ID biz models “in the future maybe” says Johannes

Johanne Ernst is a builder of Identity technologies (and one of the clearest thoughtful thinkers about identity technologies and markets. He just posted a great post about business models in the identity space. I know he has at various times tried raise money as an entrepruner in this space – so he has thought a lot about the business models.

For those of you who don’t know Johannes he developed Light-Weight Identity (LID) a URL based ID system at the same time Brad Fitzpatrick did at Live Journal and then participated in merging it all together into YADIS discovery which became woven together with OpenIDv1, XRI/i-names  and sxip to become OpenIDv2. He also was the first drawer of the identity triangle (OpenID, SAML, InfoCards) which evolved into the Venn of Identity.

Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

The mot important sentence is this one – Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

I take heart with what he has to say especially because he addresses it to a big part of what I do – organize (un)conferences to continue momentum for the field.

From his post:

Value-added services:
Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

So the verdict here is: perhaps in the future.   

So what’s an analyst, or conference organizer, or entrepreneur, or venture capitalist to do?

My take: Hang in there, keep the burn rate low, make no major moves, would be my advice. (Believe it or not, sometimes I’m being asked about my advice on this.) All the signs are pointing in the right direction, the latest being Google’s major OpenID push. Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

Sooner or later, at least the value-added services opportunity will emerge. Perhaps others. But so far it has not yet.

FU – The Monday After, Facebook Usernames and Your Domain on the Web

Last week it was announced that on on Friday Night at 9pm Pacific Facebook had a name space land rush. Everyone was free to pick for themselves their username that would appear in their URL. facebook.com/username

I actually found this a bit surprising – remember the big debate on the Social Web TV I had with Josh Elman about “real names.” He was against handles completely and felt that the big value facebook brought was “real names”. I argued for handles and the freedom to choose one’s “identity” on the web. I made the point that free society – having the ability freedom to have the option to have and use handles on the web NOT linked to our given/ in real life names. Another thing is that handles help us navigate namespace clash from regular names. Max from MySpace is 8bitkid not some other Max in a sea of Max’s.

I ran into Josh Elman at the Building43 party and we agreed I kinda won the debate with this latest development. It seems that having peoples pages rank higher in google is helped by having readable URL’s.

They of course “strongly encouraged” people to just pick a URL with one’s real name and did so by “suggesting” names that were derivatives of one’s name. You could override this and type in your own name choice (however defaults matter so most people will end up with names similar to their real name – rather then being asked to think up one). They give users an addressable identity.

Max Engel of MySpace became /8BitKid – his handle “everywhere”

David Recordon surprisingly didn’t go with DaveMan692 – his handle most places – he is /DavidRecordon

My friend Jennifer became /dangerangel as she had originally signed up for in Facebook but they disallowed her to have it.

I just became /Kaliya (I am hoping I can get enough fans to claim /identitywoman for that persona)

What is particularly interesting is the layers of identity in Facebook.

With a Facebook URLFacebook has the one’s username is not one’s e-mail address as it is with Google profiles and one also has a common name (or as they say “real name”) that is presented to throughout the system.

Google ironically enough they ask if you want a “contact” me button on your page that does not give away your e-mail address when the profile URL gives away your e-mail address.

Twitter has /usernames AND another display name of your choosing that is changeable (the /usernames are not). However most twitter clients display one or the other. If you are used to seeing the display name and then are on your phone that is only showing @handle /username then you don’t know who is talking.

Facebook usernames is another example Twitter feature adoption by Facebook others being activity streams becoming much more like twitter streams.

I said when I first “got” twitter about 18 months ago – a big part of the value it provided was its namespace. It gave me a cool anchor on the web that allowed communication between me and others via the web.

So how is it going so far? Inside facebook reports that over the weekend 6 million folks – 3% of their userbase gut URLs. 500,000 in the first 15 min, 1,000,000 in the first hour and 3 million in the first 14 hours.

