Publications

Forbes Quotes me on Social Media’s Future considering Safety & Identity

Ali · January 7, 2023 ·

I was cited in an article that was published in Forbes. The article was part of a series that was assessing the activities of 2022 on Twitter, the crazy policies of a new CEO, and the ramifications on the future of social media.

The article’s central emphasis was on the question of whether or not, in the near future of social media, users can feel secure while maintaining their individual identities.

I was quoted in the following lines as part of a discussion on the pros and cons of maintaining anonymity and pseudonymity online:

“Kaliya Young, Identity Woman, recalls an incident with Kathy Sierra, a female blogger and game developer, who in 2007, experienced death threats online and finally gave up her tech career, withdrew from the blogosphere and from online life. Following that incident there were calls to create blogger codes of conduct to stop this online violence against women.”

“’Look, if the first bad instances of online violence against women were treated seriously and the perpetrators that were not known were held to account then we would be in a different place [today]. They were not.’ Weeve, the pseudonym, of the hacker and self-described neo-Nazi and white supremacist responsible for posting false information about Sierra, had gone unpunished. As per Young, ‘He should have gone to prison for that. I was at the conference when they got up and said Kathy isn’t here because of death threats! It affected my life as a woman working in technology. Instead, he was left alone and went on to commit more acts of terrorism.’”

About the other side, you may find me in the following lines, where I’m contributing to a discussion regarding the importance of transparency and verification:

“Young stresses that it will take ‘time, rigour, investment and a proportionate approach’ to see the payoff. She points out that there is also a middle ground and it’s possible to implement speed bumps to make it less appealing for bad actors to exploit a poorly designed platform. ‘Designing a social media platform with possible consequences including, but not limited to privacy and security risks in mind (like One Dot Everyone, a consequence scanning tool), can improve the design while exploring alternatives to identity verification. Privacy Impact Assessments and Human Rights Impact Assessments will also go a long way to mitigate risks.’”

“Young questions the process for verification. Who will decide a person is who they say they are? Given her work in the Identity space, development of a trust framework should be leveraged to deal with the complexities of identity verification. But it continues to call into question what individuals or groups are responsible for defining the rules for verification?”

“Young professes that Identity has its place online but argues that the systems including the governance layers need to be in sync. ‘So men like Galloway and Haidt can go on about this ‘real name’ stuff all they want. Until the systems they built actually work as claimed and that men who use their real names and are known will be held to account, then what business do they have suggesting that?’”

Now, the purpose of this section is to provide a response to the following question: will technology save us? In the passage that follows, I am referenced as follows:

“Social media accounts have been around for a long time and Young makes clear they are, for the most part, run and managed by real people, attached to other real identities online that have more credibility: I think that analog is the new digital – meaning people will seek out and connect and value time with each other in person.”

Lastly, I am cited in the following lines on the remark that identity verification on social networks does not compute or make sense:

“As per Young, identity needs careful and thoughtful consideration:

There is a difference between the platform knowing who someone is and the whole world knowing the same. Who is enforcing what type of ID? Like Doctor, Young signals the marginalized, and those who have been suffering the abuse on the platform for over a decade. The rules for verification need to incorporate the varying definitions of identity that include cultural, general and local perspectives.”

You can read the full article here: https://www.forbes.com/sites/hessiejones/2023/01/04/will-the-future-of-social-media-mean-the-coexistence-of-safety-and-identity/?sh=5851ac587fba

Quoted in IEEE article about Worldcoin and their shift to Digital ID.

Ali · January 5, 2023 ·

I was asked to offer my perspective on the risks associated with the biometric data of Worldcoin, which was included in an article Spectrum IEEE published.

A crypto currency, Worldcoin, aspires to become the most globally and uniformly distributed cryptocurrency ever by allocating the same modest number of coins to every individual on Planet. The business has spent the last year creating a system that allows other parties to utilize its vast registration of “unique humans” for various identity-focused applications.

However, Worldcoin’s biometrics-focused approach is being greeted with widespread concerns regarding privacy, security, and transparency.

Here is the section of the article where I was mentioned about the possible risks posed by Worldcoin’s biometric data.

“It’s also questionable how useful the concept of ‘unique humanness’ really is outside of niche cryptocentric applications, says Kaliya Young, an identity researcher and activist. Identity plays a broader role in everyday life, she says: ‘I care what your university degrees are, where you were born, how much money you make, all sorts of attributes that PoP doesn’t solve for.'”

