Navigating the New Normal: John Seely Brown at Catalyst

I am here this week at Burton Group Catalyst. The conference kicked off with a what was by all accounts good talk from John Seely Brown talking about “the New Normal”.
NishantK: John Seely Brown: many of the things that made us successful in the 20th century will make us unsuccessful in the 21st century
jmatthewg1234: John Seely Brown – Thriving in a world of constant flux
bobblakley: John Seely Brown explains the shift from stores of info to flows of info at http://yfrog.com/5u8r3oj
bobblakley: “The cloud is much more disruptive than any of us have ever thought.” John Seely Brown
bobblakley: “SalesForce disrupted Siebel; now being disrupted itself by SmallBusinessWeb. Things are moving that fast.” John Seely Brown
NishantK: John Seely Brown: Good network is loosely coupled, trusted, not captive & filled w highly specialized nodes < basis of #cloud promise
bobblakley: “Moving to cloud requires factoring policy out of apps & making it a 1st class object.” John Seely Brown
bobblakley “Policies must have version numbers.” JohnSeely Brown
bobblakley: “Control-oriented flows won’t work in federated clouds.” John Seely Brown
jonathansander: Outside-in architectures start with the notion of an ecosystem. John Seely Brown
NishantK: John Seely Brown: Need to move from Inside-out to Outside-in architectures – less control, more trust, less predictable, more agile
bobblakley: Schemas are a hindrance in a world of unpredictability – John Seely Brown
bobblakley: “Data has tremendous inertia; don’t bring data to the computer – bring the computer to the data!” JohnSeely Brown
bobblakley: “Web 3.0 will use social media for context sensitive exception handling.” John Seely Brown
jonathansander: Policies are 1st class objects in enterprise 3.0, but so are exceptions. John Seely Brown
bobblakley: “Two things you don’t want to lose control of are policy and data” John Seely Brown
bobblakley: “The edge pulls the core to it by exploiting cloud services and social media.” John Seely Brown
drummondreed: John Seely Brown at Catalyst: the biggest innovation of the past 100 yrs is not the microprocessor but the Limited Liability Corp
This morning the conference kicked off for real with 5 tracks of amazing content. Those of you who know me, know I really am not a big fan of “regular talking heads conferences.” I often tell folks this is the only talking heads conference I recommend attending. The quality of content and thought put into the analyst presentations and the industry people on stage is of a very quality.

Catalyst Round UP

First of all thanks to Cordance, Opinity and ooTao who supported me in representing them and the whole ecology of folks around Identity Commons. It was a great week with lots of fruitful networking.

Jamie you are the calmest conference organizer I have ever met. Your staff was together and very helpful. Thanks!
Here are the roundup highlights:
Identity Management Market Trends – guitar introduction by Mike Neuenschwander.

Every move of your mouse you make
You’ll get a browser cookie for pete’s sake
Every username you fake, every federated claim you stake
They’ll be watching you

Every night and day
Every online game you play
Everything you say in IM, e-mail, VoIp or some other way
They’ll be watching you

Jamie Lewis kicked of the final afternoon with a keynote on user-centric Identity summed up by Dave Kearns with these talking points

*Heady mix of optimists, pessimists, idealists, cynics
*Agendas, governments, commercial interests could subvert the process
*Indicators of the constant tensions virtualization, digital ID create
*The tug of war will continue, and we all have a stake in the outcome
*Demonstrates the relativistic nature of identity, need for
polycentrism

Bob Blakley talked about his Axiom’s of Identity – they were quite though provoking and a great addition to the Identity Gang/Workshop conversation.

Dick gave a new and improved lessig style presentation on Identity 2.0 / User Centric Identity.

These two both belong to the “mac” community and gave their presentation on them. I got a lot of comments about my decorated Mac. It is nothing compared to Mary’s though.

Identity Workshop on stage. It was great to get a name and face for more of the Identity folks this included Stefan Brands of ID Corner and Scott Blackmer. Who I know was there but didn’t meet was David Kerns.
Strangest Job title: Ryan from Sxip – Sales Engineer (huh?)

Best Hospitality Suite themes matching the company:

  • Elementalwith their Ice Carved Bar and Earth and Fire graphics on the wall.
  • BridgeStream does role based enterprise Identity Management. So they had had Impro Theater (IT) Shakespeare provided by Theater Sports LA (Michelle, Brianand Floyd) where they each played improvised “roles.” They were kind enough to do an improvised sonnet about Identity Woman (I was really sad I didn’t have a tape recorder :() They also handed out world beach balls for the ‘globe theater.’

