Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

Identitification

Web 2.0 round up …

· · Leave a Comment

Web 2.0 was fun. The acoustics sucked (we had to yell to talk to each other at breaks the venue was sooo maxed out). The coolest things were:
Zimbra – The open source collaboration suite.
Transparensee – Discovery Search Engine that sorts results as you move little sliders.
Wink – The social search engine.
zvents – Discover events in your neighborhood.
Attention Trust – You Own: Yourself; Your data; Your attention.

Your Rights: When you give your attention to sites that adhere to the AttentionTrust, these rights are guaranteed.
Property: You own your attention and can store it wherever you wish. You have CONTROL.
Mobility: You can securely move your attention wherever you want whenever you want to. You have the ability to TRANSFER your attention.
Economy: You can pay attention to whomever you wish and receive value in return. Your attention has WORTH.
Transparency: You can see exactly how your attention is being used. You can DECIDE who you trust.

Dumbest thing said on the stage:
Bary Diller dismissed the idea that citizens with blogs and video editing software were major threats to the entertainment industry. “There is not that much talent in the world,” Diller said. “There are very few people in very few closets in very few rooms that are really talented and can’t get out.” “People with talent and expertise at making entertainment products are not going to be displaced by 1,800 people coming up with their videos that they think are going to have an appeal.” (this is excerted from Andreas Duss)
To top it off it was Echoed by Vinod Khosla the next day. I guess the big boys don’t really get it – it is like . The cool kids do so…watch out.
Reminds me of this story about denial that I just read in FAST COMPANY (one of my FAVORITE magazines)

Jon Wilkins had just finished telling a room of 100 or so of his peers that their industry is institutionally incapable of giving clients the smartest ideas. How ad agencies and media agencies that decide where ads run are built like factories, focused on one output (and that output is their handcuff). How a new model needs to emerge, one that can provide unbiased advice to marketers.
“You’re saying everything’s changing and it’s not.”
Before Wilkins could respond, one of his clients intercepted the challenge. “I used to kid myself I wasn’t going bald,” said Mark Finney, the clearly hairless head of media for Orange, Europe’s third-largest wireless carrier. “I’d pull my hair forward, I’d cover it over this way, I’d look in the mirror and think, It’s never going to happen to me. Then suddenly I started realizing I looked really stupid. . . . I hate to say it, but Jon’s right and you’re wrong. You’re covering your baldness, and at a certain point, you’re going to look stupid.”

Future Assertion of Note:
Mary Meeker talked about the future of looking for stuff.
Search, Find, and Obtain so that there will be little difference between Marketing, Advertising and Selling.
Her presentation is full of numbers worth checking out.
Acquisitions of Note:
Weblogs Inc was bought by AOL (the deal closed in July just announced though)
Upcoming.org was bought by Yahoo
Alliance of Note:
Sun – Google (comments by Johnathan CEO of Sun)
Rumor of note:
Microsoft buying AOL
Notably Absent:
Discussion of the open source platforms like Drupal that are major parts of Web 2.0 (the people collaborating) and the communities of developers and small businesses around them. I guess cause they are open source and they don’t have thousands to shell out the Tim and John they don’t rate. Hopefully we can do a conference with the cool kids building open source ecologies.

Getting to the Promised Layer

· · Leave a Comment

The Internet Identity Workshop just got a promotion on O’Reilly with the publishing of an article I wrote. The Identity 2.0 Gathering: Getting to the Promised Layer (it occurred to me after it was already published that the last word should be Layer instead of Land – oh well).
Here is the opening….

There were many who thought that an identity solution would emerge to support single sign on (SSO) shortly after the Web’s emergence in 1994. An SSO solution has proven very elusive. Solving internet identity management, creating an efficient, reliable ecosystem, is often alluded to as “The Holy Grail.” One of the reasons for this elusiveness is the fact that identity is no small matter. It lies at the core of who we are as social beings. There are many ways to think about what identity is, such as: how we define ourselves (self-assertions), how others see us (facts about us), and what others think about us (our reputation).
When tackling the problem of representing these elements, the first challenge is settling on a protocol used in a system that is flexible and broad enough to encompass the enormously wide range of ways people around the globe use and define identity. Identity protocols are not like TCP/IP–simply just connecting two machines. While reading Protocol: How Control Exists After Decentralization, I came across this quote that summed up the challenge. “Protocol is synonymous with possibility … Protocol outlines the playing field for what can happen, and where. If one chooses to ignore a certain protocol, then it becomes impossible to communicate on that particular channel. No protocol, no connection.” The edge use cases must be considered carefully so that they are included within the protocol’s possibility landscape. The inherent complexity of this next identity layer of the Net is one of the reasons it has yet to successfully emerge.

The Laundry has opened its doors

· · Leave a Comment

Marc Andreesons latest startup came out of the laundry today (prior it was called 24h laundry) – so welcome Ning to the world.