Another one:

“Worldcoin’s biggest challenge may not be the functionality of its technology but questions of trust. The central goal of blockchains is to avoid relying on centralized authorities, but by using complex, custom hardware to recruit users, the company is setting itself up as a powerful arbiter of digital identity. ‘Worldcoin posits that everyone in the world should have their eyeball scanned by them and they should be the decider of who’s a unique human,” says Young. ‘Please explain to me how that’s not ultracentralized.‘”

You may read the complete article by clicking on the following link: https://spectrum.ieee.org/worldcoin

The Future of You Podcast with Tracey Follows

Kaliya Young · May 4, 2022 ·

I was invited to discuss self-sovereign identity on Episode 7 of The Future of You Podcast with the host, Tracey Follows, and a fellow guest, Lucy Yang.

On this podcast, we discussed digital wallets, verifiable credentials, digital identity, anonymity and self-sovereignty.

Why digital identity is so important and how it differs from the physical realm

Tools currently in development to enable self-sovereign identities

Whether anonymity or pseudonymity is feasible while maintaining accountability

How digital wallets might evolve and consolidate across the public and private sector

The principles of physical identity that must carry over into a digital solution and the importance of Open Standards

Listen online: https://bit.ly/3w1cxbu

Listen on Spotify: https://spoti.fi/3vIB9qK

Listen on Apple: https://apple.co/3w3fqbN

Listen on Google Podcasts: https://bit.ly/3w0hWQ1

Listen on Amazon Podcasts: https://amzn.to/3KBBC29

Is it all change for identity?

Kaliya Young · November 23, 2021 ·

Opening Plenary EEMA’s Information Security Solutions Europe Keynote Panel

Last week while I was at Phocuswright I also had the pleasure of being on the Keynote Panel at EEMA‘s Information Security Solutions Europe [ISSE] virtual event. We had a great conversation talking about the emerging landscape around eIDAS and the recent announcement that the EU will work on a digital wallet and open standards for Europe.

Here is a link to the video if the embed isn’t working.

ISSE Opening Plenary

Cohere: Podcast

Kaliya Young · November 23, 2021 ·

I had the pleasure of talking with Bill Johnston who I met many years ago via Forum One and their online community work. It was fun to chat again and to share for the community management audience some of the latest thinking on Self-Sovereign Identity.

Kaliya Young is many things: an advocate for open Internet identity standards, a leader in the identity space – including hosting the Internet Identity Workshop, a published author, and a skilled Open Space facilitator.
On this episode of the Cohere podcast, Kaliya joins Bill to discuss the history of online identity, what events led us to the consolidation of identity into a few centralized platforms, and what steps we need to take to recover and protect our online identities.

Podcast: Inclusionism with Kaliya Young, Author of Domains of Identity

Kaliya Young · September 13, 2020 ·

I spoke with James Felton Keith, author and podcast host of Inclusionism, about my book, Domains of Identity. How do we manage our digital identity? What are the 13 domains of identity?

Listen to Podcast: Inclusionism with Kaliya Young, author of Domains of Identity.

Grace Hopper Celebration and Presentation – Ethical Market Models.

Kaliya Young · November 9, 2015 · Leave a Comment

In mid-October I had the opportunity to attend the Grace Hopper Celebration for Women in Computing for the first time.
Here is a link to the paper that I presented – MarketModels-GHC Here are the slides

Ethical Market Models in the Personal Data Ecosystem

I also had the pleasure of working on a Birds of a Feather Session with Roshi from Google – she works on their identity team and was the one who asked me work on the session with her along with encouraging me submit a proposal for a lighting talk.

We had a great discussion about the internet of things and considering various ideas about what internet of things things…we might invent and how we might identify ourselves to them.

The conference is really a giant job fair for undergaduate women CS majors. There is not a lot there for mid-career women, all of the ones I spoke to felt this way. I realize if I was a young woman….at a CS department where most everyone is a man. Attending this event would make me feel like the whole world opened up…and anything was possible.

The event made me more committed to putting energy into helping She’s Geeky expand and serve more cities and more women and particularly those who are at high risk of leaving the industry – those who have been in the industry for around 10 years.

