Identitification

Lucy Lynch posted this “The CSIS Commission on Cybersecurity for the 44th Presidency ” to the ID-Legal e-mail list.
We are actually going to discuss it on our upcoming call along with figuring out our steward to Identity Commons. Lucy and I will be spending 2 days at the end of December face to face in Eugene planning strategy/execution/deliverables around having at least event in DC this winter/spring before the next IIW.
The CSIS Commission on Cybersecurity for the 44th Presidency has released its final report, “Securing Cyberspace for the 44th Presidency.” The Commissions three major findings are:
1. Cybersecurity is now one of the major national security problems facing the United States;
2. Decisions and actions must respect American values related to privacy and civil liberties; and
3. Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will improve the situation.”
There is a section on: Identity Management for CyberSecurity (page 67) that folks will want to read. CSIS is a Washington think tank, so this
is only advisory, but interesting to see some old models coming around again.
“CSIS was launched at the height of the Cold War, dedicated to the simple but urgent goal of finding ways for America to survive as a nation and prosper as a people. During the following four decades, CSIS has grown to become one of the nations and the worlds preeminent public policy institutions on U.S. and international security.”

Last week I presented at the Net Squared Conference they have a focus on ‘remixing the web for social change’ – it was fun to be invited to speak at the event by the “Jon Steward Famous” Susan Tenby – (she was on the show for her testimony in front of congress about her role as the head of the Nonprofit Commons in Second LIfe – in her testimony she said her Avatar name Gliteractitca Cookie – and well this fun identity fact was what got her on John Stewart).

| View | Upload your own
There was great live bloging coverage of my on the Net Squared blog posted by Brenda that you can read along with while you watch.

Sorry for this late notice on the blog but I just figured out where we are eating.
At the Internet Identity Workshop 2 weeks ago one of the session was about the Identity Futures work that we started last fall. We went over the events that we developed – see here.
John Kelly my collaborator developing them and those exercises couldn’t make IIW and we had a corum of folks who were in centered in the South Bay so we are having a meeting this evening over indian food to talk about next steps for this work.
If you are interested in this you are most welcome to attend. We are meeting at
We are meeting at 6 PM at Heritage of India 167 S Main St, Milpitas, CA 95035
PLEASE RSVP to me kaliya (at) Mac.com

Here are the relevant links from my talk on Identity at Net Squared.
US, Our Organizations and The Web: Leveraging Identity Tools for Collaboration

Why is user-centric Digital Identity Important?
Augmented Social Network: Building Identity and Trust into the Next Generation Internet 2003, Ken Jordan, Jan Hauser, Steven Foster.
OpenID
OpenID
Data Linking
Standards
XRI Wikipedia at OASIS
XDI Wikipedia at OASIS
Companies
Strong Eye
Kintera & XDI
GoLightly
ooTao

i-cards
Identity Blog – Kim Cameron MSFT Identity Architect
Higgins Project at Eclipse
OSIS – Open Source Identity Systems (interop work with over 50 companies and projects)
Vendor Relationship Management
Project VRM at the Berkman Center, Harvard
Collaboration Community for the Evolving Identity and Relationship Layer
Identity Commons

EVENTS I INVITE YOU TO
Vendor Relationship Management Workshop
July 10-12, Boston
Internet Identity Workshop #7
November 10-12, Mountain View
Data Sharing Summit #3
September?

BONUS RESOURCES

Identity Community Foundational Resources
Laws of Identity
OECD Paper: At the Crossroads: Personhood and Digital Identity in the Information Society

Additional White Papers of Interest
Accountable Net: Peer Production of Internet Governance
Appropriating Technology for Social Change
Movement as Network
Network Centric Advocacy 2003
Simple Open Standards you can adopt now
OAuth
Microformats
XRDS – Simple
Open Social

