Privacy Identity and Innovation – pii & Women

The Privacy Identity and Innovation is coming up August 17-19th in Seattle, Washington.

This conference is the brain child of Natalie Fonseca who has run the Tech Policy Summit for several years.

I am speaking at the event on a panel about personal data stores (a new project I will write more about here soon).  I am really proud to be amongst many other women industry leaders speaking. I know Natalie took proactive approach to recruiting women to speak and voila – their are women speakers at this technology conference.

Denise Tayloe, CEO of Privo
Marie Alexander, CEO of Quova
Linda Criddle, CEO of Reputation Share
Fran Maier, President of TRUSTe
Anne Toth, Chief Privacy Officer for Yahoo
Michelle Dennedy, VP at Oracle
Judith Spencer of GSA
Christine Lemke, CTO of Sense Networks
Betsy Masiello of Google
Heather West of Center for Democracy and Technology
Eve Maler of PayPal
Susan Lyon of Perkins Coie
Deborah Estrin of UCLA

It should be a great event – the guys on the program are equally cool.

Navigating the New Normal: John Seely Brown at Catalyst

I am here this week at Burton Group Catalyst. The conference kicked off with a what was by all accounts good talk from John Seely Brown talking about “the New Normal”.
NishantK: John Seely Brown: many of the things that made us successful in the 20th century will make us unsuccessful in the 21st century
jmatthewg1234: John Seely Brown – Thriving in a world of constant flux
bobblakley: John Seely Brown explains the shift from stores of info to flows of info at http://yfrog.com/5u8r3oj
bobblakley: “The cloud is much more disruptive than any of us have ever thought.” John Seely Brown
bobblakley: “SalesForce disrupted Siebel; now being disrupted itself by SmallBusinessWeb. Things are moving that fast.” John Seely Brown
NishantK: John Seely Brown: Good network is loosely coupled, trusted, not captive & filled w highly specialized nodes < basis of #cloud promise
bobblakley: “Moving to cloud requires factoring policy out of apps & making it a 1st class object.” John Seely Brown
bobblakley “Policies must have version numbers.” JohnSeely Brown
bobblakley: “Control-oriented flows won’t work in federated clouds.” John Seely Brown
jonathansander: Outside-in architectures start with the notion of an ecosystem. John Seely Brown
NishantK: John Seely Brown: Need to move from Inside-out to Outside-in architectures – less control, more trust, less predictable, more agile
bobblakley: Schemas are a hindrance in a world of unpredictability – John Seely Brown
bobblakley: “Data has tremendous inertia; don’t bring data to the computer – bring the computer to the data!” JohnSeely Brown
bobblakley: “Web 3.0 will use social media for context sensitive exception handling.” John Seely Brown
jonathansander: Policies are 1st class objects in enterprise 3.0, but so are exceptions. John Seely Brown
bobblakley: “Two things you don’t want to lose control of are policy and data” John Seely Brown
bobblakley: “The edge pulls the core to it by exploiting cloud services and social media.” John Seely Brown
drummondreed: John Seely Brown at Catalyst: the biggest innovation of the past 100 yrs is not the microprocessor but the Limited Liability Corp
This morning the conference kicked off for real with 5 tracks of amazing content. Those of you who know me, know I really am not a big fan of “regular talking heads conferences.” I often tell folks this is the only talking heads conference I recommend attending. The quality of content and thought put into the analyst presentations and the industry people on stage is of a very quality.

ID-Legal – Mapping the Gap – Bridging Commumities

Next month we are hosting a gathering called Map the Gaps. It came out of a session I ran several IIW’s ago asking the question what if there was a “Legal-IIW” the intent was always to cross communities and connect activities already in this area.  The intent from the beginning was to connect with and work with PPEG at Liberty Alliance. I am happy to be working with Robin from Kantara who ran the PPEG group at Liberty Alliance. Lucy from the Internet Society has been a real champion of the event.

We are threading the needle of size and accessability. Our intent is to make as much as possible about the conversation public and report out.  We also know that the energy is really different with 20-30 people vs. 100.   We are seeking interest particularly from technologist who are interested in understanding how Lawyers think and how different aspects of law are going to end up impacting the technologies they build and how those technologies will change the law.

You can see the matrices we are looking to fill in here on the ID-Commons wiki.

Here is the invitation and this is a link to express interest in attending.

Identity Commons and The Kantara Initiative
present an identity workshop and symposium to
“Map the Gaps”
Sponsored by the Internet Society.
March 18th-19th, 2010, Washington DC

The event will be attended by representatives of the diverse identity communities to help “Map the Gaps” that currently exist between the policy/legal and technology views of digital identity and online privacy.

The intention of the “mapping” exercise is to benefit the overall identity community by cataloguing and examining the characteristics and approaches of various online identity-related technical and legal initiatives, so that they can be applied to find common ground to integrate the research and development initiatives in the identity space.

The infrastructure for online identity continues to evolve, and increasingly raises social and privacy questions which are large, complex, and cannot be solved either by technology alone, or by a “single-stakeholder” approach.

While technologists and lawyers have worked separately in the past, identity technologies are now bringing people together in ways that are so intimate and far-reaching that they change both the way humans relate to technology, and the technologically-mediated ways humans relate to each other. Many of those technologically-mediated interactions are the subject of various established laws, which must now be reviewed in the light of this evolution: the technology cannot properly develop without legal guidance and vice versa.

This effort will depend upon the identification and creation of common concepts, language and paradigms to guide future development in the area.  Our aim is to bring technologists and legal and policy professionals together, establish a common understanding of each other’s domains, and map out the gaps which subsequent work would aim to bridge.

The “Map the Gaps” event will provide participants with a forum to contribute various perspectives on identity-related themes, the output of which may be coordinated with American Bar Association events as well as within working groups at ID Commons and the Kantara Initiative.

Due to limited space, the event is being held by invitation only.  There are, however, other ways to participate in this important work, including submitting written materials for inclusion in symposium online materials.

In order to assure that the broadest possible representation of interests is achieved to inform the work that will take place at the symposium, all submitted papers will be made available to attendees and others on the Identity Commons and Kantara symposium-related websites.

Limited spaces have been reserved at the symposium for a few additional invitations to be extended to individuals and institutional representatives based on a review of submitted papers.  Additional invitations may be extended based on those papers that offer significant perspectives and insights that are perceived to be different than or complementary to those already represented by the existing symposium attendees.

Next steps:
The symposium will be interactive and participant-driven: we ask all persons who would like to attend the meeting as participants to contribute, in advance (and no later than February 28, 2010), a brief (250-500 words) position paper, analysis or other  description of an interesting or pressing problem they have encountered in this field.  Papers will be posted as noted above, and we will extend invitations for participation to the authors of those papers that satisfy the criteria indicated above.

To express interest in the “Map the Gaps” workshop and symposium:

https://www.isoc.org/isoc/conferences/registration/?id=19

Event Committee:

  • Scott David, K&L Gates LLC.
  • Lucy Lynch, Internet Society
  • Kaliya Hamlin, ID Commons
  • J. Trent Adams, Internet Society
  • Robin Wilton, Future Identity, Ltd.

IIW is NOT an advocacy group – sigh “the media”

Facebook’s Online Identity War quotes me and labels IIW an advocacy group. IT IS AN INDUSTRY FORUM. Douglas MacMillan.

Sorry but I am still learning “how” to talk to reporters. They don’t like to quote me as “the identity woman” and link to my blog.

I “do” run the Identity Workshop with Phil and Doc but that doesn’t make it an “advocacy group”

Identity Commons & IIW have a purpose and principles believing in user/centric identity. The power of individuals to manage and control their own identities online. We don’t “advocate” for them – we create a convening space for people who want to work on this ideal.

Facebook does on some level “agree” with the idea of user-centric identity – Luke Shepard has participated in the community for quite a while & they hired David Recordon. They sponsor IIW.