There were several examples of FaceSquating. Mike Pence took Obiefernadez’s name.

Anil Dash has the funniest post ever about the whole thing. Highlight the point that users don’t need facebook URL’s they can just get their own domain name. He repeats this throughout the post about what these services are not telling you:

None of these posts mention that you can also register a real domain name that you can own, instead of just having another URL on Facebook.

I completely agree with him – he also misses a key point the usability of facebook is vastly higher then the usability of domain name registration, cpanel management and other things involved in getting ones own personal web presence going. DiSo isn’t hear yet so we can’t link to our friends without linking capability that a facebook provides. I suppose Chi.mp was trying to

He links to a post of his from December 2002 called privacy and identity control.

I own my name. I am the first, and definitive, source of information on me.

One of the biggest benefits of that reality is that I now have control. The information I choose to reveal on my site sets the biggest boundaries for my privacy on the web. Granted, I’ll never have total control. But look at most people, especially novice Internet users, who are concerned with privacy. They’re fighting a losing battle, trying to prevent their personal information from being available on the web at all. If you recognize that it’s going to happen, your best bet is to choose how, when, and where it shows up.

That’s the future. Own your name. Buy the domain name, get yourself linked to, and put up a page. Make it a blank page, if you want. Fill it with disinformation or gibberish. Plug in other random people’s names into Googlism and paste their realities into your own. Or, just reveal the parts of your life that you feel represent you most effectively on the web. Publish things that advance your career or your love life or that document your travels around the world. But if you care about your privacy, and you care about your identity, take the steps to control it now.

In a few years, it won’t be as critical. There will be a reasonably trustworthy system of identity and authorship verification. Finding a person’s words and thoughts across different media and time periods will be relatively easy.

What people don’t quite get is that if they anchor their whole online life around someone else’s domain they are locked in. When I first started paying attention to user-centric identity online this was one of the meta-long term issues that the first identity commons folks (Drummond Reed, Fen Lebalm, Owen Davis, Andrew Nelson, Eugene Kim, Jim Fournier, Marc Le Maitre, Bill Barnhill, Nikolaj Nyholm, etc).

A few of them wrote a paper about it all – THE SOCIAL WEB – Creating an Open Social Network with XDI.

They liked the XRI/i-names architecture because it addressed the URL recycling problem with a layer of abstraction. All i-names also have linked to them a conical identifier – an i-number. This number is never reassigned in the global registry. However one could “sell” one’s i-name (mine is =kaliya) and that new person could use it but it would have a different i-number assigned to it for that person.

This past week at the Online Community Unconference we were talking about the issue of conversation tracking around blog conversations. How an one watch/track the conversation about one’s work if it is cross posted on 10 different sites OR if it is just posted in one place and one is distributing a link through 10 different channels? We never did get to an answer – I chimed in that the web was missing an abstraction layer – that if one could have a canonical identifier for a post that was up in 10 different places this would make it easier to track/see conversations about that post. What we do have now that we didn’t have 3 years ago for helping track conversations across multiple contexts is OpenID at least so you can see if someone commenting in one place is the same as someone commenting in another.

There is an additional layer of abstraction in the XRI architecture that supports several things are key to helping people integrate themselves and information about themselves on thew web.

One is cross referencing – so I could have have two different (URI) addresses for the same information (in the identifier – not just mapped over one another leaving me with one address OR the other) and also have one version of my profile be the one I controlled and a different be a version that appeared in a certain social context.

There is also a concept of much finer grained data addressability and control – so I could have my home address in one place and instead of entering this into each website/services/company portal that I want to have this information – just hand them a link to the canonical copy I manage and then I don’t have to change it everywhere. This is of course where the VRM folks are going with their architectures and services.

We shall see how it all evolves. That is what we do at the Internet Identity Workshop is keeping on working on figuring this all out.