I am excited that our second set of “official” quarterly reports as been wrangled, compelled, edited and published on the IC blog and in PDF format. If you are wondering what all is happening in the communities work on user-centric identity technology this is the one thing to read and the best part is it is updated very three months. We welcome new groups joining the community – it is a simple process.
We are a community of groups working on addressing the social, legal and technical issues that arise with the emerging, identity, data and social layer of the internet.
Highlights from Q1 2008 Reports
The 6th Internet Identity Workshopis coming up May 12-14, immediately followed by a Data Sharing Summit.
The OpenID Foundation had 5 corporate members join the board – Google, Verisign, Microsoft, Yahoo and IBM. OpenID Japan was founded and guidelines for local chapters are being developed.
OSIS Open Source Identity Systems is working towards the completion of its third major Interop event (at RSA and the European Identity Conference) with 57 projects participating.
XRI 2.0 will be going to a vote within OASIS shortly.
Higgins 1.0 was released on Feb 21st.
Project VRMis leading a 1.5 day workshop at the European Identity Conference and has an active London Chapter. Work continues on the initial text case Personal Address Management
New Groups of Note:
Enterprise Positioning is a community of people inside enterprises who need to understand and explain the application of user-centric identity in that context. page 10
IC Evangelism and Marketing began to help develop clearer messaging for Identity Commons and develop a values statement. page 8
Newbies 4 Newbies have given invaluable feedback on the language used to articulate user-centric identity, helping to improve the Internet Identity Workshop announcement significantly. If you are new to User-Centric Digtial Identity – wondering what they heck is all this stuff – what do these acronyms mean – this is the group for you. page 10
The Photo Group started with three groups on Flickr 1) Identerati Portraits, 2) The Art of Identity and 3) Member Gallery with the photos they have taken. page 11
The Quiet Groups:
IC Collaborative Tools
XDI Commons
Identity Schema
Identity Rights Agreements
Identity Futures
IdMedia Review
PDF of Report

I worked on this diagram of Identity Commons for a few hours last night. I hope it does a good job of getting across our loose distributed yet connected nature. Please let me know if you have ideas to improve it.

Someone already mentioned that “standards” is perhaps a challenging word – maybe it should be changed to “protocols”. Lets be clear IC is NOT a standards body never intended to be – goal help connect efforts together in a loose non-controling way that facilitates collaboration.

TechCrunch just did a post about OpenID asked if it was being exploited by the large internet players that are participating in the community and adopting it.

I recall the first Internet Identity Workshop when the small crowd of ‘light weight’ ‘open’ ‘distributed’ SSO efforts came together and started their conversation about how they shared goals and very similar technology ideas – it was just the little guys.
Some context for those of you who don’t know this event was and continues to be co-convened and produced by myself, Doc Searls and Phil Windley – we are having our 6th stand alone workshop May 12-14 we also have also done 4 co-produced Identity Open Space events with Digital Identity World and Liberty Alliance near events that have had. This series of events that have no pre-set agenda in the past 2.5 years have been instrumental in moving the whole range of technologies forward because it creates “opportunities for both innovators and competitors, for the big guy and the small fry to come together in a safe and balanced space.” The Data Sharing Workshop and 2nd Summit – being done in collaboration with the more recently emergent DataPortability.org are building on both
* the track record of the IIW in bringing together high level people in a range of companies trying to tackle the difficult problems that need to be solved to make the vision a reality and
* the technology (standards and code) that are being brought forward via the Identity Commons community.

They agreed to Yadis a common service discovery method that would help their slightly different approaches work behind the scenes and then decided that Yadis as not such a good brand name and that is should be folded in and called OpenID.
These little guys had big hopes that OpenID would get adoption by large companies. It has been truly amazing to watch over the past two years as this collaboration that was cultivated by a community conversation has continued over the course of the Internet Identity Workshops – we are having our 6th one this May.
This space has been a neutral haven for all to express their views opinions and interest in different technological approaches. The Data Sharing Workshop and Summit build on this successful tradition and stack of technologies – it is the space where those inspired by the vision of data portability can get down into the details and make it real. Back to the TechCruch post:

The problem, though, is that the Big Four Internet companies that I mentioned above have made big press announcements about their support for OpenID, but haven’t done enough to actually implement it.