I am clear that the opening up of previously controlled information with no warning “jives” with my understanding of user-centric control. It was more from my own point of view I was commenting. That is with my “identity woman” hat on… and the values I carry from Planetwork and the ASN… but the press hates that. Uggg. Chris Messina gets to be an “open web advocate”… that is what I do to but just about identity “open Identity advocate” (mmm…) but then that sounds like “just” OpenID and it isn’t just about that one particular protocol. sigh.

I am still wondering – How does one “belong” and have “titles” in a way the media can GROK when one does not have a formal position in a formal organization.

sigh – identity issues.

Fire Fox and Identity in the Browser

ReadWriteWeb reports this week:

Decrying redirects and iframes, Raskin tells of a brave new world where an in-browser button that defies navigational difficulties allows for something closer to true identity portability than we’ve seen yet:Identity will be one of the defining themes in the next five years of the Web. Nearly every site has a concept of a user account, registration, and identity. Searching for “sign in” on Google yields over 1.8 billion hits. And yet, the browser does nothing to make this experience better save for some basic auto form filling. The browser leaves websites to re-implement identity management, and forces users to learn a new scheme for every site… Your identity is too important to be owned by any one company. Your friends are too important to be owned by any one company.

Finally! They said it!

Comments in reaction to the ReadWriteWeb post highlight Information Cards & CardSpace are not mentioned – I point out in my comment that the work is all connected ant pointed to the IIW conversations about Active Clients attended by all.

Aza open their post with this paragraph:

Identity will be one of the defining themes in the next five years of the Web. Nearly every site has a concept of a user account, registration, and identity. Searching for “sign in” on Google yields over 1.8 billion hits. And yet, the browser does nothing to make this experience better save for some basic auto form filling. The browser leaves websites to re-implement identity management, and forces users to learn a new scheme for every site.

They make these key points following the images they have (you should check the images out)

• Identity is part of where you are, and what you are looking at (Amazon looks different depending on if you are signed in or not). That’s why we put it in the URL Bar.

• For most sites, you’ll probably only have one identity, so login will be a single click or automatic.
• Putting verbs into the navigation bar isn’t new. See Taskfox.
• To increase visibility, webpages should be able to make a Javascript call that opens the login/signup bubble.
• For webpages that want to own the login-process, the account creation simply acts as the ultimate form-fill. For those interested in the evolution of the idea, you can see an early mockup with comments as well as Alex Faaborg’s similiar mockups.

They also make this point…

Chris Messina and others has been advocating for a model which follows the Facebook Connect lead: a single verb, to connect. Once connected, you decide exactly what information to share in an asynchronous manner. Unfortunately this bleeds information — your name is known to all websites which which you connect. We’d like to explore what a connect metaphor in combination with the ability to remain anonymous but connected means.

I agree with the firefox folks. Having a way to do verified anonymity is essential.

“Selective Disclosure” is the name for technologies that do this.

The firefox team should check out Stefan’s U-Prove Technology that may be released shortly by MSFT that acquired it over a year ago

(seems like Stefan killed his blog when he moved to MSFT..mmm..anyways.)

Firefox folks invite people to get involved here.

Identity Dispute on Twitter

From Slashdot

SpuriousLogic spotted this story on the BBC, from which he excerpts:

“The High Court has given permission for an injunction to be served via social-networking site Twitter. The order is to be served against an unknown Twitter user who anonymously posts to the site using the same name as a right-wing political blogger. The order demands the anonymous Twitter user reveal their identity and stop posing as Donal Blaney, who blogs at a site called Blaney’s Blarney. The order says the Twitter user is breaching the copyright of Mr. Blaney. He told BBC News that the content being posted to Twitter in his name was ‘mildly objectionable.’ Mr. Blaney turned to Twitter to serve the injunction rather than go through the potentially lengthy process of contacting Twitter headquarters in California and asking it to deal with the matter. UK law states that an injunction does not have to be served in person and can be delivered by several different means including fax or e-mail.”

FastCo Post on Governemnt Experiments with Identity Technologies

This is cross posted on Fast Company.

The Obama administration open government memorandum called for transparency participation, collaboration and federal agencies have begun to embrace Web 2.0 technologies like blogs, surveys, social networks, and video casts. Today there are over 500 government Web sites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government Web sites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.

Yesterday the United States Government in collaboration with industry announced a few pilot projects using emerging open identity technologies for citizens to use when interacting with government sites. I use the word interacting very deliberately because the government doesn’t want to know “who you are” and has gone great lengths to develop their implementations to prevent citizens from revealing personally identifiable information (name, date of birth etc).

How would you use this?–well imagine you are doing an in depth search on an NIH (National Institute of Health) Web site–and you went back to the site many times over several months. Wouldn’t it be great if the site could “know” it was you and help you resume your search where you left off the last time. Not your name and where you live but just that you were there before.

The Identity Spectrum helps us to understand how it all fits together.

Spectrum of IDAnonymous Identity is on one end of the identity spectrum–basically you use an account or identifier every time go to a Web site–no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don’t reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give “fake” information or true information about yourself–it is up to you.

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.

The government pilot is focused on supporting citizens being able to have pseudonymous identities that function only at one Web site–the same citizen interacting with several different government Web sites needs to use a different identifier at each one so their activities across different government agencies do not have a correlation.

It is likely that some readers of this blog know about and understand typical OpenID. Almost all readers of this blog do have an openID whether they know it or not because almost all the major Web platforms/portals provide them to account holders–MySpace, Google, Yahoo!, AOL etc.

So how does this work with OpenID?

Typical OpenIDTypically when logging in with OpenID on the consumer Web you share your URL with the site you are logging into–they redirect you to where that is hosted on the Web–you authenticate (tell them your password for that account) and they re-direct you back to the site you were logging in. (see this slide show for a detailed flow of how this works). Using OpenID this way explicitly links your activities across multiple sites. For example when you use it to comment on a blog– it is known your words come from you and are connected to your own blog.

Using the OpenID with Directed identity–de-links your the identifiers used across different sites but still lets you use the same account to login to multiple sites.

Directed IdentityWhen you go to login to a site you are asked to share not “your URL” but just the name of the site where your account is–Yahoo! or Google or MySpace etc. you are re-directed to that site and from within your account a “directed identity” is created–that is a unique ID just for that Web site. Thus you get the convenience of not having to manage multiple accounts with multiple passwords and you get to store preferences that might be shared across multiple ID’s but you don’t have identifiers that correlate–that are linked across the Web.

How does this work with Information Cards?

This is a complementary open standard to OpenID that has some sophisticated features that allow it to support verified identities along with pseudonymous & self asserted identities. It involves a client-side piece of software called a selector–which selector helps you manage your different identifiers using a card based metaphor, with each digital “card” representing a different one. Citizens can create their own cards OR get them from third parties that validate things about them.

The government is creating a privacy protecting “card profile” to be used in the pilot program. It is NOT issuing identities.

Trust Framework are needed to get it all to work together.

From the press release yesterday:

“It’s good to see government taking a leadership role in moving identity technology forward. It’s also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon–it’s a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate,” said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. “Today’s announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it’s impossible to know whether a received identity is reliable.”

The OpenID Foundation and Information Card Foundation wrote a joint white paper to describe how they are working on developing this. From the abstract:

[They] are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.

These frameworks, based on the model developed by the InCommon federation for higher education institutions, will enable government Web sites to accept identity credentials from academic, non-profit, and commercial identity providers that meet government standards. These standards are critical as they represent the government’s resolution of the challenging and often competing issues of identity, security, and privacy assurance. Open trust frameworks not only pave the way for greater citizen involvement in government, but can enable even stronger security and privacy protections than those typically available offline.

These are all exciting developments but there is much more to do.

Looking (far) ahead there may be the opportunity to do selective disclosure–combining anonymity with verified identity.