Talked to Scott Mace a bit on the first hospitality suite evening about podcasting. It is something Identity Woman might start doing.

Phil Windley, Doc Searls and myself worked out more details regarding the Independent Identity Workshop we are pulling together for the fall.

The Spiritual element of what identity is – the unnameable quality was honored with two different Lau Tzu quotes.

Sailing San Diego Bay with Mary Rundle was the closing highlight.

Thanks to all for a great conference! I am looking forward to coming back next year.

Canadians in Identity – Canadian’s Identity: The Essay Series Begins

Burton Group‘s Catalyst Conference was great for several reasons. One of them included the fact they actually had a BOF (Birds of a Feather) session for Canadians.
Last time I was in Seattle over at Kim Cameron and Adel’s house enjoying a glass of wine before dinner with Paul Trevithick, Drummond myself. Drummond was the only non-Canadian there and we got to talking about why there was so many Canadians working in this niche of the industry. I think part of the reason is because of the Canadian cultural obsession with identity. I have found what I hope will be a series of essays that good job of explaining this.

The first is the middle section of an essay by Bruce Mau a Canadian Designer entitled the United States of Switzerland.

If you have other articles that help explain this let me know and I will grow the collection.

Catalyst: Logic of Identity – Bob Blakley Chief Scientist IBM

This is a summary of Bob Blakley’s talk at Burton Catalyst:

Opening – Sermon on Laws

Laws of Planetary Motion
Kim’s Laws what happens to Identity if you make stupid or subtle mistakes
Newtons Law – gravity
Why things happen
Introduction – Looking Back Digital Signatures

A while back we decided we needed non-repudiation and did digital signatures by issuing certificates.
We forgot to figure out why do signatures work in the real world.
So, we got how they worked wrong in the technical world.
Having signatures not work is bad looking forward having privacy not work is bad.
Body of Talk
Definition:
Identity is a collection of attributes by which a person or thing is generally recognized or known
Identity Relativity
The Identity of X according to Y: The set of attributes believed by Y to be true of X.
Axiom: Utility
An identity attribute has value if and only if knowing that attribute reduces risk for some party
Reducing one party’s risk often creates risks for other parties.
Consequence: Identification is Power
Identity allocates risk.The ability to create or eliminate a risk for another confers power over the other.

Axiom: Contention
Because identity claims allocate risks, they will be disputed.
Identity Attributes

  • Commercial Interest – Convenience
  • Government Interest – Security
  • Individual interest – Privacy

Definition
Privacy: is the ability to lie about yourself and get away with it.

Axiom: Subjectivity
People disagree about one anothers identity attributes
In general, there’s now easy way to tell who’s right and who’s wrong
Axiom: Temporality
The name that can be named is not enduring and unchanging name. All identity attributes change over time.

  • Prince -> symbol
  • Michael Jackson Black -> Plastified

Axiom: Obscurity
Identity attributes can be

  • what you know – you can lie
  • what you have – loose / leave
  • what you are – alter disguise

Axiom: Publicity
Identity attributes cannot be secret
By definition attributes aren’t observable can’t be used to use attributes
Axiom: Contextually
Identity is inherently subject to effect of scale.
Brandon Mayfield – guy who did not blow up trains
His finger print matched one at Madrid Bombing (it was not an accurate assertion)
Large databases -> not completely reliable
To scale identity information one needs to collect — more information

Consequence: Powerlessness
Identity is in they eye of the beholder – subjectivity.

  • You can’t control what other people think or say about you.
  • You can’t even know who knows what about you.
  • Can control what you tell people but not what people find out

Consequence: Privacy Erosion
Scale requires distinguishing between lots of individuals which requires lots of information.
In a sufficiently large population the commonly agreed to be public attributes will not distinguishing individuals well enough.
So information about sensitive attributes will be collected.

In the UK they are look at putting in scanners (QinetiQ) while entering the subway to detect knives but what about creep in the use of other things identifying tatoos?
People push back against government identification.

Consequence: Due Process
Because identity is subjective, contextually, contention and obscurity and temporality.

IDENTIFICATION REQUIRES DUE PROCESS

But due process undermines the business case for identity. Due process requires transparency. Transparency reveals how identity attributes are collected and synthesized to make judgment. Collection and Synthesis are the only sources of completive value.

They do it because they like costumer intimacy.

Supply and Demand mismatch between favorable and unfavorable information.
Favorable information is easy to get.
The subject is happy to give it to you and the subject is happy to help you authenticate it. Therefore the supply is large and the value is low. But it’s worse: Demand is also low! Because favorable information is less likely to reduce another party’s risk. Especially the case when the other party has lots of potential customers.

