durand’s talk at DIDW way back in the day.

Blog post of Kaliya and Doc meeting at SBC (now ATT ) park in SF -

Dick’s Identity 2.0 talk.

Phil’s Posts

Johannes – early Venn

The Community Lexicon

Laws of Identity + Responses

The Laws of Identity

4 More Laws (by Fen Labalme)

Verifiable, Minimal and Unlinkable (by Ben Laurie)

Axioms of Identity

Key Identity Gang Ideas + Posts

On The Absurdity of “Owning One’s Identity

Law of Relational Symmetry

The Limited Liability Persona

Identity Oracles  (Bob Blakley)

Identity Spectrum version 1   version 2    (Kaliya)

Onion Diagram (by Johannes)

Venn of Identity (Eve Mahler)

Claims and Attributes

Context and Identity

Signaling Theory

Agency Costs

Social Protocols

 What is Trust?

The Trouble with Trust and the Case for Accountability Frameworks

Trust and the Future of the Internet

User-Centric ID and Person-hood.

At Crossroads: Personhood and Digital Identity in the Information Society

The Properties of Identity

 

The Privacy Frame

Ann Covukian’s Take

Daniel Solove’s work

Taxonomy of Privacy

Model Regime of Privacy

Understanding Privacy

The Future of Reputation

Nothing to Hide

Identity and Relationships

A Relationship Layer for the Web, Burton Group Paper

 

Privileged and Not Gender and Other Difference

Genders  and Drop Down Menus

Designing a Better Drop-Down Menu for Gender

Disalienation: Why Gender is a Text Field on Diaspora

“Gender is a Text Field” (Diaspora, backstory, and context)

NymRights

There were many posts that arose out of the NymWars that began with Google+ turning of people’s accounts in July of 2012 – I have to go through and pick a good selection of those from BotGirl, Violet Blue and others.

Personal Data Concepts and Principles

Vendor Relationship Management Community,

The Support Economy

Exploring Privacy:

LumaScape of Display Advertising

My Digital Footprint (By Tony Fish)

Personal Data the Emergence of a New Asset Class, WEF Report

Rethinking Personal Data: Strengthening Trust

The Paradox of Choice: Why More is Less

Visions and Principles for the Personal Data Ecosystem (Kaliya)

PDX Principles (Phil Windley)

Control and Protocol

Its Not so Simple Governance and Organizational Systems Theory

Accountable Net

Visa the Original “Trust Framework”

Life organizes around identity form When Change is out of Control. and Using Emergence to take Social Innovation to Scale.

Intervening in Systems

Closing Essay

 

Appendix 1: Information Practices the Evolution of FIPPs

Drawing on this work.

Appendix 2: Bills of Rights

 

 

 

 

 

“The” Words

 

 

 

A Preliminary Mapping of the Identity Needs in People’s Life Cycles

This start of a paper and idea for an interactive Exercise to be done at the ID360 Conference was written by myself and Bill Aal. It was submitted to the 2014 ID360 Conference put on by the Center for Identity at the University of Texas at Austin.

Over people’s life cycles there are many different “identity events” that occur. While considering how people interact with an identity ecosystem the whole range of lifecycle events must be considered not just those in mid-life career people.  We present a draft Field Guide to the different stages of life naming different key events and contextualizes what identity needs they might have. We also explore a user centric view of the hat looks at the digital lifecycle from the perspective of our needs as people in a social context. This may be contrasted with a view of the digital life cycle from governmental, civil society or business perspectives. We end with exploring the implications of going beyond the tension between privacy rights and institutional desires for security and authentication.

This paper builds on some of the key concepts of the paper also submitted to ID360 by Kaliya Hamlin entitled The Field Guide to Identity: Context, Identifiers, Attributes, Names and More

The first part of the paper draws  the key concepts from that paper and go on to articulate to ask critical questions that are particular to the Digital Life Cycle. It is an attempt to layout a research program for a user centered view of the digital life cycle.

The second part of the paper charts key life stages and identity events along with community and institutional interactions that are likely.  We would like to work with the organizers of the conference to have a interactive wall sized paper map available in the conference center as the event is happening to both consider each phase from the individual’s point of view and the institutions and potentially contextualize the contributions of different papers/presentations on the map.

Key concepts:

Identity is socially constructed and contextual.

More and more at earlier and earlier ages, we are given identifiers by the state, medical institutions and educational institutions that signify who we are in the social field.
How do our identities evolve through an interaction between our bio/social roots and the institutional identifiers we are assigned?

When are we recognized as a person?

Do we think of ourselves as our drivers license, or library card identifiers??Does our online representation play out in the development as human identities?

Self as a Part of Something Greater

We are defined by who we are, connected to our identities as part of something greater.
Do online identities support that sense of being part of a larger whole?

Context of Observation

The context of observation matters for shaping our identities. It defines the scope of our freedom expression our ability to make choices about context. There are three different types of observation that are quite different.

Being Seen – a mutual act. I see you, You see me. We see each other.  ?How do digital social networking identities help us see each other?

Being Watched – This is where one is observed but it is not known by the person who is looked at.  There may be interaction between actors, but there is less of an  “I- thou” quality. How do we know when we are being watched?   In small society social interactions, we grow up being watched and knowing that we are being cared for.
How do our online identities help us be seen as we mature?

Being Stalked – This is what happens when the watching shifts from an appropriate happenstance window of time and space to  watching over time and space – to following and monitoring our behavior without our knowledge. Recent attention to government surveillance and corporate access to our most intimate online interactions gives rise to anxiety over privacy/anonymity.
How do we create principles that allow for control over the stalking?

Self in Mass Society

The self is shaped differently by living in a mass society.
The first systems of mass identity were paper and bureaucratic record keeping of the state as way to give abstract identity to citizens to provide them services and to control their movement. It is vital to remember that we are not our government issued paperwork.

We are people with our own identities, our own relational lives in our communities. We must not mistake how identity in mass society operates for what it is a system, a set of technologies to manage identity in mass society.
How can we create systems of digital identity that recognize and support our having continuity across governmental, educational and medical systems, that protect our first amendment and privacy rights?

Self in Communities

Communities provide the middle ground in between the Small Society and Mass Society modalities of Identity. Communities of interest, communities of practice and geography give us the affordance to move between different contexts and develop different aspects of ourselves. This type of contextual movement and flexibility is part of what it mean to live in cities and particularly large cities, where people in one context would not necessarily share other contexts. We need to work to ensure the freedom to move between communities is not implicitly eroded in the digital realm. One key way to do this is to build digital systems that people have the capacity to use non-corelateable identifiers (pseudonyms) across different contexts they do not want linked.

Self in relationship to Employers

The power relationship between an employee and an employer is quite clear.  This power relationship is NOT the same of an individual citizen’s relative to their government or the power relationship of a person relative to communities they participate in. There is a tension between the employers rights and responsibilities and the individual employees rights and responsibilities.
For example, should an employer have the “right” to access an employee’s private social network activities, or surveillance of their life outside the workplace?
What are the digital assets that are uniquely the employer or employee?
How can standards apply across the business world??

Other areas we wish to explore:

  • Self in Relation to Peers
  • Self in Relation to the Education System
  • Self in Relationship to the Medical System and Social Services
  • Self in Relation to the State

Power and Context

The Self in a Small society is embedded in a social mesh one can not escape. There is no “other place” and one is defined in that society and because it is so small one can not leave. The self in a Mass society is in a power relationship with the state. Where one has rights but one also must use the identification system they issue and manage to interact and connect with it.

The self in community gets to navigate a myriad of different communities ones each with its own social constructions and how power operates and flows within it. (egalitarian, religions, social)communities, work places (traditional owner – worker | worker owners | holocracy).  These communities, needs and responsibilities change over a person’s lifetime.
How can consistent, yet user centered identity frame works support this development?

Where to Start

The start of all our conversations about people’s identity comes from being embodied being in a social context.  Online digital identifiers and systems at their best should support the unfolding of our identities, help us access institutional and government services, as well as help those systems provide better service.

