Last year around this time it became clear that a guide to understand the Decentralized Identity OR Self-Sovereign Identity Technologies was needed.
Last Summer I partnered with Heather Vescent to write the guide designed for C-Level Executives.
You can buy it here on Amazon.
It has three big parts:
Part 1 explains the context of where the technology came from. It is rooted 15 years of work by the user-centric identity community that has gathered at IIW. It articulates the core technology that came together to make it possible. None of it totally new, PKI is 25 years old mobile phones 10, blockchains 9 -> but pulled together for the first time in a way that made sense.
Part 2 explains in more detail the core building blocks that make it work.
1) the Wallets/Hubs/Agents that people have to manage their identifiers and verifiable credentials.
2) The Issuer Code & Verifier Code. So to be issued verifiable credentials they have to be issued by a institution or enterprise (ok people can issue other people them but…). Verifier code is used by the institutions individuals share their credentials with.
3) The Distributed Ledgers or Blockchains – these are actually kinda optional. They are handy to get all this to work but not essential. They provide a place for decentralized identifiers to be place so the the keys associated with them can be found (via resolution).
Along with the explanation of the technology we also go through companies building each of these. So it is like an analyst report.
Part 3 cover the Open STANDARDS. These are the core of how we create a new layer of the internet…for identity…using open standards. So this goes into detail explaining at a high level what they are and how they work and provides links down into the specifications and locations of where to participate in the work.
The ending of the report covers the events where work is ongoing along with organizations.
You can Buy it Here on Amazon.
Future
Speaking at Blockchain Summit India
I am in India as a New America India-US Public Interest Technology Fellow. My topic of study is Aadhaar the country’s national digital Identity system.
This Friday I am speaking at the Blockchain India Summit on a panel:
Aadhaar on Blockchain, a potential solution for continued innovation
The rapid march of Aadhaar came to a sudden halt with its declaration on acting unconstitutionally and violating fundamental Indian rights! This also halted new ways of innovation happening in FinTech. Is it time to redesign Aadhaar while ensuring the data ownership resides with the citizen and yet safe, secure and effective.
- Vishal Gupta CEO, Diro
- Sarang Bhoyar, Blockchain Program Manager, Infosys
- Kaliya Young, New America India-U.S. Public Interest Technology Fellow
- Dinesh Prasad, Asia Head, Ex- Qualcomm
- Saurabh Katiyar, Program Head, NIIT
- Moderator: Vaibhav Vardhan, Founder and CEO, Inc42 Media
It will be a bit of a challenge to explain/get across the new decentralized Identity and Self-Sovereign Identity tech without any slides and what will likely be one question. For those coming to find this site after hearing me talk here are some good resources.
Internet Identity Workshop – please join us to dive into the deep end of the pool with the community building the goals.
The W3C group on Decentralized Identifiers is in the Credentials Community Group
The specification for Verifiable Credentials.
There is also this Comprehensive Guide to Self Sovereign Identity. If you are interested in it but can’t afford it just fill out this form.
Here is some more about the conference from their web site:
The Summit is targeted towards enabling Indian government and ministries to speed up the process of developing a flourished Blockchain and Cryptocurrency ecosystem. Global Blockchain brands and government bodies are joining to make India, a Blockchain capital.
Vision Blockchain 2030!
Started with a vision to bring full transparency in Governance and a flourished economy for India in coming 10 years.
Blockchain Summit India 2019 is first edition in series of Vision Blockchain 2030. Indian Government, various ministries, country’s premium academic institutes and country’s most influential people are participating to support the initiative.
https://blockchain2030.co.in/agenda.html
The Identity Film from IIW
This film is getting released at IIW. When it is up it will be posted below.
Digital Death a Matrix of Questions

I was invited to give a talk at Privacy Identity and Innovation about the Digital Death and the conference that has happened a few times Digital Death Day.
I chose to lay out a matrix of questions that have arisen from the work. Enjoy the talk.
Digital Death a Matrix of Questions and Considerations from Privacy Identity Innovation on Vimeo.