Pushing and Pulling with XDI

So there has been this whole fullry of activity on the list about pull vs. push. Guess what – XDI can do both. …oooo… I found this quote while pulling apart ancient identity commons presentations for the 2.0 version that I am presenting next week at the W3C workshop.

Today on the internet html links are essentially one-way “strings” that connect the two documents, allowing the linked document to be “pulled” down into a browser.

Links using XDI change this one way static dynamic by creating a two-way “data-pipe” through which data can actively flow in either direction (“push” or “pull”). This flow can be controlled automatically by “valves” on either end called XDI link contracts.

Like real-world contracts, link contracts are flexible enough to address virtually any aspect of data authority and control. They can govern:

Authority: Who controls the data being shared via the contract?
Authentication: How will each party prove its identity to the other?
Authorization: Who has what access rights and privileges to the data?
Privacy and usage control: What uses can be made of the data and by whom?
Synchronization: How and when will the subscriber receive updates to the data?
Termination: What happens when the data sharing relationship is ended?
Recourse: How will any disputes over the data sharing agreement be resolved?

NTEN roundup

I spent Tuesday in DC at the NTEN – Nonprofit Technology Enterprise Network conference on Data Integration. Andy and I were at the morning session on open standards. We both got comments afterwards that our comments and information about i-names and XDI were better then the content of the panelists. Andy had this to say about his learnings.

They are all talking about how to better tether their horses to their carts. I tried to tell them about cars… They wanted to know how you tether a horse to a car…There needs to be a real paradigm shift. It’s going to take some time, and a lot of work. The glimmer of hope; there were a few people there that really got it. Together with those few people I think we can move this stuff forward by leading by example.

I got to reconnect with Ed Batista the former ED of NTEN and now Director of Attention Trust (he also is 1/2 time at Beconfire as a consultant). He specifically mentioned Eric’s article about Web 3.0 looking at Identity and Web 2.0.

Announcing the Internet Identity Workshop (IIW2005)

There’s been considerable conversation around identity on the Internet, or what some would call grassroots identity. Providing identity services between people, websites, and organizations that may or may not have any kind of formalized relationship is a different problem than providing authentication and authorization services within a single organization. Many have argued that the lack of a credible identity infrastructure will eventually result in the Internet being so overrun with fraud as to make it useless for many interesting uses.

To solve this problem, or pieces of it, companies and individuals have made a variety of architectural and governance proposals. Some of these include:

Myself, Phil Windley, Drummond Reed, and Doc Searls are hosting the Internet Identity Workshop in Berkeley on October 25 and 26th to provide a forum to disucss these and other architectural and governance proposals for Internet-wide identity services and their underlying philosophies. The workshop will comprise a day of presentations on Internet-scale identity architectures followed by a day of structured open space to accommodate the range of topics and issues that will emerge from day one and other issues and identity services that do not fit into the scope of the formal presentations. We’re hoping that adding a little more formality to the conversation will aid in digesting some of the various proposals.
We’re inviting presentations for the first day on the following topics:

  • Problems, issues, politics, and economics or Internet-scale identity systems.
  • Architectures for Internet-scale identity systems
  • Philosophies that drive architectural decisions in these systems (see Kim Cameron’s Laws of Identity for an example of such a philosophy

If you’d like to present on some other topic, drop one of us a line first and we’ll see how it fits in. Prospective presenters will be asked to submit a 250-300 word abstract. We hope to accomodate everyone, but we may end up picking from the abstracts.

I’m excited about this and looking forward to it. I hope we can have a good set of presentations the first day and a solid day of discussion the second. If you’re interested in this sort of thing, I hope to see you there. Please read the full announcement for some other details and register if you’re coming. There is a $75 charge to cover the cost of the venue, administrative expenses, and the cost of snacks and lunch both dats.

