Reviews of Events

The Second Data Sharing Summit was a great success here are all the notes summarized along with the links to the wiki. If you were in a session feel free to add more content to the wiki. We are sending out a survey in the next day and are currently planning on moving ahead with a 3rd summit in September a year after the first one.
Data Sharing Events (link to wiki)
Data Sharing Events are independent open gathering spaces where all parties interested in challenge of data sharing can work together.
* Affiliate with a something like IC to build credibility
* Do AGAIN in SEPTEMBER.

Friend Connect etc. (link to wiki)

• Friend Connect is a Platfrom support of OpenSocial, not a data collection exercise
• Makes any site an OpenSocial Container

Activity Data (link to wiki)

• More Information / Discussion is needed around the rules for exposing activity beyond that which is avaliable through RSS, APML, etc. (i.e. how to promote and standardize the sharing of activity data which is avaliable behind the wall, through oAuth and other standards)
• Contact of the stream matters more that delivery mechanism
• People who are consuming the new structure will likely encounter new types of Activity Structures

Digital Public (link to wiki)

• The models of people in our heads don’t fit into schemas.

Linked Data (link to wiki)
Presentation will be up on http://blogs.sun.com/bbefish
Overview
* Demo of http://summer.dev.java.net/Addressbook.html
* Illustration of distributed social network
* How to add security

What’s Real & Tech Best Practices (link to wiki)

• Use OAuth & Portable Contacts
• Tech Best Practice Will be updated

MySpace Profile (link to wiki)

• JSon (Open Social), hCard | XFN or FOAF, SemWeb, OpenDD, Portable Address Book (Plaxo)
• Persistent Data Agreements
• User Types

Personal Address Manager using ID-WSF Working Demo (link to wiki)

• Discovery of Delivery Service disc
• Clear use-case and flow
• Discussion of iCard and point of “mosaic” authorization (mashup of dereferenccable claims)

R-Cards Demonstration and Discussion (link to wiki)

• R-Cards enable a ‘feed’ not just claims
• Setting up the relationship is:

* different and positioned orthogonal to login.
* sometimes longterm (not necessarily continuous), or 1x, or short term.

• R-Cards need a common data format (or formats) for RP’s
• 1 issuer, multiple claims (links) to multiple sources

(pagan -> ptolemic -> copernican -> newtonian -> einsteinian)
Event Attendance Data Sharing (link to wiki)

• Add event data API to Open Social Spec

Service Providers Matrix From Data Sharing Summit (link to wiki)
This Group Session was to create a Service Provider grid that illustrated the state of what features are available and if providers are using open standards to implement them.
Grid idea came from Stacy Higgingbotham’s – Prying Open the Social Graph article on GIGAOM and Kaliya’s session recommendation on Comparing the ‘Openness’ Announcements.
Grid as produced in the session can be accessed here: (click on Service Provider name along the top to see what data was inputted)
-NOTE: Since this data was put on the grid by both representatives of the service providers as well as other attendees at the Summit- this data is not verified
Daniela Barbosa of the DataPortability Project Group has volunteered on behalf of the Data Sharing Summit and the DataPortability group to find a home for this grid so that it can be verified and expanded upon. Information to be posted here as that is finalized.
Laws of Data Sharing From Data Sharing Summit (link wiki)
Jeff Hodges and Bob Blakely
Key words and phrases

• Profile
• Friends
• Attributes
• Rights (legal)
• Expectations
• Identity
• Relationship
• artifacts
• group
• social graph
• social contract
• Permissions Metadata
• Open XML format for contact info
• Delete Account

Broad Questions

1. What expectations are being set?
2. Whose expectations Matter?
3. How do we avoid confusion?
4. What confusion has to be overcome?
5. What language is “product specific” and what is “market” specific?
6. How does “identity”, or the understanding of identity, relate to the benefit and threat of data sharing.
7. What should be my expectation about “private” data
8. What datasharing norms “cultural”

Principles of Data Sharing

• Data Sharing principles should follow social norms — or at least not be destructive of social norms.
• Context is critical to decisions and expectation about the sharing of data
• Expectations about sharing should be clear to the parties…[and preserved “downstream”]
• There can be no expectation of “private” information and all expectations should operate accordingly, unless modified specifically by social contract
• The community should support standard “best practices” and policies about preserving “permissions”

Action Items

• Bob Blakley and Dan Carroll to follow up with Mary Rundle about work on Creative-Commons-like icons for Data Sharing.
• Compile a bibliography of existing work around data sharing.