Contexts in which Identity Lifecycle issues arise:

We are at the beginning stages of exploring how from a person’s perspective, their online identities can evolve.  This is in the process of being refined by looking at the identity needs of the individual, the state and businesses and where those interests might clash.  This is a long term research project that we are initiating  The idea is to go  beyond the usual clashes of privacy and personal rights vs big data.  Etc/

This is the beginning of a research project that we are just initiating.
We invite the collaboration of the ID360 and other professional and academic communities.

 

Person’s View Institutional View
Pre-Birth  
Prenatal Screening
Birth
Naming
National Identity Number
Community Acknowledgement
Enrollment in Mass Society
Medical Info
Adoption
Kid
School
After-School
Camp
Sports
Arts
Online social networks
Gaming
Medical
Biometrics
RFID Tags
            
Teen
Self Expression / Identity Exploration Online
School ID
Drivers License
Banking Info
Medical
Sports
Social Networking
Work related
Student
University/Trade School
Student Loan
Social Identity
Adult
Economic Realm
Consumer
Worker
Owner
Owner of major items such as
            Car/Home
            Social Identity
            Computers / Portable Devices
Financial
Community Realm
Political affiliation
local, state/provincial  and national government, rights and responsibilities
(Taxation, licensing, relation to court systems, permits etc)
Voting Eligibility, residential status, citizenship, entitlement programs
Religious Affiliation
Interest Groups
Service Groups
Special Needs
Mental Disabilities
Physical Disabilities
Relational
Married
Partnered
Parental
Divorce
Blended Families
Elder
Retirement
Deteriorating Mental /Physical Condition
Death
Post Death Digital Life

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 1 Intro + What is Identity

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.

Introduction

I was attending a day long think tank called Forces Shaping the Future of Identity hosted by the Office of the Director of National Intelligence and facilitated by the Institute for the Future. A man in the audience pipped up “Are we going to Define what we mean by Identity?” I smiled :).  One can’t go very far in a conversation about identity before someone asks “that” question. It always is asked when space is opened up to discuss the topic.
I have been engaged with communities of technology professionals and with forward looking civil society organizations circling around the question what is Identity for over 10 years. The simple one-liner comprehensive definition that I use is Identity is socially constructed and contextual. However it’s just one line.  This paper is a Field Guide covering core concepts along with a visual language to represent them so we can talk about it in a meaningful way across the whole lifecycle from cradle to grave, both online and off and in other times.  It builds on the model we used for the Field Guide to Trust Models that I co-wrote last year for the ID360 Conference.

Part 2: Names, Part 3: Identifiers  Part 4: Name Space, Attributes and Conclusion.

This is Part 1:

What is Identity?

Identity is socially constructed and contextual.

Our sense of self arises first from our social interactions with our family of origin.  Humans are unique animals in that 80% of our brain growth happens outside of the womb in the first three years of life. Our family of origin is within the context of a community and in this age broader society that ultimately reaches to be global in scope.
The names we have, identifier systems, attributes that are articulated all depend on our context and from there the social constructions that define these.

Sense of Self

We are told who we are by our family – they give us a name and share with us who we are.

When does it begin? When people recognize you?

When are we recognized as a person?  Different cultures have different traditions.
I have had a connection with the 3HO Sikh community. When a woman is 120 days pregnant there is a celebration to welcome the spirit of the child into the community. Women who give birth in that tradition stay at home and don’t go out for 40 days after the child is born.

Self as a Part of Something Greater

We are defined by who we are connected to. Our identities as part of something greater. Children seek to understand their environment to understand where they fit in. An example from my childhood is one my first memories.  I remember a Canada Day Celebration we attended in Hastings Park. Being Canadian is to be mutli-cultural. The day had different ethnic communities performing on a stage different folk dances while dressed in traditional dress. At some point they handed out Canadian flags on 30 centimeter (12 inch) flag poles with a stand made out of shiny gold colored plastic in a box. It symbolizes this point in time where I understood myself to be part of something bigger to be part of the nation I was born in along with understanding some key values.

Projection of Self

We begin to understand who we are by projecting ourselves into these contexts we find ourselves and learning from the response – shaping ourselves.
There is an African saying/word –  Ubuntu – I am because you are. We are the authors of each other.

Context of Observation

The context of observation matters for shaping our identities. It defines the scope of our freedom expression our ability to make choices about context.
There are three different types of observation that are quite different.

Being Seen – a mutual act. I see you, You see me. We see each other.

Being Watched – this is where one is observed but it is not known by the observee. However it is known to the observee that they might be watched for example walking down one’s street, one knows that one could be seen by any of one’s neighbors looking out their window. One also knows that being inside of one’s own home prevents one from being watched. When walking into a store one knows that the storekeeper will see us, watch us in the store and we know that when we leave the store they will not be able to watch us. When we return to the same store they will likely recognize us (because we are returning in the same body) and know something about us based on prior interactions. In time a relationship of knowing might develop.
It should be noted that our bodies in physical space give away attributes about us that we can not proactively hide. Because we live in a society that is full of implicit bias the experiences of different types of people is different in the world.  Banaji’s work on implicit bias is a starting point. Following the Trayvon Martin verdict the president gave a speech where he said that before he was president he regularly was shadowed while shopping in stores because he was stereotyped. My partner had this happen to him this fall while shopping at Old Navy and it was not the first time.

Being Stalked – This is what happens when the watching shifts from an appropriate happenstance window of time. To watching over time and space – to following and monitoring our behavior without our knowledge.

Self in Small Society

I have often heard it said that with the advent of what appears to be ubiquitous digital identity and the fact that we can be “seen” is just like it was when we lived in small societies.

In small societies it is said that there is no privacy – everyone knows everyone’s business. Their is another layer there is a relational human connection that weaves the people in this context together.

They know each other, they can understand when they are seen and know they are being watched as the move about town.

In a a small society you also know when you are not being watched when you are in your own home with your blinds drawn.

A mesh-network of relationships that form over life and inter-generationally that inform identity and role in the society.

Self in Mass Society

The self of is shaped by living in a mass society.

We developed systems using the technology of paper and bureaucratic record keeping of the state as way to give abstract identity to citizens to provide them services. This began first with the pensions given to civil war veterans. In the 1930’s a system was developed to support people paying for and getting Social Security benefits. The advent of cars as machines that people operate gave rise to the development of licensing of people to be able to drive the vehicles. These all assigned people numbers by the state so they can present themselves to the state at a future time and be recognized. It is vital to remember that we are not our government issued paperwork. We are people with our own identities, our own relational lives in our communities. We must not mistake how identity in mass society operates for what it is a system, a set of technologies to manage identity in mass society.

Self in Communities

Communities provide the middle ground in between the Small Society and Mass Society modalities of Identity. Communities of interest, communities of practice and geography give us the freedom to move between different contexts and develop different aspects of ourselves. This type of contextual movement and flexibility is part of what it mean to live in cities and particularly large cities. Where people in one context would not necessarily share other contexts. The freedom to move between different contexts exists in the digital real. The internet enabled those in more remote locations to also participate in communities of interest and practice well beyond what they could access via their local geography. We need to work to ensure the freedom to move between communities is not implicitly eroded in the digital realm. One key way to do this is to ensure that people have the freedom to use non-corelateable identifiers (pseudonyms) across different contexts they do not want linked.

Self in relationship to Employers

The power relationship between an employee and an employer is quite clear. The employer does the vetting of potential new employees. They are hired and given access to the employers systems to do work for them. When the employee was no longer working for a company because of any number of reasons – retirement, resignation, termination – the employer revokes the employees ability to access those services. This power relationship is NOT the same of an individual citizen’s relative to their government or the power relationship of a person relative to communities they participate in. In both cases the person has an inherent identity that can not be “revoked”.