Field Guide to Internet Trust Models: Introduction

Kaliya Young · November 30, 2014 · 12 Comments

This is the first in a series of posts that cover the Field Guide to Internet Trust Models Paper. The paper was presented at the University of Texas at Austin ID360 Conference in 2013.
This paper was collaboration between myself and Steve Greenberg. I had an outline of all the Trust Models and worked with Steve Greenberg for several months to shape it into the paper.
The full papers is downloadable TrustModelFieldGuideFinal (see the bottom of this post for a link to a post on each of the models).
The decreasing cost of computation and communication has made it easier than ever before to be a service provider, and has also made those services available to a broader range of consumers. New services are being created faster than anyone can manage or even track, and new devices are being connected at a blistering rate.
In order to manage the complexity, we need to be able to delegate the decisions to trustable systems. We need specialists to write the rules for their own areas and auditors to verify that the rules are being followed.
This paper describes some of the common patterns in internet trust and discuss some of the ways that they point to an interoperable future where people are in greater control of their data. Each model offers a distinct set of advantages and disadvantages, and choosing the appropriate one will help you manage risk while providing the most services.
For each, we use a few, broad questions to focus the discussion:

How easy is it for new participants to join? (Internet Scale)
What mechanisms does this system use to manage risk? (Security)
How much information the participants require from one another how strongly verified?

(Level of Assurance -not what I think assurance is…but we can talk – it often also refers to the strength of security like number of factors of authentication )
Using the “T” Word
Like “privacy”, “security”, or “love”, the words “trust” and “identity”, and “scale” carry so much meaning that any useful discussion has to begin with a note about how we’re using the words.
This lets each link the others to past behavior and, hopefully, predict future actions. The very notion of trust acknowledges that there is some risk in any transaction (if there’s no risk, I don’t need to trust you) and we define trust roughly as:
The willingness to allow someone else to make decisions on your behalf, based on the belief that your interests will not be harmed.
The requester trusts that the service provider will fulfill their request. The service provider trusts that the user won’t abuse their privileges, or will pay some agreed amount for the service. Given this limited definition, identity allows the actors to place one another into context.
Trust is contextual. Doctors routinely decide on behalf of their patients that the benefits of some medication outweigh the potential side effects, or even that some part of their body should be removed. These activities could be extremely risky for the patient, and require confidence in the decisions of both the individual doctor and the overall system of medicine and science. That trust doesn’t cross contexts to other risky activities. Permission to prescribe medication doesn’t also grant doctors the ability to fly a passenger airplane or operate a nuclear reactor.
Trust is directional. Each party’s trust decisions are independent, and are grounded in the identities that they provide to one another.
Trust is not symmetric. For example, a patient who allows a doctor to remove part of their body should not expect to be able to remove parts of the doctor’s body in return. To the contrary, a patient who attempts to act in this way would likely face legal sanction.
Internet Scale
Services and APIs change faster than anyone can manage or even track. Dealing with this pace of change requires a new set of strategies and tools.
The general use of the term “Internet Scale” means the ability to process a high volume of transactions. This is an important consideration, but we believe that there is another aspect to consider. The global, distributed nature of the internet means that scale must also include the ease with which the system can absorb new participants. Can a participant join by clicking “Accept”, or must they negotiate a custom agreement?
In order to make this new world of user controlled data possible, we must move from a model broad, monolithic agreements to smaller, specialized agreements that integrate with one another and can be updated independently.
A Tour of the Trust Models
The most straightforward identity model, the sole source, is best suited for environments where the data is very valuable or it is technically difficult for service providers to communicate with one another. In this situation, a service provider issues identity credentials to everyone it interacts with and does not recognize identities issued by anyone else. Enterprises employing employees, financial institutions, medical providers, and professional certifying organizations are commonly sole sources. Because this is the most straightforward model to implement, it is also the most common.
Two sole sources might decide that it’s worthwhile to allow their users to exchange information with one another. In order to do so, they negotiate a specific agreement that covers only the two of them. This is called a Pairwise Agreement and, while it allows the two parties to access confidential resources, the need for a custom agreement makes it difficult to scale the number of participants. This is also a kind of federated identity model, which simply means that a service accepts an identity that is managed someplace else.
As communication technology became more broadly available, the number of institutions who wanted to communicate with one another also increased. Groups of similar organizations still wanted to issue their own identities, but wanted their users to be able to interact freely with one another. The prospect of each service having to negotiate a custom agreement with every other service was daunting, so similarly chartered institutions came up with standard contracts that allow any two members to interact. These groups are called Federations, and there are several different kinds. Federation agreements and membership are managed by a Contract Hub.
When the federation agreement limits itself to policy, governance, and common roles, but leaves technical decisions to the individual members, it’s referred to as a Mesh Federations. Individual members communicate form a mesh, and can communicate directly with one another using whatever technology they prefer.
Alternatively, a Technical Federation defines communication methods and protocols, but leaves specific governance and policy agreements to the members. In some cases, the technical federation may also route messages between the members.
As the number of services has increased, so has the problem of managing all of those usernames and passwords. Users might decide to reuse an existing identity rather than creating a new one. In recent years, some organizations have made identities that they issue available to other services. Service providers accept these identities because it lowers the cost of user acquisition. When the same entity provides identities for both the requester and the service provider, it is referred to as a Three Party Model.
If the requester and the service provider have provider have separate but compatible identity providers, it is called a Four Party model. This is present in highly dynamic models, such as credit card processing,
Peer-to-peer networks are for independent entities who want to identity assurance, but who lack a central service that can issue identities to everyone. To get around this, the participants vouch for one another’s identities.
Individual contract wrappers are an innovation to enable complex connections between services where the terms and conditions of using the data are linked to the data.
Common Internet Trust Models
Sole source: A service provider only trusts identities that it has issued.
Pairwise Federation: Two organizations negotiate a specific agreement to trust identities issued by one another.
Peer-to-Peer: In the absence of any broader agreement, individuals authenticate and trust one another.
Three-Party Model: A common third party provides identities to both the requester and the service provider so that they can trust one another.