Talk at TEDx Brussels
I was invited to give a talk at TEDx Brussels.
I explain Identity in the context of the Future. Enjoy!
Rethinking Personal Data: 3 WEF reports
I met Marc Davis at SXSW in 2010, we instantly clicked and began working together. He was on contract to develop pre-reading material for a WEF meeting in the fall about Personal Data. I contributed significantly to the document which became the basis of the first Rethinking Personal Data project Report, Personal Data the Emergence of a New Asset Class. [click on the image to download the report].
I remained actively engaged in the project and two of the Appendixes in the 2nd report were authored by me. The MindMap of Personal Data Types and the Value Network Analysis of the Exploitive Personal Data Ecosystem (Both of these are in the My Data, My Value, 6 Sense Making Diagrams) [Click on the image to download the report PDF]
Diagrams that appeared in the third report I helped sketch out with Bill Hoffman. Here is the Third WEF report PDF [click on the document image].
WEF Report #3 write up on my Blog.
My Data, My Value: 6 Sense Making Diagrams
I was invited to present in the Personal Data Track at the Cloud Identity Summit, 2016 in New Orleans.
This is the talk I gave. It also came with a two sided 11×17 sheet with all 6 diagrams (just below).
Meta-Governance
This spring I attended the Executive Education program Leadership and Public Policy in the 21st century at the Harvard Kennedy school of government with fellow Young Global Leaders (part of the World Economic Forum). A line of future inquiry that came to me by the end of that two weeks –
How do we design, create, get functioning and evolve governance systems?
The governance of governance systems = Meta-Goverancne.
At the Kennedy program all they could talk about was “individual leadership” (with good advice from good teams of course) at the top of Organizations. They all waved their hands and said “Good luck young leaders, We know its more complicated now…and the problems are bigger then just organizational size but we don’t really know how what to tell you about how to interorgainzational collaborative problem solving and innovations…so “good luck”.
It was surreal because this inter-organizational, complex space is where I spend my work life helping design and facilitate unconferneces – it is in that complex inter organizational place.
I have this clear vision about how to bring my two main career bodies of knowledge together (digital identity + digital systems & design and facilitation of unconferneces using a range of participatory methods) along with a range of other fields/disciplines that I have tracked in the last 10 years.
Is Google+ is being lynched by out-spoken users upset by real names policy?
Following my post yesterday Google+ says your name is “Toby” not “Kunta Kinte”, I chronicled tweets from this morning’s back and forth with Tim O’Reilly and Kevin Marks, Nishant Kaushik, Phil Hunt, Steve Bogart and Suw Charman-Anderson.
I wrote the original post after watching the Bradley Horwitz (@elatable) – Tim O’Reilly (@timoreilly) interview re: Google+. I found Tim’s choice of words about the tone (strident) and judgement (self-righteous) towards those standing up for their freedom to choose their own names on the new social network being rolled out by Google internet’s predominant search engine disappointing. His response to my post was to call me self-righteous and reiterate that this was just a market issue.
I myself have been the victim of a Google+ suspension since July 31st and yesterday I applied for a mononym profile (which is what it was before they insisted I fill out my last name which I chose to do so with my online handle and real life identity “Identity Woman”)
In the thread this morning Tim said that the kind of pressure being aimed at Google is way worse then anything they are doing and that in fact Google was the subject of a “lynch mob” by these same people. Sigh, I guess Tim hasn’t read much history but I have included some quotes form and links to wikipedia for additional historial context.
Update: inspired in part by this post an amazing post “about tone” as a silencing/ignoring tactics when difficult, uncomfortable challenges are raised in situations of privilege was written by Shiela Marie.
I think there is a need for greater understanding all around and that perhaps blogging and tweeting isn’t really the best way to address it. I know that in the identity community when we first formed once we started meeting one another in person and really having deep dialogues in analogue form that deeper understanding emerged. IIW the place we have been gathering for 6 years and talking about the identity issues of the internet and other digital systems is coming up in mid-October and all are welcome. The agenda is created live the day of the event and all topics are welcome.