Power and Context

The Self in a Small society is embedded in a social mesh one can not escape. There is no “other place” and one is defined in that society and because it is so small one can not leave.

The self in a Mass society is in a power relationship with the state. Where one has rights but one also must use the identification system they issue and manage to interact and connect with it.

The self in community gets to navigate a myriad of different ones each with its own social constructions and how power operates and flows within it. (egalitarian, religions, social) communities, work places (traditional owner, worker | worker owners | holocracy).

Abstraction

The start of all our conversations about people’s identity comes from being embodied beings. The beauty of the digital realm is that we can abstract ourselves from our bodies and via digital identities interact via digital media. This gives us the freedom to connect to communities beyond those we could access in our local geographic location.

Atoms and Bits

Atoms and Bits are different. The difference between them is still not well understood.

  • “Atoms” Physical things can only be in one place at one time.
  • “Bits” Can be replicated and be in two or more places at once.

Physical Body

Atoms – We each have only one physical body. Our physical bodies can only be in one physical place at once. It is recognizable by other humans we meet and interact with. Because it is persistent we can be re-recognized and relationships can grow and evolve based on this. When we move between contexts in physical space – we can be recognized in different ones and connections made across them. We also have social norms, taboos and laws that help us maintain social graces.

Digital Representation

Bits – When we create digital representations of ourselves we get to extend ourselves – our presences to multiple places at the same time. We can use a digital identity that is strongly linked to the identity(ies) and contexts we use/have in the physical world. We also have the freedom to create a digital representation that steps out of the identity we occupy in the physical realm.

We can be an elf or an ork in a online game.
We can cloak our gender or choose to be a different gender.
We can cloak our race or choose to be a different one when we represent ourselves online.
We can interact on a level playing field when in the physical realm we are confined to a wheel chair.

These identities we create and inhabit online are not “fake” or “false” or “not real”. They are representations of the self. The digital realm is an abstraction and gives us the freedom to articulate different aspects of ourselves outside of the physical world.

Digital Dossier

In the digital realm because it is en-coded means that our our movements around digital space leave trails, records of the meta-data generated when we click, type, post a photo, pay for a song do basically anything online. We leave these behind and the systems that we interact with collect them and reconstruct them to develop a digital dossier of us. This behavior if it happened in the world of atoms in the physical space would be considered stalking. We have a stalker economy where our second selves are owned by corporations and used to judge us and target things at us.

Power in Space & Relationships

The freedom of people to transend aspects of identity from the physical world is disruptive to some of default power dynamics.

Disrupting Privilege

The push back against Google+’s requirement for the use of “real names” was lead by women and others who use the freedom of the digital realm to step out of the bias they experience in the physical world.

The people who were pro-real name were largely white men from privileged positions in the technology industry and implicitly through the support of the policies wanted the default privileges they enjoyed in the physical realm to continue into the digital.

Shape of Space

In the physical world we understand how different physical spaces work in terms of how big they are, how many people are in them, what the norms and terms and conditions are. We know that based on these we have a social understanding.

The challenge in the digital world is that the space is shaped by code and defined by the makers of the contexts. These contexts can change at their will. As has happened repeatedly with Facebook’s changing settings for who could see what personal information. This instability creates mistrust particularly by vulnerable people in these systems.

The commercial consumer web spaces currently have a structure where they collect so much information about us via their practices of stalking us digitally. They have enormous power over us.

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 2: Names

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.

Part 1: Intro + hat is Identity?   Part 3: Identifiers  Part 4: Name Space, Attributes and Conclusion.

This is Part 2:

Names

Names are what we call ourselves and what others call us. They are a special kind of identifier because they are the link between us and the social world around us. We present ourselves using names so people know how to refer to us when talking to others or call us when they are talking to us. They convey meaning and have power.

Digital devices can also have names are defined by the administrators of these devices. Places have names given to them by people in a given context these help us refer to a geographic location. It should be noted that the names first nations (indian or native american) people had for places are different then the ones that the American’s colonized their land used.

Given Names

These are the names our parents give us when we are born. In America we have a naming convention of a first name and last name. This convention originates from ___ when states were seeking to impose control.

Name structure in various cultures

Different cultures have very different naming conventions. In Hong Kong their is a convention of an english first name written in English and a Chinese character written last name. In Mayanmar everyone has a first name.

Meaning in Wisdom Traditions

Different wisdom traditions ascribe different ways to interpret and ascribe meaning in names.

NickName

These arise when people start to refer to us by a different name then the name we might give ourselves. We can take these on and they can become our name. They might arise from our families, from school, from sports teams, social clubs, work places. In these different contexts, the name that we are referred to may have nothing to do with the name our our birth certificate and the people using the name to refer to us.

Name on Government Issued Paperwork

We have a convention in the liberal west of registering names with the state. This originated out of several practices in the last several hundred years. One key aspect of this is to both provide services to citizens but also to control citizens.

Pen Name / Stage Name

A name used by artists for their artistic expression and authorship. It does not match the name on government issued paperwork and is often used to obscure the link between such authorship and government paperwork names so that they are free to express themselves artistically.

Autonym

A name that one uses to refer to themselves. An example is that when Jorge Mario Bergoglio became pope he chose to become Pope Francis.

Pseudonym

A name that one uses to interact in various contexts that may be linked one’s name on one’s government issued paperwork. Bob is clearly linked to the name Robert or Barb to Barbara or Liz to Elizabeth on government issued paperwork. It is important to note that many non-european languages also have examples of these.

Mononym

This is name consisting of a single word. Examples include Stilgarian and Sai. Madona or Cher are examples of Pseudonymous, Mononym, Stage Names

Handle

A name that one uses to represent ones digital identity in online contexts. It arose in computer culture when people needed to have a user name within a computer system. This is closely related to Screen names.

Screen Name

The name that one chooses to have displayed on screen. In a system like World of Warcraft the service knows identity information of their clients who pay monthly to access their service. They choose to support those player presenting to the other players on the system and forums a “screen name” that reflects their gaming persona or character name.

Name Haystack

Different Names have different qualities of hiding in the haystack of the similar or the same names. Some people have huge name – haystacks where tens of thousands people have the same name – Mike Smith, Joe Johnston, Mohamed Husain, Avi Blum, Katherine Jones. Mike Garcia who works for NIST said that there were 17 different Mike or Michael Garcia’s. People use pseudonyms to help manage the fact that name-haystacks exist making them more or less identifiable depending on the size of theirs.

Roles

RBAC – Roll Based Access Control is based on managing the rights and privileges for digital systems based on roles. When a person gets a role assigned to them the inherit the privileges.

Community groups also have different roles that might have . Earn role from getting a degree.

Titles, Given and Created

There is a history of titles being pasted down.

Eastern Wisdom Traditions pass them down from guru to student creating lineage’s.

I have had conversations with friends about who the next “Identity Woman” might be. This identity that I have constructed to hold an aspect of my self – work focused on people’s rights around their digital selves. I could see at some point handing this identity over to someone else who wants to continue the torch over.

Collective Single Identity

Theses identities are co-created by two or more people. They are managed and maintained and people jointly act together to create a persona.

 

 

 

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 3: Identifiers

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.

Part 1:  Intro + hat is Identity?   Part 2: Names   Part 4: Name Space, Attributes and Conclusion.

This is Part 3:

Identifiers

For people Names are a special class of Identifiers. They are both self-asserted by people and are used to refer to them and acknowledge them in social context.

System Identifiers

In systems, bureaucratic, digital and techno-bureaucratic identifiers are alpha numeric string pointers at/for people in systems.

This may seem simple but their are many different types and a person with a record in a system will likely have more then one type. To get these different types of identifiers I will share different examples.

Persistent Correlateable Identifiers

This type of identifier is re-used over time within contexts and across multiple contexts.

Examples

Student Number - When I enrolled at my university I was assigned an 8 digit student number. This number was persistent over my time as a student at the school. When interacting with school institutions I was asked to share this number so that activity could be linked together across different facets of the institution.