I agree with this statement AND there is some deeper issues that have yet to be addressed by the protocol itself to enable large sites to ‘trust’ (in the technical sense that the protocol flow will do what is says and can not be attacked) it. OpenID can be attacked from all sides (blackHat paper PDF outlining them). Bob Blakley from the Burton Group articulates the issues well here. David Recordon responded to a long critique of Stefan’s about the protocol. I think there is the potential to solve these issues but just ‘targeting’ the big players without addressing the real technical and social issues that are inhibiting large scale adoption is not fair.
Chris Mesina puts forward an in depth post articulating a shitlist, hitlist and wishlist around OpenID along with an update.
Great list highlighting things but it does not get to the heart of what in-the-end are the issues both technological and social that could limit adoption as ‘the’ solution to all that is needed for a people empowering identity layer of the web.
I look at all the progress happening in the Identity Commons community (here is our previous quarter’s reports) and have hope that solutions will emerge to address these challenges an “identity meta system” to work
* making it safe for users by making phishing really easy to prevent (this is where the card selector tools come in – CardSpace (MSFT) and the Higgins Open Source Card Selector (IBM, Parity, Novell-Bandit Project) Pamela Project relying party code)
* supporting selective and progressive disclosure (is done in a user friendly/repeatable way with cards)
* finding equitable legal frameworks and agreements for personal information sharing (Identity Rights Agreements Group is working on this and a gathering is being organized for this summer to address their development – many hundreds of thousands of legal work is needed to make this real)
* supporting automatic syncing and updating of information (this is where XRI/XDI and the Higgins Framework comes in)
* having third parties that mediate between end-users, their information and the market. (Yet to emerge businesses with new trust and business models – Project VRM is working on some of this).
OpenID is one part of a cluster of solutions – it will not solve these problems by itself (no matter how strong ‘they community’ or ‘the grassroots pressure’ because it is not sophisticated enough a protocol to do so. Those serious about really having these challenges address are invited to participate in the community and those who want to report on progress around an identity layer of the web need to look beyond ‘just OpenID’ and explore other proposed and emerging solutions that will together create an identity layer for web.
One great place to do this is at the upcoming OSIS (Open Source Identity Systems) Interop Event happening at RSA.
If you are reading this – you are interested but it is all making your head spin we have a Newbies 4 Newbies group that you can join and get peer-to-peer support from others engaging with this material (all or parts of it) for the first time.

The Internet Identity Workshop is coming up May 12-4 … this will be 6th event. Phil has an announcement up – where you can find the gif to post on your blog 🙂
If you want to sponsor please contact Phil.
If you would like to help with the design – figuring out what happens Monday and some other time sculpting contact me – we are going to have a call this week to discuss.
I am really excited about this event for a few reasons. Things are happening – in a major way

• Card Selector tools and technologies are being build and tested.
• Convergence is happening (U-prove being bought by MSFT)
• OpenID is becoming the new hot ‘buzz word’ according to my blogging friends and heard randomly in conversations in the valley by young ‘trying to start a company types’ to impress VC types.
• The social issues are percolating in new ways and ‘demand’ for the movement of personal data is gaining real traction (dataportability.org).
• The OECD paper was just published that I had read small parts of before many months ago.
• The Venn of Identity Paper written by Drummond and Eve is being published by the IEEE this month.
• the IDTrust event that recently happened – went well and included many projects that have a home at IIW – hopefully some new folks will attend from the activities.
• New people like Ryan are finding the problem of identity and learning about what is going on – and then explaining it.
• Working groups founded at IIW – namely Enterprise Positioning and Newbies 4 Newbies both have mailing lists (Newbies, IdPositioning) and are holding regular calls.
• The more vendor oriented day will happen on May 15th following IIW – it will be the 2nd Data Sharing Summit co-produced by Laurie Rae and I.
• New social features on the web create new social practices – twitter, pounce, personal action or news feeds.
• VRM is progressing and making presentations to ‘shift’ business logic.

Two weeks ago when I was in NYC we had an identity gathering. It was one of those ‘open space’ kind of days – who ever comes are the right people turns out it was 4 of us Me, Ryan, Tony and Ken Jordan. The person who instigated the meeting Ryan Jenssen because he reached out and asked to help Identity Commons and I said why not have a meetup when I am in NYC.
He is now writing a whole series talking about A History of Tomorrow’s Interent on his Dr Star Cat blog so far it is great.
Identity Intro Part 1,
Identity Intro Part 2, Identity provider diagram
Identity Intro Part 3, This has a diagram that articulates the companies projects, products and people.
Identity XRI/XDI Part 1,
To be continued….