We’ve built an online service (or Playground, as we like to call it) for building and using social applications. Social “apps” are web applications that enable people to match, transact, and communicate with other people.

Should be very interesting to see what gets built on this “playground.” It also seems like a good place for XRI/XDI and perhaps also reputation for the different participating folks.

O'Reilly's thoughts on Identity in the context of Web 2.0

· · Leave a Comment

I just read through Tim’s five pager on Web 2.0 and found the highlights that relate to Identity.

Meanwhile, startups like Sxip are exploring the potential of federated identity, in quest of a kind of “distributed 1-click” that will provide a seamless Web 2.0 identity subsystem…While the jury’s still out on the success of any particular startup or approach, it’s clear that standards and solutions in these areas, effectively turning certain classes of data into reliable subsystems of the “internet operating system”, will enable the next generation of applications.
A further point must be noted with regard to data, and that is user concerns about privacy and their rights to their own data. In many of the early web applications, copyright is only loosely enforced. For example, Amazon lays claim to any reviews submitted to the site, but in the absence of enforcement, people may repost the same review elsewhere. However, as companies begin to realize that control over data may be their chief source of competitive advantage, we may see heightened attempts at control.
Much as the rise of proprietary software led to the Free Software movement, we expect the rise of proprietary databases to result in a Free Data movement within the next decade. One can see early signs of this countervailing trend in open data projects such as Wikipedia, the Creative Commons, and in software projects like Greasemonkey, which allow users to take control of how data is displayed on their computer.

I hope that Identity Common’s who’s founding principles assert this Freedom loud and clear can lead the way on this.

Users must be treated as co-developers, in a reflection of open source development practices (even if the software in question is unlikely to be released under an open source license.) The open source dictum, “release early and release often” in fact has morphed into an even more radical position, “the perpetual beta,” in which the product is developed in the open, with new features slipstreamed in on a monthly, weekly, or even daily basis.
Lightweight Programming Models
There are several significant lessons here:
Think syndication, not coordination. Simple web services, like RSS and REST-based web services, are about syndicating data outwards, not controlling what happens when it gets to the other end of the connection. This idea is fundamental to the internet itself, a reflection of what is known as the end-to-end principle.
It’s easy to see how Web 2.0 will also remake the address book. A Web 2.0-style address book would treat the local address book on the PC or phone merely as a cache of the contacts you’ve explicitly asked the system to remember. Meanwhile, a web-based synchronization agent, Gmail-style, would remember every message sent or received, every email address and every phone number used, and build social networking heuristics to decide which ones to offer up as alternatives when an answer wasn’t found in the local cache.

Halley and I talk Identity – Podcast from BlogHer

· · 1 Comment

One of the highlights of BlogHer for me was my first podcasting experience with Halley Suitt. I was sitting around at a ‘podcasting’ station and she showed up and the John Furrier who runs PodTech was there and so we did a spontaneous recording… here is the result. Wow! listening I actually don’t mind my voice.

How do we make the internet a trusted place?
Is the net a more dangerous place for women?
Halley discusses her digital identity experiences – writing about sex on the net, and lingerie photos of her on the net.
I mention the founding of Virtual Rights to address this new era of personal representation online. I share what inspires me how we can use these tools to empower us as citizens.

HIghlights from Accelerating Change:7 (Gamers will Save the Planet)

· · Leave a Comment

This was a great talk by Cory from Second Life.
Games will Save the Planet!!! How? Playing games improves the capacity to critically filter the increasing volumes of information we are exposed to. Games give you a place to practice performance before competence. As you learn new skills you can also maintain an appropriate level of challenge. Games are full of disinformation and information asymmetry and coping with these challenges is a skill that they develop. Laziness is not tolerated in game play because they are hard. Games get harder and harder.
Education researchers are studying how game players are organizing and educating themselves in MMOG (massive multi online games) guilds. They are hoping that this research can be applied to traditional education. Games develop critical thinking goal oriented thinking. Those researching this include – Anne Gever, Joshua Fouts and Douglas Thomas. and UW – Madison Paul Gee, Kurt Squire.

Technorati Tags:

Accelerating Change Highlights: 2 (Esther)

· · Leave a Comment

Esther Dyson did a great thing opening her talk “I am going to lead this time like the internet – If you don’t like it go somewhere else. Do your own thing. This is what the net allows you to do.”

Governance on the Net – The best way to regulate systems is for the people loosing control someone else is loosing it. (This is the current theme of the Release 1.0) Accountable peer-to-peer as opposed to some authority that can be corrupted.
The rulesets you create matter a huge amount. You can’t just have an idea precision matters. You can’t just allow users to design the rules you may end up with the wrong set of rules. There is an evolution of competing models.
An organization that Esther is working on advising is safecount.org that is addressing cookie issues – if the decide they all should be disclosed she will continue to work with them.
Concentrated power gets abused. Power is so corrupting. Give people power to do things not power over people. Give more power to individuals and not the power of institutions.
The articulation of accountability and identity and identification.
Reliable accountability – the fact that what you did as X you are accountable today for what you did yesterday as X.
Peer to peer accountability. The less power anyone has the less it matters when they make a mistake. The mistakes that one makes matters less.