Social Security Number – This number is issued by the federal government to those born in the US as part of the standard process for being born. It is meant to help those who submit money to the SSN system and when they retire be able to collect money from the system.

Phone Number - People today often have a personal number that they use across many different contexts. It is common place to ask for a phone number to be able to contact a person. What people don’t know is that those are used to look people up in data broker services. The phone number is used to link together activity across contexts.

E-mail Address - Many people have one personal address and use it These are often used across different contexts. What people don’t know is that those are used to look people up in 9data broker services like RapLeaf.

Directed Identifiers

A directed identifier is created to support individuals using different identifiers in different contexts. The purpose of this is to inhibit the ability to link records across contexts.

Examples

The British Columbia eID System – This system enrolls citizens and issues a card to them. When the card is used to access different government systems by the citizens. It does not use one identifier for the citizen. Rather for each system it uses a different identifier for the system – an identifier directed for a particular system.

Defacto Identifiers

By combining a name names, and key attributes together systems use this combination to create a defacto identifier which uniquely identifies a person often in the context of a whole society. An example is the us of “name” “birth date” and “birth place”. It seems innocent enough to be asked for one’s name, birthdate and place but this becomes a persistent correlateable identifier to link and track activity across many systems. The creation of defacto identifiers that are persistent and correlateable limits people’s ability to control how they present in different contexts.

Opaque Identifiers

An opaque identifier is one that does not give away information about the subject it identifies.

Examples of Opaque Identifiers

The BC Government eID program has at its core an opaque identifier on each card – it points to their card record. It is just a number with no meaning. If they loose their card a new opaque identifier is issued for their next card.
Examples of Non-Opaque Identifiers

National Identity Number in South Africa contains a lot of information it is a 13-digit number containing only numeric characters, and no whitespace, punctuation, or alpha characters. It is defined as YYMMDDSSSSCAZ:

  • YYMMDD represents the date of birth (DoB);
  • SSSS is a sequence number registered with the same birth date (where females are assigned sequential numbers in the range 0000 to 4999 and males from 5000 to 9999);
  • C is the citizenship with 0 if the person is a SA citizen, 1 if the person is a permanent resident;
  • A is 8 or 9. Prior to 1994 this number was used to indicate the holder’s race;

• Z is a checksum digit.

The US Social Security Number is created via a formula and so the number gives away information about the person it identifiers.

Phone numbers give away information about the metro region that a person was issued the number from.

End-Point

Some identifiers that represent people are also end-points to which messages can be sent.

Physical Address

It is often forgotten in conversations about digital identity that we had a system of end-points for people before networks known as a mailing address. They system of mailing addresses was developed and is maintained by the US postal service.

Network Address

Phone Number – Now with cellular phones people have their own phone numbers (not just one for a household or their workplace as a whole). This permits both voice calls being made, text messages and MMS Multi-Media messages. The name space for phone number originates from the ITU-T. They are globally unique. They are also recyclable.

E-mail Address – These addresses permit people to send messages to the address they have. They are globally unique. The name space for domain names resides with ICANN. They are also recyclable.

Device Identifier

Many digital devices have unique identifiers. Activity on digital networks can be linked together by tracking these activity originating from particular devices even if people using them .

Non-End-Point

These are identifiers that do not resolve in digital or physical networks.

Document Identifiers

Documents like birth certificates have serial numbers that identify the document.

Document Validation Systems

These systems are used to look up which documents are infact valid. When properly constructed they don’t give away any information about the person. Those using the system type in the serial number of the document and information it contains and the system simply returns a Yes/No answer about weather it is valid or not.

Beacons

A beacon actually broadcasts from a digital device a persistent correlateable identifier to any device that asks for it. It creates a form of tracking people and their devices in the physical world.

Examples

RFID chips, cellular phones, laptop computers

Polymorphic

These systems generate different identifiers depending on context.

Examples

The BC eID system way of using one card that then supports the use of different identifiers depending on context.

Time Limited & Revocable

Some identifiers are created and point at a person but are revocable. An example is a phone number that is after one stops paying one’s phone bill for a month is re-assigned to another person. An employee at a company may have an employee number that is revoked (no longer valid) once employment is terminated. A passport number is an identifier that has a time limit it is good for 5 or 10 years. A landed immigrant card (green card) in the US is only good for 10 years.

Un-Revocable

These identifiers are persistent and are not revoked. Examples include Social Security Numbers.

Identifier Issues

Identifier Recycling

Some identifiers are in systems where identifiers that point at one person can be discontinued (they stop paying their phone bill or using their e-mail address) and then the identifier can be re-assigned to a different user.

Delegation (Acting on Behalf of Another)

This functionality is critically to a variety of user populations. Elders who want to delegate access to their accounts children. Service professionals who have contractual relationships with clients such as an accountant managing access to financial & tax records. Most systems are designed with an assumption that people themselves are the only one accessing accounts. This creates a problem when people want to delegate access they have to turn over their own credentials so the person they are delegating to “pretends” to be the actual user.

Stewardship (Care-Taking – Oversight)

Their is another role that is slightly different then delegation when someone turns over a power of attorney like function for a particular account/set of functions. Stewardship of identity is the type of relationship a parent has for a child’s identity or the type of care needed to help the mentally disabled with their interactions online.

The Mesh of Pointers

We end-up with a way that identifiers work together as a web of pointers towards a particular individual.

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 4: Name Spaces, Attributes, Conclusion

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.

Part 1: Intro + What is Identity?   Part 2: Names   Part 3: Identifiers

This is Part 4:

Name Spaces

Different identifier systems work differently some originate from physical space and others operate purely in the digital realm.

Local

A great example of a local name space in the physical world is a school classroom. It is not uncommon in american classrooms that when there is a name space clash – that is two people have the same name in the same space – they take on different names to be identifiable within that context. Take for example those with the names “Stowe” “Fen” and “Chris” – each is one part of the name Christopher : Chris – Stowe – Fer. When they were in grade school each took on a different part of the name and it stuck with them.

Global

These names spaces mean that identifiers within them are unique and global. Phone numbers, domain names and thus e-mail addresses.

Private

Some private name spaces seem like global name spaces but they are run by private companies under privately decided terms and conditions. Examples include skype handles, twitter handles,

International Registry

These are identifiers in a global space that are registered and managed globally an example is domain names.

Attributes

Self Asserted

These are attributes that people self defined. They include things that are subjective like “favorite color” or “name”

Inherent

These arise from the individual and typically do not change (such as birth date) and are not as morphable. Sex and ethnic identity are things that people have and display in the physical world that don’t (typically) change throughout one’s life.

Ascribed

These are attributes that are given to us by others or by systems. This may include names that are imposed on us by social convention and or power relationships.

Assigned

These are attributes that are given to us by others or by systems.

Examples:

Social Security Numbers are assigned by the Social Security Administration.

Conclusion

Identity is a big topic and outlining the core concepts needed to understand it was the purpose of this paper. We need to think about how the systems that manage identity are structured. Are they designed to have power over people, supporting people having power with one another or enabling power to be networked between us to create something greater then ourselves. These questions are relevant across the whole life-cycle of identity from cradle to grave.

Core Concepts in Identity

One of the reasons that digital identity can be such a challenging topic to address is that we all swim in the sea of identity every day.  We don’t think about what is really going in the transactions….and many different aspects of a transaction can all seem do be one thing.  The early Identity Gang conversations focused a lot on figuring out what some core words meant and developed first shared understanding and then shared language to talk about these concepts in the community.

I’m writing this post now for a few reasons.

There is finally a conversation about taxonomy with the IDESG – (Yes! after over a year of being in existence it is finally happening (I recommended in my NSTIC NOI Response  that it be one of the first things focused on)

Secondly I have been giving a 1/2 day and 1 day seminar about identity and personal data for several years now (You can hire me!).  Recently I gave this seminar in New Zealand to top enterprise and government leaders working on identity projects 3 times in one week.  We covered:

  • The Persona and Context in Life
  • The Spectrum of Identity
  • What is Trust?
  • A Field Guide to Internet Trust
  • What is Personal Data
  • Market Models for Personal Data
  • Government Initiatives Globally in eID & Personal Data

[Read more…]

Getting Started with Identity

Welcome to the Identity Woman Blog

I am an advocate for the rights and dignity of our digital selves.