Revolutionizing Marketing: The Business Case for XRI/XDI

Dear Marketing: An Open Letter From Your Customer
by Chris Maher of Fosforus

Opening:

Over the years, I have had an uneasy relationship with you. I’ve not cared one bit for being your prospect. And, as it seems that being your customer is just an extension of a permanent, unrelenting and ever-more-intrusive marketing campaign, I’m not nuts about being your customer, either.

He quotes David Glen Mick from a paper Searching for Byzantium: A Personal Journey into Spiritual Questions that Marketing Researchers Rarely Ask

Another set of spiritual questions we seldom ask ourselves concerns the effects of marketing and consumption on human character. By character I do not mean human values, but rather our psychological temperament as we go about our daily activities. What kind of person does marketing and consumption encourage or discourage?

Mick’s answers include examples of qualities of temperament that are, in his opinion, encouraged by marketing and consumption: impatience, incivility, judgmentalism and distrust.

He continues to articulate the problems with marketing and gets to the heart of the matter by offering a new model.

What I’m recommending is the creation of (what I will call) a “custnomer”: a data alias or new “name” for that me that gets profiled by your computer systems.

At a minimum, this will mean that my customer records and data won’t have my real name appended to them. There are too many thieves and scammers out there who are seeking to use my good name and the records attached to it. Grab your nearest CIO and Chief Privacy Officer (and maybe the Chief Security Officer, though that person is probably on Zoloft at present) by their lapels and strongly encourage them to begin in-depth research into the promising work on Extensible Resource Identifiers (XRI) and XRI Data Interchange (XDI).

The Daddy of XRI, Drummond Reed, is someone I consider a friend …is, without question, the darned nicest and most patient technology visionary that you will ever come across. There isn’t an ounce of ego in his dealings with us woefully common folk.

Warning: XRI/XDI is not some obscure, trivial “tech thing” that will only be meaningful to those who mumble to themselves and spend half their lifetimes slaughtering innocents and evil-doers… virtually, that is. XRI/XDI has encoded within it is a simple, powerful idea that will come true over time and will change your business: “My private data is mine.”

He goes on to highlight data anonymity and the work of Latanya Sweeney, Assistant Professor, Institute for Software Research International at Carnegie-Mellon University.

Here’s how Sweeney describes what she does:

Perhaps the biggest clash between technology and society involves privacy. The task of maintaining privacy and confidentiality in a globally networked, technically empowered society is quite difficult, tricky and fun.

Data privacy (or more precisely, data anonymity) is emerging as a new study within computer science that is the study of computational solutions for releasing information about entities (such as people, companies, governments) such that certain properties (such as identity) are controlled while the data remain practically useful. While these problems have been studied, in part, by statisticians and earlier computer scientists, their solutions have been rendered insufficient in today’s technically empowered society. So, in data anonymity, we develop new approaches and tools for today’s computational environment.

My colleagues and I (in the Laboratory for International Data Privacy, for which, I am the director) take a two-prong approach to data anonymity. On the one hand, we work as data detectives and on the other hand, we also work as data protectors.”

The best part is he finished up with the new business model.

I’m thinking that there’s probably some trustworthy business entity—although, I’m hard-pressed to figure out which it might be—that could serve as my proxy. (Now, banks and/or credit card companies, before you leap to any conclusions, take a long look at your information assurance practices and see the part of this article about the Trusted Computing Group.)

I would willingly provide just enough information, credentials and data that authenticate who I am and which, say, establish my credit-worthiness to a “trusted relationship proxy”: some government-certified, insured, audited, secure entity that would establish and manage the data version of “me” and would become the “gateway” to all (or many) of my most important business relationships. Think of this proxy as an agent who serves as a buffer between me and you.

Catalyst: SSO Simple Secure and Open – Dick on Identity .20

Dick – had a 580 slide deck done Lessig Style
This is a summary of his talk:

We found out about Dick’s Identity

We learned a about what Identity is

What I say about me
What other say about me (others trust this)
So,
identity=reputaiton
What others say about you
We learned about Identity Transactions:
Verbal in person (with visual cues)
Talk on phone (loss of visual cues)
Job Application (fill out form)

We learned about data verification using drivers licenses in the real world and how the process reduces Identity Friction.
Identity Transactions are Asymmetrical
There is separation of the acquisition and presentation of credential
The credential is reusable
Trust is social

What is digital identity?