Here’s the thread… (oldest tweets first)
Note all the images of tweets in this thread are linked to the actual tweet (unless they erased the tweet). [Read more…] about Is Google+ is being lynched by out-spoken users upset by real names policy?
Google+ says your name is "Toby" NOT "Kunta Kinte"
This post is about what is going on at a deeper level when Google+ says your name is “Toby” NOT “Kunta Kinte”. The punchline video is at the bottom feel free to scroll there and watch if you don’t want to read to much.
This whole line of thought to explain to those who don’t get what is going on with Google+ names policy arose yesterday after I watched the Bradley Horwitz – Tim O’Reilly interview (they start talking about the real names issue at about minute 24).
[Read more…] about Google+ says your name is "Toby" NOT "Kunta Kinte"
The Trouble with Trust, & the case for Accountability Frameworks for NSTIC
There are many definitions of trust, and all people have their own internal perspective on what THEY trust.
As I outline in this next section, there is a lot of meaning packed into the word “trust” and it varies on context and scale. Given that the word trust is found 97 times in the NSTIC document and that the NSTIC governing body is going to be in charge of administering “trust marks” to “trust frameworks” it is important to review its meaning.
I can get behind this statement: There is an emergent property called trust, and if NSTIC is successful, trust on the web would go up, worldwide.
However, the way the word “trust” is used within the NSTIC document, it often includes far to broad a swath of meaning.
When spoken of in every day conversation trust is most often social trust.
[Read more…] about The Trouble with Trust, & the case for Accountability Frameworks for NSTIC
Ecosystem as the frame for NSTIC
What is an Ecosystem?
The National Strategy for Trusted Identities in Cyberspace paints a broad vision for an Identity Ecosystem. The strategy author’s choice to name the big picture vision an “ecosystem” is an opportunity not to be lost. An Identity Ecosystem construct will inform the choice of processes and structures appropriate to govern it.
An ecosystem is a biological environment consisting of all the organisms living in a particular area, as well as all the nonliving, physical components of the environment with which the organisms interact, such as air, soil, water and sunlight.
This definition reminds us that the context of an Identity Ecosystem is broad and goes beyond just the identities of people and devices but extends to the contexts in which they operate and interact, the network and indeed the wider world. When we discuss a person’s digital identity it should not be forgotten that we are each fundamentally biological beings living in complex social systems composed of groups, organizations and businesses, all socially constructed and embedded in a larger context, the biosphere surrounding the planet earth.
An overall Identity Ecosystem is needed because small islands of identity management online are working, but they have not been successfully woven together in a system that manages the tensions inherent in doing so to ensure long term thrivability of the overall system. [Read more…] about Ecosystem as the frame for NSTIC
We are not at War
I was the first person Van asked to speak at the Community Leadership Summit West Ignite talks. I was the last person to submit my slides. I have a lot to say about community but I had a hard time figuring out exactly what to say. I knew I wanted to talk about the identity community and our success in working together. Robert Scoble’s quote really got me going and I decided to use the talk to respond to the comment that was catalyzed by his facebook post/tweet “Who is going to win the Identity War of 2010”
This is completely the wrong frame to foster community collaboration.
Navigating the New Normal: John Seely Brown at Catalyst
I am here this week at Burton Group Catalyst. The conference kicked off with a what was by all accounts good talk from John Seely Brown talking about “the New Normal”.
