I am here this week at Burton Group Catalyst. The conference kicked off with a what was by all accounts good talk from John Seely Brown talking about “the New Normal”.
NishantK: John Seely Brown: many of the things that made us successful in the 20th century will make us unsuccessful in the 21st century
jmatthewg1234: John Seely Brown – Thriving in a world of constant flux
bobblakley: John Seely Brown explains the shift from stores of info to flows of info at http://yfrog.com/5u8r3oj
bobblakley: “The cloud is much more disruptive than any of us have ever thought.” John Seely Brown
bobblakley: “SalesForce disrupted Siebel; now being disrupted itself by SmallBusinessWeb. Things are moving that fast.” John Seely Brown
NishantK: John Seely Brown: Good network is loosely coupled, trusted, not captive & filled w highly specialized nodes < basis of #cloud promise
bobblakley: “Moving to cloud requires factoring policy out of apps & making it a 1st class object.” John Seely Brown
bobblakley “Policies must have version numbers.” JohnSeely Brown
bobblakley: “Control-oriented flows won’t work in federated clouds.” John Seely Brown
jonathansander: Outside-in architectures start with the notion of an ecosystem. John Seely Brown
NishantK: John Seely Brown: Need to move from Inside-out to Outside-in architectures – less control, more trust, less predictable, more agile
bobblakley: Schemas are a hindrance in a world of unpredictability – John Seely Brown
bobblakley: “Data has tremendous inertia; don’t bring data to the computer – bring the computer to the data!” JohnSeely Brown
bobblakley: “Web 3.0 will use social media for context sensitive exception handling.” John Seely Brown
jonathansander: Policies are 1st class objects in enterprise 3.0, but so are exceptions. John Seely Brown
bobblakley: “Two things you don’t want to lose control of are policy and data” John Seely Brown
bobblakley: “The edge pulls the core to it by exploiting cloud services and social media.” John Seely Brown
drummondreed: John Seely Brown at Catalyst: the biggest innovation of the past 100 yrs is not the microprocessor but the Limited Liability Corp
This morning the conference kicked off for real with 5 tracks of amazing content. Those of you who know me, know I really am not a big fan of “regular talking heads conferences.” I often tell folks this is the only talking heads conference I recommend attending. The quality of content and thought put into the analyst presentations and the industry people on stage is of a very quality.
Bob Blakley
While I was out: 2 new blogs… Y!-Flkr eruptions
A day after my computer died, Bob Blakley e-mailed me to let me know he had started blogging (and that it was in part my doing) for blogging his talk at Catalyst.
Here is his first post – Identity is a Story.
my comment: Indeed it is. I wrote a great resume story when I applied to work as a blogger at SpikeSource (I knew they never would hire me if I didn’t tell the story of why they should based on my past experience). Needless to say they hired me and then didn’t let me blog so that gig was over fairly fast.
He is very articulate about the range of issues that aries around identity:
I think identity behaves in consistent and predictable ways in the real world, BUT most contemporary discussions of identity are completely out of touch with what identity really is and how it really works. To understand how identity behaves, it’s necessary to distinguish the different uses people make of identity, and consider each of those uses individually.
I think a set of axioms of identity can be defined which describe what identity can and cannot do, and what it will and will not do in particular circumstances. We can enumerate these axioms by looking at centuries of thought about identity and examining that thought in the light of situations which occur in the real world today.
I think that systems designed with the axioms of identity in mind will be more effective than systems designed without regard for the axioms.
I think that the axioms define how identity and privacy are related, and can help illuminate when we can determine identity, when we can protect privacy, when we must choose, and when we are out of luck on both counts.
He recommends a book that goes in the philosophical direction The Identities of Persons. Just for fun on Amazon I surfed around this book through the “people who bought this book also bought this and similar items. Just two steps away in the Amazon Cloud of related books are Modern Cosmology and Philosphy, Methods of Ethics, Metaphors We Live By. This highlights how closely Identity and its meaning are tied.
This transitions me over to another subject of the week Y!-Flkr eruptions. There was quite a fuss over the Yahoo! ID – Flickr ID linking (or optional linking). Mary Hodder did a great job of articulating the very real human issues of identity surrounding this storm. Truly every time we login with an handle of any kind – that is an identity of ours. It is not just an entry in a database not just bits or just identifiers. These are identifiers of people. Why does this matter? Cause people are not just web resources.
