Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

Open Source

I-Tags at Net2

By Leave a Comment

I am at the Net2 session on Tagging.Here is how I described the value itags to Beth Kanter.
I have been working with Mary Hodder, Drummond Reed and Andy Dale on itags. It is an open adhoc standard we are proposing for alowing people to use their identity while they tag. This could be a URL they ‘own’ (OpenID) an i-name (XRI) they have or another UUID.
Creators of content could use this to assert CC licenses and provide a long term persistent way to have attribution. People can assert tags across silos – multiple blogs that one posts on and multiple media tagging sites that one tags on.

Technorati Tags: , , , , , ,

Congress Targets Social Network sites – to be blocked from Schools and Libraries

By Leave a Comment

WOW this is really intense.
The freedom to meet and organize is FUNDAMENTAL to what it means to be a citizen in this country.
This was in slashdot headlines and is quite shocking.

MySpace and other social-networking sites like LiveJournal.com and Facebook are the potential targets for a proposed federal law that would effectively require most schools and libraries to render those Web sites inaccessible to minors, an age group that includes some of the category’s most ardent users.
High Impact
What’s new:
A proposed federal law would effectively require schools and libraries to render social networking sites inaccessible to minors.
Bottom line:
Law would likely affect more than just social networking sites. Blogger.com, AOL and Yahoo’s instant messaging features might be included in proposal’s definition.
advertisement
“When children leave the home and go to school or the public library and have access to social-networking sites, we have reason to be concerned,” Rep. Michael Fitzpatrick, a Pennsylvania Republican, told CNET News.com in an interview.
Fitzpatrick and fellow Republicans, including House Speaker Dennis Hastert, on Wednesday endorsed new legislation that would cordon off access to commercial Web sites that let users create public “Web pages or profiles” and also offer a discussion board, chat room, or e-mail service.
That’s a broad category that covers far more than social-networking sites such as Friendster and Google’s Orkut.com. It would also sweep in a wide range of interactive Web sites and services, including Blogger.com, AOL and Yahoo’s instant-messaging features, and Microsoft’s Xbox 360, which permits in-game chat.
Fitzpatrick’s bill, called the Deleting Online Predators Act, or DOPA, is part of a new, poll-driven effort by Republicans to address topics that they view as important to suburban voters. Republican pollster John McLaughlin polled 22 suburban districts and presented his research at a retreat earlier this year. Rep. Mark Kirk, an Illinois Republican, is co-sponsoring the measure.
The group, which is calling itself the “Suburban Caucus,” convened a press conference on Wednesday to announce new legislation it hopes will rally conservative supporters–and prevent the Democrats from retaking the House of Representatives during the November mid-term election.

Reflections on IIW

By Leave a Comment

Facilitating the Internet Identity Workshop was a wonderful experience. I got to bring help the order emerge out of the chaos by leading Open Space. Many felt that it was
About two weeks ago I started making a map of the history of the community. This was in part because I knew a lot of new people were coming to the workshop and I wanted to be sure they had some context of who we were and where we had come from. I translated this into an interactive wall map that allowed people to ad their own elements to the history.
On the timeline:

• Yellow diamonds are protocols
• Pink Trapazoids events that have happened on a timeline
• Purple papers are Publications white papers
• Purple 1/2 circles are podcasts.

Clusters (ot on the timeline):

  • Green Parallelograms are mailing lists
  • Blue pages are blogs

There are some good photos of this but I will be taking the results and putting them into Omnigraffle and then PDF too.
Tuesday Morning we got to put together the agenda. It involves everyone who wants to present putting what they want to have a session about on a piece of paper. They speak their session title to the whole room and then post it on the wall.
It wasn’t until about mid day on Tuesday that I actually landed and was able to engage in the conference. The Planetwork folks talked a lot talking about the emerging 1society project.
Dinner both evenings was great. Monday was Italian and Tuesday was Thai.
The Identity Commons crowd moved things forward we have a follow up call next week.
At the very end watching and listening to Paul and Drummond go over the relationship between Higgins two projects and XRI / XDI was a great treat.
We concluded our day listening to Eugene Rant about Wikis at Wiki Wednesday. After dinner Meng told us he had founded the Reputation Gang and we invited him to be a part of the Identity Commons.
The highlight to get the essence of what happened is the closing session recorded. Here Tuesday and Wednesday.
Some high complements were given to the conference.
From Kim Cameron:

With Doc Searls and Phil Windely navigating at the macro-level, the amazing Identity Woman Kaliya orchestrated an ”unconference” that was one of the most effective events I’ve ever attended. It’s clear that creating synergy out of chaos is an art that these three have mastered, and participants floated in and out of sessions that self-organized around an ongoing three-day hallway conversation – the hallway actually being the main conference room and event! So we got to engage in all kinds of one-on-one (and few) conversations, meet new people, work out concerns and above all work on convergence. Many people told me they felt history was being made, and I did too.

Opinity’s Tom Madox reflected on the conference today.