Where I am in the World:

I live on the East Bay of the San Francisco Bay.

She’s Geeky  San Jose, January 30-Feb 1. Register now!

The Unconference for women in STEM that I founded in 2007.

Internet Identity Workshop  April 7-9. Register Now!

The amazing workshop I founded to make user-centric ID real.

 

Latest Media with Me:

Open protocols and open people: preserving the transformational potential of social media  An article on Open Democracy in the Transformation section I was invited to write by Michael Edwards.

NSTIC in Tech President: In Obama Administration’s People-Powered Digital Security Initiative, There’s Lots of Security, Fewer People 

Article on the BC eID Citizen Engagement Panel in Re:ID. PDF: reid_spring_14-BC

Fast Company Live Chat: On Taking Back Your Data

Fast Company: World Changing Ideas of 2014: You Will Take your Data Back

My Papers:

Posts about Identity:

  •  NymWars – My Personal Saga with Google in the [psuedo] NymWars to use the name I choose on their service – annotation of all my posts.
  • My speech at the Digital Privacy Forum in January 2011 articulating a vision that goes beyond “Do-Not-Track” vs. Business as Usual, creating a new ecosystem where people collect their own data.

Posts on NSTIC:

  • Participatory Totalitarianism! – My TEDxBrussels Talk about how if we don’t get this NSTIC stuff right we will end up in a really creepy world.  It references my struggles with Google+ to use the name I chose for my online self.

 

Organizations and Events I share leadership in:

  • I am the co-founder and CEO of The Leola Group - Building a Digital Freedom Layer.  It is one of the most exciting things I have done.  We are hiring! We are building cool things and working to transform the internet.
  • I co-founded, co-produce and co-facilitate the Internet Identity Workshop #20 is April -9 in Mountain View, CA. This conference has focused on User-Centric Identity since 2005.
  • I am a steward of Identity Commons which keeps all the organizations and groups working on user-centric identity linked together.
  • I am the volunteer network director at Planetwork.net the civil society organization I have been affiliated with since 2003.
  • I founded She’s Geeky a women’s only unconfernece for those in Technology and STEAM fields (Science, Technology, Engineering, Art and Math)
  • I co-founded Digital Death Day and work with that community to continue to host events on the issue. You can see a video of me talking at Privacy Identity and Innovation about this. The next conference is in London on October 6th.
  • I own a business Unconference.net that designs and facilitates participant driven events for a range of clients (IIW, She’s Geeky and Digital Death Day are all Unconferences).

Is Google+ is being lynched by out-spoken users upset by real names policy?

Following my post yesterday Google+ says your name is “Toby” not “Kunta Kinte”, I chronicled tweets from this morning’s back and forth with  Tim O’Reilly and Kevin MarksNishant  KaushikPhil Hunt,  Steve Bogart and Suw Charman-Anderson.

I wrote the original post after watching the Bradley Horwitz (@elatable) – Tim O’Reilly (@timoreilly) interview re: Google+. I found Tim’s choice of words about the tone (strident) and judgement (self-righteous) towards those standing up for their freedom to choose their own names on the new social network being rolled out by Google internet’s predominant search engine disappointing.  His response to my post was to call me self-righteous and reiterate that this was just a market issue.

I myself have been the victim of a Google+ suspension since July 31st and yesterday I applied for a mononym profile (which is what it was before they insisted I fill out my last name which I chose to do so with my online handle and real life identity “Identity Woman”) 

In the thread this morning Tim said that the kind of pressure being aimed at Google is way worse then anything they are doing and that in fact Google was the subject of a “lynch mob” by these same people.  Sigh, I guess Tim hasn’t read much history but I have included some quotes form and links to wikipedia for additional historial context.

Update: inspired in part by this post an amazing post “about tone” as a silencing/ignoring tactics when difficult, uncomfortable challenges are raised in situations of privilege was written by Shiela Marie.  

I think there is a need for greater understanding all around and that perhaps blogging and tweeting isn’t really the best way to address it.  I know that in the identity community when we first formed once we started meeting one another in person and really having deep dialogues in analogue form that deeper understanding emerged.  IIW the place we have been gathering for 6 years and talking about the identity issues of the internet and other digital systems is coming up in mid-October and all are welcome.  The agenda is created live the day of the event and all topics are welcome.

Here’s the thread… (oldest tweets first)

 Note all the images of tweets in this thread are linked to the actual tweet (unless they erased the tweet).  [Read more…]

Google+ says your name is “Toby” NOT “Kunta Kinte”

This post is about what is going on at a deeper level when Google+ says your name is “Toby” NOT “Kunta Kinte”. The punchline video is at the bottom feel free to scroll there and watch if you don’t want to read to much.

This whole line of thought to explain to those who don’t get what is going on with Google+ names policy arose yesterday after I watched the Bradley Horwitz – Tim O’Reilly interview (they start talking about the real names issue at about minute 24).

[Read more…]

Lets try going with the Mononym for Google+

Seeing that Google+ is approving mononyms for some (Original Sai, on the construction of names Additional Post) but not for others (Original Stilgherrian Post Update post ).

I decided to go in and change my profile basically back to what it was before all this started.  I put a  ( . ) dot in the last name field.  In my original version of my google proflile my last name was a * and when they said that was not acceptable I put my last name as my online handle “Identity Woman”.

[Read more…]

“Million” Persona March on Google

Just reading more posts people are pointing at and surfacing re: google+ and erasure. I was “erased” today (from being able to use Google+ not my gmail account) but this isn’t about me, its about the Persona’s.

You know IRL (in real life) when people kill you they suffer legal consequence, here with real persona it’s open season.  Its not right.  (Just read Raef’s Declaration of the Rights of Avatars – among the many bills of rights re: online identity and privacy I have collected).

So lets organize a March on Google for the rights of people with Persona’s.

Google+ and my “real” name: Yes, I’m Identity Woman

When Google+ launched, I went with my handle as my last name.  This makes a ton of sense to me. If you asked most people what my last name is, they wouldn’t know. It isn’t “common” for me.  Many people don’t even seem to know my first name. I can’t tell you how many times I have found myself talking with folks at conferences this past year and seeing ZERO lighbulbs going off when I say my name “Kaliya”, but when I say I have the handle or blog “Identity Woman” they are like “Oh wow! You’re Identity Woman… cool!” with a tone of recognition – because they know my work by that name.

One theory I have about why this works is because it is not obvious how you pronounce my name when you read it.  And conversely, it isn’t obvious how you write my name when you hear it.  So the handle that is a bit longer but everyone can say spell “Identity Woman” really serves me well professionally.  It isn’t like some “easy to say and spell” google guy name like Chris Messina or Joseph Smarr or Eric Sachs or Andrew Nash. I don’t have the privilege of a name like that so I have this way around it.

So today…I get this

I have “violated” community standards when using a name I choose to express my identity – an identity that is known by almost all who meet me. I, until last October, had a business card for 5 years that just had Identity Woman across the top.

Display Name – To help fight spam and prevent fake profiles, use the name your friends, family, or co-workers usually call you. For example, if your full legal name is Charles Jones Jr. but you normally use Chuck Jones or Junior Jones, either of these would be acceptable. Learn more about your name and Google Profiles.

[Read more…]

The Trouble with Trust, & the case for Accountability Frameworks for NSTIC

There are many definitions of trust, and all people have their own internal perspective on what THEY trust.

As I outline in this next section, there is a lot of meaning packed into the word “trust” and it varies on context and scale. Given that the word trust is found 97 times in the NSTIC document and that the NSTIC governing body is going to be in charge of administering “trust marks” to “trust frameworks” it is important to review its meaning.