NishantK: John Seely Brown: many of the things that made us successful in the 20th century will make us unsuccessful in the 21st century
jmatthewg1234: John Seely Brown – Thriving in a world of constant flux
bobblakley: John Seely Brown explains the shift from stores of info to flows of info at http://yfrog.com/5u8r3oj
bobblakley: “The cloud is much more disruptive than any of us have ever thought.” John Seely Brown
bobblakley: “SalesForce disrupted Siebel; now being disrupted itself by SmallBusinessWeb. Things are moving that fast.” John Seely Brown
NishantK: John Seely Brown: Good network is loosely coupled, trusted, not captive & filled w highly specialized nodes < basis of #cloud promise
bobblakley: “Moving to cloud requires factoring policy out of apps & making it a 1st class object.” John Seely Brown
bobblakley “Policies must have version numbers.” JohnSeely Brown
bobblakley: “Control-oriented flows won’t work in federated clouds.” John Seely Brown
jonathansander: Outside-in architectures start with the notion of an ecosystem. John Seely Brown
NishantK: John Seely Brown: Need to move from Inside-out to Outside-in architectures – less control, more trust, less predictable, more agile
bobblakley: Schemas are a hindrance in a world of unpredictability – John Seely Brown
bobblakley: “Data has tremendous inertia; don’t bring data to the computer – bring the computer to the data!” JohnSeely Brown
bobblakley: “Web 3.0 will use social media for context sensitive exception handling.” John Seely Brown
jonathansander: Policies are 1st class objects in enterprise 3.0, but so are exceptions. John Seely Brown
bobblakley: “Two things you don’t want to lose control of are policy and data” John Seely Brown
bobblakley: “The edge pulls the core to it by exploiting cloud services and social media.” John Seely Brown
drummondreed: John Seely Brown at Catalyst: the biggest innovation of the past 100 yrs is not the microprocessor but the Limited Liability Corp
This morning the conference kicked off for real with 5 tracks of amazing content. Those of you who know me, know I really am not a big fan of “regular talking heads conferences.” I often tell folks this is the only talking heads conference I recommend attending. The quality of content and thought put into the analyst presentations and the industry people on stage is of a very quality.
Thoughts on the National Strategy for Trusted Identities in Cyberspace
Update: This blog post was written while reading the first draft released in the Summer of 2010. A lot changed from then to the publishing of the document in April 2011.
Here is my answer to the NSTIC Governence Notice of Inquiry.
And an article I wrote on Fast Company: National! Identity! Cyberspace! Why you shouldn’t freak out about NSTIC.
Interestingly in paragraph two on the White House blog it says that NSTIC stands for “National Strategy for Trusted Initiatives in Cyberspace” rather than “National Strategy for Trusted Identities in Cyberspace”.
This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.
[Read more…] about Thoughts on the National Strategy for Trusted Identities in Cyberspace
Missing: Privileged Account Management for the Social Web.
This year at SXSW I moderated a panel about OpenID, OAuth and data portability in the Enterprise. We had a community lunch after the panel, and walking back to the convention center, I had an insight about a key missing piece of software – Privileged Account Management (PAM) for the Social Web – how are companies managing multiple employees logging in to their official Twitter, Facebook and YouTube accounts?
I thought I should also explain some key things to help understand conventional PAM then get to social web PAM in this post covering:
- regular identity management in the enterprise,
- regular Privileged Account Management in the enterprise
- Privileged Account Management for the Social Web.
1) IdM (Identity Management) in the Enterprise
There are two words you need to know to get IdM and the enterprise: “provisioning” and “termination“.
a) An employee is hired by a company. In order to login to the company’s computer systems to do their work (assuming they are a knowledge worker), they need to be provisioned with an “identity” that they can use to log in to the company systems.
b) When an employee leaves (retires, quits, laid off, fired), the company must terminate this identity in the computer systems so that the employee no longer has access to these systems.
The next thing to understand is logs.
So, an employee uses the company identity to do their work and the company keeps logs of what they do on company systems. This kind of logging is particularly important for things like accounting systems – it is used to audit and check that things are being accurately recorded, and who did what in these systems is monitored, thus addressing fraud with strong accountability.
I will write more about other key words to understand about IdM in the enterprise (authentication, authorization, roles, directories) but I will save these for another post.
2) Ok, so what is Privileged Account Management in the Enterprise?
A privileged account is an “über”-account that has special privileges. It is the root account on a UNIX system, a Windows Administrator account, the owner of a database or router access. These kinds of accounts are required for the systems to function, are used for day-to-day maintenance of systems and can be vital in emergency access scenarios.