One of the people who works for me showed me a database on Monday, while we were discussing the Flickhoo flap, that she’s been maintaining for the past 10 years of all of her logins all over the internet. She has 249 different logins at that many sites. Solving this problem, so that she could just use one or two or three logins everywhere, makes a lot of sense.
Mary did a great job of articulating a cool way out of the dilemma – give them all i-names and let Yahoo! become an I-broker! Let Flickr give all their folks i-names and let them manage their own Identity and choose if they want to host to i-names together in one broker or keep them separate. [she gets the syntax a bit wrong Yahoo could change them easily into @yahoo*username accounts]
And Yahoo could really take the lead on Identity Management by adopting a system that would create simplicity for users, and simplicity for themselves. And turn down the public relations flap a notch when they acquire companies and have to integrate users and ID’s into the company.
Ryan King (currently of Technorati) made a comment that seemed to come from the very technical utilitarian perspective:
The Yahoo/Flickr changes have nothing to do with identity- its only the login procedure, which is now done with an email address.
Even “if” all it means that you now login to Flickr using a YahooID, then those two identities are linked. Yahoo can go in and look at your flickr picks and the tags and aggregate more information about you in its digital dossier. Yahoo uses the information about you that it observes while you move about it to send you ads you will like and other stuff (I don’t really use Yahoo! day-to-day [I do have a really really old login that is my messenger identity and one e-mail account for emergencies], so I am not up on the full user experience there. But they are becoming a cooler company so maybe I will join in but not likely until they are a member of Identity Commons and Attention Trust so I can better trust their use of my identity and information associated with it). This is what helps them make money off you – selling annoying adds around the real information you want to see.
What if they went to a permission marketing model with i-names as is suggested near the end of Dear Marketers, An Open Letter from your Customers in July 2005 and these use cases articulated by Fen two years ago? Fen also wrote about a service he envisioned and tried to build News Peek that is currently a lot like what the blogosphere offers. I think we are on the cusp of ‘getting identity’ there enough folks involved like Bob, Doc, Drummond, Kim, Paul, Jamie, John, and Owen who are wise enough to understand and lead the industry wrestling with the human social issues that arise.
OK and now for blog number two. It is another gentleman that I encouraged to start blogging in the field – Eric Hall of EDS. His blog WhyID (wide-eyed) has been going along since just after Catalyst when we met. His perspective leading teams of 100’s working on large scale enterprise integration is valuable to consider when we are talking about provisioning the millions of people on the web with identity. I hope you all get a chance to look over his last two months of writing, and add the RSS to your stack of feeds.
Catalyst Round UP
First of all thanks to Cordance, Opinity and ooTao who supported me in representing them and the whole ecology of folks around Identity Commons. It was a great week with lots of fruitful networking.
Jamie you are the calmest conference organizer I have ever met. Your staff was together and very helpful. Thanks!
Here are the roundup highlights:
Identity Management Market Trends – guitar introduction by Mike Neuenschwander.
Every move of your mouse you make
You’ll get a browser cookie for pete’s sake
Every username you fake, every federated claim you stake
They’ll be watching you
Every night and day
Every online game you play
Everything you say in IM, e-mail, VoIp or some other way
They’ll be watching you
Jamie Lewis kicked of the final afternoon with a keynote on user-centric Identity summed up by Dave Kearns with these talking points
*Heady mix of optimists, pessimists, idealists, cynics
*Agendas, governments, commercial interests could subvert the process
*Indicators of the constant tensions virtualization, digital ID create
*The tug of war will continue, and we all have a stake in the outcome
*Demonstrates the relativistic nature of identity, need for
polycentrism
Bob Blakley talked about his Axiom’s of Identity – they were quite though provoking and a great addition to the Identity Gang/Workshop conversation.
Dick gave a new and improved lessig style presentation on Identity 2.0 / User Centric Identity.
These two both belong to the “mac” community and gave their presentation on them. I got a lot of comments about my decorated Mac. It is nothing compared to Mary’s though.
Identity Workshop on stage. It was great to get a name and face for more of the Identity folks this included Stefan Brands of ID Corner and Scott Blackmer. Who I know was there but didn’t meet was David Kerns.
Strangest Job title: Ryan from Sxip – Sales Engineer (huh?)
Best Hospitality Suite themes matching the company:
- Elementalwith their Ice Carved Bar and Earth and Fire graphics on the wall.
- BridgeStream does role based enterprise Identity Management. So they had had Impro Theater (IT) Shakespeare provided by Theater Sports LA (Michelle, Brianand Floyd) where they each played improvised “roles.” They were kind enough to do an improvised sonnet about Identity Woman (I was really sad I didn’t have a tape recorder :() They also handed out world beach balls for the ‘globe theater.’