How do these go together–you can take a verified identity claim say your birth date then using cryptography strip the specifics away and just have a claim that says you are “over 21″. Then using an anonymous identifier you have selectively disclosed your age without giving away your date of birth.

You could imagine this would be handy for citizens wanting to communicate their opinions to their member of congress without revealing their actual name and address – they could “prove” using a verified claim they live in the district but not reveal who they are. This aspect of what is possible with the technology is VERY forward looking and will take many years to get there. There is enormous potential to evolve the Web with this emerging identity layer.

I would like to invite all of you interested in being involved/learning more to attend the Internet Identity Workshop in Mountain View California November 3-5. I have been facilitating this event since its inception in 2005. It is truly amazing to see how far things have progressed from when we were 75 idealistic technologist talking about big ideas. at the Hillside Club in Berkeley. It is also some what daunting to think about how much farther we have to go.

Thomas Friedman on the lesson from Van Jones – “Watch out for the participatory panopticon”

Thomas Friedman of the NYTimes on Meet the Press today talking about several recent incidents including what happened to Van Jones.

When everyone has a cell phone, everyone is a photographer, when everyone has access to YouTube, everyone is a filmmaker, and when everyone is a blogger everyone is a newspaper.

When everyone is a photographer, a newspaper and a filmaker everyone else is a public figure. Tell your kids ok,  be careful every move they make is now a digital footprint. You are on candid camera and unfortunately the real message to young people from all these incidents… (he says holding his hands closely together) is really keep yourself tight – don’t say anything controversial, don’t think anything controversial, don’t put anything in print – you know what ever you do just kind of smooth out all the edges (he says moving his hands in a streamlining motion down) and maybe you too – you know when you get nominated to be ambassador to Burkina Faso will be able to get through the hearing.

What does this capacity to document “everything” digitally mean to free thinking, and free speech? It seems that is having a quelling effect.

I have written about the participatory panopticon several times, a term coined by Jamais Cascio.

* Participatory Panopticon strikes Michael Phelps

* We Live in Public – a movie

* “sousveillance” coming to NYC and Big Brother coming to NYC

* Participatory Panopticon tracking the CIA’s Torture Taxi

* Condi Caught by Emerging Participatory Panopticon

* Accelerating Change Highlights: 1 (Jon Udell)

The first time I spent a whole day with technologists working on the identity layer of the web in 2003 I asked publicly at the end of the day – how do we forgive in these new kinds of tools in place? How do we allow for people to change over time if “everything” is documented?

I hope we can have a dialogue about these kinds of issues via the blogosphere and also face to face at the 9th Internet Identity Workshop coming up in November.

Identity for Online Community Managers

I was asked by Bill Johnson of Forum One Networks to kick off the discussion on the next Online Community Research Network call this week with the topic Identity for Online Community Managers – drawing on the presentation that I put together for the Community 2.0 Summit. I cover the basics of how OpenID, OAuth and Information Cards work, who is “in” terms of supporting the projects and what community managers/platforms can do. We will discuss the implications of these new identity and data sharing protocols on the call.

Online Identity for Community Managers: OpenID, OAuth, Information Cards

View more documents from Kaliya Hamlin.
I will also be attending the Online Community Summit in October Sonoma and will be sharing about these and other technologies there.

Freedom to Aggregate & Disaggregate oneself online.

I presented this slide show at the Oxford Internet Institute meeting in April that considered A Global Framework for Identity Management.

You could sum it up this way – “stuff happens in peoples lives and the need the freedom to go online and get support for those things and not have it all linked back to their “real identity.”

The slides are moving (drawing from post secret post cards) and it is worth watching if you don’t think people need this freedom.

its that SXSW picking time of year

200908181123.jpg

This year there are 2200 panels submitted for 300 slots. It is great they are going with community generated ideas for the conference. It is also hard to tell what will be happening in our fast moving industry 7 months from now. PLEASE go to SXSW create an account and then vote for these two :)

I put a lot of thought in to what to put forward this year knowing it would be 9 months out. One of the trends that is just starting to emerge is identity verification – my hunch is that by March this will be a topic getting a lot of attention and worth exploring at SXSW.

Who are you? Identity trends on the Social Web.

“On the Internet Nobody Knows You’re a Dog” Is this famous New Yorker cartoon still true? Twitter is doing verified accounts. Facebook claims everyone using their “real name” gives strong social validation ‘proof’. Equifax is validating age with information cards (digital tokens). We will explore the current trends and their implications for the future.

  1. What is identity?
  2. Why are people doing identity validation?
  3. Who is doing identity validation?
  4. Why are websites seeking people who have had their identities validated?
  5. Is identity validation improving the web?
  6. What are the current open standards in this space?
  7. Are approaches by men and women different about idnetity presentation and validation?
  8. What kinds of businesses are requiring online identity validation for customers?
  9. Is identity validation going to squish “free speech”?
  10. How is this trend changing the web?

With my She’s Geeky hat on: What Guys are Doing to Get More Girls in Tech!

The point of this is to get beyond the women say there are issues in the field and guys say there isn’t – to have guys who know there is an issue and are proactively doing constructive stuff to address it.

Many tech fields have a low percentage of women. If you are a guy do you wonder what you can do about it? Learn about successful strategies and proactive approaches for supporting women you work with and participate in community with. We will even cover some well-intentioned efforts that have gone awry.

  1. How many women by percentage participate in different technical fields?
  2. Why does it matter that they are underrepresented in these fields?
  3. What are the cultural norms that men and women have about performance and self-promotion?
  4. What is Male Programmer Privilege?
  5. What can a guy do who has a sister that is math/science inclined but being steered away from the field?
  6. How have the men on the panel improved things in their workplaces?
  7. How have the men on the panel addressed the challenges that arise in open communities? (that is where you don’t have a boss that fires people for inappropriate behavior/comments)
  8. What are the qualities of a workplace that is friendly for women?
  9. How to go beyond tokenism in workplaces, communities and conferences?
  10. How to encourage women more?

Other interesting Preso/panels covering Identity topics:

The Politics & Economics of Identity Put forward by my friend Liza Sabature of Culture Kitchen and the Daily Gotham Identity Politics” has always been left to the realm of feminist, civil rights activists, aka “minority politics”. This panel will explore the social and political ramifications of the business of identity and reputation. We will talk about the good, the bad and the ugly and what social entrepreneurs, businesses and digital activists are doing to impact this new economy.

  1. What is identity?
  2. What is reputation?
  3. What is privacy?
  4. How have big business historical monetized privacy?
  5. How social media works on identity and reputation?
  6. Online surveillance in the US : DMCA, FISA, Patriot Act
  7. Facebook BEACON : a study on how not to spy on people for fun and profit
  8. Google Adsense or Spysense?
  9. What are Vendor-Relationship Management systems?
  10. Will we need “Identity Management Systems” instead of VRMs?

Distributed Identity: API’s of the Semantic Web Without much conscious thought, most of us have built identities across the web. We fill in profiles, upload photos, videos, reviews and bookmarks. This session will explore the practical use of Social Graph API and YQL to build new types of user experience combining identity discovery and data portability.

Online Gatekeeping: Who Died and Made You King? by Liz Burr As the web becomes more open via social networks, we’re adopting new rules of communication. But who creates these rules? How much does class, race and gender figure into social media policing? We’ll discuss how identity affects social networks, as well as look at how online communities police themselves as participation expands.

  1. Which groups are in control of what is worth sharing via social media?
  2. Are the under-25 community using social media differently?
  3. How do we recognize and confront social media ‘gatekeepers’?
  4. Is our behavior in online communities merely a reflection of offline stereotypes and experiences?
  5. What is the impact of the amplification of social stereotypes online on under-represented groups?
  6. How do we integrate previously, under-represented groups into this more social world?
  7. Is there really such a thing as a “digital ghetto”? If so, is it our responsiblity to combat it?