They are not “owned” by one person, but are instead co-managed by several administrators. Failure to control access to privileged accounts, knowing who is using the account and when, has led to some of the massive frauds that have occurred in financial systems. Because of this, the auditing of logs of these accounts are now part of compliance mandates in
- Sarbanes-Oxley
- the Payment Card Industry Data Security Standard (PCI DSS),
- the Federal Energy Regulatory Commission (FERC),
- HIPAA.
Privileged Account Management (PAM) tools help enterprises keep track of who is logged into a privileged account at any given time and produce access logs. One way this software works is: an administrator logs in to the PAM software, and it then logs in to the privileged account they want access to. The privileged account management product grants privileged user access to privileged accounts [1].
Links to articles on PAM, [1] Burton Group Identity and Privacy Blog, KuppingerCole, Information Security Magazine.
3) Privileged Account Management on the Social Web.
Increasingly companies have privileged accounts on the social web. Dell computers has several for different purposes. Virgin America, (they link to the account from their website – thus “validating” that this is their real account), JetBlue, Southwest Airlines, Zappos CEO, (employees who twitter), Comcast Cares (Frank Eliason) (interestingly comcast on twitter is blank).
Twitter is just the tip of the iceberg – there are also “fan pages” on Facebook for brands. Coca-Cola, Zappos, NYTimes, Redbull, Southwest, YouTube Channels, Dunkin’ Donuts, etc, etc. on thousands of other platforms and yet-to-be-invented services.
These are very powerful accounts – they are managed and maintained by many employees around the clock and are the public voices of companies.
I have yet to see or hear of any software tools to enable enterprises to manage Social Web privileged accounts. How are companies managing access by multiple employees to these accounts?
Is there software that does this yet?
Is anyone working on these kinds of tools?
Leave your comments here or tweet with me @identitywoman
SSN's can be guessed
“The nation’s Social Security numbering scheme has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth. The researchers used the information they gleaned to predict, in one try, the first five digits of a person’s Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003.
This is from the Wired coverage:
By analyzing a public data set called the “Death Master File,” which contains SSNs and birth information for people who have died, computer scientists from Carnegie Mellon University discovered distinct patterns in how the numbers are assigned. In many cases, knowing the date and state of an individual’s birth was enough to predict a person’s SSN.
“We didn’t break any secret code or hack into an undisclosed data set,” said privacy expert Alessandro Acquisti, co-author of the study published Monday in the journal Proceedings of the National Academy of Sciences. “We used only publicly available information, and that’s why our result is of value. It shows that you can take personal information that’s not sensitive, like birth date, and combine it with other publicly available data to come up with something very sensitive and confidential.”
Basically it means we shouldn’t be honest about our date of birth and home town on Facebook (or any other social network) or we are making ourselves vulnerable to discernment of our SSN’s. I wonder if they can figure out mine? I received my as an adult when I was attending college in California.
I decided to poke around and see what Facebook had up about Identity Theft. I did find a link to this study that created a profile by “Freddi Stauer,” an anagram for “ID Fraudster,”.
Out of the 200 friend requests, Sophos received 82 responses, with 72 percent of those respondents divulging one or more e-mail address; 84 percent listing their full date of birth; 87 percent providing details about education or work; 78 percent listing their current address or location; 23 percent giving their phone number; and 26 percent providing their instant messaging screen name.
Sophos says in most cases, Freddi also got access to respondents’ photos of friends and family, plus a lot of information about personal likes and dislikes, and even details about employers.
Facebook users were all too willing to disclose the names of spouses and partners, with some even sending complete resumes. One facebook user divulging his mother’s maiden name—the old standard used by many financial and other Web sites to get access to account information.
Most people wouldn’t give this kind of information out to people on the street but their guard sometimes seems to drop in the context of a friend request on the Facebook site, O’Brien says.
According to Sophos, the results of what it calls its Facebook ID Probe has significance for the workplace as well as personal life because businesses need to be aware that this type of social-networking site may pose a threat to corporate security.
I have tried to search the Facebook blog to see what they have to say about identity theft and apparently they haven’t mentioned it.
Evolution of the open web – big step today.
