Andy Dale lead a great workshop on XDI for implementors yesterday. The newbies there really came away with a good understanding of XRI and XDI – how they work and how they might use them. Phil Windley came out from Utah and blogged the workshop so you can read about it if you like. We did video tape it and will get that out ASAP.
Phil Windley inquired to learn more about the XRI/XDI workshop on December 5th and this is what Andy Dale replied…
It is my intention that the afternoon provide potential implementers or implementation decision makers a very concrete idea of what they can do with i-names (XRI/XDI).
I want to let them know what they can do now and the schedule for the next pieces of the infrastructure being ready. I want them to know what people get ‘free’ with an i-name and what type of functionality they can start to provide people with i-names that no other technology will give them.
I want to paint a picture of the functional revolution that occurs when people aggregate their own data under their own control and how that lets any service provider give better service.
People should leave the workshop with an understanding that they can start to implement “Identity Centric Architecture” today and how that will benefit them and their members/customers.
Marc Canter’s AlwaysOn article finally is out. Breaking the Web Wide Open!
For decades, “walled gardens” of proprietary standards and content have been the strategy of dominant players in mainframe computer software, wireless telecommunications services, and the World Wide Webâ€”it was their successful lock-in strategy of keeping their customers theirs. But like it or not, those walls are tumbling down. Open web standards are being adopted so widely, with such value and impact, that the web giantsâ€”Amazon, AOL, eBay, Google, Microsoft, and Yahooâ€”are facing the difficult decision of opening up to what they don’t control.
Identity is the first topic covered and he does a great job summarizing:
Right now, you don’t really control your own online identity. At the core of just about every online piece of software is a membership system. Some systems allow you to browse a site anonymouslyâ€”but unless you register with the site you can’t do things like search for an article, post a comment, buy something, or review it. The problem is that each and every site has its own membership system. So you constantly have to register with new systems, which cannot share dataâ€”even you’d want them to. By establishing a “single sign-on” standard, disparate sites can allow users to freely move from site to site, and let them control the movement of their personal profile data, as well as any other data they’ve created.
Identity 2.0 is all about users controlling their own profile data and becoming their own agents. This way the users themselves, rather than other intermediaries, will profit from their ID info. Once developers start offering single sign-on to their users, and users have trusted places to store their dataâ€”which respect the limits and provide access controls over that data, users will be able to access personalized services which will understand and use their personal data.
The Initiatives:â€¨Right now, Identity 2.0 is under construction through various efforts from Microsoft (the “InfoCard” component built into the Vista operating system and its “Identity Metasystem”), Sxip Identity, Identity Commons, Liberty Alliance, LID (NetMesh’s Lightweight ID), and SixApart’s OpenID.â€¨â€¨More Movers and Shakers:â€¨Identity Commons and Kaliya Hamlin, Sxip Identity and Dick Hardt, the Identity Gang and Doc Searls, Microsoft’s Kim Cameron, Craig Burton, Phil Windley, and Brad Fitzpatrick, to name a few.
DizzyD presented on Passel and The Identity Gang is in the HOUSE! Johanes, Doc, Phil, Mary and Mary – wow three identity women.
He also didn’t really approach it right he didn’t get all the different systems and how they worked and we were all in the audience correcting him. It really highlighted the need for the workshop we are hosting in October.
Here is the summary:
How do I as user my identity on the web?
The ‘story that started it all’
Wife’s machine got Trojan. I had to change all passwords everywhere.
What is Identity?!
Identity is just another class of information we manage.
It’s a second-order problem. When I get on the net I get on it to do Identity Management other tasks.
What is Identity [Italicized] ?
Depends on the setting
Bottom line two fundamental types
third party vouch for and self asserted
His summary of the other stuff..
What are the options:
All others are not inherently evil.
everyone is throwing protocols against the wall and seeing which ones stick.
who do you trust to host you identity?
trust relatinoship between two entities on your behalf
“asserting” used a lot in this world….and I will use it a lot
Standards are well documented and widely deployed. Lots of infrastructure required for trust relationships. Conditionals and trust relationships not viable from an open source stand point. Took a lot of time for a second order problem.
Identity is locked into who the identity provider. You can change home sites. not locked in. Run on own machine. Powerful for users with centralized for user to move.
Send information back and forth and urls based.
No dynamic scripting needed. You have your identity URL tell via meta tag where identity server is. enter URL – blog URL. LiveJournal do you allow it to authenticate?
Can’t i-names do this?
He asserted wrongly that there was not reputation (global services launch will embed reputation in the messaging/contact system.
For Internet-scale Identity needs
- Aggregate IDentity
- Decentralized and open
- Divers programming Language/environments
- Interoperable implementations
- Bootstrap off existing trust models
Gives you more control over data
Aggregates your identity via user-centric three-piece architechure
implemntations already started Perl, PHP, Java and C#
Pluggable trust models.
Generalized model for proving any DNS-based identifier
- how you prove the signer
- person x
- Moving identity information proving that a
- protocol how move around
- plug in how you trust information
Agent (principle’s computer)
- aggregates into portfolio
- public private key and fingerprint
- natively if not
- Zip file on key – use on different locations
Signer (site that makes assertions)
- signer issues token with for example 4 hour life span
- agent must retrieve new token from dizzyd.com
Target (relying party)
- how does the
- retrieval of public key.
Phil Windley has some great posts covering the Identity Gang meeting on Tuesday afternoon.