OpenID: Identity is the platform is put forward by Chis Messina.
I have to say it is really great to have this be put forward so plainly and simply – to “get religion” about user-centric tdentity and its central role in shaping the fugure the social web.

Ignore the hype over social networking platforms and web OS’s! The platform of the social web is identity. Facebook and Twitter Connect are just the beginning of the era of user-centric identity. I’ll go beyond the basics of OpenID and learn how to effectively incorporate internet identity into your apps.

Your Online Identity After Death and Digital Wills

If you died tomorrow, would someone take care of your internet accounts? How do you tell subscribers the blogger has died? Every day people die and no one can access their email. Let’s explore what can be done to manage your online identity after you pass on.

  1. What usually happens to email accounts when a person dies? Policies for Gmail, Yahoo, Hotmail and AOL
  2. What about WordPress.com and Blogger for digital policies concerning the death of a blogger?
  3. Do You have a digital will setup?
  4. Products and services to manage digital wills, electronic correspondence after death and auto replies.
  5. Grief, “You Have Mail” and online memorial services.
  6. Who owns blog content after the death of a blogger?
  7. How to calculate the worth of your website or blog.
  8. How can you manage your online accounts and passwords for easy access after you pass?
  9. What are some recent legal examples of online account ownership disagreements?
  10. How to keep your passwords safe?

How to Benefit from 1-Click Identity Providers by Luke Shepard from Facebook.

Sites across the Web are opening up to support open identity platforms, such as OpenID. How can companies at scale and those with large user bases successfully work with open standards including OpenID, Activity Streams and new social markup language specs? Can companies survive the challenges of incorporating OpenID into their websites?

  1. Are there any success stories with OpenID?
  2. What does the OpenID user experience look like?
  3. Who has implemented OpenID?
  4. What have been some of the failures of OpenID?
  5. What is OpenID?
  6. What are the user benefits of OpenID?
  7. How can websites educate users about open protocols?
  8. What are the privacy concerns around OpenID?
  9. What kind of user data is made available to sites when they implement OpenID?
  10. What will it take for OpenID to become mainstream?

Crime Scene: Digital Identity Theft


ID biz models “in the future maybe” says Johannes

Johanne Ernst is a builder of Identity technologies (and one of the clearest thoughtful thinkers about identity technologies and markets. He just posted a great post about business models in the identity space. I know he has at various times tried raise money as an entrepruner in this space – so he has thought a lot about the business models.

For those of you who don’t know Johannes he developed Light-Weight Identity (LID) a URL based ID system at the same time Brad Fitzpatrick did at Live Journal and then participated in merging it all together into YADIS discovery which became woven together with OpenIDv1, XRI/i-names  and sxip to become OpenIDv2. He also was the first drawer of the identity triangle (OpenID, SAML, InfoCards) which evolved into the Venn of Identity.

Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

The mot important sentence is this one – Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

I take heart with what he has to say especially because he addresses it to a big part of what I do – organize (un)conferences to continue momentum for the field.

From his post:

Value-added services:
Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

So the verdict here is: perhaps in the future.   

So what’s an analyst, or conference organizer, or entrepreneur, or venture capitalist to do?

My take: Hang in there, keep the burn rate low, make no major moves, would be my advice. (Believe it or not, sometimes I’m being asked about my advice on this.) All the signs are pointing in the right direction, the latest being Google’s major OpenID push. Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

Sooner or later, at least the value-added services opportunity will emerge. Perhaps others. But so far it has not yet.

Identity & Gov and & Open Standards

I am really happy to let you all know about this forth coming OASIS ID-Trust Identity Management 2009 event September 29-30.

The theme of the event will be “Transparent Government: Risk, Rewards, and Repercussions.”

The U.S. National Institute of Standards and Technology (NIST) will be hosting it in Gainthersburg, Maryland.

In the why attend the reference part of a directive by Barack Obama to the National Security Council and Homeland Security Council.

“to defend our information and communications infrastructure, strengthen public/private partnerships, invest in cutting edge research and development and to begin a national campaign to promote cyber-security awareness and digital literacy.” The U.S. federal government aims to accomplish all of this while becoming increasingly open and transparent.

The program is now available – and looks quite good.

There is a discount available until August 31. There are special registration proceedures for non-US citizens.

Web Finger! moving out into world

I love the Internet Identity Workshop! it is where innovative ideas are hatched, answers to hard problems are vetted and standards consensus emerges. This is just the latest in amazing collaborations that have emerged.

Web Finger was covered on Tech Crunch today with this headline – Google Points At WebFinger. Your Gmail Address Could Soon Be Your ID.

At IIW in May they had a session lead by John Panzer. The notes were not filled out that much but (All the Notes from IIW)   

but there is a white board of their conversation and a link to what google had up.

Chris Messina spliced it together

XRD the discovery protocol is part of how Web Finger works. This spun out of XRI.

Techcrunch didn’t explicitly pick up on the fact that Eran Hammer-Lahev has been a key collaborator and is at Yahoo! (they did link to the mailing list where he is posting). He has been really driving XRD forward lately.

All exciting stuff.

DiSo ideas are not that new.

Reading these:

A Perfect Storm Forming for Distributed Social Networking- Read Write Web

Evolution of Blogging – GigaOm

The Push Button Web – Anil Dash

The inside Out Social Network – Chris Messina

The Future Social Web – Jeremiah Owyang

I realize how incredibly ahead of the times I was along with many of the people I have been working with on open standards identity and social web standards.

I wrote this describing open standards for distributed social networking online in April of 2004f or the Planetwork Conference (from Archive.org)  that I was promoting.

———————— From Archive.org April 2004 ——————

ID Commons: Social Networking For Social Good: Creating Community Trust Infrastructure Through An Identity Commons

In 2003 the Planetwork LinkTank white paper The Augmented Social Network: Building Identity and Trust into the Next-Generation Internet proposed weaving new layers of identity and trust into the fabric of the Internet to facilitate social networking for social good – online citizenship for the information age.

The LinkTank white paper outlined three main objectives:

  1. Establishing a new kind of persistent online identity that supports the public commons and the values of civil society.
  2. Enhancing the ability of citizens to form relationships and self-organize around shared interests in communities of practice and engage in democratic governance.
  3. Creating an Internet-wide system for more efficient and effective knowledge sharing between people across institutional, geographic, and social boundaries.

Currently each site with a login or membership profile is like an island, or at worst a walled castle, as no common inter-operation is possible among large numbers of them. Creating a truly interoperable network will require an explicit social agreement that governs the operation of the trusted network, and implementation of a new software protocol consistent with that agreement.

Identity Commons

[note this is a reference to the "first" Identity Commons - the current Identity Commons shares the values and some of the organizing principles of this first organization but evolved from it]

The Identity Commons is an open distributive membership organization, designed to develop and operate a common digital identity infrastructure standard based on the shared principle of protecting each user’s control of their own identity data. A common identity infrastructure must be embedded within a binding social agreement ensuring that the technology and its institutional users operate in accordance with core principles. In addition to developing this agreement, Identity Commons is managing the development and implementation of the new technology needed to achieve this as a fiscal project of Planetwork, a California 501(c)3 non-profit.

The Identity Commons is based on an implementation of two new OASIS standards:

XRI – a new identity addressing scheme fully compatible with URIs
XDI – specifies link contracts for shared use of data across the Internet

For more technical information see: http://xrixdi.idcommons.net

Once implemented, the Identity Commons infrastructure will:

  • Give individuals, organizations, and even ad-hoc groups persistent addresses (digital identities) that can be used in many ways. Each party can decide what their own address links to, and who can follow the links.
  • Provide single sign-on, enabling individuals to connect to multiple sites without having to provide a login and password to each.
  • Empower user/citizens to manage their own consolidated profiles, which will be likely to stay up to date as everyone maintains only their own master copy.
  • Generate network maps that enable communities to more efficiently understand their own membership, make connections, recognize patterns, filter messages, and self-organize around new topics and functions.
  • Provide collaborative filtering services based on knowledge and reputation databases where contributors can also control their own level of anonymity.
  • Enable group formation around common interests and affinities with reputation attributes for trusted communication, which could be the key to eliminate spam.