Today is a big day for the web. The Open Web Foundation was announced at OSCON (by David Recordon). A small dedicated group of developers, web innovators and community leaders have come together to create this place were spec’s can be incubated in an open process and have IPR dealt with upfront rather then an afterthought (clearing IPR has been a long and delaying process for OpenID). The model they like for cross-company collaboration on these things is like Apache Software Foundation does for open source projects.
This effort to normalize the community process (multi company) around truly open “standards” for the social web is an important step. It is completely aligned with the vision that inspired me to evangelize the ideas for an open Identity/social/relationship layer of the web after participating in the Planetwork community and reading the Augmented Social Network: Building Identity and Trust into the Next Generation Internet in 2003.
The big issue that I see arising and that I hope can be addressed is how the range of human experience and conditions can be well reflected in the outputs of the foundation. If the development process is driven largely by 20 something web guys in San Francisco then the applicability of the outputs will be limited.
I see continuing my role evangelizing these efforts to a diverse range of potential adopters and potential participants in the the processes that go into them.
Convening space for conversations from which good things arise is something I have already contributed and plan to continue.
- The community that formed OpenIDv2 came together at the first Internet Identity Workshop in October 2005 that I co-produced and facilitated. It has been fun to participate in helping that effort grow and develop.
- The “contacts in a standard format” (not sure what its official name is) that is one of the first three projects that are part of this Open Web Foundation got its start at the Data Sharing Workshop that I convened with Laurie Rae. I learned about the adhoc spec’s progression at SuperNova last month.
I wish I was at OSCON for this announcement having attended the previous 4. I am not there for a good reason today is the start of the World Open Space on Open Space in San Francisco and if OSCON is for coders the WOSonOS is for facilitators. For me it is a great opportunity to learn more about the arts of convening and helping communities collaborating together thrive.
I got little tingles on the drive from the East Bay to the Precido this morning thinking about how far things have come – reflecting back to when I first began in 2004 – I was SOOO… green and young and full of evangelistic energy for the work that Owen and Drummond and Victor and Fen were doing working on the i-name registry (at the time the only user-centric identity technology that the folks founding Identity Commons knew about). but that was a LONG time ago about 12 “web years”.
Today feels like a great evolutionary step for the whole web and the initiatives that I have been participating in for years. GO OPEN WEB!
Zitrain's book: The Future of the Net (and how to stop it)
I saw Zitrain give a piece of this talk in SF before Christmas. It was quite good. This post has a great summary of a talk about it. I highly recommend it (the post and the book).
What the Heck is Identity Commons?
The purpose of Identity Commons is:
The purpose of Identity Commons is to support, facilitate, and promote the creation of an open identity layer for the Internet — one that maximizes control, convenience, and privacy for the individual while encouraging the development of healthy, interoperable communities.
This one sentence jams a lot into it – we tried to do that so the purpose didn’t go on and on – but was clear, broad and inclusive of the range of issues that need to be addressed and balanced. Jamming so much into that one sentence also creates a challenge – it has to be ‘parsed’ quite a bit to get what it all means. I worked with Chris Allen recently to separate out the values within the purpose and our community. This is our initial draft that is still evolving (wordsimthing suggestions are welcome).
We believe in the dignity of human individual in the context of the digital world.
In order to make this true we strive for a balance of factors and valuesas digital systems and tools evolve:
- Individual control, convenience & privacy
- Sharing of information when participating in community
- Support for commercial and non-commercial exchange
- Interoperability and openness between systems
We work to bring these values into practice by fostering a collaborative a community of individuals, organizations and companies share these values and are working together towards practical technical implementations.
We share a pragmatic idealism.
We work to practice what we preach and have openness and transparency in what we do.
We do know there are a lot of technical social and legal issues that arise and Identity Commons is a space that make it possible to in a non-directive non-hierachical way address them in a collaborative way.
We also have some shared principles mostly concerning how we organize ourselves and work together. Each has a sentence to articulate it further.
1. Self-organization
2. Transparency
3. Inclusion
4. Empowerment
5. Collaboration
6. Openness
7. Dogfooding
What the heck is an “open identity layer” – well we don’t exactly know but we do have a community that has come together some shared understanding and continue to ‘struggle’ with what it means and how it should work. Identity Commons provides a ‘common’ space to work on this shared goal by facilitating dialogue and collaboration.