Now, before someone reprimands me for implying that there were corporate or technical bigshots in attendance, let me clarify that one. There were, in fact, luminaries of various sorts participating: A-list bloggers, well-known corporate folks, technical experts working at the forefront of innovation in the field of identity mangement … people like that. However, and this is the point: they were not on stage, performing. They were at the tables and in the rooms, talking, listening, asking and answering questions. In terms of social interaction, the conference hierarchy was flat.

Phil Becker wrote in the DIDW newsletter:

This week I saw a significant “state change” occur in this year and a half “Identity Gang” evolution, and it tells me things are going to start to happen. Some of those involved will be happy this is so, others most likely won’t be. But for those not directly involved (i.e. most of the population) it was, in my opinion, a tremendously significant moment in the evolution of the identity conversation, and one that will have many significant ramifications going forward – though these will likely take another year to become clear to those not paying close attention.
They are working on the issues of what form identity must take
to become ubiquitously deployable, become something that will be adopted
comfortably by users, and how we can ever get there from here.
The first sign that the required significant shifts are occurring is
visible in the titles of the sessions this un-conference produced on
its first day. These titles have all subtly shifted in ways that
indicate there is no longer any question that there is a single,
over-arching story behind the identity conversation, and that the
mission now is to figure out how to converge the many efforts that
are underway. These efforts were each begun with a very different
mission and with a very different use/case and problem set driving
them, and this has previously created division and competition. This
time, however, it was clear that everyone was looking for where they
should get on board, and how to avoid having their goals left out.

Technorati Tags: , , , , , , ,

Where is the Valley's political power?

By Leave a Comment

I have been wondering about this for a while. Where is the companies in the Valley’s political might? and where is the political organizing amongst the people who work in this industry? In Europe the geeks organized to get the European parliament to ban software patents. It seems like it should be easy enough to organize to save the internet. I am going to do my part and organize Planetwork’s activities around One Web Day.
This was articulated by Marc Evans on his blog:

The Net Neutrality campaign (a.k.a. Save the Internet) to keep the Internet tollgate-free and/or tier-free continues to gain momentum. What’s troubling, however, is Om Malik’s contention that many start-ups and Silicon Valley companies and fairly of the issue and why it matters. One of the Silicon Valley’s weaknesses is a lack of political savviness. Sure, many companies and executives donate money to politicians and political parties but there does not seem to be a well-organized and effective lobbying team that can be turned on in Washington when needed. Peter Chester suggests a reason for the lack of activity among the bigger players such as Yahoo, Google and Microsoft is they have relationship with carriers and cablecos that they don’t want to damage.

Where is the Valley's political power?

By Leave a Comment

I have been wondering about this for a while. Where is the companies in the Valley’s political might? and where is the political organizing amongst the people who work in this industry? In Europe the geeks organized to get the European parliament to ban software patents. It seems like it should be easy enough to organize to save the internet. I am going to do my part and organize Planetwork’s activities around One Web Day.
This was articulated by Marc Evans on his blog:

The Net Neutrality campaign (a.k.a. Save the Internet) to keep the Internet tollgate-free and/or tier-free continues to gain momentum. What’s troubling, however, is Om Malik’s contention that many start-ups and Silicon Valley companies and fairly of the issue and why it matters. One of the Silicon Valley’s weaknesses is a lack of political savviness. Sure, many companies and executives donate money to politicians and political parties but there does not seem to be a well-organized and effective lobbying team that can be turned on in Washington when needed. Peter Chester suggests a reason for the lack of activity among the bigger players such as Yahoo, Google and Microsoft is they have relationship with carriers and cablecos that they don’t want to damage.

Brand Identity Matters – Apple to Benifit from MS losses

By 1 Comment

The thing I love about identity as a perspective to look at the world is that it shows up so often. Apple could double Market share on MS Defections.

Consumers are so distrustful of Microsoft that Apple could double its market share due to defections from the Windows operating system, a report by market analysis firm Forrester Research says.
The remarks come in a report that looks at brand identity and the importance of a company’s brand. The report also studies the effect a company’s brand has on the pricing of its products and the demographics of those that purchase the products.

This article says what I have sensed for a while. This coming back to school and Holiday season could mean big increases in Apple’s market share. For one thing Vista has slipped to January, if you need to do something on Windows, Apples will soon boot that OS so you can do what ever you need to in legacy land.
In the end it is the personal computer – not the corporate machine. People need to be able to get along with and bond with their computers in a personal way. You can do that with a Mac.