I originally wrote this for Web 2.0 Expo last year April 2007 – It was called Why Identity Matters for Web 2.0. It has not been published in HTML yet. I kept hoping to make it better to refine it more. I will do that but now is the time to put this out there in linkable form.
The “We” of Identity for “Our Web” (the Social Graph)
[Originally the Why Identity Matters for Web 2.0]
Web 2.0 is about the emergence of an alive web – made up of people connecting and sharing together in groups. It is literally pulsing with the thoughts, hopes, wishes, actions, poems, prose, photos, video’s and many cultural expressions of our lives. Our identities – who we are is socially constructed. We could start with the word ubuntu – it is not just the name of a user-friendly Linux distribution it is a zulu word that means “I am who I am because of who we are together.”
Doc Searls has put it another way – we are the authors of each other. We have had “identity” since the dawn of time – our identity is innately shaped by the culture we live in, the geography of place and the resources at hand. Through Web 2.0 tools we are just doing what has been done for millennia in communities where sharing stories shaped culture and gave us a sense of who we are – exchanging all sorts of value with each other – some of which were around material goods, and some of which were around services. And much of it was mutual authoring through the creation and sharing of culture, meaning and reputation. Who we are and who the individual was mattered enormously in the context of the “we”.
I recently heard a talk by David Weinberger where he talked about first, second and third order information storage related to books. I think this frame can be helpful for us to think about what is going on with identity for people and the web. In first order storage, books exist in one place on a book shelf. Second order storage is the card catalogue with the meta-data about the books on the book shelf. With digital media and the internet we have third order storage of books where the data (the book content) and the meta data (information about the book) are both virtual and can exist in more then one place at a time.
Although our bodies can only be in one place at a time a lot of what web 2.0 is about is the extension of ourselves into the digital realm. Some of us have personal pages on multiple social networks. We put information about ourselves online and share it in all kinds of places. We work together to filter and sort information for our communities. We play games with people from around the world. (70% of Second Life is from outside the US). We manage our Instant Messaging presence on multiple networks simultaneously! Who we are when we do all these things matters a lot because the bread crumbs we leave behind. The impressions we make on others – the way those people mark, tag or otherwise order our shared experience.
We are also seeing challenges in this new atom bit mix. In extending ourselves into the digital realm things happen to our identities that were not possible when all records about us were stored physically. This new fluidity can be a bit disconcerting and raises new privacy concerns. It is easy to ping a database and learn about all ones past transactions with a company – this could be good for self reflection and better deals but bad take it to use against us. We are sharing ourselves in new ways online –we can project pieces of ourselves through our blogs, we can show up in Flickr, and online video’s. We are all “a little famous” to others beyond what we could be in ‘just’ a physical world – where once you might have shown up in the local paper just once in your life for winning a science fair – (like I did when I was 12!) – now you show up daily to your friends but also to those who randomly discover you. The old model still has my science fair win locked up in the local paper in a microfiche in my home town library. The new model has me and anyone else distributed, searchable, browsable and discoverable across the globe.
The promise of Web 2.0 comes with the distributed web of information by and about me AND by us about us. With an identity layer there exists the potential for products and services to go beyond isolated silos to deeply link together people, events, associations, meaning and media to become more than the sum of what any application could do or be alone. Identifiers that work in the digital realm along with human friendly metaphors and user-interfaces to manage this including one’s own privacy are critical for a fully realized vision. These new identity tools to be trusted must protect privacy, reputation and be secure. These are the challenges that must be solved collaboratively by the larger web 2.0 community.
Web 2.0 is only going to work if people trust the web enough to use it. PHRAUD, Phishing, pharming and theft of identity, are destroying user trust and USER TRUST is critical for Web 2.0 to succeed. Kim Cameron, one of the leaders in the Identity community has been tracking fraud statistics and they are staggering. When the Internet was created it was a small community of scientists, hackers and academics who didn’t need an identity infrastructure, because they already had (out of band) in the context of their own smaller communities. Web 2.0 creates the opportunityfor us to ‘know’ each other again and reweave a fabric of trust on the web through communities. This is a hard problem well beyond the ability of any one person or one community to solve it. In the Identity Commons community some building blocks to solve these issues have emerged but we don’t know the answers.
The community has innovated OpenID as a way for individuals to sign-in to sites across the web that support the protocol. Looking ahead are conversations about:

• datasharing services so that I can update my information once and it “shows up” in multiple places or not as I desire.
• personal network portability where I can take/share/access ‘my’ network of contacts from one service to another.
• vendor relationship management services so I can manage my relationships with companies I buy from.