Some additional comments:

• This isn’t exactly a new topic. Lots of existing organizations who are already dealing with issues around data sharing.

Data Sharing and Privacy (link to wiki)
The common stories about social network portability are all about letting data flow freely. There are many purposes — personal privacy; community norms; legal risks; business competitive issues — that might cause people to want use discretion and context in social network sharing. In this session, we’ll brainstorm stories for social network data sharing that incorporate concepts of privacy and context.
Everything is locked down, private, non portable. Or everything is open, public, and free-flowing.
But data sharing and privacy are not black and white. In real life, people share and present information based on social context. There are gradations of privacy and information sharing.
There are interesting social trends as people negotiate the increased default level of fame in internet life. And cautionary tales about data sharing gone wrong.
STORIES:
Private information
There are times when it is right to share data in a way that preserves privacy. Family members use different photo services, and want to share photos with each other but not the rest of the world. A group working on mergers and acquisitions absolutely needs to keep information confidential. In these cases one give permission to family, friends, or business associates based on membership in a group.
Signal to noise, social context
There are many circumstances where information isn’t truly private. But people choose to share with smaller groups. Someone doesn’t want to bore all of their friends with information about knitting or rock climbing, when that information is relevant only to a few. Information about one’s political or religious affiliation isn’t a secret, but it may not be the information one chooses to share when meeting new people at a professional conference. In these cases, it would be useful to have the ability to create tags for the relevant groups, and share by tag. The tags can capture the nuances of subgroups: knitting hats vs. knitting sweaters, say.
Progressive disclosure
There are circumstances when people want to start by sharing with a smaller group, and invite more people. Or start by sharing a little bit of information about common interest, and later share more sensitive information.
Stream filter
The signal to noise and progressive disclosure patterns are about the person sharing information. Stream filtering is for the recipient. Sometimes one wants to “people watch” a diverse stream of information. And sometimes one wants to focus on the current work project, or upcoming social events. Stream filtering is used by individuals who want to apply a context to the information they receive.
Persona
People use identifiers — dress or email address — to represent more than one persona. The same person wears different clothes, with co-workers, at a customer meeting vs. a barbecue.
Personal vs. admin control
In organizations, there are some things that an individual may want to control, and some things that admins want to control. A person might want to share soccer pictures with the soccer league. An admin may want to ensure that people aren’t sharing the sports illustrated calendar widget.
Reuse of Shared Information
As feeds for status and information shared in one service with its given context are used in different services and contexts there are increasing difficulties thinking through the implications of extended use and reuse of shared information. Often Facebook or Twitter (as example) status messages are pulled into Skype, but the contexts can be quite different as one is playful and the other is business context and the same message that is humorous in one can be damaging in the other.
ON THE INTERNET, EVERYONE IS FAMOUS
We talked about people’s experiences handling the increased visibility of internet life.
Managing one’s reputation
People share about their experiences in order to get their side of the story out and create a public image. Among digital natives, “it’s not a real breakup until you’ve listed it on facebook.
Handling fame
Before the internet, there were only a small number of people who had more followers than people can confortably manage socially. Now many more people do. More widespread fame means that more people have the issues with stalkers and pestering fans.
Cautionary and instructive tales
At the session at the data sharing summit, the conversation turned to cautionary tales about social data sharing gone wrong.
Failed white lies
Someone begs out of a work-related social event by claiming the flu. His boss discovers a picture on flickr of the guy wearing a skirt and holding a drink. The picture is timestamped at the same data as the work party. His boss sends him a note suggesting that that may not be an effective way to recover from the flu. The lesson here is that some things that feel private are more public than we think.
Social network molting
It is socially awkward to unfriend people. Some people get around obsolete lists of friends by “forgetting” their password and needing to invite their current lists of friends with a new password. The lesson is that declared, public friends lists are inherently awkward.
The ex-girlfriend effect
The list of “people you should know” in social network recommendations often includes exes and enemies. These are people who are part of your social graph – but you are not connected to directly. The algorithm doesn’t know that some gaps in the social graph are deliberate.