Kim Cameron introduced the terminology “identity meta-system” and articulated what that might mean. The Laws of Identity were put forward by him along with some additional ideas by other community members.
There is no “decider” or group of deciders or “oversight committee” as part of Identity Commons ‘directing’ the development of the “open identity layer”.
We are a community collaborating together and working to exchange information about our independent but related efforts working towards the vision. The way we do this is via the working group agreement.
- Asking each working group to articulate its purpose, principles and practices by filling out a charter – this helps us be clear about how different groups work and what they do/are planning on doing
- Stewards review proposed working group charters – ask questions, consider were there are synergies, and see if they are aligned with the purpose and principles
- A vote of the stewards council is held
- Working Groups agree to report quarterly on their activities to remain active as groups of the organization – this also is our core ‘inter group communication mechanism – so that you don’t have to be on 20+ mailing lists to know what is going on in the community.
More about Stewards:
Each working group has one steward and an alternate for the stewards council.
The stewards are responsible for the things IC holds in common – the brand and its integrity and common assets (like the wiki and bank account). It does not ‘direct things’.
Stewards have (an optional) monthly phone calls and discuss and make decisions on a mailing list (that anyone can join).
More about Working Groups:
There are working groups within Identity Commons that support the community collaborating – the stewards council does not ‘run’ these groups but they serve the community and our efforts together- The Internet Identity Workshop, IC Collaborative Tools, Idnetity Futures, Id Media Review, Identity Gang, Marketing and Evangelism.
Working Groups come in several forms:
They can be an group of people with a passion to address something they feel needs to be addressed to get to the big vision. They want some wiki space and a mailing list to talk about the issues. Examples include Enterprise Positioning, Inclusive Initiatives, Identity Rights Agreements.
They can be an existing project that are part of a larger organization, Higgins is an example of this – they are a project of the Eclipse Foundation.
They can be something that grew out of conversations in the Identity Commons community and found a home within another organization like Project VRM (charter) has as part of the Berkman Center and will likely become its own ‘organization’ independent of Berkman by the end of the year.
They can be completely independent nonprofit organizations with their own boards, governance, bank account etc. examples include XDI.org and OpenID.
Some just get technical stuff done as part of IC like OSIS (doing its 3rd Interop at RSA in a month), and Identity Schemas.
Benefits to being explicitly a part of the IC Community.
clarity about each groups purpose, principles, and practices – so that collaboration is easier.
sharing of information via the collaborative tools and lists, along with the required quarterly reporting,
We “don’t know” what an identity layer looks like but we do know it needs to have certain properties to make it work for people the extensible nature of IC gives people the freedom to start a new group that addresses an aspect of the vision. This is the page on the IC wiki that explains our organizational structure.
We are a community.
We are a community more then “an organization” and joining does not mean subsuming a group identity under IC but rather stating a commitment to a shared vision, common values and commitment to collaboration.
A touch of formalism can help create great clarity of group pratices (governenace), leadership, intention, and focus. Not needed for small groups of 12 people doing one thing- helpful when you scale to the 1000’s of people working on the big vision. IC through its groups structure has 1000’s of people participating helping to innovate the technology and think about the social and legal implications.
We are not about “a solution” or “a blue print” there will be multiple operators and multiple standards – yes like the web there may one day be ‘standard’ that emerges just like TCP/IP did and HTML/HTTPS – however it is way to early to promote or be behind “one” thing, it is not to early to start collaborating and building shared meaning and understanding and interoperability between emerging efforts.
Identity problems in the digital realm are as much about technical issues as they are about the social implications and legal issues. Identity Commons explicitly makes space for the social and legal issues to be deal with in relationship to the technologies as it evolves.
In closing there is a background (shorter) and a history (longer) written about the community as it evolved.
IC and Data Portability
Here are some question asked in a recent conversation on the dataportability.org lists about IC along with my responses.
Maybe the Identity commons should be trying to set boundaries as being purely about identity?