All of this is still individually centric and I think the real value opportunity is in communities – communities of people who know each other, care about each other and seek to collaborate together on activities none could really do alone. How do we – show up together in many places? The power of groups to work together and move themselves around from context to context coherently is nearly impossible. The real value is in the WE made of many I’s, because people fundamentally see themselves as part(s) of social groups. For web 2.0 this means having tools that support both people AND communities. Success in an interconnected social web means platforms and companies need to begin thinking about designing for “my architecture” this is in the context of our web, so they must also begin thinking about designing for “we architecture.” I (as a user) am going to use tools that work for me using my identity to hang my relationships on – hooks to me — if you will. Because I am a social being – I relate to many groups and share many imagined communities and cultures with others. This will unleash a reflective power this gives us as individuals and collectively the ability to make better decisions and act differently. It creates a feedback loop we didn’t have before.
Community is about shared meaning, understanding and trust to take action together. When you get down to it trust is crucial for a heart in Web 2.0. This raises the question of how and why do we trust? Is it because you hand me government papers that say you are who you say you are? When do we do that in real life? Only when we are interacting with abstract entities – ‘the bank’, ‘the government’, ‘the passport control check point.’ We generally don’t use these to interact with others socially.
Trust, in part, comes from knowledge of past interactions and basis a decision to trust in the present comes from a combination of current context and past interactions. These can be interactions with

• ourselves. I trust my friend Sally because we have been doing things together for a long time.
• others we know who vouch for their past experience. I trust Bill who is Sally’s friend because she trusts him.
• others we don’t know who assert successful past interactions. I don’t know Jane but she says Suzie was a good person to do business with.

Trust is not an algorithm it is a knowing set of instincts we evolved and intuition we develop to survive and thrive in social groups. Each of us individually and each of our communities (the we’s) have our own way of balancing our needs for trust as our lives and community dynamics that unfold moment to moment. We make decisions regarding trust based on a range information that we have which we mentally aggregate to form judgments as we need to.
The “how” of all this is not obvious – science is just starting to unpack the deeper roots of our minds and human social behavior around trust instincts and intuition. In our evolutionary past these were tribal groups of around 150 people that you knew for life. A question we must ask our selves is what if our natural ways of discerning about trust don’t scale to the size of our social context today whether it is cities of millions or a web of billions? Another question that arises is what happens when our assumptions for social behavior work in a shared culture be it epistemic, geographic or religious but not in another? How do we as an evolving web 2.0 culture develop enough cultural literacy, emotional maturity and helpful tools to overcome these hurdles?
We must think deeper then “5 star ratings” and gesture algorithms to look deeper human at drivers and social processes. Instead of thinking in terms of technology and platform we need to innovate solutions to these difficult problems that are user-centric. And solutions that are rooted in community contexts.
So what do we do today? Where do we start? I believe the place to begin is to start supporting OpenID to become a relying party and if possible an OpenID provider. OpenID gives users the freedom to extend themselves across the web in a way that is under THEIR control.
Next, before we can get to good answers, we need to determine good questions. I invite you to join the conversation at Identity Commons and the Internet Identity Workshop about how group identities along with individual identities should be supported in a living web, the new web for all of us – Web 2.0.
Web 2.0 provides us with a fabulous new set of engines that have made Wikipedia possible created live search and many others we learning about here. So the big question is what kind of new engines can Web 2.0 provide us to enhance IDENTITY and TRUST to form a distributed social fabric. What can YOU do with Web 2.0 to create a trustable social web? That’s my question to all of you building and participating in Web 2.0.
(if you want to comment please just e-mail me – long story my tech has not gotten OpenID working on this WordPress blog yet).