We had an amazing group that gathered for the Data Sharing Workshop April 18 and 19 (Our Summit is coming up May 15th). It was as we had envisioned – a range of people from large portal companies, device manufactures and small startups.
We had 5 great sponsors Vidoop, Plaxo, BBC, Twine, and Broadband Mechanics. We met at the SFSU Center for the Next Generation Internet and collaborated with the dataportability.org community.
Attendees included those new to the space and veterans who have been working on the issues involved for years. We invited 9 different industry people to open our morning by sharing what they saw as the problem and where we were at.

Everyone introduced themselves and then we dove into making a really great agenda wall.

We also had a Wall of Results. Each session was asked to out put an 11×17 piece of paper what they got done.
Here are some notes from those summaries and the wiki. (please feel free to add more to the wiki if you were in a session and took notes)

How to help you help yourself? was one of the opening sessions lead by Angus Logan of Microsoft. This was really focusing on how to get away from the give us your password and we will scrap your data for you method of users getting their data out.
* User Experience is Hard
* HOw do we get sites to adopt new methods?
o Make sure API’s are truly functional equivalent to scraping
o try to make the UX work well
o Get good PR and Goodwill from getting off passwords
o provide libraries, sample code tutorials
o Host hackathons
o be patient – everyone’s really busy
Being careful with the word own was a session lead by Gabe Wachob
The words we choose when talking about these topics because of the unintended consequences:
* if we define in terms of rights?
* frame the term for the public policy discussions that will come
* “control” has similar issues
We need Creative Commons like understandable controls for your data
We need to initiate conversations
Examples
* who “owns” your bank account balance
What is Identity Commons?
This covered a bit of the history and an explanation of our loose community structure. It is outlined on our wiki. We have 12+ community groups
The ecosystem conversation was interesting – the sense that people had was that we are in the age of “data sharing” similar to the time before cel phone number portability. Marc Canter highlighted formats that have become normative and should be abstracted out.
* Social Graph
* Contact list
* Media Gallery
* Ubiquitous Content
* ID – persona’s and groups
* LIVE WEB events
* Feed Actions
* Blogging – Regular and Micro
The following is needed: Marketing of what the benefits are to relying parties and to vendors. Turning the customer acquisition budget.
Questions were raised about what standards are in this space. There were some that were articulated Note that this list is not comprehensive. Please feel free to add more.
Feeds and OAuth:
* Start by trying to access feed as if it were public:
o username -> profile -> feed url
* Get 401 with auth resp. header if it’s only private, or 200 + link_rel to private version
* Do OAuth discovery or the profile/feed URL
* Perform OAuth -> Get token
* ask for feed with token in authorization headers
* SUCCESS!!
WHAT IS DATA PORTABILITY?
This was an interesting rambling conversation for 2.5 hours.
Clarity emerged around stakeholders and means of engagement. concerns were expressed about improving communication.
* Are data portability and OpenID apples and oranges? there was a healthy debate
* Where is the consensus -Today?
* Terminology heard in the converstaion
RSS, APML, i-card, Open Stack, Identity, Permission, Attention, Container, OAuth, owner, viral, openID, FUD, Interoperability, data sharing, data portability, OSIS.
* Means of Engagement
o specs-style reporting
o bi-weekly outreach
o more blogging
o pull input + commentary
o Don’t ask for comment
o date v. marry
* Concerns/ Threats / Challenges
o Hype v. Beef
o What is the story?
o Is DataPortability THE umbrella phrase?
o Politicizing + Emotion
o Lack of clarity on Scope
* Where is the consensus today?
This was not fully clear but there was a good conversation.
URLs are People too…Social Graph API
* Links are relationships
* Rel=”me” connects ourselves
* rel=”friend” etc. connects to friends
Social Graph API is a cache of the distributed social graph of the public web.
Open Social Q & A