An illustrative example that was given about how market based mechanisms don’t necessarily work. This day care was having a problem with kids being picked up late. It wasn’t working for anyone -the kids would get stressed out, the daycare staff would have to stay late etc. So they decided to deal with in a market based way – $10 for every 5min you were late. This totally backfired because then it was no longer immoral to be late it was just expensive.

Live from Accelerating Change – DataTao, i-name Cell phone

· · Leave a Comment

I am blogging from the soon to be open Accelerating Change Conference.
Andy gave me a ride down here and we talked about the announcement last week of DataTao.

DataTao is going to be an interoperable data hub for user controlled data. DataTao is primarily about programmatic access to an individual’s data and only has as much UI as is needed to richly support its base functionality.
So why do I call it an ‘interoperable’ data hub? That’s because DataTao is designed to act as a bridge between many of the current identity protocols. While DataTao will provide storage for people that don’t have their data stored and available from elsewhere, its main purpose is to consume and forward data from its authoritative source(s).
It is my opinion that DataTao is a necessary and required next step in the evolution of the DataWeb. While DataTao by itself is NOT a compelling application it is a needed piece of infrastructure. It will hopefully encourage and enable people to build internet 2.0 applications and maximize the leverage of those already built.
In order to drive adoption DataTao will provide some Apps that use the DataWeb for persistence in conjunction with the DataTao launch. These apps have not been finalized yet but will likely include Exchange and Mac Mail integration (Self updating address books) as well as a rich interface for person to person profile information sharing (i-share).

I got to meet Ajay of AmSoft for the first time and see the i-names being used on the a cell phone. This is push to communicate asserting preferred mode of communication.

Creating:
* Choice
* Privacy
* Control

Technorati Tags: , , , , , , , ,

Emerging Understanding Swarms & other cool stuff at DorkBot SF

· · Leave a Comment

On Wednesday Night I attended my first DorkBotSan Francisco. It was great to be in a room full of cool geeks.
Mark Pesce also spoke about evolutions happening in swarming.

Informational Swarms are the most efficient way to get the most information to the most people.
Knowledge Swarms [ Information + Context] Wikipedia is the example where everyone contributes a little bit. It is the ‘black hole of human knowledge’ and as we all contribute a little be we all are invested in it.
Understanding Swarms [Knowledge + Experience] What we can tell each other. Looking ahead being able to google your friends (ahh here is where persistent identity shows up!)

Spot Draves presented the lastest with Electric Sheep.
Jon Philips presented on how to build an online community. The key was having three things:

• 1 mailing list
• 1 wiki and
• 1 IRC channel

Eric Davis (a founder of Planetwork)
Spoke a bit about the network power to interlink machines and amplify human knowledge. He introduced Make Magazine and spoke to the form of magazine – the inter linking of word and image.
The folks from from Make Magazine were fantastic too. I love that magazine. I read it cover to cover when it comes out. Sitting there listening to me I reflected back…emembering my days in electronics class back in grade 9…and realizing that I have been inclined towards technology for a while. Perhaps I will get up the courage to build something from it soon.
Interestingly enough it is breaking all the rules for that business – with a sell through rate of 50-75% (normally 20% or less) and having back issues in the book section. They thought of it as a Mook (a book / magazine format invented in Japan). They also have only 12 pages of ads in 160 pages of space. Their circulation is 3.5 times larger then they expected it would be by this time at 35,000.
Then there was some ‘open-dorking’. I will go back but overall it was a bit frustrating because the evening felt over programmed. Once the room broke for drinks and sociallizing it would have been good energetically to let it continue. It is one of those process things that all communities encounter as they bring people together.

Digital Identity 'performance' by college kids

· · Leave a Comment

Danah Boyde has a great post about Face Book – (an online social network only for those how are in college.) This paragraph really stood out for me because it highlights the social phenomena that those of us who typically work in digitial identity do not really ‘do’ – DIGITAL IDENTITY PERFORMANCE…

The Facebook is situated in a culture with a set of known practices and needs, helping students make sense of their universe and constantly changing social networks. Even the issues around performative profiles are dampened because college students are so engrossed in digital identity performance as a process of figuring out who they are. Between MySpace and The Facebook, teens are now growing up assuming social network tools and building the value into them but most adults have no interest; herein lies another age division that will certainly affect the future of technology use.

She also wonders about how the practices emerging in these educational facebooks can perhaps be picked up by corporate ones to make them more effective.