How is this different from what is already happening in the private sector?

Currently every web site has a privacy policy, but they vary widely, are rarely read, are only good until they are changed and are thus effectively useless.

The Identity Commons (IC) solves this by (1) replacing thousands of privacy policies with a single institutional membership agreement that simplifies the user experience. Every Identity Commons member site is party to a legally binding commitment that can only be changed by amending the IC membership agreement – which is governed by all IC members. And (2) by using electronic contracts to grant, record, and enforce data sharing across boundaries.

Ultimately there can only be one fully interoperable social network; just as email can travel anywhere on the Internet, your profile must also be able to do so. Microsoft would love to make this possible, and fully control it – their Passport system was designed to do just that. By hosting identity data for nearly everyone who has a computer Microsoft hopes to put themselves in the middle of every transaction they can.

In response to this, a group of large companies formed the Liberty Alliance which developed protocols that will allow institutions to “federate” data across company boundaries. Federation is an improvement over the Microsoft Passport model, however, both of these approaches treat individuals solely as consumers, and neither provide support for civil society, citizen collaboration or for individual citizens to control their own identity data.

The Identity Commons agreement and technical infrastructure is a way to correct this imbalance of power, allowing the Internet to fulfill its great potential as a “commons” in which individual citizens can interact freely and as equals everywhere on Earth.

————- end Identity Commons description from Planetwork’s 2004 site ———

Writing this document was the first work that I did as an evangelist for the proposed open standards for distributed digital identity to enable open distributed social networks.
I wrote it based on reading through all their work and listening to their vision of the founders of Identity Commons and those working together for 2+ years hoped for in the adoption of the open standards they were working on. These protocols are now all ratified in OASIS (one of three standards bodies for the internet the other two being IETF and W3C) – XRI, XDI along with XRD/XRD that spun out of XRI as it became incorporated in OpenIDv2 as a key part of what makes it work.

Identity that is user owned, controlled managed – and this includes the preferences, attention data, uterances, 1/2 of transaction data – is at the heart of what one needs to make this vision of distributed social networking work. I think until recently it has been misunderstood as esoteric and just talk – amazing progress has been made since the early days of the identity gang that community has grown and developed many of the conceptual understandings and protocols that are taken as givens.

Folks from what the identity community (and perhaps should consider “updating” its name to the identity and social web community).…invented – as in used for the first time these two words together Social and Web – SOCIAL WEB – (according to wikipedia)

With the title of this paper: The Social Web: Creating An Open Social Network with XDI

This paper was preceeded by the Augmented Social Network: Building and Trust into the Next Generation Internet

Like the Web or email, the ASN would be available to anyone. It would become a common part of the Internet infrastructure – a person-centered and group-centered service of the net. It will be implemented through the widespread adoption of technical protocols; any online community infrastructure could choose to be part of the ASN by implementing them. Central to its design are fundamental principles of openness, inclusivity, and decentralization — which are necessary for a thriving democracy. At the same time, the ASN would support the highest available forms of security to protect privacy.

The Identity Gang began talking/meeting in the later part 2004 and has continued to meet in the Internet Identity Workshop.

There is much wisdom that these communities have developed that can be useful in moving / re-articulating the vision… to be sure lessons are to be learned from understanding more about why certain approaches/standards/proposed ways of doing things didn’t happen (yet).

I think the market wasn’t ready for what the identity community was saying. As someone who has been evangelizing about this set of issues practically full time since 2004. In the first few years I would talk in a range of communities and at conferences about all these issues, user control, open standards the danger of the potential emergence of large silo’s that locked users in and people just “didn’t get” it was an issue or that there was even a need for these kinds of standards. Now the market is finally ready.

The 9th Internet Identity Workshop  is this November – and REGISTRATION IS OPEN!

There is a whole conversation on the DiSo list where I highlighted this context/history. There might be a beer meetup in Berkeley this evening at Triple Rock at 7:30.

Digital Identity -> Sculpture

My friend Cameron Hunt sent me a link to this AMAZING site this morning.

IDENTITÄT: the »Gestalt « of digital identity

From the far end of the Concept page:

The goal of the project was not to create a readable data sculpture of someone’s digital life, but to express how an analogue snapshot of complex dig­ital identities can be presented. Based on four de­fined cri­te­ria all sculp­tures had to be compa­ra­ble in their form, size and ex­pres­sion. Af­ter generating those sculp­tures based upon the particles only, we added time as an under­lying factor. The particle system, which rep­resents a persons inter­ests, spreads in space until it is bal­anced. The speed of this expan­sion, the thickness of the cre­ated hull and the starting point of the drawing process is connected to the factors age, activ­ity and communication behav­ior.


This system leads to an embod­i­ment for the final ~Gestalt of dig­ital identity. A still life of an ongo­ing process about re­defining and dec­orating. This dynam­ic process of dig­ital »day life« is cap­tured in our person­al interpretation of the dig­ital identity as an amorp­hous sculp­ture.
The Process Page says more about how they did it.

Missing: Privileged Account Management for the Social Web.

This year at SXSW I moderated a panel about OpenID, OAuth and data portability in the Enterprise. We had a community lunch after the panel, and walking back to the convention center, I had an insight about a key missing piece of software – Privileged Account Management (PAM) for the Social Web – how are companies managing multiple employees logging in to their official Twitter, Facebook and YouTube accounts?

I thought I should also explain some key things to help understand conventional PAM then get to social web PAM in this post covering:

  1. regular identity management in the enterprise,
  2. regular Privileged Account Management in the enterprise
  3. Privileged Account Management for the Social Web.


1) IdM (Identity Management) in the Enterprise

There are two words you need to know to get IdM and the enterprise: “provisioning” and “termination“.

a) An employee is hired by a company. In order to login to the company’s computer systems to do their work (assuming they are a knowledge worker), they need to be provisioned with an “identity” that they can use to log in to the company systems.

b) When an employee leaves (retires, quits, laid off, fired), the company must terminate this identity in the computer systems so that the employee no longer has access to these systems.

The next thing to understand is logs.

So, an employee uses the company identity to do their work and the company keeps logs of what they do on company systems. This kind of logging is particularly important for things like accounting systems – it is used to audit and check that things are being accurately recorded, and who did what in these systems is monitored, thus addressing fraud with strong accountability.

I will write more about other key words to understand about IdM in the enterprise (authentication, authorization, roles, directories) but I will save these for another post.

2) Ok, so what is Privileged Account Management in the Enterprise?

A privileged account is an “über”-account that has special privileges. It is the root account on a UNIX system, a Windows Administrator account, the owner of a database or router access. These kinds of accounts are required for the systems to function, are used for day-to-day maintenance of systems and can be vital in emergency access scenarios.

They are not “owned” by one person, but are instead co-managed by several administrators. Failure to control access to privileged accounts, knowing who is using the account and when, has led to some of the massive frauds that have occurred in financial systems. Because of this, the auditing of logs of these accounts are now part of compliance mandates in

  • Sarbanes-Oxley
  • the Payment Card Industry Data Security Standard (PCI DSS),
  • the Federal Energy Regulatory Commission (FERC),
  • HIPAA.

Privileged Account Management (PAM) tools help enterprises keep track of who is logged into a privileged account at any given time and produce access logs. One way this software works is: an administrator logs in to the PAM software, and it then logs in to the privileged account they want access to. The privileged account management product grants privileged user access to privileged accounts [1].