“Bring your Own” Portable Identity: In the absence of any institutional agreement, service providers accept individual, user-asserted identities.

“Winner Take All” Three Party Model: Service provider wants to allow the requester to use an existing identity, but only accepts authentication from a single or very limited set of providers.

Federations: A single, standard contract defines a limited set of roles and technologies, allowing similar types of institution to trust identities issued by one another.

Mesh Federations: These share a common legal agreement at the contract that creates permissible interoperability.

Technical Federations: These share a common technical hub responsible for making the interoperability happen.

Inter-Federation Federations: This is what happens when one federation actually inter-operates with another federation.

Four-Party Model: An interlocking, comprehensive set of contracts allows different types of entity to trust one another for particular types of transaction.
Centralized Token Issuance, Distributed Enrollment: A shared, central authority issues a high-trust communication token. Each service provider independently verifies and authorizes the identity, but trusts the token to authenticate messages.
Individual Contract Wrappers: Manage how personal data is used rather than trying to control collection. Information is paired contract terms that governs how it can be used. Compliance is held accountable using contract law.
Open Trust Framework Listing: An open marketplace for listing diverse trust frameworks and approved assessors.

The Carrier IQ "world" vs. a Personal Data Ecosystem future

Kaliya Young · December 2, 2011 · 1 Comment

Read Write Web’s Marshak Kirkpatrick just posted a great article outlining the issues with the Carrier IQ issues that have surfaced. It also includes an extensive quote from me about how data has value and it needs to be accessed in ways that are in alignement with people.

Personal Data Ecosystem Videos from Telco 2.0

Kaliya Young · November 23, 2010 · Leave a Comment

I had a great week at Telco 2.0 the week before IIW. STL partners has been running Telco 2.0 events for a few years focused on new business models for that industry. They have honed in on the potential to provide services to people to collect and manage their own data. This week they published interviews from three of the key speakers all of whom who also attended IIW the following week. Much of the focus for both events was on the emerging Personal Data Ecosystem.
I recommend the content on the Telco 2.0 site and if you are interesting in visiting interesting innovative parts of the Telco world they have great events for that.
AT&T: to be a ‘Personal Information Agent’
Von Wright, VP Cloud & Wholesale Services, describes how AT&T plans to put consumers in control of their own data, and take the role of an agent or broker for their Personal Information

Google: Strategic ‘Co-opetition’ with Telcos on Consumer Data
The ‘Personal Information Economy’ will see a higher intensity of strategic co-opetition between Google and telcos according to Google’s Eric Sachs.