An “open identity layer” that touches so much and there needs to be a “common space” to nash through the vastness of the problem – to deal with the technical, social and legal issues around people sharing their information in community and business contexts. We have this ultra extensible form and broad purpose to enable this to happen – there is “no committee in charge” no “one” or “company” or “group” is deciding what we “do” – we are a loose conglomeration that shares vision and values. Working independently but connectedly and commited to collaboration. It It is an ‘unconventional’ model that that is working to supposed and connect diverse conversations and technical efforts together.
Can we instead resolve that we promise to incorporate any decisions made by Identity commons as being part of our blueprint?
There are no “decisions made by Identity Commons” read our principles – we are a cluster of working groups that work independently.
Your blueprint (as a side note why there is still ‘one blueprint’ and not ‘blueprints’ plural at the very least or preferably ‘reference implementations’ in the plural form is still a mystery to me) will likely draw on tech stuff groups in IC have been working on for a while. Why not be a part of the ‘commons’ that they are a part of?
My perception of IDCommons is that it’s about Identity, and in your words, interoperable user-centric identity.
Most of the people who have been involved for the past several years got involved to help people have control of their ‘data’ – their identity the informatoin about them is part of what composes their identity. they didn’t get involved to ‘invent’ an identifier layer that didn’t “do” anything
I see DataPortability being about data sharing (in a technical sense)Identity is clearly a very important part of that but I don’t see much at all on IDCommons about data sharing. It’s as though DP has a wider scope of which IDCommons is a major part.
The exceptions to this view are
- Identity Schemas group
- Photo Group
- Data Sharing group
None of which seem to have much activity.
* OpenID has attribute exchange and Discovery in it – all about data sharing.
* Higgins & Bandit and the Pamela project ALL about infrastructure for card based tools that are all about data sharing for people.
* Project VRM all about how to create a new industry model to revolutionaize CRM and put individuals in charge of their data in radical new ways when relating to companies they do business with.
* I-brokers – their job is to stor data about people and have it be trusted.
* IRA – Identity Rights Agreements – all about how we create human understandable terms of service and norms in this area (it is a huge project and has interested folks but really needs a multi hundreds of thousands of dollars in legal work to ‘do it’).
* XRI and XDI two standards with roots in IC all about data sharing that can be applied to both peoples personal data and other forms of data that have nothing to do with people.
* OSIS is the Open Source Identity System and having its 3rd Interop event at RSA (The major security conference) in April with over 200 tests between relying parties, identity providers and (user-agents) card selectors. this group is ‘only’ a working group of IC (it does not have its own independent legal entity/or affiliation with another one as a project). People moving data around is what all this card stuff is about.
So. I am not sure where we have groups that are not in some way focused on this problem area.
DP is just the latest in a long line of initiatives that recognises the same underlying problem but none of the previous initiatives have captured mind share or really got traction.
Our goal is not to ‘capture [public] mind share’ (does the W3C, OASIS or IETF capture public mind share?) our goal is to facilitate the range of technical, social and legal initiatives that all need to happen to get and identity layer of the web – that shares people’s data in privacy protecing, conveninent and under their control. It is a huge problem – with many elements – having a loose community structure (with a slight bit of formalization) is actually working in some way to move this forward.
I think we’d be missing a lot if we scoped DP as a specialization of an “open identity layer”.
What do you think moving peoples personal information arournd – data portability is about. It is about building an ‘identity layer’ of the internet – for people and people’s DATA.
Chris has said a few times the scope of DP is to be narrow for now and focused on solving the data portability issue between mainstream social networks. This seems like something that fits into the purpose quite well.
Yes all data for all things needs to be moved around AND a good deal of data is created by people for people about people and the things the they do – hence the synergy.
Seems like semanitcs – when we wrote this purpose about two years ago this was the best we could do to describe this ‘vision’ it is VERY broad.
If DP wants to go beyond ‘people’ data that needs to move around GREAT – however much of that will be created by organizations and companies (that have identities).
Related Posts: What is Data Portability.org
What the Heck is Identity Commons?