The business case fore identity service provider infringes privacy.

The business of identity service providers is risk reduction withholding adverse information decrease the value of business.
Collecting more adverse information makes more.

Identity and Privacy are Incompatible.
Adverse information has positive identity value but negative privacy value.
Favorable information has zero identity value and zero privacy value.

Fable about MARIA

Recent guatemalan immigration
she has AIDS and she doesn’t want anyone to know. The health insurance company wants to know this information because it is a $180,000 not to know this.

Catalyst: SSO Simple Secure and Open – Dick on Identity .20

Dick – had a 580 slide deck done Lessig Style
This is a summary of his talk:

We found out about Dick’s Identity

We learned a about what Identity is

What I say about me
What other say about me (others trust this)
So,
identity=reputaiton
What others say about you
We learned about Identity Transactions:
Verbal in person (with visual cues)
Talk on phone (loss of visual cues)
Job Application (fill out form)

We learned about data verification using drivers licenses in the real world and how the process reduces Identity Friction.
Identity Transactions are Asymmetrical
There is separation of the acquisition and presentation of credential
The credential is reusable
Trust is social

What is digital identity?

Identity 1.0 Today

Today it is the hassel of filling out the same information again and again.
Basically today authentication is that you get to prove you are an entry in a directory entry. single authority on one credential – not portable – in silo.

Verified digital Identity is not what you give a site today.
e-bay -/-> Craigslist
We have walled gardens

Identity 2.0 is where the user can move it to any site.

Simple and open has a history of winning in new standards look at:

  • networking
  • e-mail
  • web – html

WHAT DOES IT LOOK LIKE?
Identity Credential exchange is transparent transaction that is scalable.

WHO WILL DRIVE THIS?
users? – to many user names and passwords

won’t pay – little influence

enterprise? - partners, contracts, agents

but risky to lead… can’t get there
Identity 1.5

e-government?

maybe

but localized

Banks?

motivated to solve
theoretical trust relationship

Identity Ecosystem will emerge where

users are loosely coupled
share user identity

We are in a new era

Webservices – Flickr, Mappr, SalesForce

Web 2.0 will drive identity 2.0

It will happen on the edge of the Internet (not the edge of the enterprise).

XRI/XDI no web-service apps

SXIP

name/value pairs
DIGS XML

The goal is to mimic photo ID
With Sxip Network

SXIP 1.0 has had a few tire kickers

SXORE Blog comment spam solution

SXIP 2.0 support web services
SXIP ACCESS
SSO – Simple Secure and Open

Jamie Lewis –
Q: So will this go into a STANDARDS PROCESS?
A: We are working on it. We want to get it very close to right then put it into standards body. I like IETF. Our goal is to be open

Reputation System for Web 2.0

Jamie Lewis is giving a great talk here at his conference on User-Centrism Meets Polycentrism: Creating Identity Infrastructure for the Internet. One of the things that he mentioned was Identity Commons and my representation of that ecology here at the conference.

He also highlighted the fact that reputation systems have a role to play. I have been working as the Blogosphere Advisor to a start up working on OPEN REPUTATION SERVICES – Opinity. They have a blog too.

One of my new friends in the industry who is a Service Integrator (SI) working on massive enterprise integration projects thought that the talk likely went over the majority of the audience’s head.

Catalyst: Government Adoption of Federated Identity

This is drawn from David Temoshok’s Talk. He is the Director of Identity Policy and Management GSA Office of Government Policy

Homeland security directive 12
“Policy for Common Identification Standard For Federal Employees and Contractors” – August 2004

HSPD 12 Requirements

1. Secure and reliable forms of personal identification that are:

  • Based on sound criteria to verify an individual employee’s identity
  • Strongly resistant to fraud, tampering, counterfeiting, and terrorist exploitation
  • Rapidly verified electronically
  • Issued only by providers whose reliability has been established by an official accreditation process

2. Applicable to all government organizations and contractors except National Security Systems
3. Used for access to federally-controlled facilities and logical access to federally-controlled information systems
4. Flexible in selecting appropriate security level – includes graduated criteria from least secure to most secure
5. Implemented in a manner that protects citizens’ privacy

Expanding Electronic Government

Needing Common Authentication Services for

  • 280 million Citizens
  • Millions of Businesses
  • Thousands of Government Entities
  • 10+ Million Federal Civilian and Military Personnel

You can learn more on the GSA website – http://www.gsa.gov/aces