Microsoft: Why Telcos Must Act Now or Lose The Opportunity
Marc Davis, formerly Yahoo! Mobile’s Chief Scientist, now at Microsoft, and a key collaborator with both Telco 2.0 and the World Economic Forum’s ‘Re-Thinking Personal Data’ initiative, gives his unique perspective on the ‘Gold Rush’ for personal information, and why telcos must act now or lose the opportunity to take a valuable role in it.

We are not at War

Kaliya Young · August 7, 2010 · 4 Comments

I was the first person Van asked to speak at the Community Leadership Summit West Ignite talks. I was the last person to submit my slides. I have a lot to say about community but I had a hard time figuring out exactly what to say. I knew I wanted to talk about the identity community and our success in working together. Robert Scoble’s quote really got me going and I decided to use the talk to respond to the comment that was catalyzed by his facebook post/tweet “Who is going to win the Identity War of 2010”
This is completely the wrong frame to foster community collaboration.

Thoughts on the National Strategy for Trusted Identities in Cyberspace

Kaliya Young · June 25, 2010 · 1 Comment

Update: This blog post was written while reading the first draft released in the Summer of 2010. A lot changed from then to the publishing of the document in April 2011.
Here is my answer to the NSTIC Governence Notice of Inquiry.
And an article I wrote on Fast Company: National! Identity! Cyberspace! Why you shouldn’t freak out about NSTIC.
Interestingly in paragraph two on the White House blog it says that NSTIC stands for “National Strategy for Trusted Initiatives in Cyberspace” rather than “National Strategy for Trusted Identities in Cyberspace”.

This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.

IIWX Internet Identity Workshop 10, Introductory Talk

Kaliya Young · May 27, 2010 · Leave a Comment

I gave this talk at the 10th Internet Identity workshop reviewing the shared history, language, understanding and work we have done together over the last 6 years of community life.

Internet Identity Workshop 10 – Introduction to the User-Centric Identity Community

View more presentations from Kaliya Hamlin.

Part of this presentation touched on a timeline of events in the community. Those and more are reflected on this timeline that is beginning to be developed here. IIW11 will be November 9-11 in Mountain View, CA The first ever IIW outside the Bay Area will be happening September 9-10 in Washington DC following the Gov 2.0 Summit with the theme Open Identity for Open Government. The first IIW in Europe will be happening in London likely October 9-10 (dates still to be confirmed) prior to RSA Europe. If you would like to know about when the next IIWs have registration open please join this announce list. TheIdentity Gang is the community mailing list where conversations are ongoing about identity. You can follow modest updates about IIW on twitter via our handle – @idworkshop You can see IIW 10 attendees on our registration page.

FastCo Post on Governemnt Experiments with Identity Technologies

Kaliya Young · September 12, 2009 · Leave a Comment

This is cross posted on Fast Company.

The Obama administration open government memorandum called for transparency participation, collaboration and federal agencies have begun to embrace Web 2.0 technologies like blogs, surveys, social networks, and video casts. Today there are over 500 government Web sites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government Web sites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.

Yesterday the United States Government in collaboration with industry announced a few pilot projects using emerging open identity technologies for citizens to use when interacting with government sites. I use the word interacting very deliberately because the government doesn’t want to know “who you are” and has gone great lengths to develop their implementations to prevent citizens from revealing personally identifiable information (name, date of birth etc).

How would you use this?–well imagine you are doing an in depth search on an NIH (National Institute of Health) Web site–and you went back to the site many times over several months. Wouldn’t it be great if the site could “know” it was you and help you resume your search where you left off the last time. Not your name and where you live but just that you were there before.

The Identity Spectrum helps us to understand how it all fits together.

Spectrum of ID Anonymous Identity is on one end of the identity spectrum–basically you use an account or identifier every time go to a Web site–no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don’t reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give “fake” information or true information about yourself–it is up to you.

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.

The government pilot is focused on supporting citizens being able to have pseudonymous identities that function only at one Web site–the same citizen interacting with several different government Web sites needs to use a different identifier at each one so their activities across different government agencies do not have a correlation.

It is likely that some readers of this blog know about and understand typical OpenID. Almost all readers of this blog do have an openID whether they know it or not because almost all the major Web platforms/portals provide them to account holders–MySpace, Google, Yahoo!, AOL etc.

So how does this work with OpenID?