Talked to Scott Mace a bit on the first hospitality suite evening about podcasting. It is something Identity Woman might start doing.
Phil Windley, Doc Searls and myself worked out more details regarding the Independent Identity Workshop we are pulling together for the fall.
The Spiritual element of what identity is – the unnameable quality was honored with two different Lau Tzu quotes.
Sailing San Diego Bay with Mary Rundle was the closing highlight.
Thanks to all for a great conference! I am looking forward to coming back next year.
Catalyst: Logic of Identity – Bob Blakley Chief Scientist IBM
This is a summary of Bob Blakley’s talk at Burton Catalyst:
Opening – Sermon on Laws
Laws of Planetary Motion
Kim’s Laws what happens to Identity if you make stupid or subtle mistakes
Newtons Law – gravity
Why things happen
Introduction – Looking Back Digital Signatures
A while back we decided we needed non-repudiation and did digital signatures by issuing certificates.
We forgot to figure out why do signatures work in the real world.
So, we got how they worked wrong in the technical world.
Having signatures not work is bad looking forward having privacy not work is bad.
Body of Talk
Definition:
Identity is a collection of attributes by which a person or thing is generally recognized or known
Identity Relativity
The Identity of X according to Y: The set of attributes believed by Y to be true of X.
Axiom: Utility
An identity attribute has value if and only if knowing that attribute reduces risk for some party
Reducing one party’s risk often creates risks for other parties.
Consequence: Identification is Power
Identity allocates risk.The ability to create or eliminate a risk for another confers power over the other.
Axiom: Contention
Because identity claims allocate risks, they will be disputed.
Identity Attributes
- Commercial Interest – Convenience
- Government Interest – Security
- Individual interest – Privacy
Definition
Privacy: is the ability to lie about yourself and get away with it.
Axiom: Subjectivity
People disagree about one anothers identity attributes
In general, there’s now easy way to tell who’s right and who’s wrong
Axiom: Temporality
The name that can be named is not enduring and unchanging name. All identity attributes change over time.
- Prince -> symbol
- Michael Jackson Black -> Plastified
Axiom: Obscurity
Identity attributes can be
- what you know – you can lie
- what you have – loose / leave
- what you are – alter disguise
Axiom: Publicity
Identity attributes cannot be secret
By definition attributes aren’t observable can’t be used to use attributes
Axiom: Contextually
Identity is inherently subject to effect of scale.
Brandon Mayfield – guy who did not blow up trains
His finger print matched one at Madrid Bombing (it was not an accurate assertion)
Large databases -> not completely reliable
To scale identity information one needs to collect — more information
Consequence: Powerlessness
Identity is in they eye of the beholder – subjectivity.
- You can’t control what other people think or say about you.
- You can’t even know who knows what about you.
- Can control what you tell people but not what people find out
Consequence: Privacy Erosion
Scale requires distinguishing between lots of individuals which requires lots of information.
In a sufficiently large population the commonly agreed to be public attributes will not distinguishing individuals well enough.
So information about sensitive attributes will be collected.
In the UK they are look at putting in scanners (QinetiQ) while entering the subway to detect knives but what about creep in the use of other things identifying tatoos?
People push back against government identification.
Consequence: Due Process
Because identity is subjective, contextually, contention and obscurity and temporality.
IDENTIFICATION REQUIRES DUE PROCESS
But due process undermines the business case for identity. Due process requires transparency. Transparency reveals how identity attributes are collected and synthesized to make judgment. Collection and Synthesis are the only sources of completive value.
They do it because they like costumer intimacy.
Supply and Demand mismatch between favorable and unfavorable information.
Favorable information is easy to get.
The subject is happy to give it to you and the subject is happy to help you authenticate it. Therefore the supply is large and the value is low. But it’s worse: Demand is also low! Because favorable information is less likely to reduce another party’s risk. Especially the case when the other party has lots of potential customers.
The business case fore identity service provider infringes privacy.
The business of identity service providers is risk reduction withholding adverse information decrease the value of business.
Collecting more adverse information makes more.
Identity and Privacy are Incompatible.
Adverse information has positive identity value but negative privacy value.
Favorable information has zero identity value and zero privacy value.
Fable about MARIA
Recent guatemalan immigration
she has AIDS and she doesn’t want anyone to know. The health insurance company wants to know this information because it is a $180,000 not to know this.