Unfortunately, in the corporate culture, tools are being built to only reflect a fraction of the networking practices – they are poorly aligned and dreadfully unflexible. It’s funny though – every big company tends to have a facebook of sorts – reporting charts, roles, seat assignments. What if those could grow to indicate projects and past cooperations between colleagues? What if non-salesman could articulate their relationships to people in other companies rather than having them uncomfortably sussed out via email? What if social networking tools were built into the already existing corporate framework? What would it mean to make the corporate facebooks more useful?

Technorati Tags:

IAA – TIA continues and PATRIOT expanded?

· · Leave a Comment

Surveillance society quietly moves in

It’s a well-known dirty trick in the halls of government: If you want to pass unpopular legislation that you know won’t stand up to scrutiny, just wait until the public isn’t looking. That’s precisely what the Bush administration did Dec. 13, 2003, the day American troops captured Saddam Hussein.
Bush celebrated the occasion by privately signing into law the Intelligence Authorization Act – a controversial expansion of the PATRIOT Act that included items culled from the “Domestic Security Enhancement Act of 2003,” a draft proposal that had been shelved due to public outcry after being leaked.
Specifically, the IAA allows the government to obtain an individual’s financial records without a court order. The law also makes it illegal for institutions to inform anyone that the government has requested those records, or that information has been shared with the authorities.
“The law also broadens the definition of ‘financial institution’ to include insurance companies, travel and real-estate agencies, stockbrokers, the US Postal Service, jewelry stores, casinos, airlines, car dealerships, and any other business ‘whose cash transactions have a high degree of usefulness in criminal, tax, or regulatory matters’ “ warned Nikki Swartz in the Information Management Journal. According to Swartz, the definition is now so broad that it could plausibly be used to access even school transcripts or medical records.
“In one fell swoop, this act has decimated our rights to privacy, due process, and freedom of speech,” Anna Samson Miranda wrote in an article for LiP magazine titled “Grave New World” that documented the ways in which the government already employs high-tech, private industry, and everyday citizens as part of a vast web of surveillance.
Miranda warned, “If we are too busy, distracted, or apathetic to fight government and corporate surveillance and data collection, we will find ourselves unable to go anywhere – whether down the street for a cup of coffee or across the country for a protest – without being watched.”
Sources: “PATRIOT Act’s Reach Expanded Despite Part Being Struck Down,” Nikki Swartz, Information Management Journal, March/April 2004; “Grave New World,” Anna Samson Miranda, LiP, Winter 2004; “Where Big Brother Snoops on Americans 24/7,” Teresa Hampton and Doug Thompson, Capitol Hill Blue June 7, 2004.

Censored – or bogus? (see below) was a caveat to caveat offered to the above story. I would like to know what others in our network/community know about this and see if the identity community can uncover what information is actually is being shared with government about our day to day personal transactions without our awareness.

Some stories get ignored by the mainstream media because they’re too controversial, or too much of a challenge to the rich and powerful, or just too hot to handle.
But some stories get dismissed because they’re just not credible – and unfortunately, one of the pieces Project Censored cites this year appears to fall into that category.
Almost everything on the Project Censored list is well sourced and, at the very least, plausible. But one of the stories listed under “Surveillance Society Quietly Moves In” is a piece titled “Where Big Brother Snoops on Americans 24/7.” Written by Teresa Hampton and Doug Thompson, the piece was published on www.capitolhillblue.com, a Virginia Web site that’s been around since 1994.
The piece makes some pretty spectacular allegations. Hampton and Thompson claim not only that the Pentagon is defying Congress and covertly operating the notorious Total Information Awareness program (TIA) (which Congress explicitly killed), but also that the feds now monitor “virtually every financial transaction of every American,” in real time (that is, as it’s happening). They also maintain that the Pentagon uses the information to launch investigations of “persons of interest” and as a basis for adding names to the Transportation Security Administration’s “no fly” lists.
It’s pretty far-fetched to think that the Pentagon could run an operation so vast as to review almost every financial transaction in the country as it happens. But beyond that, the American Civil Liberties Union has filed two suits against the feds trying to pinpoint just how it collates TSA’s “no fly” lists and still hasn’t been able to figure it out.
The principal sources Hampton and Thompson base their story on seem to be an anonymous “security consultant who worked on the … project” and an “Allen Banks” – someone identified simply as a “security expert,” without any detail as to who he is or how he would be privy to such information.
Thompson, who is the site’s publisher, defended the accuracy of the story, saying that he’d spoken with “over 30 sources” – police, banks, credit card agencies – and that he reached his conclusions based on those sources as well as on the fact that there were “too many coincidences.” (None of that is explained in the story.)
“To some extent,” he added, “it was a conclusion by me, looking at the links.” Banks and other private industries had been instructed to e-mail data to the feds under TIA, and they continued sending data to the same places after TIA was killed, because they never received orders to stop, Thompson said. His caveat: “If I had to go into court and prove this, there’s no way I could prove it.”
We’re still dubious.
CTT

Technorati Tags: , ,

Marc, EndUsers CARE!