Technorati Tags: , , , ,

Identity at Earthday Digital Be-IN

By 1 Comment

There is a lot of activity happening. I wanted to let you all know about the Earth Day Digital Be-In happening on April 22 at SOMARTS in San Francsico (934 Brannon).
It is going to be a wonderful event that moves from a Networking social hour put on by the Urban Alliance for Sustainability to the Planet Code Symposium that Planetwork and imaginify pulled together into an evening of Eco-Activiation – transformative art music and inspiring speakers. There will be a Green Frontier Exhibition with number of green and sustainable projects presenting their work in an exhibit. Join us in a true fusion of Northern California culture, art and technology.
Here is a video that gives you some sense of the groove of the day.
5-6 Networking Salon hosted by San Francisco Alliance for Urban Sustainability
6pm – 8pm The Planet Code Symposium with several panels.
http://www.be-in.com/symposium.html (updates posted here)
Panels on Digital, Organic and Integral Solutions.
Speakers include:
Jim Fournier, Eprida; Karri Winn, Planetwork; Kaliya Hamlin, Identity Woman; Jair, imaginify; Marc Kasky, co-founder Green Century Institute; “Redwood Mary” Kaczorowski, United Nations; Melinda Kramer, Women’s Global Green Action Network; Greg Steltenpohl, Interra Project; Eric Sundelof, Stanford Digital Visions Program; Rick Tarnas, California Institute of Integral Studies; author, Psyche and Cosmos; John Clippinger, Berkman Center at Harvard Law School; David Ulansey, Mass Extinction Network Awareness; Randy Hayes, Rainforest Action Network, Oakland Sustainability Director; Gavin Newsom, Urban Environmental Accords ; Chris Deckker, Earthdance; Erik Davis, Evolver Project
Performances form 8pm on include:
http://www.be-in.com/ecoactivation.html
Live performers: LunaGroove, Foxgluv, Irina Mikhailova, Waterjuice, Living Alliance of Love, hands upon black earth, Artemis, Divasonic, 1000%, Random Rab
DJ’s Cybervixen, Dov, Goz, KJ, Kode IV, Maximillian, Mozaic, Neptune, Shawna & Laura
Performance and Dance: Dreamtime Awakened – directed by, Davin S, Mystic Family Circus, Estara, Décor, Anon Salon, Trinity – Sacred Space Altars, Sacred Treasure House
Green Frontier Exhibition
Formerly known as the Digital Frontier, this edition of the Be-In will feature the “Green Frontier” – emphasizing the new initiatives, projects and products that are leading the way to a green economy and sustainable culture. In addition to paid sponsor exhibits, the Be-In each year invites a range of groups whose causes or products are worthy of broader exposure. The Green Frontier is a lively forum where leading technology creators can meet and exchange ideas with sophisticated users and professionals. It is also a place to expose forward-thinking ideas and initiatives to a community that is in the business of changing the world through evolutionary technology and social innovations. The Digital Be-In is well known as a catalyst to influence trends, spawn important ideas, create alliances, and showcase creative possibilities. The Green Frontier—at the event and on the ongoing Be-In websites—is where the tribes gather and connect.

Clarity in Blogging – What do you want from me.

By Leave a Comment

I would like to ask you all a question – What do you want and need out of my blogging? This morning I have been writing relatively short context sensitive posts.
One person has contacted me and tole me that they ‘have no idea what I am talking about’ and there are not enough links to create context. I am at Mix06 – in case that wasn’t obvious. The Microsoft live web conference.
What kind of posts do you like best? What do you want more of? should I wait till the end of the day at a conference and post all at once? What works? Thanks for your feedback.
To comment on this blog you need to create and account on the login screen here and then click on comment.

What is the map of the challenge? Usability and Web Authentication

By Leave a Comment

Last week for two days I was at the W3C workshop on usability and authentication. It was hosted at the top of a citibank building in Brooklyn. We had to present ID at the door to get upstairs.
The room was a very long rectangle room with three presentation screens and 2 giant columns. It is a terrible lay out. The first morning we heard 3 ppt presentations about ‘the problems’ of for usable security and authentication. Maybe people are 1/2 present doing e-mail and other things.
I really wanted to interactively (as in facilitated face to face discussion) create a map of the problem space. By the end of two days I sort of got it but I know we as a room could have come up with that in 1/2 a day and then sent the rest of the time really working on ideas for solutions.
There are a bunch of constituencies.
Browsers – Firefox, Opera and IE (Microsoft)
Big websites – AOL, Yahoo, Google.
Certificate Authorities – Verisign
Banks
They all want security of verifying websites to be more usable and understandable to normal folks. So there was usability experts.
I think I understand why ‘standards bodies’ and processes get bogged down. They are really not very innovative in their face to face technology – presentations for a two days do not create a positive energetic vortex and community to move forward on solving problems.
I am really tuned into this need to get better at our face to face process so our ideas and innovations for the online world can actually work.