I am speaking on Friday at the Value Networks Community Cluster about Identity. The theme is Presence 2.0: Rise of Living Networks.
I did not make up this Copy describing the even but here it is:

We are in the throes of a major revolution in collaboration, community, business, the environment, economics and civil society. Web 2.0 and Enterprise 2.0 are ushering in a new network era. A deep social reorientation of work and wealth creation is in play. Prosperity is achieved through deliberate pursuit of diverse relationships. It is positively critical to nourish and nurture your links and flow paths through periodic, same time, same place collaboration and periodic transorganizational collaboration. These key relationships are further developed and optimized through ecologies of living social networks. Today we have an enormous capabilities infrastructure for social network applications. Fact is, these innovations still depend, in large part, and on many levels, on well-developed personal relationships.
Enterprise 2.0 Presence and Identity: The Rise of Living Social Networks will examine rapidly expanding, hyper-connected social network services, programmable webs and socially-mediated, knowledge-based business activities. New device-based social networks, an IPv6 address space of 3.4×1038, geocoding, pervasive computing, collective intelligence networks and, above all, the importance of collaboration to everything, has fundamentally and permanently altered they way we learn, work, play and thrive. Living social networks are making an enormous impact to the environment, wealth and well-being. Specifically, living social networks are becoming critical to all business. They are the critical value paths essential to corporate performance, business excellence and civil societies. For example, live, real-time communications such as IM, VoIP and mobile are becoming far more emergent and social. Simultaneously, asynchronous social networks applications like blogs, wikis and email are becoming far more real time.

Here is who will be speaking:

• David Coleman will cover his newest book, Collaborate 2.0.
• Stuart Henshall will examine presence and enhanced knowledge path and flows.
• Phil Wolff will lead a discussion on the Enterprise 2.0 social stack.
• Kaliya Hamlin,The Identity Women, will furnish an important update on the identity.
• Verna Allee will review recently conclude mobile worker research using VNA.
• Ross Mayfield will further develop the vision of the social enterprise.
• Alex Lewis will cover Microsoft’s Presence strategy in OCS 2007.
• Don Steiny respected Stanford researcher in social network analysis.

If you want to come you can get a discount – 60% off.
Yeah don’t ask me about the price point – I already brought it up – apparently they ‘break even’. They even made me pay to talk. I like Verna a lot so I said yes.

This was on Slashdot today and in the NYTimes.

In the absence of strong protections for employees, poorly chosen words or even a single photograph posted online in one’s off-hours can have career-altering consequences. Stacy Snyder, 25, who was a senior at Millersville University in Millersville, Pa., offers an instructive example. Last year, she was dismissed from the student teaching program at a nearby high school and denied her teaching credential after the school staff came across her photograph on her MySpace profile. She filed a lawsuit in April this year in federal court in Philadelphia contending that her rights to free expression under the First Amendment had been violated. No trial date has been set.

This came by Slashdot today from the NYTimes

Sometimes what they find is unsettling. But in the emerging communities of the genetically rare, more often it is sustaining.
For three families, the impulse to find others in the same situation was immediate.
A few months before the Lanes crossed the state to meet Taygen’s chromosomal cousin, Jennie Dopp, a mother in Utah, was scouring the Internet for families with “7q11.23,” the diagnosis that explained her son’s odd behavior and halting speech.
“I want someone to say ‘I know what you mean,’” Ms. Dopp told her husband, “and really mean it.”
Noa Ospenson’s parents flew from Boston to South Carolina for a meeting of 100 families with children who, like Noa, are also “22q13.” Hoping for more information about their daughter’s diagnosis, they emerged as lifetime members of what they call “Noa’s tribe.”
For each of them, a genetic mutation became the foundation for a new form of kinship.

I saw this add at the bottom of I Can Has Cheezburger – (for those of you who don’t know it is the ‘home’ of the LOL (Laugh Out Loud) Cats Genera of internet humor.)
So I clicked on it and found this

Now your child can write to Santa and receive a reply! Print out this personalized letter from Santa. Imagine the excitement when they read just how much Santa knows about them.
All you need to do is fill out the details below (the more information the better the letter) and we will instantly email you a letter from Santa. All you need to do is open the attachments and print using the best quality color you have available. The graphics are great and worthy of high quality color. To get the best results, For Present, please put a sentence to proceed the question “What could it be?” For example “A bike?” or “The doll house you love?”

Looking below the only fields that are required are your e-mail address your child’s name and your child’s birthday. I suspect this is so they can ping you before your child’s next birthday and remind you to buy something.
I just look and wonder at anyone who wants to know my birthday – and giving away my child’s birthday. Who knows where the information will go.
Diving into the site I find you can get books printed with your child playing a role in the story. Just in case your kids were not narcissistic enough already.