I can get behind this statement: There is an emergent property called trust, and if NSTIC is successful, trust on the web would go up, worldwide.

However, the way the word “trust” is used within the NSTIC document, it often includes far to broad a swath of meaning.

When spoken of in every day conversation trust is most often social trust.

[Read more…]

Alignment of Stakeholders around the many NSTIC Goals

 

The Many Goals for the Identity Ecosystem & NSTIC Governance

The NSTIC governance NOI articulates many key activities, qualities and goals for a governance system for NSTIC. NSTIC must:

  • convene a wide variety of stakeholders to facilitate consensus
  • administer the process for policy and standards
  • development for the Identity Ecosystem Framework in accordance with the Strategy’s Guiding Principles
  • maintain the rules of participating in the Identity Ecosystem
  • be private sector-led
  • be persistent and sustainable
  • foster the evolution of the Identity Ecosystem to match the evolution of cyberspace itself.

Achieving these goals will require high-performance collaboration amongst the steering group and all self-identified stakeholder groups. It will also require earning the legitimacy from the public at large and using methods that surface their experience of the Identity Ecosystem Framework as it evolves.

[Read more…]

Proactive Development of Shared Language by NSTIC Stakeholders

This is the “punchline section” (in my response it is after what is below…the history of collaboration in the identity community):

Proactive Development of Shared Language by NSTIC Stakeholders

In 2004-5 the Identity Gang (user-centric identity community) was 1/10 the size of the current NSTIC stakeholder community.  It took us a year of active grassroots effort to develop enough common language and shared understanding to collaborate. NSTIC doesn’t have 5-10 years to coalesce a community that can collaborate to build the Identity Ecosystem Framework. To succeed, the National Program Office must use processes to bring value and insight while also developing  shared language and understanding amongst stakeholders participating.

[Read more…]

National! Identity! Cyberspace!: Why we shouldn’t freak out about NSTIC.

This is cross posted on my Fast Company Expert Blog with the same title.

I was very skeptical when I first learned government officials were poking around the identity community to learn from us and work with us.  Over the last two and a half years, I have witnessed dozens of dedicated government officials work with the various communities focused on digital identity to really make sure they get it right. Based on what I heard in the announcements Friday at Stanford by Secretary of Commerce Locke and White House Cybersecurity Coordinator  Howard Schmidt to put the Program Office in support of NSTIC (National Strategy for Trusted Identities in Cyberspace) within the Department of Commerce. I am optimistic about their efforts and frustrated by the lack of depth and insight displayed in the news cycle with headlines that focus on a few choice phrases to raise hackles about this initiative, like this from CBS News: Obama Eyeing Internet ID for Americans.

I was listening to the announcement with a knowledgeable ear, having spent the last seven years of my life focused on user-centric digital identity.Internet Identity Workshop Logo Our main conference Internet Identity Workshop held every 6 months since the fall of 2005 has for a logo the identity dog: an allusion to the famous New Yorker cartoon On the internet, nobody knows you are a dog. To me, this symbolizes the two big threads of our work: 1) maintaining the freedom to be who you want to be on the internet AND 2) having the freedom and ability to share verified information about yourself when you do want to.  I believe the intentions of NSTIC align with both of these, and with other core threads of our communities’ efforts: to support identifiers portable from one site to another, to reduce the number of passwords people need, to prevent one centralized identity provider from being the default identity provider for the whole internet, to support verified anonymity (sharing claims about yourself that are verified and true but not giving away “who you are”),  support broader diffusion of strong authentication technologies (USB tokens, one-time passwords on cellphones, or smart cards), and mutual authentication, allowing users to see more closely that the site they are intending to do business with is actually that site.

Looking at use cases that government agencies need to solve is the best way to to understand why the government is working with the private sector to catalyze an “Identity Ecosystem”.

[Read more…]

When to share your real name? Blizzard and their Real ID plans.

I was recently CCed in a tweet referencing this article “Why Real ID is a Really Bad Ideaabout World of Warcraft implementing their version of a “Real ID” in a way that violated the trust of its users.

The woman writing the article is very clear on the identity “creep” that happened and got to the point of requiring users to use the Real ID account within the system to post on forums and EVEYWHERE they interacted on company websites.

She articulates clearly why this creates an unhealthy climate and a chilled atmosphere for many users.

[Read more…]

The Identity Spectrum

I published V1 of this in a post on my Fast Company blog about the government’s experiments with identity.
I did a more complete version for the opening talk of the Internet Identity Workshop

The Identity Spectrum gives a understanding of the different kinds of identity that are possible in digital systems. They are not exculsive – you can mix and match. I will define the terms below and discuss mixing and matching below.

Anonymous Identity is on one end of the identity spectrum–basically you use an account or identifier every time go to a Web site–no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don’t reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give “fake” information or true information about yourself–it is up to you.

Socially Validated Identity is an identifier within the context of a social graph that is linked to and because of the social links it is acknowledged by others thus being socially validated

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.

Mixing and Matching on the Identity Spectrum
You could have a socially verified pseudonymous identity. That is people recognize and acknowledge a pseudonymous handle/avatar name by linking to it in a social graph. You can have verified anonymity where attributes about a handle/avatar are ‘verified’ but the all the information about the verified identity (full name, address, birthdate etc) is not reviled.

IIWX Internet Identity Workshop 10, Introductory Talk

I gave this talk at the 10th Internet Identity workshop reviewing the shared history, language, understanding and work we have done together over the last 6 years of community life.

Part of this presentation touched on a timeline of events in the community. Those and more are reflected on this timeline that is beginning to be developed here. IIW11 will be November 9-11 in Mountain View, CA The first ever IIW outside the Bay Area will be happening September 9-10 in Washington DC following the Gov 2.0 Summit with the theme Open Identity for Open Government. The first IIW in Europe will be happening in London likely October 9-10 (dates still to be confirmed) prior to RSA Europe. If you would like to know about when the next IIWs have registration open please join this announce list. TheIdentity Gang is the community mailing list where conversations are ongoing about identity. You can follow modest updates about IIW on twitter via our handle – @idworkshop You can see IIW 10 attendees on our registration page.

its that SXSW picking time of year

200908181123.jpg

This year there are 2200 panels submitted for 300 slots. It is great they are going with community generated ideas for the conference. It is also hard to tell what will be happening in our fast moving industry 7 months from now. PLEASE go to SXSW create an account and then vote for these two :)

I put a lot of thought in to what to put forward this year knowing it would be 9 months out. One of the trends that is just starting to emerge is identity verification – my hunch is that by March this will be a topic getting a lot of attention and worth exploring at SXSW.

Who are you? Identity trends on the Social Web.

“On the Internet Nobody Knows You’re a Dog” Is this famous New Yorker cartoon still true? Twitter is doing verified accounts. Facebook claims everyone using their “real name” gives strong social validation ‘proof’. Equifax is validating age with information cards (digital tokens). We will explore the current trends and their implications for the future.

  1. What is identity?
  2. Why are people doing identity validation?
  3. Who is doing identity validation?
  4. Why are websites seeking people who have had their identities validated?
  5. Is identity validation improving the web?
  6. What are the current open standards in this space?
  7. Are approaches by men and women different about idnetity presentation and validation?
  8. What kinds of businesses are requiring online identity validation for customers?
  9. Is identity validation going to squish “free speech”?
  10. How is this trend changing the web?

With my She’s Geeky hat on: What Guys are Doing to Get More Girls in Tech!

The point of this is to get beyond the women say there are issues in the field and guys say there isn’t – to have guys who know there is an issue and are proactively doing constructive stuff to address it.

Many tech fields have a low percentage of women. If you are a guy do you wonder what you can do about it? Learn about successful strategies and proactive approaches for supporting women you work with and participate in community with. We will even cover some well-intentioned efforts that have gone awry.