Internet Identity Workshop is announced May 1-3 in Mountain View

By Leave a Comment

It seems only appropriate that while PC Forum is going on with the theme Erosion of Power: Users in Charge that the we are announcing the second Internet Identity Workshop.
May 1-3, 2006, Computer History Museum, Mountainview CA
Workshop Wiki
The Internet Identity Workshop focuses on user-centric identity and identity in the large. Providing identity services between people, websites, and organizations that don’t necessarily have a formalized relationship is a different problem than providing authentication and authorization services within a single organization.
Goals
The goal of the Internet Identity Workshop is to support the continued development of several open efforts in the user-centric identity community. These include the following:
* Technical systems and proposal like YADIS (LID, OpenID, Inames), MetaIdentity system, Infocards, and the Higgings Project
* Legal and social movements and issues like Identity Commons, identity rights agreements, and service providers reputation.
* Use cases for emerging markets such as user generated video (e.g. dabble.com), innovative economic networks (e.g. interraproject.org), attention brokering and lead generation (e.g. root.net), consumer preferences (e.g. permission based marketing), and civil society networking (e.g. planetwork)
The workshop will take place May 2 and 3, 2006 at the Computer History Museum. We will also have a 1/2 day on the first of May for newbies who want to get oriented to the protocols and issues before diving into the community. If you are new to the discussion, we encourage your attendance on May 1st because of the open format we’ll be using to organize the conference.
Format and Process
At the last identity workshop we did open space for a day. It was so successful and energizing that we will be using this format for both days. If you have a presentation that you would like to make or a topic that you know needs discussion in the community you can propose it here on the wiki. We will make the schedule when we are face to face at 9AM on May 2nd. We do this in part because the ‘field’ is moving so rapidly that we your organizing team are in no position to ‘know’ what needs to be talked about. We do know great people who will be there and it is the attendees who have a passion to learn and contribute to the event that will make it.
Part of the reason for moving to the Computer History Museum is to have better space for running this kind of effort with an expanding community. We expect a large and energized community to attend and are counting on plenty of participation. Don’t be put off by that, however, if you’re just getting into this. Come and learn. You won’t be disappointed.
Cost
We are committed to keeping this conference open and accessible. Having a venue that will support our doubling in size also means that it costs a bit more.
We decided to have a tiered cost structure to support accessibility as well as inviting those who are more able to pay to contribute. If you want to come we want you there. If cost is an issue please contact us and we can discuss how to make it work.
* Students – $75
* Independents – $150
* Corporate – $250
The fees are used to cover the cost of the venue, organization, snacks and lunch both days. We encourage you to pre-register since we will limit attendance at the event to 200 people. The IIW workshop in October sold out and we expect strong interest in this one as well.
Sponsorships
Our goal is to keep the workshop vendor neutral, but we will be accepting limited sponsorships for the following:
* Morning Break, May 2, and 3 ($800 each)
* Afternoon Break, May 1, 2, and 3 ($800 each)
* Lunch on May 2 and 3 ($2400 each)
* Conference Dinner, May 2 ($4000)
If you or your company would like to sponsor one of these workshop activities, or have ideas about other activities contact me. You will not get any extra speaking time for sponsoring but you will get thank-yous and community ‘love.’
Organizers
IIW2006 is being organized by:
* Kaliya Hamlin
* Doc Searls
* Phil Windley
The Brigham Young University Enterprise Computing Laboratory is providing logistical support and backing for this workshop.

Technorati Tags:

The Intention Economy by Doc

By Leave a Comment

This piece on the Intention Economy by Doc is really great. It speaks to what I see as the subtle convergence of ideas from communities that I belong to. In spiritual activist world intention is a big deal “what is your intention” is not an infrequent question or frame invited around self reflection.
The social venture and social enterprise communities are big into finding a balance between intention and making money.
From the article.

Is “The Attention Economy” just another way for advertisers to skewer eyeballs? And why build an economy around Attention, when Intention is where the money comes from? 
I have developed a real problem with the perspective behind what a number of people have been saying about Attention behind the podia. That perspective is sell-side. Its point of view is anchored with sellers, not buyers.
Hence my idea: The Intention Economy.
The Intention Economy grows around buyers, not sellers. It leverages the simple fact that buyers are the first source of money, and that they come ready-made. You don’t need advertising to make them.
The Intention Economy is about markets, not marketing. You don’t need marketing to make Intention Markets.
The Intention Economy is built around truly open markets, not a collection of silos. In The Intention Economy, customers don’t have to fly from silo to silo, like a bees from flower to flower, collecting deal info (and unavoidable hype) like so much pollen. In The Intention Economy, the buyer notifies the market of the intent to buy, and sellers compete for the buyer’s purchase. Simple as that.
The Intention Economy is built around more than transactions. Conversations matter. So do relationships. So do reputation, authority and respect. Those virtues, however, are earned by sellers (as well as buyers) and not just “branded” by sellers on the minds of buyers like the symbols of ranchers burned on the hides of cattle.
The Intention Economy is about buyers finding sellers, not sellers finding (or “capturing”) buyers.
Even though I’ve been thinking out loud about Independent Identity for years, I didn’t have a one-word adjective for the kind of market economy it would yield, or where it would thrive. Now, thanks to all the unclear talk at eTech about attention, intentional is that adjective, because intent is the noun that matters most in any economy that gives full respect to what only customers can do, which is buy.
Like so many other things that I write about (including everything I’ve written about identity), The Intention Economy is a provisional idea. It’s an observation that might have no traction at all. Or, it might be a snowball: an core idea with enough heft to roll, and with enough adhesion to grow, so others add their own thoughts and ideas to it.
As for the Linux connection, I believe that The Intention Economy is, by necessity, built on free software and open source principles, practices, standards and code. It’s not something that requires any company’s “platform” or “environment”. That’s why, much as I like the services provided by companies like Orbitz (which is built on LAMP, and does a very good job), I believe no company’s system can encompass The Intention Economy. The encompassing has to work the other way around. In other words, silos are fine. But the choice can’t be “nothing but silos”.