Links to articles on PAM, [1] Burton Group Identity and Privacy Blog, KuppingerCole, Information Security Magazine.

3) Privileged Account Management on the Social Web.

Increasingly companies have privileged accounts on the social web. Dell computers has several for different purposes. Virgin America, (they link to the account from their website – thus “validating” that this is their real account), JetBlue, Southwest Airlines, Zappos CEO, (employees who twitter), Comcast Cares (Frank Eliason) (interestingly comcast on twitter is blank).

Twitter is just the tip of the iceberg – there are also “fan pages” on Facebook for brands. Coca-Cola, Zappos, NYTimes, Redbull, Southwest, YouTube Channels, Dunkin’ Donuts, etc, etc. on thousands of other platforms and yet-to-be-invented services.

These are very powerful accounts – they are managed and maintained by many employees around the clock and are the public voices of companies.

I have yet to see or hear of any software tools to enable enterprises to manage Social Web privileged accounts. How are companies managing access by multiple employees to these accounts?

Is there software that does this yet?

Is anyone working on these kinds of tools?

Leave your comments here or tweet with me @identitywoman

SSN’s can be guessed

This just in from slashdot:

“The nation’s Social Security numbering scheme has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth. The researchers used the information they gleaned to predict, in one try, the first five digits of a person’s Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003.

This is from the Wired coverage:

By analyzing a public data set called the “Death Master File,” which contains SSNs and birth information for people who have died, computer scientists from Carnegie Mellon University discovered distinct patterns in how the numbers are assigned. In many cases, knowing the date and state of an individual’s birth was enough to predict a person’s SSN.

“We didn’t break any secret code or hack into an undisclosed data set,” said privacy expert Alessandro Acquisti, co-author of the study published Monday in the journal Proceedings of the National Academy of Sciences. “We used only publicly available information, and that’s why our result is of value. It shows that you can take personal information that’s not sensitive, like birth date, and combine it with other publicly available data to come up with something very sensitive and confidential.”

Basically it means we shouldn’t be honest about our date of birth and home town on Facebook (or any other social network) or we are making ourselves vulnerable to discernment of our SSN’s. I wonder if they can figure out mine? I received my as an adult when I was attending college in California.

I decided to poke around and see what Facebook had up about Identity Theft. I did find a link to this study that created a profile by “Freddi Stauer,” an anagram for “ID Fraudster,”.

Out of the 200 friend requests, Sophos received 82 responses, with 72 percent of those respondents divulging one or more e-mail address; 84 percent listing their full date of birth; 87 percent providing details about education or work; 78 percent listing their current address or location; 23 percent giving their phone number; and 26 percent providing their instant messaging screen name.

Sophos says in most cases, Freddi also got access to respondents’ photos of friends and family, plus a lot of information about personal likes and dislikes, and even details about employers.

Facebook users were all too willing to disclose the names of spouses and partners, with some even sending complete resumes. One facebook user divulging his mother’s maiden name—the old standard used by many financial and other Web sites to get access to account information.

Most people wouldn’t give this kind of information out to people on the street but their guard sometimes seems to drop in the context of a friend request on the Facebook site, O’Brien says.

According to Sophos, the results of what it calls its Facebook ID Probe has significance for the workplace as well as personal life because businesses need to be aware that this type of social-networking site may pose a threat to corporate security.

I have tried to search the Facebook blog to see what they have to say about identity theft and apparently they haven’t mentioned it.

India says it will be creating National ID for Citizens

I found this last night on Slashdot – it was to important not to blog about. “India to Put All Citizen Info into Central Database

Reading the article in The Independent this stood out for me

The creation of the ID or Unique Identification Number (UID) was a major plank of the manifesto of the ruling Congress Party during the recent election.

India is not a western democracy where “everyone” has papers and certificates of birth. As the article highlights

“This could be used as a security measure by the government which leaves migrant workers, refugees and other stateless people in India in limbo, without access to public services, employment and basic welfare.”

Our identities don’t come from government – they come from our social interactions and relationships.

The other issue that comes from this is “everyone in one database” is a giant honey pot.

Cultivating Community

Communities don’t usually “just happen” there is idea, or vision that attracts people, and there are community organizer(s) or catalysts that proactively seek out others who share a vision and help bring a community together.

Growing community, cultivating community, nurturing community, weaving community, building community, creating community – all slightly different metaphors describing this process that happens when people make the effort to create space (an environment) for people to meet, inviting people into the space and encouraging conversations that help connections and foster relatedness.

Community is what unfolds when people come together voluntarily, learn about one another, begin to care about one another, and start to do things together. In doing things together that are successful, trust develops and people begin to work and act together IN community, doing progressively more difficult things, becoming strong and more resilient.

Thanks to Malcolm Gladwell’s The Tipping Point we know about Connectors, Mavens, and Salespeople, social archetypes that play different roles, each with their own value in helping information flow, networks form and communities emerge.

It was great to have him articulate this i finally had a label for my own activity/passion – I have become a maven of a few things throughout the years. user-centric digital identity was a subject I really got into in 2003-4. I read everything I could about the subject as I began to meet some of the people thinking about it. I became passionate about the topic and applied my connector skills and started meeting finding people who were interested in the subject. Those who didn’t know about the subject I sold them on the idea :). I am not by nature a sales person about “anything” but only those things I believe in.

One can also see a community as the evolution and maturing of a network, that is the relationships between people. When beginning the links might be very weak, but in time as the potential community members get to know each other and take action together and the ties strengthen; they become a stronger and more resilient “real” community. A paper that was very influential in my understanding was Building Smart Communities through Network Weaving by Valdis Krebs and June Holley that I read in 2003 (along with every popular science book on network science out then: Linked, Sync, Six Degrees, Emergence, Nexus)

This paper investigates building sustainable communities through improving their connectivity – internally and externally – using network ties to create economic opportunities. Improved connectivity is created through an iterative process of knowing the network and knitting the network.

Knowing the network and knitting the network have been foundational in my practice of community weaving. I regularly meet with people in the community and help them get connected to others who’s work is related to their goals. Two examples first RSA as often happens those new to the community “knock on my door” and ask to meet for lunch or coffee to share what they are doing and learn more about who they should connect to in the community. Mike wanted to meet with me he to share about his new company Gluu that does inter-domain identity. It was great to learn what he was up to and also share papers/doc’s/projects relevant to his work and people he should meet. Yesterday I followed up with someone I invited to/and attended IIW. I spent 2.5 hours talking with Joe Johnston who attended about his efforts to bring interoperable identity (OpenID and other things) to Pachamama Alliance and other organizations with similar missions.

In terms of knowing and knitting networks between different communities/standards bodies/consortia/projects I wrote a post about Community Diplomats and Community Diplomacy last year thinking about different community-connecting roles and how if they are named they can be seen better and foster inter-group collaboration and communication.

Another essential but often un-named aspect/milestone of community development is communities development is shared language and then shared understanding. Shared Language is a prerequisite to collaboration enabling what were different perspectives and world views to sync, and then out of that it is much easier to work together. Eugene articulates three elements needed to create shared language:

  • Share individual contexts
  • Encourage namespace clash
  • Leave enough time and space to work things out

An example of shared language that was developed in the community was the identity gang lexicon that Paul and others worked on in 2004-2005 so that when discussing different identity technologies there was at least a common language to talk about them.

Another example of the evolution of the communities shared understanding grew out of Johannes original presentation at IIW2006 with the identity triangle with three pillars – user-controlled, company controlled and then microsoft controled. He did an updated it almost a year later explaining of the community language and understanding had evolved. This starting point was moved forward by Eve Maler creating the Venn of Identity and became an IEEE paper written by her and Drummond Reed. Johannes has continued to be a wholistic thinker about the landscape and in 2008 he articulated an onion to think about which identity technologies are applicable where.