Typical OpenID Typically when logging in with OpenID on the consumer Web you share your URL with the site you are logging into–they redirect you to where that is hosted on the Web–you authenticate (tell them your password for that account) and they re-direct you back to the site you were logging in. (see this slide show for a detailed flow of how this works). Using OpenID this way explicitly links your activities across multiple sites. For example when you use it to comment on a blog– it is known your words come from you and are connected to your own blog.

Using the OpenID with Directed identity–de-links your the identifiers used across different sites but still lets you use the same account to login to multiple sites.

When you go to login to a site you are asked to share not “your URL” but just the name of the site where your account is–Yahoo! or Google or MySpace etc. you are re-directed to that site and from within your account a “directed identity” is created–that is a unique ID just for that Web site. Thus you get the convenience of not having to manage multiple accounts with multiple passwords and you get to store preferences that might be shared across multiple ID’s but you don’t have identifiers that correlate–that are linked across the Web.

How does this work with Information Cards?

This is a complementary open standard to OpenID that has some sophisticated features that allow it to support verified identities along with pseudonymous & self asserted identities. It involves a client-side piece of software called a selector–which selector helps you manage your different identifiers using a card based metaphor, with each digital “card” representing a different one. Citizens can create their own cards OR get them from third parties that validate things about them.

The government is creating a privacy protecting “card profile” to be used in the pilot program. It is NOT issuing identities.

Trust Framework are needed to get it all to work together.

From the press release yesterday:

“It’s good to see government taking a leadership role in moving identity technology forward. It’s also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon–it’s a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate,” said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. “Today’s announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it’s impossible to know whether a received identity is reliable.”

The OpenID Foundation and Information Card Foundation wrote a joint white paper to describe how they are working on developing this. From the abstract:

[They] are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.

These frameworks, based on the model developed by the InCommon federation for higher education institutions, will enable government Web sites to accept identity credentials from academic, non-profit, and commercial identity providers that meet government standards. These standards are critical as they represent the government’s resolution of the challenging and often competing issues of identity, security, and privacy assurance. Open trust frameworks not only pave the way for greater citizen involvement in government, but can enable even stronger security and privacy protections than those typically available offline.

These are all exciting developments but there is much more to do.

Looking (far) ahead there may be the opportunity to do selective disclosure–combining anonymity with verified identity.

How do these go together–you can take a verified identity claim say your birth date then using cryptography strip the specifics away and just have a claim that says you are “over 21”. Then using an anonymous identifier you have selectively disclosed your age without giving away your date of birth.

You could imagine this would be handy for citizens wanting to communicate their opinions to their member of congress without revealing their actual name and address – they could “prove” using a verified claim they live in the district but not reveal who they are. This aspect of what is possible with the technology is VERY forward looking and will take many years to get there. There is enormous potential to evolve the Web with this emerging identity layer.

I would like to invite all of you interested in being involved/learning more to attend the Internet Identity Workshop in Mountain View California November 3-5. I have been facilitating this event since its inception in 2005. It is truly amazing to see how far things have progressed from when we were 75 idealistic technologist talking about big ideas. at the Hillside Club in Berkeley. It is also some what daunting to think about how much farther we have to go.

Identity for Online Community Managers

Kaliya Young · August 19, 2009 · Leave a Comment

I was asked by Bill Johnson of Forum One Networks to kick off the discussion on the next Online Community Research Network call this week with the topic Identity for Online Community Managers – drawing on the presentation that I put together for the Community 2.0 Summit. I cover the basics of how OpenID, OAuth and Information Cards work, who is “in” terms of supporting the projects and what community managers/platforms can do. We will discuss the implications of these new identity and data sharing protocols on the call.

Online Identity for Community Managers: OpenID, OAuth, Information Cards

View more documents from Kaliya Hamlin.

I will also be attending the Online Community Summit in October Sonoma and will be sharing about these and other technologies there.

Freedom to Aggregate & Disaggregate oneself online.

Kaliya Young · August 19, 2009 · Leave a Comment

I presented this slide show at the Oxford Internet Institute meeting in April that considered A Global Framework for Identity Management.

You could sum it up this way – “stuff happens in peoples lives and the need the freedom to go online and get support for those things and not have it all linked back to their “real identity.”

The slides are moving (drawing from post secret post cards) and it is worth watching if you don’t think people need this freedom.