I think the foundational statement here is this necessity these new economic models be built on free software and open source principles, practices, standards and code.

You can see this trend happening in the face to face community gatherings of techies with the flowering of independent conferences that are built on open source principles. They don’t have a high barrier to entry and people come together because they have an interest – they figure out what they want to talk about and do together. We have used these to bring the identity community together at the Internet Identity Workshop. Camps are happening etc.
The essential nature of identity systems that go to the core of who we are – or are becoming in the digital age means that the platforms that we use to exchange this information must be OPEN. Jair and I have talked about this a bunch. We must be able to see the code that our operating systems are built on if they are managing our personally identifying information. How do we know there is not an NSA back door into Microsoft vista to peer on us. Despite what MS says can we believe them – we could if we could see the code. Hopefully they will get with Jeffery Moore and understand the comodification of the stack.
We also must improve privacy protection for third party storage of information – breaking out of the ‘secrecy paradigm’ that the courts interpreted – if someone knows information about me then it is not secret so they can share it. This does not jive with or norms of social disclosure of information.

Technorati Tags: ,

Spime, ThinkLinks, Blogjects : New vocab for the internet of things from bruce sterling.

By Leave a Comment

Bruce’s keynote at etech – was awesome – here are the highlight new words for us to use to think about emerging technology.
Spime – trackable space and time
They are virtual objects first and actual objects second
We can engage with objects better throughout lifecycle.
We won’t have to track our own inventory in our heads – it will be all catalogued and searchable. Where are my shoes – I will just google them.
Spime is a verbal framing device – verbal pointer because I need single sylable noun to call attention to it.
A ‘theory object” passed around it is a concept that is acreating attention.
It has links and attention, website, FAQ – flash – DB and “user centric graphic web abs”
Bruce of course interject that he is a writer and likes Black ink on white paper – so I hates “all this stuff”
ThingLInk (unique idenfiers)
Can be put everywhere – [ it sounded a lot like XRI]
Blodjects – weblog objects that evoke discssion.

Technorati Tags: ,

RSA: Symantic CEO Keynote

By Leave a Comment

I wonder how much he paid to talk to us. He was black which was interesting. Later in the Day at the Cyber-Security Industry Alliance party he was the center of the conversation. He sounded like he was channeling Marc Canter about eLife and DLA’s. He also mentioned this line in the middle that speaks to some of the issues we are working on.
We can’t allow trust to continue to erode. Trust is the foundation of the online world.
Chair of the Board and CEO
His vision for the digital lifestyle
Any time, anyw here

  • e-life
  • buyit
  • destintation
  • package
  • e-busines
  • building relationships
  • enabling ideas
  • Drving business growth
  • increating productiv ity
  • Imagine a connected world
  • that just gettings started

The digital lifestyle that we all live today.
The way that people access the web.
Digital interactions are ubiquitous.

  • Bills, Mail – scanned and tracked.
  • Groceries – plugged into supply change.

eLife is here and changing how we live and what we expect out of our lives the two are intertwined.
Expectations for us are growing everyday. To protect family photos fincaical plans. Trust is the issue and they expect that we protect this information as if it was their own.
They want companies to protect their identity and protect critical digital assets – this is a customer demand.
Protect the databases of prime target information. New compliance and regulatory demands…expensive operational changes. Risk based aproach. Shift – burden on the enterprise…each and everyone of us enterprises adn consumers must prove that we are trusted partners risk must go down.
Companies have built into business models – real time tracking managing, self service customer.
Written into assumptions about growth. Cost to process a consumer loan – $10 now, was $200. Can’t go back to old way of doing business. this new way must succeed. Give business to someone they can trust.
Security becomes competative advantage. Security garatees – trump comfort of local we will hurt the whole economy…this is the real hidden threat. LOSS of consumer confidence in the digital world.
Broad adoption of firewalls and intrusion detections. Mitigating the virus and worm challenge – low hanging fruit. Today bigger challenge.
Sophisticated criminal elements. They are interested in anonymity then notoriety. Looking for personal financial information. Not that technically sophisticated.
Socially engineered attacks. Nieavate of most internet users.
150 million fishing e-mails…
Large scale data breaches. Identity theft growing threat to the digital lifestyle. 6 years top list of FTC…50 million americans exposed.
We can’t allow trust to continue to erode. Trust is the foundation of the online world.
Protect the relationships of these digital interactions of this great new world we have created. We need to debunk the myth that just securing the divice. Impossible. to one narrowly focused company to secure
We must join together to solve the global community challenge.
Create a trusted online community. In the digital worlds consumers are the weakest link…we must protect them from themselves.
Customers must meet minimum security…symantec…end point solutions.
Enterprise brand is protected…More aggressive ensuring information protection. Data be retained in a secure manner. Actively look for ways to protect things.
New – Scan for anonomlyes [yuck] Managing security risk part of keeping informaiton safe. Backup and recovery…
Join togehter create trusted online community- end users convienent and safe experience. easy to walk into store get a sense of place – feeling about if it is smart to give them our business…we don’t have our sixth sense….up to the business commuinty to asses what is safe. Must develop sixth sense for
Process for costomers and busiensses authenticate identities to each other. you are your…they are they…authenticated as real.
Trusted community – way to search online world safely. Does the site pose a threat to you? Click and hope. Site safty and security. sites credability in search results. credability rating updated by users as part of broad community.
We all need to develop interactions and information protection. Relationships between costomers and businesses. All of us need to take the lead in pushing for policy changes – privacy protection the business community should push for comprehensive privacy legislation.
US privacy legislation. Protecting children online. Comprehensive response. Information protect and every step along. We need one law that protects all consumers and encourages inovation in data security technology. Uniform laws. TRUST is the foundation of this new world. millions relying on the digital world for work and play. No company can ingonore the safty of there interactions. undermines the trust in brand and business.
Ease and enjoyment of digital lifestyle. Online banking…credit card…healthcare focus on protection.