Space and Spaciousness for community to form is a key part of what the Internet Identity Workshops have been about about. We have never “set the agenda” there but instead allow anyone attending to post a session idea. We encouraged dialogue with space rather then having an agenda.   

We have an amazingly rich community fabric of working relationships that is both resilient and delicate.

Personal Anchor on the Web for Digital Identity – CC Images

I got a request for the images I posted in “Personal Anchors on the Web for Digital Identity” from David Larlet to use in a slide presentation in France. I decided to open them up and post them here.

Below are versions with english text and a version without english text.

[Read more...]

Personal Anchors on the Web for Digital Identities

I have been evangelizing about user-centric identity on the web 5 years. I talk about the ideas with people constantly explaining and re-explaining different developments in the field, forward looking projects and visionary ideas community members talk about. I watch what I say carefully and I notice when I start thinking and explaining something differently.

The new term that has emerged for me this week is “anchor on the web”... as in Where is your anchor on the web? or People have an anchor on the web – this is there “identity” – the question is do they control (owning a domain name) it or is it controlled by the company that does.

200906160037.jpg

I link this metaphor because it evokes the image of a boat that is you and an anchor that is linking you to somewhere – do you want this to land in a stable place that you have control over? Likely yes – if you anchor to someone else’s ship (have your name in their domain space) you are literally tied to them. Rather then being able to visit them on your own terms and leave if you like.

200906160058.jpg  

You can get copies of these images under CC license here.

In my last post I talked about facebook URLs and people getting their own domain name along with the contrast of usability with each. Chris Messina also wrote about facebook URLs and correctly points out that this is a battle over your digital identity.

I got a comment today from IWantMyName.com (they also have a blog) saying I was absolutely right about usability issues that domain registrars have.

You are absolutely right. It’s a common problem of domain registrars / hosting providers. They’re too focused on up-selling other services and the secondary market instead of serving the actual internet user. We’re watching the identity community closely with iWantMyName and will definitely provide identity management features in the future. For now, we already made the domain registration process easy and are helping users setting up apps like Gmail, Tumblr, Posterous etc.

Coincidently – today at SemTech the CEO of Nombray presented as part of Chris Saad’s talk about DataPortability. They let you very easily create a website under your own domain name that aggregates your information from around the web. I haven’t paid the $10 yet but I was very impressed with the usability of the sign up process and you can see my the 1/2 working site here.

There is of course Chi.mp too – but some how it feels a bit more like being tied to somewhere then actually owning your own domain (paying for it) and setting up the services under it.

The next level of interoperability and user-empowerment will be the way these systems map/document your online life and how they give you the data in a standard way when you leave their service to go to a different one.

I am hopeful these sites are the basis of what will become personal data stores that project VRM has brainstormed about and people/companies are developing.

UpDate: Wow and that was Post: 1000 for this blog!

FU – The Monday After, Facebook Usernames and Your Domain on the Web

Last week it was announced that on on Friday Night at 9pm Pacific Facebook had a name space land rush. Everyone was free to pick for themselves their username that would appear in their URL. facebook.com/username

I actually found this a bit surprising – remember the big debate on the Social Web TV I had with Josh Elman about “real names.” He was against handles completely and felt that the big value facebook brought was “real names”. I argued for handles and the freedom to choose one’s “identity” on the web. I made the point that free society – having the ability freedom to have the option to have and use handles on the web NOT linked to our given/ in real life names. Another thing is that handles help us navigate namespace clash from regular names. Max from MySpace is 8bitkid not some other Max in a sea of Max’s.

I ran into Josh Elman at the Building43 party and we agreed I kinda won the debate with this latest development. It seems that having peoples pages rank higher in google is helped by having readable URL’s.

They of course “strongly encouraged” people to just pick a URL with one’s real name and did so by “suggesting” names that were derivatives of one’s name. You could override this and type in your own name choice (however defaults matter so most people will end up with names similar to their real name – rather then being asked to think up one). They give users an addressable identity.

Max Engel of MySpace became /8BitKid – his handle “everywhere”

David Recordon surprisingly didn’t go with DaveMan692 – his handle most places – he is /DavidRecordon

My friend Jennifer became /dangerangel as she had originally signed up for in Facebook but they disallowed her to have it.

I just became /Kaliya (I am hoping I can get enough fans to claim /identitywoman for that persona)

What is particularly interesting is the layers of identity in Facebook.

With a Facebook URLFacebook has the one’s username is not one’s e-mail address as it is with Google profiles and one also has a common name (or as they say “real name”) that is presented to throughout the system.

Google ironically enough they ask if you want a “contact” me button on your page that does not give away your e-mail address when the profile URL gives away your e-mail address.

Twitter has /usernames AND another display name of your choosing that is changeable (the /usernames are not). However most twitter clients display one or the other. If you are used to seeing the display name and then are on your phone that is only showing @handle /username then you don’t know who is talking.

Facebook usernames is another example Twitter feature adoption by Facebook others being activity streams becoming much more like twitter streams.

I said when I first “got” twitter about 18 months ago – a big part of the value it provided was its namespace. It gave me a cool anchor on the web that allowed communication between me and others via the web.

So how is it going so far? Inside facebook reports that over the weekend 6 million folks – 3% of their userbase gut URLs. 500,000 in the first 15 min, 1,000,000 in the first hour and 3 million in the first 14 hours.

There were several examples of FaceSquating. Mike Pence took Obiefernadez’s name.

Anil Dash has the funniest post ever about the whole thing. Highlight the point that users don’t need facebook URL’s they can just get their own domain name. He repeats this throughout the post about what these services are not telling you:

None of these posts mention that you can also register a real domain name that you can own, instead of just having another URL on Facebook.

I completely agree with him – he also misses a key point the usability of facebook is vastly higher then the usability of domain name registration, cpanel management and other things involved in getting ones own personal web presence going. DiSo isn’t hear yet so we can’t link to our friends without linking capability that a facebook provides. I suppose Chi.mp was trying to

He links to a post of his from December 2002 called privacy and identity control.

I own my name. I am the first, and definitive, source of information on me.

One of the biggest benefits of that reality is that I now have control. The information I choose to reveal on my site sets the biggest boundaries for my privacy on the web. Granted, I’ll never have total control. But look at most people, especially novice Internet users, who are concerned with privacy. They’re fighting a losing battle, trying to prevent their personal information from being available on the web at all. If you recognize that it’s going to happen, your best bet is to choose how, when, and where it shows up.

That’s the future. Own your name. Buy the domain name, get yourself linked to, and put up a page. Make it a blank page, if you want. Fill it with disinformation or gibberish. Plug in other random people’s names into Googlism and paste their realities into your own. Or, just reveal the parts of your life that you feel represent you most effectively on the web. Publish things that advance your career or your love life or that document your travels around the world. But if you care about your privacy, and you care about your identity, take the steps to control it now.

In a few years, it won’t be as critical. There will be a reasonably trustworthy system of identity and authorship verification. Finding a person’s words and thoughts across different media and time periods will be relatively easy.

What people don’t quite get is that if they anchor their whole online life around someone else’s domain they are locked in. When I first started paying attention to user-centric identity online this was one of the meta-long term issues that the first identity commons folks (Drummond Reed, Fen Lebalm, Owen Davis, Andrew Nelson, Eugene Kim, Jim Fournier, Marc Le Maitre, Bill Barnhill, Nikolaj Nyholm, etc).

A few of them wrote a paper about it all – THE SOCIAL WEB – Creating an Open Social Network with XDI.

They liked the XRI/i-names architecture because it addressed the URL recycling problem with a layer of abstraction. All i-names also have linked to them a conical identifier – an i-number. This number is never reassigned in the global registry. However one could “sell” one’s i-name (mine is =kaliya) and that new person could use it but it would have a different i-number assigned to it for that person.