· · Leave a Comment

Marc Canter’s Law #1 has been published.

Canter’s Law #1:
– It is not a bad thing to make everyone happy. It sometimes requires compromises, but at the end of the day – by getting around the format Wars – we all benefit.
– So though we understand that having too many formats may confuse or muddy the waters – it won’t be muddy to the constituents of each format. Most developers will adhere to ONE philosophy and the others – will appreciate support for all.
– See Flickr
No human cares about what format is supported. Only us. Flickr proved that they could be completely format agnostic and provide a compelling experience to all.

Phil’s take on it...

– To make someone happy, you’ve got to support their format. To make everyone happy, you’ve got to support everyone’s formats.
– There are always going to be more formats than you want. Get over it.

All of this is very conciliatory to ‘technologist’s and their preferred file schema’s and file formats. I have no idea what the difference is between ATOM and RSS and RDF and I don’t really care they all work in my Aggreagator in basically the same way.
I am not sure if Marc is referring to ‘making everyone happy’ in the identity space but I believe that he is based on past comments and the assertion that GoingOn will use all the protocols. (DataTao also says they will support them all too)
In Identity land are not just dealing with file formats. We are dealing with user-centric identity. Let me spell it out for you E N D U S E R S and user experience.
You may support in your identity hub all the formats… XRI – i-names | SXIP – guppies | LID – Personal URL | OpenID URL | {how these two fathom that end users will start to login using a URL after inserting some ‘key’ in the back of their blog/site is beyond me}Passel e-mail of choice and on and on…….
Do you not think all this choice confuses END USERS to the point they will not adopt anything until there is one simple easy to understand way this user centric interop identity system works? Remember some of the folks using this system in the not to distant future will be functionally illiterate.
I basically agree with bob’s point.

But, if you focus too much on making some geek happy, the result will NOT be the “Right Thing” from the users’ point of view. Making one or two geeks happy is not the Right Thing if it means compromising on how well users’ needs are addressed. There are many more users than there are geeks. We need to be driven by a drive to service our users’ needs — not by the egos of geeks and coders.

Mary Hodder had this to say about the identity standards discernment and why it was SO key we figure it out inside our community before ‘going live’ and asking sites and users to adopt.

When I tell people about the identity systems being built, they look at me (sort of horrified) like they have absolutely no intention of ever using such a thing, and so i explain the benefits: single sign on, user control over how far the info goes, not having to give an email address in order to sign up for one or another services, which may reveal more info than you want to, and trust and reputation. At that point they are skeptical, but they usually say that if the single sign-on thing were fixed, and if they had total control over where their information went and how far, they ‘might’ use it.
So I mentioned this to the developer of the system I was testing, and he said that he was using his own protocol.. because ‘everyone else was doing it.’ When I asked why, he said ‘because I want to win’ which i really found very disturbing. He said the other protocol makers were all doing the same thing: ‘wanting to win’ and creating systems based upon their own protocols, so that users would not be able to take their identities from one place to the next.
To me this entirely defeats the purpose of the identity gang, and will be incredibly frustrating to users. More so that email, a personal digital identity representation will be a very personal and emotional thing for users, if it is usable all over and they see it as something that represents themselves because they use it to represent themselves. If not, users will say, what is the difference? Why change to an ID based system (insert ID protocol here: sxip, openID, iName, lid, etc) when it can only be used at one company, or with one set of services. It’s the same thing we have now as far as user’s experiences are concerned, with multiple sign ons.
I think competing based on different protocols is ridiculous and will not help anyone, least of all users. And with users frustrated, you will not get adoption that will really make ID service based businesses take off.
I think people will blog about these multiple proprietary protocols, saying that people should hold off or not play, until this gets worked out and the people developing systems create a single protocol that is open and freely movable.
I’m concerned about using our time constructively in the identity gang to create this single protocol so that we are then competing over services and interesting systems. Are we all on the same page here.. or is this developer right that we are all making different protocols (sort of in secret) to compete at that level?

New protocols … New Terms

· · Leave a Comment

Eric Hall just pointed me to a great post by dizzyd of Passel about the challenges of doing a new from the ground up protocol/technology and how you communicate to the rest of the world what it does. Some learnings in there for all of us in this identity space. Hopefully during the Internet Identity Workshop we can have a big list of terms and their definitions posted on the walls for us to collectively discern with greater clarity their meaning so we can all communicate with one another better.

Buzz-Phraser 2.0

· · Leave a Comment

I just found a great post about Nathan Torkington creator of odio.us the Gateway to Web 2.0 Riches. Just go there and scroll up and down the Web 2.0 elevator pitches. The are really funny. I bet you he gets a lot of them these days as the producer of OSCON.
The original Buzz-Phraser 1.3 has three languages – TechnoLatin, CollaboLain and IdentoLatin. Hopefully it will be helpful for all those coming up with cool talks for us at the Internet Identity Summit.