Identity 1.0 Today

Today it is the hassel of filling out the same information again and again.
Basically today authentication is that you get to prove you are an entry in a directory entry. single authority on one credential – not portable – in silo.

Verified digital Identity is not what you give a site today.
e-bay -/-> Craigslist
We have walled gardens

Identity 2.0 is where the user can move it to any site.

Simple and open has a history of winning in new standards look at:

  • networking
  • e-mail
  • web – html

WHAT DOES IT LOOK LIKE?
Identity Credential exchange is transparent transaction that is scalable.

WHO WILL DRIVE THIS?
users? – to many user names and passwords

won’t pay – little influence

enterprise? - partners, contracts, agents

but risky to lead… can’t get there
Identity 1.5

e-government?

maybe

but localized

Banks?

motivated to solve
theoretical trust relationship

Identity Ecosystem will emerge where

users are loosely coupled
share user identity

We are in a new era

Webservices – Flickr, Mappr, SalesForce

Web 2.0 will drive identity 2.0

It will happen on the edge of the Internet (not the edge of the enterprise).

XRI/XDI no web-service apps

SXIP

name/value pairs
DIGS XML

The goal is to mimic photo ID
With Sxip Network

SXIP 1.0 has had a few tire kickers

SXORE Blog comment spam solution

SXIP 2.0 support web services
SXIP ACCESS
SSO – Simple Secure and Open

Jamie Lewis –
Q: So will this go into a STANDARDS PROCESS?
A: We are working on it. We want to get it very close to right then put it into standards body. I like IETF. Our goal is to be open

Community Blogging -> Semantic Social Network

I just found this link to a talk given at Northern Voice on Community Blogging by Stephen Downes

He wonders about how we manage to pull off the Semantic Social Network. It seems that a key element is functional digital identity for people. I extracted some highlights for you all:

(pssst – he works for the National Research Council of Canada so we might talk with him about XRI/XDI/IC.)

Now my field of study is online learning. That’s where my expertise lies, and I actually don’t really know very much about social networks or blogs or things like that. In online learning… learning – schools, universities – they’re almost the prototypical communities, aren’t they? You gather all these people into one place, you organize them into classes, you get a bunch of subjects together, you slice and dice the range of knowledge that people are supposed to have in order to become productive and obedient members of society.

….

But community as networks of semantic relations, that’s where the connections between members of the community are based on the meaning of those members or of the entities in the network. In other words, in order to create community, rather than a power law, we don’t simply pick the most popular or the most available, we pick the most salient connection.

Well. What does that mean? How does something become the most salient connection? Well we need to analyze, or look at, at least for a moment, what a post means. Or what anything means. What a resource means. Now I say that, I’m saying, what does this post, or this person, or this resource, say about the world?

….

How do you know the meaning of a word? You look at how people use it, you look at the context, you look at who uses it, where they use it, what the environment is in which it has been used, what other words are around it, and if you define meaning in that way, then the meaning of a word can’t be stated as a set of necessary and sufficient conditions. It becomes something very different, something that Wittgenstein called ‘family resemblances’. Now I was looking at the word ‘community’ and looking for definitions of community, one of the posts, or one of the definitions that I read was, “Well, community is like pornography. I don’t know what it is but I recognize it when I see it.” And it’s that sort of sense of meaning inherent in a word, in a post, and indeed, in a person.

Two ways of looking at the world.