This past week at the Online Community Unconference we were talking about the issue of conversation tracking around blog conversations. How an one watch/track the conversation about one’s work if it is cross posted on 10 different sites OR if it is just posted in one place and one is distributing a link through 10 different channels? We never did get to an answer – I chimed in that the web was missing an abstraction layer – that if one could have a canonical identifier for a post that was up in 10 different places this would make it easier to track/see conversations about that post. What we do have now that we didn’t have 3 years ago for helping track conversations across multiple contexts is OpenID at least so you can see if someone commenting in one place is the same as someone commenting in another.

There is an additional layer of abstraction in the XRI architecture that supports several things are key to helping people integrate themselves and information about themselves on thew web.

One is cross referencing – so I could have have two different (URI) addresses for the same information (in the identifier – not just mapped over one another leaving me with one address OR the other) and also have one version of my profile be the one I controlled and a different be a version that appeared in a certain social context.

There is also a concept of much finer grained data addressability and control – so I could have my home address in one place and instead of entering this into each website/services/company portal that I want to have this information – just hand them a link to the canonical copy I manage and then I don’t have to change it everywhere. This is of course where the VRM folks are going with their architectures and services.

We shall see how it all evolves. That is what we do at the Internet Identity Workshop is keeping on working on figuring this all out.

Surfacing back into Cyberspace at Building 43 today

Basically this post is to say I am “back” – I have a bit more time on my hands this summer to pay attention to Cyberspace and want to give attention to expressing my thoughts and ideas in text online again. I am inspired by this mention by Scoble around the launch of  Building 43 that is happening today. I thought it was an actual physical space when I got the invitation. Turns out it is a website that Robert Scoble is leading. It is focused on what he calls the 2010 web and others call Web 3.0.

Here’s another way to put it. When you look at Techmeme and see all the tech bloggers yammering on about the latest cool things, the way they were this week about Facebook’s new URLs that are coming out tomorrow, or Apple’s new iPhone, do they look backward and think about the average businessperson? Not in my experience. We don’t have an industry conversation about how to actually use all this cool stuff to improve lives, make businesses stronger and closer to their customers, and have some fun.

A few people here and there are trying. I watch what Chris Messina, David Recordon, Marc Canter, Joseph Smarr, Kaliya Hamlin, and a group of others are trying to do by pushing a more open web. Those are the kinds of efforts that inspire me and are inspiring Building43. Can we build on what they are trying to do and take it to main street?

This actually impresses me cause I thought Scoble had just become an internet micro-celebrety for its own sake. I look forward to contributing to the conversation about the future of what is becoming a very social web where peoples identity online matters deeply.

Here is where I have been since my last post.

Since Social Web Foo Camp and posting the 80% complete article about communities context and online life. I haven’t blogged. I have been very busy though.

Immediately following I attended the “identity day” at RSA on Monday April 20th –  talks were given from the front of the room for a day. Liberty Alliance put the day together along with the Information Card Foundation- The Kantara Initiative was “launched”. I am not clear that the format of the day actually provided greater understanding by those outside our community that are confused by all the activity.

The exciting thing that happened leading up to this day was the launch of the new Information Card Foundation Website – I gave some feedback that was included in the core language and messaging. It has great Flash animation explaining the cards along with featured projects including the GSA Demo.

RSA was fun – I didn’t spend to much time in sessions mostly talking to people in the community. I led a peer-to-peer session on Business Models for Claims Based Identity. A good group attended however the room layout was cold and stale. (I will be writing about it on my unconference blog shortly).

Penguin Day followed on April 25th. This is a super fun day facilitated by Allen Gunn focused on Non-Profits and Open Source. I learned more about TikiWiki as a content management system (I am considering it as the platform for She’s Geeky). I also was impressed by how much CiviCRM had improved. I also talked to a college registrar very interested in how information card technology might play a roll in getting them out of paper based management of student records and certification.

The Nonprofit Technology Conference followed – they had a large exhibit hall and I talked to many of the vendors there about OpenID and Information Cards – about 1/2 had heard about OpenID and almost none about Information Cards. It was great to talk to my friends in the industry (I have been attending this conference since 2004). Social Actions is progressing and is creating a way to aggregate action information for social good.

I flew to NYC to facilitate the Creative Unconference on May 7-8 put on by the One Club for Art and Copy collaborating with the Society for Digital Agencies.  This was during Creative Week. The One Club gives out bronze, sliver and gold pencil’s – some of the most prestigious awards in the advertising business. They attended their interactive awards on Friday night – I brought Robert Tolmach along as a guest and he told me about his new project – Class Wish.

I went to DC and spent the day at the Sex 2.0 conference at the intersection of social media, feminism and sexuality. I was particularly interested in how this community was thinking thinking about and dealing identity online and off. Many people had names they went by within the community that were different from their “every day” names. Several presenters talked about having two facebook profiles (one for their sex life and one for regular life) I pointed out that this against facebook policy and they were surprised – it seemed very natural to have two persona’s. Other presenters talked about being fully “out” completely linking their sex life.

I attended the Anita Borg Institute for Women in Technology Women of Vision Awards. It was a very inspiring evening. Padmashree Warrior the CTO of Cisco was the key note speaker – she was super inspiring and gave ideas about how to connect to the community 2.0 audience.

I spoke at Community 2.0 about identity technologies. I covered OpenID, OAuth and Information Cards and at the end mentioned project VRM for those who were very forward looking. It was a relatively small conference and I spent a lot of time preparing for the talk with my speech coach. My issue has been having to much to say – I can talk about identity for hours and in great detail. Lura helped me figure out what to say. I did a good job clearly communicating and had several people say they enjoyed my talk and it gave them some practical information not just social media guru hype.

I went to the first day of the VRM workshop and was totally impressed by the quality of projects and companies working in the space. Several attendees didn’t know about IIW and a few signed up to attend.

The Internet Identity Workshop was AMAZING. We had the same number of attendees as we usually do. I am going to write some more posts about the event soon. The next IIW is November 3-5 in Mountain View.

I went to the Maker Faire on Sunday the 31st of May – it was fun to see all the stuff people are making. I also got a LiveScribe Pen. I will be using it for diagrams on this blog in the coming months.

June 1 was CommunityOne where i saw Jono Bacon talk about Community there were 10 people to see him speak in an auditorium that held 1000.

I flew to Boston and met with Fabio Carara of the Venice Project Center and Venice 2.0 – they are considering how to leverage 20 years worth of geo-data. We are discussing building a community including a few unconferences.

I had dinner with Mary Ruddy and we continued progress on Identity Commons infrastructure – particularly our new blog/website.

I facilitated the Mass Technology Leadership Council Spring Meeting that asked the question “What is the future of Software and the Internet” I lead a session on identity – they asked good questions and were impressed by all the activity in the space.

I flew to San Francisco – to make it back for the 2nd Scala Lift Off. Scala is a programming language – some describe as Java++, Lift is a web framework. This is a great programming language community with an healthy online community life. I work supporting them in community building when the meet face-to-face.

Yesterday I was working with Forum One facilitating the 4th Online Community Unconference. This is a great community of online community managers (the folks who moderate online community), platform providers (software providers) and hosts (companies that have online communities). I presented a session about OpenID, OAuth and Information Cards – I even got a bottle of wine during the closing from one of the attendees thanking me for the quality of information that I shared.

Today it is the Building 43 party at Tech Crunch and next week is SemWeb in San Jose – I will likely make it to the Personal Democracy Forum. The next “identity” event is Burton Group Catalyst at the end of July in San Diego.

I look forward engaging in this medium again with a post every few days.

Community Contexts and Weaving Social Web

Yesterday morning I put up an early version of a model I have been thinking about since 2004 about linking face to face communities of different kinds and online social tools.

Community Contexts and Weaving the Social Web

It is an EARLY version – like 80% done. The diagrams will be improved – I threw in what was on the white board yesturday after our conversation. I am hoping with some feedback to complete it by the end of this month.