Technorati Tags: ,

While I was out: 2 new blogs… Y!-Flkr eruptions

· · Leave a Comment

A day after my computer died, Bob Blakley e-mailed me to let me know he had started blogging (and that it was in part my doing) for blogging his talk at Catalyst.
Here is his first post – Identity is a Story.
my comment: Indeed it is. I wrote a great resume story when I applied to work as a blogger at SpikeSource (I knew they never would hire me if I didn’t tell the story of why they should based on my past experience). Needless to say they hired me and then didn’t let me blog so that gig was over fairly fast.
He is very articulate about the range of issues that aries around identity:

I think identity behaves in consistent and predictable ways in the real world, BUT most contemporary discussions of identity are completely out of touch with what identity really is and how it really works. To understand how identity behaves, it’s necessary to distinguish the different uses people make of identity, and consider each of those uses individually.
I think a set of axioms of identity can be defined which describe what identity can and cannot do, and what it will and will not do in particular circumstances. We can enumerate these axioms by looking at centuries of thought about identity and examining that thought in the light of situations which occur in the real world today.
I think that systems designed with the axioms of identity in mind will be more effective than systems designed without regard for the axioms.
I think that the axioms define how identity and privacy are related, and can help illuminate when we can determine identity, when we can protect privacy, when we must choose, and when we are out of luck on both counts.

He recommends a book that goes in the philosophical direction The Identities of Persons. Just for fun on Amazon I surfed around this book through the “people who bought this book also bought this and similar items. Just two steps away in the Amazon Cloud of related books are Modern Cosmology and Philosphy, Methods of Ethics, Metaphors We Live By. This highlights how closely Identity and its meaning are tied.
This transitions me over to another subject of the week Y!-Flkr eruptions. There was quite a fuss over the Yahoo! ID – Flickr ID linking (or optional linking). Mary Hodder did a great job of articulating the very real human issues of identity surrounding this storm. Truly every time we login with an handle of any kind – that is an identity of ours. It is not just an entry in a database not just bits or just identifiers. These are identifiers of people. Why does this matter? Cause people are not just web resources.

One of the people who works for me showed me a database on Monday, while we were discussing the Flickhoo flap, that she’s been maintaining for the past 10 years of all of her logins all over the internet. She has 249 different logins at that many sites. Solving this problem, so that she could just use one or two or three logins everywhere, makes a lot of sense.

Mary did a great job of articulating a cool way out of the dilemma – give them all i-names and let Yahoo! become an I-broker! Let Flickr give all their folks i-names and let them manage their own Identity and choose if they want to host to i-names together in one broker or keep them separate. [she gets the syntax a bit wrong Yahoo could change them easily into @yahoo*username accounts]

And Yahoo could really take the lead on Identity Management by adopting a system that would create simplicity for users, and simplicity for themselves. And turn down the public relations flap a notch when they acquire companies and have to integrate users and ID’s into the company.

Ryan King (currently of Technorati) made a comment that seemed to come from the very technical utilitarian perspective:

The Yahoo/Flickr changes have nothing to do with identity- its only the login procedure, which is now done with an email address.

Even “if” all it means that you now login to Flickr using a YahooID, then those two identities are linked. Yahoo can go in and look at your flickr picks and the tags and aggregate more information about you in its digital dossier. Yahoo uses the information about you that it observes while you move about it to send you ads you will like and other stuff (I don’t really use Yahoo! day-to-day [I do have a really really old login that is my messenger identity and one e-mail account for emergencies], so I am not up on the full user experience there. But they are becoming a cooler company so maybe I will join in but not likely until they are a member of Identity Commons and Attention Trust so I can better trust their use of my identity and information associated with it). This is what helps them make money off you – selling annoying adds around the real information you want to see.
What if they went to a permission marketing model with i-names as is suggested near the end of Dear Marketers, An Open Letter from your Customers in July 2005 and these use cases articulated by Fen two years ago? Fen also wrote about a service he envisioned and tried to build News Peek that is currently a lot like what the blogosphere offers. I think we are on the cusp of ‘getting identity’ there enough folks involved like Bob, Doc, Drummond, Kim, Paul, Jamie, John, and Owen who are wise enough to understand and lead the industry wrestling with the human social issues that arise.
OK and now for blog number two. It is another gentleman that I encouraged to start blogging in the field – Eric Hall of EDS. His blog WhyID (wide-eyed) has been going along since just after Catalyst when we met. His perspective leading teams of 100’s working on large scale enterprise integration is valuable to consider when we are talking about provisioning the millions of people on the web with identity. I hope you all get a chance to look over his last two months of writing, and add the RSS to your stack of feeds.

#11 – Free Identity!