Because there are two ways of looking at the world. One way is to look at the world from the point of view of words. And you try to describe things. Another way of looking at the world is to look at the patterns. And try to see what emerges out of them. If you look at the diagram there, that little messy bit of lines and dots is a concept. Could be any concept, could be a blog post, could be the word ‘Paris’, could be your self-identity. Now if you use words, you cut through that cluster like a knife and you get a one-dimensional partial representation, you get an abstraction, but if you look at it from the point of view of patterns, then the meaning of that concept emerges from that cluster of entities and relations.

….

Future learning environments place the individual at the centre – that’s where it says ‘Future VLE’ – and a range of resources that they bring in, or that they aggregate, from a wide variety of different sources. Notice he has 43 Things on there. That actually places that diagram at a precise moment in history. And if you look at community in this picture, then you’re able to draw out a theory of community, where a community is defined by three major components. First, as a means of organizing input and experience. Second, as a means of putting that experience into context. What does it mean to you here now? And then third, and very importantly, as a means of taking what you’ve done, what you’ve remixed, what you’re repurposed, and putting it out there so it can become part of someone else’s meaning. Just imagine how the copyright barons look at this model of organization, right? Community is antithetical to copyright, and conversely.

The idea here is that the community is defined as the relations between the members where the relations have semantical value, where that semantical value is defined by the relations. And I know it sounds like bootstrapping, but we’ve been doing that throughout history. People exist in relations to other people, to things, to resources, even to spaces.

So how do we pull this off? We can’t just blast four million blogs, eight quadrillion blog posts, out there, and hope Technorati will do the job, because Technorati won’t do the job, because Technorati represents the whole four million things and I’m not interested in three million nine hundred and ninety-nine of those. What has to happen is this mass of posts has to self-organize in some way. Which means there has to be a process of filtering. But filtering that is not just random. And filtering that isn’t like spam blocking. Filtering has to be a mechanism of determining what it is we want, because it’s a lot easier to determine what we want than what we don’t want.

My contention is that instead of the spike-based power-law-based Instapundit-based network, that when we get something like the semantic social network, and we will get something like the semantic social network, because it’s very simple to do, patterns of organization will be created. In the field of neural networks and connectionism they tyem ‘clusters’, you get a cluster phenomenon where we’re not creating communities around a specific word, or specific concept, but the community itself emerges as being created by and defined as that particularly dense set of connections.

XRI/XDI opportunity in Higher Education

WOW this is a cool opportunity for the XRI/XDI crowd – along with CivicSpace.

Reported by Abject Learning in May:

What did we propose to do? Nothing less than creating and sharing a framework for social software applications for BC’s higher education institutions. In less grandiose terms, we have proposed to create a set of policy recommendations, tutorials, templates, and multimedia resources that can be reused by a school that wants to support weblogging and wiki use (and possibly other social software tools) for its own community. We also hope to foster a community-centered model for sharing expertise amongst practitioners attempting to develop their own projects.

We intend the project to be platform-agnostic: we will definitely be using Movable Type and Drupal, but do our best to ensure that resources we create are not tied in with any one system. If possible, we might partner with mini-projects using tools such as WordPress, ELGG, or even Blogger.

It seems like it would be a lot easier for students if they could use a single log-in I-name across different institutions and schools.

How simple does it need to be?

FAQ’s about LID from Johannes Ernst’s Blog – I think they apply to the work happening around XRI/XDI and Identity Commons stuff. I am going to do my part by working on doing some essays with lots of simple diagrams to explain the ecology of organizations and roles. Hopefully we can also do a short video about it too.

What’s your measure of how complex a single-sign-on technology can be so it can be adopted broadly?

A weekend of implementation effort, maximum. Here’s why: SSO only makes sense if basically everybody can implement it. That includes a lot of players, from your 401k plan (who could probably afford a lot more than that) down to the message board of the parent-teacher assocation that’s run by Joey’s dad on his home Linux server. Joey’s dad is not going to spend more than a weekend of his time to make it work. He’s also not going to go out and buy expensive software. He might download some Perl, but that’s about it. Ergo: one weekend, no more.

Technorati Tags: ,