  1. How many women by percentage participate in different technical fields?
  2. Why does it matter that they are underrepresented in these fields?
  3. What are the cultural norms that men and women have about performance and self-promotion?
  4. What is Male Programmer Privilege?
  5. What can a guy do who has a sister that is math/science inclined but being steered away from the field?
  6. How have the men on the panel improved things in their workplaces?
  7. How have the men on the panel addressed the challenges that arise in open communities? (that is where you don’t have a boss that fires people for inappropriate behavior/comments)
  8. What are the qualities of a workplace that is friendly for women?
  9. How to go beyond tokenism in workplaces, communities and conferences?
  10. How to encourage women more?

Other interesting Preso/panels covering Identity topics:

The Politics & Economics of Identity Put forward by my friend Liza Sabature of Culture Kitchen and the Daily Gotham Identity Politics” has always been left to the realm of feminist, civil rights activists, aka “minority politics”. This panel will explore the social and political ramifications of the business of identity and reputation. We will talk about the good, the bad and the ugly and what social entrepreneurs, businesses and digital activists are doing to impact this new economy.

  1. What is identity?
  2. What is reputation?
  3. What is privacy?
  4. How have big business historical monetized privacy?
  5. How social media works on identity and reputation?
  6. Online surveillance in the US : DMCA, FISA, Patriot Act
  7. Facebook BEACON : a study on how not to spy on people for fun and profit
  8. Google Adsense or Spysense?
  9. What are Vendor-Relationship Management systems?
  10. Will we need “Identity Management Systems” instead of VRMs?

Distributed Identity: API’s of the Semantic Web Without much conscious thought, most of us have built identities across the web. We fill in profiles, upload photos, videos, reviews and bookmarks. This session will explore the practical use of Social Graph API and YQL to build new types of user experience combining identity discovery and data portability.

Online Gatekeeping: Who Died and Made You King? by Liz Burr As the web becomes more open via social networks, we’re adopting new rules of communication. But who creates these rules? How much does class, race and gender figure into social media policing? We’ll discuss how identity affects social networks, as well as look at how online communities police themselves as participation expands.

  1. Which groups are in control of what is worth sharing via social media?
  2. Are the under-25 community using social media differently?
  3. How do we recognize and confront social media ‘gatekeepers’?
  4. Is our behavior in online communities merely a reflection of offline stereotypes and experiences?
  5. What is the impact of the amplification of social stereotypes online on under-represented groups?
  6. How do we integrate previously, under-represented groups into this more social world?
  7. Is there really such a thing as a “digital ghetto”? If so, is it our responsiblity to combat it?

OpenID: Identity is the platform is put forward by Chis Messina.
I have to say it is really great to have this be put forward so plainly and simply – to “get religion” about user-centric tdentity and its central role in shaping the fugure the social web.

Ignore the hype over social networking platforms and web OS’s! The platform of the social web is identity. Facebook and Twitter Connect are just the beginning of the era of user-centric identity. I’ll go beyond the basics of OpenID and learn how to effectively incorporate internet identity into your apps.

Your Online Identity After Death and Digital Wills

If you died tomorrow, would someone take care of your internet accounts? How do you tell subscribers the blogger has died? Every day people die and no one can access their email. Let’s explore what can be done to manage your online identity after you pass on.

  1. What usually happens to email accounts when a person dies? Policies for Gmail, Yahoo, Hotmail and AOL
  2. What about WordPress.com and Blogger for digital policies concerning the death of a blogger?
  3. Do You have a digital will setup?
  4. Products and services to manage digital wills, electronic correspondence after death and auto replies.
  5. Grief, “You Have Mail” and online memorial services.
  6. Who owns blog content after the death of a blogger?
  7. How to calculate the worth of your website or blog.
  8. How can you manage your online accounts and passwords for easy access after you pass?
  9. What are some recent legal examples of online account ownership disagreements?
  10. How to keep your passwords safe?

How to Benefit from 1-Click Identity Providers by Luke Shepard from Facebook.

Sites across the Web are opening up to support open identity platforms, such as OpenID. How can companies at scale and those with large user bases successfully work with open standards including OpenID, Activity Streams and new social markup language specs? Can companies survive the challenges of incorporating OpenID into their websites?

  1. Are there any success stories with OpenID?
  2. What does the OpenID user experience look like?
  3. Who has implemented OpenID?
  4. What have been some of the failures of OpenID?
  5. What is OpenID?
  6. What are the user benefits of OpenID?
  7. How can websites educate users about open protocols?
  8. What are the privacy concerns around OpenID?
  9. What kind of user data is made available to sites when they implement OpenID?
  10. What will it take for OpenID to become mainstream?

Crime Scene: Digital Identity Theft


OpenID Momentum continues

Dave posted today on the OpenID.net blog articulating the accomplishments of the past year.

I think it is important to acknowledge the significant progress OpenID as an Open Standard for persistent digital identity across the web has made. It is amazing to think how far it has come in 2.5 years since IIW1.

Recently I was talking with a person knowledgeable about the identity community and OpenID in particular – they mentioned that some of the conversations amongst those running for the board didn’t help the community look “good”. I said to them you know a lot of communities have elections and there is 6 board seats open and 6 people running for them – so there really isn’t a dialogue, public conversation that has texture (a different word for conflicting points of view). I celebrate a community that can dive in and engage with a range of points of view and really have a meaty dialogue. This is to be celebrated – the pains of growing up.

Wired just did a detailed article on OpenID’s and Blog commenting. It closed with this… NB: Before you race to point out the irony that this particular blog doesn’t support OpenID logins for comments, I can assure you — we’re working on it.

It also said this:


It’s easier for blogs, which don’t need a lot of demographic information about a user, to let people jump in and start participating socially without filling out a registration form. Major media properties and newspaper websites, on the other hand, want age and income data they can use to sell more targeted ads. OpenID and its companion technologies have mechanisms for sites to collect that data from their users, but those mechanisms are largely left out of the blog commenting systems.

It makes me sad to see this. I was just signing up for a topica list – it asked me for my gender the year I was born and my zip code. It is trying to figure out who I am. What I don’t think is well understood is how information sharing happens over time. Asking people to give away PII (personally identifying information) to look at a newspaper is bad practice and encourages lying.

Identity events of the year – Part 2

This is part 2 and continues from part 1. I will re post this caveat again.

I am not going to do a “top ten list” – not really my style. I tend to take things as they are and appreciate the amazing, wonderful, mysterious, sensuous, intellectually stimulating but don’t “compare” in a sort of ordered list way. So just so there is clarity on the number of things I mention I will “number” them but this is NOT a top ten list – I wrote this post as a reflection without thought to order.

(un5) The emergence of Portable Contacts was a great development out of the Data Sharing Events that I put on with Laurie. The conversation between Joseph and the MSFT guys (Indu and Angus) lead to this – sort of a practical low hanging fruit thing to do – rather then solve everything – just how to get the list of contacts I have in one place out and importable to another. Joseph’s community leadership has really impressed me to. He is all about getting things done and finding the needed elements to make things happen.

(un6) I have enjoyed watching Marc draw on his fence – yes he does this literally - and talk about his vision of the social web evolving. He “published” a book containing some of what he has been talking about. You can describe Marc as many things but I for one respect him as a visionary – ahead of his time in seeing where things will be going on the web and what will be needed. (You can see his predictions for 2009 here) Just as an example of something he said that really struck me as original and important to think about looking ahead – he talked about how groups need to live autonomously – outside any one platform or silo – and that we need a language of social verbs that are open and standard across them. Maybe some more people will “get” what Marc has been saying in this regard and some open standards can evolve to address this.