· · Leave a Comment

Eugene just did a great post about Free Identity as a recommendation of what should fill out Jimmy Wale’s post from wikimania of 10 things that need to be free.
Here is a sumary of the top 10 so far
1. Free the Encyclopedia!
2. Free the Dictionary!
3. Free the Curriculum!
4. Free the Music!
5. Free the Art!
6. Free the File Formats!
7. Free the Maps!
8. Free the Product Identifiers!
9. Free the TV Listings!
10. Free the Communities!
It does seem very relevant to have free communities one needs to have free identity to move between communities smoothly. Hopefully the walled gardens will figure it out.

TSA data cloud searching – Flights today, Subways tomorrow?

· · Leave a Comment

This article was slashdotted today.

TSA had promised it would only use the limited information about passengers that it had obtained from airlines. Instead, the agency and its contractors compiled files on people using data from commercial brokers and then compared those files with the lists.
The GAO reported that about 100 million records were collected.
The 1974 Privacy Act requires the government to notify the public when it collects information about people. It must say who it’s gathering information about, what kinds of information, why it’s being collected and how the information is stored.
And to protect people from having misinformation about them in their files, the government must also disclose how they can access and correct the data it has collected.
Before it began testing Secure Flight, the TSA published notices in September and November saying that it would collect from airlines information about people who flew commercially in June 2004.
Instead, the agency actually took 43,000 names of passengers and used about 200,000 variations of those names – who turned out to be real people who may not have flown that month, the GAO said. A TSA contractor collected 100 million records on those names.

It brings up some serious concerns about how information collection and validation is done by the TSA for airline passengers. How can we trust governments to collect this much information about us just because we travel.
This week I wonder why care about airlines passengers because security is so tight that airlines do not seem to be a place where the next round of attacks will be. If London is any indication it will be on mass transit. Given the level of police/security presence on the transit systems in the Bay Area this week is certainly seems like there is some concern that mass transit will be attacked. They have started random searching of bags to get on the NYC subway. One wonders if they will start issuing ‘identity passes’ to get on such systems.

On the city subways, which are used by 4.5 million people on the average workday, the inspections started on a small scale Thursday afternoon and were expanded Friday.
The New York Civil Liberties Union opposed the searches, saying they violated the Fourth Amendment. Mayor Michael Bloomberg said he hoped the NYCLU would recognize that the city had struck the right balance between security and protecting constitutional rights. He said the bag-checking program is part of a policy to “constantly change tactics” and “may, or may not, be there tomorrow.”

Index Finger Scanning at Disney World + FastTrack Scanning

· · Leave a Comment

This article was Slashdotted…

Tourists visiting Disney theme parks in Central Florida must now provide their index and middle fingers to be scanned before entering the front gates.
The scans were formerly for season pass holders but now everyone must provide their fingers, Local 6 News reported. They have reportedly been phased in for all ticket holders during the past six months, according to a report.
I think it’s a step in the wrong direction,” Civil Liberties Union spokesman George Crossley said. “I think it is a step toward collection personal information on people regardless of what Disney says.

I think this is self explanatory in terms of why it is concerning. It seems to goes along with what is now happening with FastTrack passes (automatic toll readers) that I heard about last night at the Hillside Club CyberSalon where Esther Dyson was speaking. I googled the phenomena and here are some excerpts of what I found.

In New York State, readers have been multiplying ever since September 1997, when the New York Police Department (NYPD) used E-Z Pass toll records to locate and track the movements of a car owned by Nelson G. Gross, a New Jersey millionaire who had been abducted and murdered. The NYPD had neither a subpoena nor a warrant to obtain those records; the police simply asked the Metropolitan Transportation Authority (MTA), and the MTA complied. This set a very bad precedent. Though Gross wasn’t alive to complain about it, his privacy had been violated. Access to those toll records also permitted access to all sorts of sensitive information, including his billing address, his credit card number, his license plate number and his Social Security number.

In February 1998, the MTA announced that — near the Tappan Zee Bridge (the site of the first reader in New York State, installed in 1993) — it had just concluded a successful “experiment” with readers that could detect and extract information from transponders even though the cars to which they were attached didn’t slow down. These “high-speed readers” were only three-feet tall and could be placed just about anywhere. As a result, they permitted the ETC system to do something it was never intended to do: namely, collect truly huge amounts of information about such non-toll related phenomena as traffic flows, speeds, densities and delays (all of which, incidentally, can be videotaped by either flow monitoring or security cameras that have been automatically activated by the readers).

Since then, high-speed readers have been installed along a great many State-owned roads and highways; they’ve also been installed atop many residential buildings in New York City.