Freedom to Aggregate, Freedom to Disaggregate

View more documents from Kaliya Hamlin.

its that SXSW picking time of year

Kaliya Young · August 18, 2009 · Leave a Comment

This year there are 2200 panels submitted for 300 slots. It is great they are going with community generated ideas for the conference. It is also hard to tell what will be happening in our fast moving industry 7 months from now. PLEASE go to SXSW create an account and then vote for these two 🙂

I put a lot of thought in to what to put forward this year knowing it would be 9 months out. One of the trends that is just starting to emerge is identity verification – my hunch is that by March this will be a topic getting a lot of attention and worth exploring at SXSW.

Who are you? Identity trends on the Social Web.

“On the Internet Nobody Knows You’re a Dog” Is this famous New Yorker cartoon still true? Twitter is doing verified accounts. Facebook claims everyone using their “real name” gives strong social validation ‘proof’. Equifax is validating age with information cards (digital tokens). We will explore the current trends and their implications for the future.

What is identity?
Why are people doing identity validation?
Who is doing identity validation?
Why are websites seeking people who have had their identities validated?
Is identity validation improving the web?
What are the current open standards in this space?
Are approaches by men and women different about idnetity presentation and validation?
What kinds of businesses are requiring online identity validation for customers?
Is identity validation going to squish “free speech”?
How is this trend changing the web?

With my She’s Geeky hat on: What Guys are Doing to Get More Girls in Tech!

The point of this is to get beyond the women say there are issues in the field and guys say there isn’t – to have guys who know there is an issue and are proactively doing constructive stuff to address it.

Many tech fields have a low percentage of women. If you are a guy do you wonder what you can do about it? Learn about successful strategies and proactive approaches for supporting women you work with and participate in community with. We will even cover some well-intentioned efforts that have gone awry.

How many women by percentage participate in different technical fields?
Why does it matter that they are underrepresented in these fields?
What are the cultural norms that men and women have about performance and self-promotion?
What is Male Programmer Privilege?
What can a guy do who has a sister that is math/science inclined but being steered away from the field?
How have the men on the panel improved things in their workplaces?
How have the men on the panel addressed the challenges that arise in open communities? (that is where you don’t have a boss that fires people for inappropriate behavior/comments)
What are the qualities of a workplace that is friendly for women?
How to go beyond tokenism in workplaces, communities and conferences?
How to encourage women more?

Other interesting Preso/panels covering Identity topics:

The Politics & Economics of Identity Put forward by my friend Liza Sabature of Culture Kitchen and the Daily Gotham Identity Politics” has always been left to the realm of feminist, civil rights activists, aka “minority politics”. This panel will explore the social and political ramifications of the business of identity and reputation. We will talk about the good, the bad and the ugly and what social entrepreneurs, businesses and digital activists are doing to impact this new economy.

What is identity?
What is reputation?
What is privacy?
How have big business historical monetized privacy?
How social media works on identity and reputation?
Online surveillance in the US : DMCA, FISA, Patriot Act
Facebook BEACON : a study on how not to spy on people for fun and profit
Google Adsense or Spysense?
What are Vendor-Relationship Management systems?
Will we need “Identity Management Systems” instead of VRMs?

Distributed Identity: API’s of the Semantic Web Without much conscious thought, most of us have built identities across the web. We fill in profiles, upload photos, videos, reviews and bookmarks. This session will explore the practical use of Social Graph API and YQL to build new types of user experience combining identity discovery and data portability.

Online Gatekeeping: Who Died and Made You King? by Liz Burr As the web becomes more open via social networks, we’re adopting new rules of communication. But who creates these rules? How much does class, race and gender figure into social media policing? We’ll discuss how identity affects social networks, as well as look at how online communities police themselves as participation expands.

Which groups are in control of what is worth sharing via social media?
Are the under-25 community using social media differently?
How do we recognize and confront social media ‘gatekeepers’?
Is our behavior in online communities merely a reflection of offline stereotypes and experiences?
What is the impact of the amplification of social stereotypes online on under-represented groups?
How do we integrate previously, under-represented groups into this more social world?
Is there really such a thing as a “digital ghetto”? If so, is it our responsiblity to combat it?

OpenID: Identity is the platform is put forward by Chis Messina.
I have to say it is really great to have this be put forward so plainly and simply – to “get religion” about user-centric tdentity and its central role in shaping the fugure the social web.