(un7) In a year end review it would be a mistake to not name the IDTBD conversation that happened this summer. You can read the whole thread of the e-mail conversation in the google group – it is public. There were in the end two different ways to look at how to organize (and I think they can complementary) one put organizational form and structure first and the other put relationship and community first and said that needed form and structure could emerge from that. In the middle of the conversation we were referred to Clay Shirky’s work – both this video about LOVE in technical communities and how it is very long lasting and sustaining and his book - the power of organizing without organization. (He also has another talk about Coordination Costs that is informative). Identity Commons is an organization being held together with many of the new super low cost tools that mean organizational overhead that was needed to organize people as organized as we are isn’t needed like it was 5-10 years ago. Having said this there is much to be improved and in the survey we sent out after IIW we asked about IC and the community wanted us to focus on supporting/providing better communication between groups and also increased PR/outside world awareness of the collaborative work happening in the community.

(un8) The OpenID Foundation part of the Identity Commons community held its first elections for the community seats on the board.

(un9) Information Card Foundation launched and is part of the community of Identity Commons. I have been quite impressed with the energy and evangelism of Charles Andres. (they too are using a low organizational overhead model for getting things done). I actually got a the Azigo card selector working on my Mac and downloaded a “managed” card from an early behind the scenes trial of CivicID. I also failed at getting an “I’m over 18 card from Equifax” – Actually the experience of their knowledge based authentication made me think my identity has been “stolen” it asked me about a bunch of loans I haven’t taken out. So now I have a bunch of personal identity detective work to do this year (I will be blogging about those adventures).

(un10) Parity Communications shipped some pretty amazing stuff and it has been a long time coming*. They are behind the Equifax I’m over 18 card issuing site using their service called Card Press for issuing information cards. (as an aside I “get the whole stock photo with people holding their hands in a card shape – but why the girl with no top on?)

* Some background I first talked to Paul Trevithic and Mary Ruddy in the winter of 2004 while working for Identity Commons I knew I had to go out and meet them – to learn what they were up to and hopefully link/sync it with what Owen, Andrew & Drummond&Co. were up to around user-centric identity. They were into Social physics along with John Clippinger and both Paul and John were at the 2004 Planetwork Conference.

Over all it was an amazing year and it seems that the coming year will continue to have this field evolve.

I am working hard on pulling together two events before the next IIW (May 18-20 – put it on your calendars). One is specifically focused on “What are the Business Models” we should have an announcement about that next week but the dates will be the last week of Feb.

The other is focused on the intersection of identity technologies and the legal realm – I am meeting face to face with Lucy Lynch from ISOC in Eugene this week to work on details for that.

The Identity Futures group continues to percolate along and is working on developing a proposal to do some scenario visioning/planning.

I am hoping to spend some more time thinking about and talking to women to understand more about their needs and practices around identity online. Just in the last week while organizing She’s Geeky (the women’s only tech conference happening at the end of January) two women have mentioned they have had online stalker experiences recently. Several also have very particular ways of presenting themselves one example is a woman who professionally they use their first initial and last name – when they submit resume’s etc and in their general life online/socially they use their First name and last initial – to ensure that they are not findable at least by an employer initially doesn’t know their full name and thus their gender.

Identity events of the year – Part 1

I am not going to do a “top ten list” – not really my style. I tend to take things as they are and appreciate the amazing, wonderful, mysterious, sensuous, intellectually stimulating but don’t “compare” in a sort of ordered list way. So just so there is clarity on the number of things I mention I will “number” them but this is NOT a top ten list – I wrote this post as a reflection without thought to order.

This morning while swimming I got to reflecting about the year in identity and it did seem appropriate to share some of them.

(un1) Bob’s Relationship paper (that I hope Burton Group will release into the world) was put forward in draft form at IIW#7 (2008a) and the Data Sharing Summit in May. It framed the problem of identity and articulated some missing pieces to the puzzle we are solving – supporting an identity layer emerge. He high lighted the fact that identity happens in the context of relationship and finding ways to document the terms and conditions in a relationship – making the relationship itself its own node and not just a line in a social graph. Since the paper is mostly been available to enterprise clients of the Burton Group and some folks in the identity community this missing piece – the node of relationship itself has not been taken up. I am hopeful it will emerge. I think some of what the Higgins project is proposing as an R-Card – a place to co-manage relationship data between two parties in a transaction could for fill this.

Update: I spoke with Bob since this post and Burton will be releasing this paper in Q1.

(un2) Facebook’s emergence as the dominant social networking service and this being the anti-pattern that the communities that I have been participating in for 6 years now had articulated was a danger that needed to be addressed preemptively with open standards that worked between silo’s.

(un3) Related to this – I am remember that summer at the invitational gathering at Hollyhock (a retreat center in Canada I love and I became the accidental poster child for) I got to meet with colleagues who lead workshops there some of whom I have known for years. They knew I was into the web and social things there – “digital identity” but this year they “got” more of what I was talking about. The reason was because of issues they themselves had – one had pictures and e-mails and other things the community had put forward around someone’s life threatening illness. They found they couldn’t get the data out. … it wasn’t there. People informally in conversations I overheard were kinda freeked out by the service (you need to remember that in Canada Facebook has incredibly high penetration into the lives of “normal” folks about 40% of all Canadians are on it – so more normal folks then in the US).

So back to the open standards working between sites – putting at least doors between walled gardens – it seems that finding the agreement and finding adoption of such open standards is difficult – or perhaps more to the point it is not a “high business priority” – it is easy to have a big network just grow and become the default. I think the efforts of the open stack community are noble and I hope they succeed. I also think they need to address some of the things that facebook messes up. These include mushing all my worlds together- (water polo from when I was in highschool, kindergarten class at school, water polo from college, water polo from the national team, highschool, elementary school 1, elementary school too, my process facilitator community, the identity community, the all the worlds I am in they are all FLAT – my social reality isn’t flat. People and the topics I am interested in at any one time come closer and go out father. I have divers interests and everyone I know is not interested in everything I do. I know this. I am not trying to “hide” anything or “be secret” I just want to respect the attention of my friends. I hope this nuanced social understanding can be grasped by someone building these tools. It is not that complex.

It may be that this kind of nuance will show up in smart clients. I am hopeful that this year there will be at least one for twitter. (I want to have two kinds of twitter friends – the ones that I read ALL their tweets (scrolling back to see what happened when I was not online) and those that i will watch passively when I happen to be online too.

(un4) TWITTER really broke on to the scene this year. I started tweeting because of Phil Windley’s comment about how it got him connected to his remote team – as a water cooler replacement – to know what they were up to in daily life (I had had an account for about a year before but hadn’t gotten into it). I was also at a talking heads forum on collaboration for a day in January and several friends were there who were tweeters so I did the laborious work of finding people to follow (back then there was no people search – you sort of found people by who you saw following people you knew).

I have several more thoughts about big things of the year. I will continue to write in the next few days. I am going to get back into blogging. These last 8 months since IIW#7 2008a I have had some rather significant personal life background noise. It is why I haven’t been writing or getting out much. So one of my resolutions for the year is to blog more.

It continues here with Part 2.

Cybersecurity report covers Identity

Lucy Lynch posted this “The CSIS Commission on Cybersecurity for the 44th Presidency ” to the ID-Legal e-mail list.

We are actually going to discuss it on our upcoming call along with figuring out our steward to Identity Commons. Lucy and I will be spending 2 days at the end of December face to face in Eugene planning strategy/execution/deliverables around having at least event in DC this winter/spring before the next IIW.

The CSIS Commission on Cybersecurity for the 44th Presidency has released its final report, “Securing Cyberspace for the 44th Presidency.” The Commissions three major findings are:

1. Cybersecurity is now one of the major national security problems facing the United States;

2. Decisions and actions must respect American values related to privacy and civil liberties; and

3. Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will improve the situation.”

There is a section on: Identity Management for CyberSecurity (page 67) that folks will want to read. CSIS is a Washington think tank, so this
is only advisory, but interesting to see some old models coming around again.

“CSIS was launched at the height of the Cold War, dedicated to the simple but urgent goal of finding ways for America to survive as a nation and prosper as a people. During the following four decades, CSIS has grown to become one of the nations and the worlds preeminent public policy institutions on U.S. and international security.”