Catalyst: Logic of Identity – Bob Blakley Chief Scientist IBM

· · Leave a Comment

This is a summary of Bob Blakley’s talk at Burton Catalyst:
Opening – Sermon on Laws

Laws of Planetary Motion
Kim’s Laws what happens to Identity if you make stupid or subtle mistakes
Newtons Law – gravity
Why things happen
Introduction – Looking Back Digital Signatures
A while back we decided we needed non-repudiation and did digital signatures by issuing certificates.
We forgot to figure out why do signatures work in the real world.
So, we got how they worked wrong in the technical world.
Having signatures not work is bad looking forward having privacy not work is bad.
Body of Talk
Definition:
Identity is a collection of attributes by which a person or thing is generally recognized or known
Identity Relativity
The Identity of X according to Y: The set of attributes believed by Y to be true of X.
Axiom: Utility
An identity attribute has value if and only if knowing that attribute reduces risk for some party
Reducing one party’s risk often creates risks for other parties.
Consequence: Identification is Power
Identity allocates risk.The ability to create or eliminate a risk for another confers power over the other.
Axiom: Contention
Because identity claims allocate risks, they will be disputed.
Identity Attributes

  • Commercial Interest – Convenience
  • Government Interest – Security
  • Individual interest – Privacy

Definition
Privacy: is the ability to lie about yourself and get away with it.
Axiom: Subjectivity
People disagree about one anothers identity attributes
In general, there’s now easy way to tell who’s right and who’s wrong
Axiom: Temporality
The name that can be named is not enduring and unchanging name. All identity attributes change over time.

  • Prince -> symbol
  • Michael Jackson Black -> Plastified

Axiom: Obscurity
Identity attributes can be

  • what you know – you can lie
  • what you have – loose / leave
  • what you are – alter disguise

Axiom: Publicity
Identity attributes cannot be secret
By definition attributes aren’t observable can’t be used to use attributes
Axiom: Contextually
Identity is inherently subject to effect of scale.
Brandon Mayfield – guy who did not blow up trains
His finger print matched one at Madrid Bombing (it was not an accurate assertion)
Large databases -> not completely reliable
To scale identity information one needs to collect — more information
Consequence: Powerlessness
Identity is in they eye of the beholder – subjectivity.

  • You can’t control what other people think or say about you.
  • You can’t even know who knows what about you.
  • Can control what you tell people but not what people find out

Consequence: Privacy Erosion
Scale requires distinguishing between lots of individuals which requires lots of information.
In a sufficiently large population the commonly agreed to be public attributes will not distinguishing individuals well enough.
So information about sensitive attributes will be collected.
In the UK they are look at putting in scanners (QinetiQ) while entering the subway to detect knives but what about creep in the use of other things identifying tatoos?
People push back against government identification.

Consequence: Due Process
Because identity is subjective, contextually, contention and obscurity and temporality.
IDENTIFICATION REQUIRES DUE PROCESS
But due process undermines the business case for identity. Due process requires transparency. Transparency reveals how identity attributes are collected and synthesized to make judgment. Collection and Synthesis are the only sources of completive value.
They do it because they like costumer intimacy.
Supply and Demand mismatch between favorable and unfavorable information.
Favorable information is easy to get.
The subject is happy to give it to you and the subject is happy to help you authenticate it. Therefore the supply is large and the value is low. But it’s worse: Demand is also low! Because favorable information is less likely to reduce another party’s risk. Especially the case when the other party has lots of potential customers.
The business case fore identity service provider infringes privacy.
The business of identity service providers is risk reduction withholding adverse information decrease the value of business.
Collecting more adverse information makes more.
Identity and Privacy are Incompatible.
Adverse information has positive identity value but negative privacy value.
Favorable information has zero identity value and zero privacy value.
Fable about MARIA
Recent guatemalan immigration
she has AIDS and she doesn’t want anyone to know. The health insurance company wants to know this information because it is a $180,000 not to know this.

Catalyst: Government Adoption of Federated Identity

· · Leave a Comment

This is drawn from David Temoshok’s Talk. He is the Director of Identity Policy and Management GSA Office of Government Policy
Homeland security directive 12
“Policy for Common Identification Standard For Federal Employees and Contractors” – August 2004
HSPD 12 Requirements
1. Secure and reliable forms of personal identification that are:

  • Based on sound criteria to verify an individual employee’s identity
  • Strongly resistant to fraud, tampering, counterfeiting, and terrorist exploitation
  • Rapidly verified electronically
  • Issued only by providers whose reliability has been established by an official accreditation process

2. Applicable to all government organizations and contractors except National Security Systems
3. Used for access to federally-controlled facilities and logical access to federally-controlled information systems
4. Flexible in selecting appropriate security level – includes graduated criteria from least secure to most secure
5. Implemented in a manner that protects citizens’ privacy
Expanding Electronic Government
Needing Common Authentication Services for

  • 280 million Citizens
  • Millions of Businesses
  • Thousands of Government Entities
  • 10+ Million Federal Civilian and Military Personnel

You can learn more on the GSA website – http://www.gsa.gov/aces