  • We must join together and take responsibility.
  • Beyond walls of individual companies.
  • Comprehensive end to end.

Continue to eductcat consmerus…

Bruce Schneier: Economics of Security

By Leave a Comment

Sorry this is so late but I have been in a state of overwhelm. Better late then never. Burce Schneir’s talk at RSA on the economics of security.
ECONOMICS MATTER!
What are the Economics of Security.
Their are Trade-Offs (Balance cost and benifits) and Externalities.
What are the costs of failure?

  • Money
  • Proprietary Information Lost
  • Regulatory Noncompliance
  • Bad Press
  • Loose Costomers

The things that don’t matter
“If your security guys have to work over the weekend.”
What are the costs of security?

  • pay one of thoes companies
  • convenience

We have a very poor understanding of risk. It is very difficult to explain technical risks to non-technical people. There is real confusion in the media it seems. There is a real lack of real data on risks. You could get some good data of your risk of being mugged way home to hotel tonight? There is no good data on internet crime. CSI computer crimes survey – self selected and things people recognize.
The Problem – low risk – high cost events.
Normally you calculate the value of risk mitigation by the probability of being attacked times damage if you are attacked. This gives dollar of how much to spend to protect self. The math doesn’t work for low risk high cost events. This is what makes counter terroism is really hard to talk about. The poor understanding of risks and costs.
EXTERNALITIES
They are using it behind our back.
This is an effective way of dealing with risk. effect of decision not born by decision maker. A lot of the cost of security failures are externalities choice point made tradeoff.
Choice point – spend less on security then data is worth.
There are some costs born by the vendors.
Insecure home computers (my mother has one of those – go home twice a year)
The security of all of us demends on all of us. It is in our best interest that her computer is clean – she doesn’t care (why should she). For her the effects to you are largely an externality.
Badge cloning… RSA solved its security problem… They make it your problem. See this post that explains it all. When you want to manage and externality. We as a group don’t want RSA to do this we have two strategies to prevent this.
1) laws and regulations
2) sue
To get people who are not affected by the risk of insecurity to address it raise cost of not being secure.
Laws…ATM fraud two different trajectories
US -> assumed to be the responsibility of the BANK
UK -> assumed to be the responsibility of bank customer.
UK banks were not loosing money due to ATM fraud
US banks were.
UK security languished
Point principle. make entity in best position to mitigate the risk responsible for the risk.
UK – customer was responsible but had no ability to improve the situation. All do not use the system.
Banks deal because it was there problem.
Rogers cel phone company – whenever phone is cloned. They charge the customer and they wait to turn phone off sooner or later depending on their ability to pay this bill.
IT ECONOMICS

  • Economic incentives to get big quickly.
  • Fast growing and insecure vs. slow growing and secure.
  • High fixed cost and low marginal costs.
  • Very different economics.
  • Hard to recover capital investment…block – patent, brand, compatability wall…get people into network to recover costs.
  • High switching costs. – One browser to another isn’t either. PAIN.

Shapiro-Varian theorem
Net present value of software company = switching costs…
this means interesting characteristics.
Then you end up with accessory control. Third party batteries.
plugins…..
So companies are driven to make switching cost higher..less likely go to competitor.
The Market for Lemons.
Markets where lowsy products are sold.
when market with asymetric information…
bad products drive out good products…good used cars $2000 and bad used cars $1000 – equalibrium price $1500…
Software a lot like that.