1. Portability by moving Apps to where the data is or bringing the apps to the users contexts.
2. Networks as different countries * friends may be hidden * technology: 1 Google, 3 apis (people, friends, activities) — Not as border controls but to extend websites to where users are now
3. Data: person info; viewer friends; page owner (can be viewer); page owner who’s not a person ; not relationships or thoughts but correlations between what people have already created
4. User Experience: Apps centric, not in terms of google’s functionality or assumptions
5. Container determines contxt when linking people and because the user builds the container(s), control is appropriately there
6. Apps: Most successful will be basic data sharing that have universal applicability; word-of-mouth / engagement viral v. demographic targeting or size-of market targeting; to focus on mail functions is to serve the disease, which will eventually develop immunity
7. Enables data portability by bringing the applications to where the data is.

OpenSocial — A foundation
* openID based
* Opensource problems
* myspace, orkut, are shipping now
* make doing social stuff easier
What is XDI ?
XDI = XRI data Interchange
XRI = eXtensible Resource Identifier.

1. XDI is a “PDF for Data” – a portable format for sharing data across applications and services
2. XDI is also a simple RESTful protocol for sharing data using XDI documents
3. XDI includes portable permissions called XDI Link contracts

An Open Address Book – we had several folks in attendance telco’s and handset makers. they talked about the big idea – ” We need a single schema for person information” then asked Is this realistic? Finally concluding Death of the phone address book? (Long live the phone address book!)
Semantic Web and Data Sharing
Native
* rich
* low interop
* links internal/proprietary/ not at all
HTML
* LCD
* Highly interoperable
* standardized links
* semi-structured
RDF
* rich description
* ? interop
* no links other then correlation
* not structured
XDI
* Rich
* High Interop
* Fully Linked
* Fully Structured
LLLI/Kintera Use Case and Solution:
In this session we explored the OpenID, XRI and XDI solution deployed to satisfy the Le Leche League International distributed data requirements. The software solutions provider Kintera has been a partner with ooTao in this effort. Kintera hosts 128 Million individual profiles so can help create significant adoption figures on its own.
We saw how each individual member and every system component was given an XRI identifier. In the case of individuals the XRIs – i-names were associated with OpenID services for authentication and in the case of system components the XRIs were given public/private key pairs in order to authenticate to other system components.
The result of the LLLI work is a WORKING distributed data management system that leverages distributed identity for its authentication and authentication mechanisms. For more information contact Andy Dale via his iPage at =andy

Restful Data Addressing
Mike Mell Led this session articulating a proposed syntax for Restful data addressing. He articulated these goals:

• pure HTTP requests
• UserAgent to server
• server to server
• secure
• Fine grained addressing and permissioning of any data node

The wiki outlines specific elements in the syntax along with Response and Authentication Modes.
Doable Now and Soon
This was one of the sessions on Saturdays – with a calm group that had been through a really intense day Friday. There was agreement on the ‘dobale now’ and likely doable soon if the right conversations were had.
Dobale Now
* Portable Identities (OpenID, LiveID, FB-ID)
* OAuth (sever to server) delegated auth.
* Contacts Portability (FOAF, XFN, Microformats, like MicroID)
* Sync (feed sync)
* Social Network Portability (Open Social FB platform)
* Social Application Portability
Doable Soon
* Standard Schema for Profile
* Standard Schema for Address books
* Media portability + metadata + permissions
* Linking ID’s of different ecosystems?
OVERALL
The event was full a success. Many people travelled on planes just to be at this event. Some even from Europe. Since the last summit a lot of clarity emerged around what the problem space was and how different approaches could work on addressing the issues.
Key Areas to be addressed at the Summit on May 15th include:

* more conversation about the business value to vendors to allow user-data out of their systems.
* We want to focus on schemas for profile data and address books, not as much on the social graph at this point.
* Demo’s likely we will have speed geeking at lunch.
* Work is happening on an ‘alpha’ version of an executive briefing . Some thoughts: We are moving in to an interconnected world where implementation decisions are not tied to the technologies. That is, how you participate is not tied to the technologies. We are not just talking about future proofing, but about providing a relatively easy way to give yourself options to work in the various scenarios that analysts are already saying are happening. You can increase the value of your offerings by building on offerings provided by others without needing to throw a lot of money at bringing it together. The objective is to make things easier to interconnect. In part by just defining the nature of the interactions that you want.

* We also need to consider targeting legal and policy decision makers. Perhaps from the EEF? other organizations. We don’t necessarily want to target legal departments in large organizations, but different external bodies involved in policy-making.
* We want to gather a larger group from the different companies involved, especially more product managers and other decision makers from companies such as AOL, Microsoft, Google, Myspace (if possible), etc.
* We welcome further input into the goals and outcome for the Summit – the agenda will be determined by the people who attend. Please contribute on the wiki to the Proposed Topics page.
We had a quite closing on Saturday and people were asked what the got out of the event and what their next actions were. You can click through to see what they answered.
I am really looking forward to the Summit following the Internet Identity Workshop – it is going to be even more amazing then this event was and move the whole field forward.

Wow – what a week. I was not expecting the conference to be as intense as it was. I was able to give more to the conference and get more out of it.
It made me realize how much I have learned about the “enterprise & security scene” in the last 3 years. Three years ago I walked by RSA by accident – it was on at Moscone – theme was 1930’s gangsters. I saw Sxip’s logo on the signs for sponsors and I picked up an agenda. I of course didn’t have a pass at all. The next year as it approached I figured it would be a good learning opportunity and I asked if I could help cover the event for Digital Identity World. It was ALL new to me – I was overwhelmed by the acronyms and I just remember not understanding anything on the show floor – I often had to ask them to ‘explain their thing’ to me. There was certainly no formal talk of user-centrism in at the conference either.
Last year we had the big OpenID, MSFT cooperation announcement – it is nice to see that this was real – with their recent joining of the board (along with other big players). I am not sure there were any presentations about it at the event though. I knew more when wondering the show floor but still had to ask a lot of questions.
This year was amazing – this next series of posts will cover the range of things that happened and my reflections. I really could write for a whole two days – however I only have this morning – I am headed to Seattle today for the Green Festival and a conference I am co-producing and co-facilitating about people stepping outside of the box of regular money. I am back here on Wednesday and will be facilitating the Data Sharing Workshop. I am really excited about this event – last fall we had this event prior to the IIW and it really helped sync up the different things happening that are aligned but have different starting points.
John McCrae of Plaxo wrote a great post about it yesturday that features both “Identity Dog” and our “Data Sharing Snail”.

Oh YEAH! OpenID is now apparently working on my blog for comments – so try it out we shall see if it works.

Sean Ammirati is a product manager at mSpoke who attended IIW for the first time last May. He also writes for Read/Write Web about once a week and does podcasts on Read/Write Talk. We recorded a podcast last week there is both a transcript and a recording. Dale Olds joined me at the end of the podcast.

I spent a good portion of this afternoon at a (solo) wiki gardening party on the Data Sharing Summit Wiki.
There is a page called Outcomes in the top Nav Bar that documents pages on the Data Sharing wiki along with the many blog posts that cover outcomes of sessions, links to photos of the summit and next steps.
I am quite pleased with the range of good documentation and commentary and hope that by next week there is even more posted. I will have written up all the Problems and Offerings that people put forward at the beginning of the weekend.
It was a pleasure to work with Marc Canter to bring this group together. Many have commented to me about how incredible the focus and productivity were at the event. I asked folks at the closing what they thought got done and we have an amazing list. At the closing circle 95% of folks thought we should do it again and 95% liked the format. The thing I love about open space is that it allows anyone in the group to put forward their ideas and the group votes with its feet about what to do. I think for innovating and getting stuff done there is no better way.
I would like to thank Innovis for their generous donation of space. Plaxo was super and stepped up to resource me for my time – facilitating that group is not an easy thing to do – it takes a lot of energy. AOL paid for a great dinner on Friday Night and Clear Spring covered the drinks – I think eating together is as much a part of a conference as ‘the conference.’ Leverage and Cerado also contributed money to make the event possible.
I will be doing another Wiki Gardening Party next week for the Data Sharing Summit Wiki Wednesday from 11-3 on the Freenode Channel #datasharing if you want to join in.