  • It is hard to tell good product from bad product.
  • Product for lemons… good ones drive bad out of the market.
  • Costomers not able to make intelligent buying decision..
  • Make a bad product you can cover with Marketing.
  • Monoplistic/ologopily markets…
  • features low and prices high…

Address and align interest and capabilities. Entities ability to mitigate being responsible.
Italy…tax fraud as national hobby.
Tired of going after merchants. Any customer w/i of store w/o valid receipt fined. Customer demand receipts. Make the customer CARE!
Sign you see on 7-eleven. your purchase free if you don’t get a receipt. Employee theft. Cash Register created to prevent employee theft. Paper tape. audit of all transactions. The way you commit fraud – transactions that don’t show on register tape. put sign up and hire customer – they for that 15 seconds becomes security guard. Managing externalizes in a way that solves security problem.
Security is a process not a product.
It needs a holistic approach
To understand the security problem and the stake holders.
Understand the security and non-security trade-offs you must align the economic incentives (required – all solutions will work if this is true)
Implement countermeasures to reduce risk.
Iterate as technology changes things
If we think as society we think we need better security. Capabilities change…
Liabilities…moving them around is hard.
Regulations – absorb more of the losses…
This depends on politics..making more expensive for credit card Companies or databrokers… that is what we have to do!
Security monitorinig and loging…SOX.
Banking requires more layers of authentication.
Logging is now popular – cause it is more expensive to not do it.
Failing and audit is expensive for companies.
Are the logs good or not is not the question. What is important is that you have them.
The concern is not what we log and how long we keep the logs.
Saving something is cheaper then throughing it away. More data is collected and cheaper to collect. Much more then needed use for other purposes.
Yahoo and google…better to collect then not to collect.
Only way to deal – make it illegal.
We must make it more profitable not to collect.
Illegal to use for auxiliary purpose (euro model)
Don’t mind produce books that I might like…
Companies will compete on what ever economic playing field you give them.

Higgins opens up

By Leave a Comment

Big News in Identity Today
Project Higgins – which is being managed by the Eclipse open source foundation — is developing software for “user-centric” identity management, an emerging trend in security software. It enables individuals to actively manage and control their online personal information, such as bank account, telephone and credit card numbers, or medical and employment records — rather than institutions managing that information as they do today. People will decide what information they want shared with trusted online websites that use the software.
This is the first user-centric identity management effort to follow the open source software model, where hundreds of thousands of developers contribute — and continually drive improvements through collaborative innovation. Being an open source effort, Higgins will support any computer running Linux*, Windows* or any operating system, and will support any identity management system.
“To move online security to the next level, there has to be fundamental resolve among consumers, government and business to quickly adopt a system where the individual has more control over how information about them is managed and shared,” said John Clippinger, Senior Fellow for The Berkman Center. “Our aim is to construct an open and widely accessible software framework that puts the individual at the center of the identity management universe. With this framework in place, it will be easier for society to begin the migration to more secure online environments, where trusted networks can not only be easily formed, but effectively enforced. For in the end, security is not just technological, but social.”
Higgins will make it simple and secure for someone to change an address across all their online accounts with a single keystroke; delegate who can see what elements of their medical records; or change a password across online banking and brokerage accounts. For example, a person can grant their insurance company broad access to their personal information and medical records, while at the same time limiting the amount of data made available to their cable company. In turn, businesses can create new channels of communication with customers – enabling information to be shared securely across networks to deliver targeted, relevant products and services.

A service I use got bought by Google…mmmm…

By Leave a Comment

So I started using MeasureMap several months ago the first week it was live . I LOVE it…but it just got bought by Google. I am not a big fan of Google these days…now they have all the traffic and links on my blog. Are they going to start charging me for this service? How do they monazite this service? I have no problem with them making money but as a user of the service I would like to know exactly how they plan do it and plan it.

MarcCanter: Giants must open or die

By Leave a Comment

Marc Canter has had a glimps into the future of microsoft

For sure – each of these giants will make their own decisions, in their own due time, but at the end of the day – if they don’t open up – they’ll eventually lose their customer.
At least we have a way to connect these giant worlds together (and take us small little fry along for the ride at the same time.) That’s a huge breakthough and is the foundation of us building the distributed web infrastructure. What I’ve been chanting about is our own Open Source Infrastructure and the other kinds of open standards we need…..
StructuredBlogging.org is an attempt to keep all the various formats of microcontent compatible. Our upcoming PeopleAggregator APIs will provide basic social networking capabilities – to all – and a way of inter-connecting disparate social networks into one giant distrbuted mesh.

The world of media needs standards like Media RSS and one could imagine burgeoning new standards around Tags, Reputation, Events and Musical tastes and preferences.

It is nice to see the itags included in the list of open source infrastructure. Thanks Mark.

Julian Bond was in the audience and immediately complained “they’ll never be a LAMP version of Infocards” – but what I wanted to explain to Julian was that Microsoft is in the business of taking care of themselves, just as Yahoo, Google and AOL are – as well. So don’t expect a Linux version of anything from Microsoft, but you CAN expect meta-identity compatible ID systems for LAMP – that’s for dam sure.

 

Julian don’t be so sure about this statement.

Identity and privacy …. falling google stock price

By Leave a Comment

From Slashdot.
While the company says it isn’t worried about the stock price correction, there are other issues at hand.” From the article: “Google is under mounting pressure from many traditional industries: telecommunications companies do not like its plan for free internet phone calls, book publishers and newspapers have filed a lawsuit to try to prevent it from digitising library materials, governments are worried about its satellite-imaging service Google Earth and privacy advocates have a growing list of concerns about everything from its e-mail service to its desktop search function, both of which may make it easier for hackers or government agencies to gather information about individuals without their consent.”

Kim Cameron's Panel about Identity @ SD Forum

By Leave a Comment

This is from the SD Forum on Interoperability January 31, 2006.
Prateek Mishra – Oracle
What is the identity problem?
It is stuck in a few places at employwer, bank and you want to
how does your identity get from your identity provider – the places were you have defined your identity to all these business processes and services.
We want to do this across the internet. There is the protocol piece – we know how to transmit identity from point a to point b this is solved…
Governence models how to transfer identity in trusted ways from point a to point b. Folks like Liberty Alliance have white papers and frameworks for this. This is a non-trivial problem. How you maintain and create governance?
How do you have normal folks sitting at their computers manage their identities in intuitive ways. How do they have a tool
Identity is stuck it wants to be free.
Protocol – Token Representaiton – solved
Governence and Infrastructure – somewhat solved
How does a person leverage these multiple identities?
Kim Cameron – fan of SAML and Liberty
As we move to more interconnected set of systems we need an identity layer. When you have an architectural whole of this magnitude you have a huge number of kludges.
Meta System
Users have no way of predicting how they should work – knowing when they are in danger.
old days fighting over token rings vs. ethernet – we got TCP/IP that encapsulated both.
We need a metasystem (I got a tiny bit distracted here, sorry. So the transcription is not perfect)
Karen Wendel, Identrus
Metasystem – single interface from an identity perspective.
Everyone has a visa card – that folks each having a card for each store. The industry would be stuck without interoperable.
Rules used consistently throughout the world.
VISA would take responsibility for legal, technical and policy issues.
Identrus was owned by the banks. Your identity will be given to you. It takes responsibility around the policy stuff. Legal aspects of your identity – dispute resolution. Liability of relying party who maintains it and lifecycle. We run this network and commonality on global basis.

(from there website) Identrus provides the global standard for identity authentication.
As communications expand and the world shrinks, knowing who’s who in the electronic universe becomes vital.
Identrus offers a full range of technology and services that support every aspect of safe eTransactions.

Rena Mears, Deloitte
Access – from a privacy point of view is different from access from a security point of view
Assertions and Claims are different
Kim Cameron..
Claims are assertions which are in doubt
everything being claimed has to be doubted so we can establish trust.
They considered using Claims but it would have become SCML (scammel)
It is to the benefit to the SAML make things secure in the browser. Shibboleth the hardest thing is home site discovery – infocards visual representation and
pick one of the 5000 higher education institutions…
or pick ‘your’ university identity.
Identrus: This is what we would call an identity provider.
Kim:
SAML is the transport language
SAML is used between a portal and services to the portal.
I propose we have new ways of the user authenticating to the portal.
The systems still exist.
Karen:
What constitutes and identity and the needs for security.
How does language play in this space – there are a lot of different models – identity is not the same as authentication or security.
problem blending identity and security – PKI
you get these people
Kim:
anyone who works with a protocol they get infected by the protocol and their vision blurs and and narrows.
We need more fanatics about protocols
Identrus:
one of the challenges for us as a community – identity does more then authenticate – sign things and create legal contracts – engage in business transactions, incur liability and regulatory transactions.
you can’t look at the papers and not see an inherent relationship between identity and security.
Rena:
Who has stepped up to be the binder of identity to the individual.
Prateek:
there is not such thing as single monlithic identity
there are multiple notions of identity useful for different contexts
Shibolith context higher education
Identrus is a context and a governance model
We like Infocards if we could use it when we get to the line in the spec it says Identity provider discovery – out of band
authentication is out of band for SAML
Karen:
everyone is bound by
the bank that issues the identity to the person
the bank binds to the person – labile to up to 10 million dollars
issued within all the legal requirements
there all these pockets of identity – the level of binding – between issuer and relying party – it does not transfer through the bridge structure.
A lot of the federated model you don’t have that level of binding between the parties.
We will work with the bridges and it is a different element.
Kim:
The government – thinking of itself as the ‘binding’ authority – reasons for relative autonomy.
Belgium a national identity card – but no card readers
One group was the association of mayors – they were now being asked to sign their legal documents with their individual citizen identity – they used to sign their documents with a stamp of their office – we must think of roles.
Kim:
The issue is PRIVACY.
the characteristics that really respects privacy are the characteristics of a system that really is difficult to penetrate.
All of the identity issues – any initiative that takes this forward we should all applaud.

Down with Buddy lists….

By Leave a Comment

Mobile Jones

Jazz, an application that provides audio messaging to yet another circle of friends. More invites….more buddy lists….

There were so many identity silos at the etel.
Each phone handset has one for address books –

  • Motorola,
  • Nokia

Telecom Incumbents

  • Orange(france telecom),
  • British Telecom

Cool “apps”

  • YackPack
    Jazz

The Incumbent internet players

  • ebay/Paypal/skype [PESk]
  • Yahoo!
  • Google (using Jabber)
  • Microsoft