Ignore the hype over social networking platforms and web OS’s! The platform of the social web is identity. Facebook and Twitter Connect are just the beginning of the era of user-centric identity. I’ll go beyond the basics of OpenID and learn how to effectively incorporate internet identity into your apps.

Your Online Identity After Death and Digital Wills

If you died tomorrow, would someone take care of your internet accounts? How do you tell subscribers the blogger has died? Every day people die and no one can access their email. Let’s explore what can be done to manage your online identity after you pass on.

What usually happens to email accounts when a person dies? Policies for Gmail, Yahoo, Hotmail and AOL
What about WordPress.com and Blogger for digital policies concerning the death of a blogger?
Do You have a digital will setup?
Products and services to manage digital wills, electronic correspondence after death and auto replies.
Grief, “You Have Mail” and online memorial services.
Who owns blog content after the death of a blogger?
How to calculate the worth of your website or blog.
How can you manage your online accounts and passwords for easy access after you pass?
What are some recent legal examples of online account ownership disagreements?
How to keep your passwords safe?

How to Benefit from 1-Click Identity Providers by Luke Shepard from Facebook.

Sites across the Web are opening up to support open identity platforms, such as OpenID. How can companies at scale and those with large user bases successfully work with open standards including OpenID, Activity Streams and new social markup language specs? Can companies survive the challenges of incorporating OpenID into their websites?

Are there any success stories with OpenID?
What does the OpenID user experience look like?
Who has implemented OpenID?
What have been some of the failures of OpenID?
What is OpenID?
What are the user benefits of OpenID?
How can websites educate users about open protocols?
What are the privacy concerns around OpenID?
What kind of user data is made available to sites when they implement OpenID?
What will it take for OpenID to become mainstream?

Crime Scene: Digital Identity Theft

The Relationship Paper

Kaliya Young · March 29, 2009 · Leave a Comment

Bob’s Relationship Paper is now available. If you haven’t read it yet – you should. It articulates a key point about the challenge regarding the current frame of social networks – relationships are just lines on a graph rather then being nodes that hold information about the nature and parameters of the relationship.

Everything is Amazing and No One is Happy

Kaliya Young · March 22, 2009 · Leave a Comment

A friend shared this link with me today. It is a guy on Connan O’Brien.
“The video can’t be embedded apparently so you have to click over to it (I am already “unhappy” about that)” – ok inside joke related to the video.

Newspapers Dying – but we told you so…

Kaliya Young · March 20, 2009 · Leave a Comment

Someone sent me this link from SF Gate this morning:

In the wake of the hugely depressing shutdown of the Rocky and the Seattle P.I., and with recent death threats to the SF Chronicle and what looks to be a savage year indeed for print newspapers everywhere, these big guns have all stepped away from their normal discussions of deep tech arcania and turned their attention to a 500-year-old technology undergoing its first epic, bloody revolution.

I know people who have been working and building the emerging web who have been trying to dialogue with those in the news industry for the last 9 years about what was happening and coming.

The grand upshot? They don’t really have any idea. But they have some curious, slippery, hopeful, but ultimately disappointing theories. Theories that, to my mind, consistently miss the mark, in at least one or two vital ways.

The dismissiveness tone of the article just sort of proves thew whole issue.

From Clay’s Shirky’s blogs Newspapers Think the Unthinkable:
The problem newspapers face isn’t that they didn’t see the internet coming. They not only saw it miles off, they figured out early on that they needed a plan to deal with it, and during the early 90s they came up with not just one plan but several. One was to partner with companies like America Online, a fast-growing subscription service that was less chaotic than the open internet. Another plan was to educate the public about the behaviors required of them by copyright law. New payment models such as micropayments were proposed. Alternatively, they could pursue the profit margins enjoyed by radio and TV, if they became purely ad-supported. Still another plan was to convince tech firms to make their hardware and software less capable of sharing, or to partner with the businesses running data networks to achieve the same goal. Then there was the nuclear option: sue copyright infringers directly, making an example of them.

It is as if when the web people say “i told you so” and “we tried to help” they plug their ears and continue to make noise so they just can’t “hear”.

continued from Clay’s essay…. The curious thing about the various plans hatched in the ’90s is that they were, at base, all the same plan: “Here’s how we’re going to preserve the old forms of organization in a world of cheap perfect copies!”

No technologists who are on the cutting edge of technology don’t know what is next – there are things people are working on in different corners – we are working on identity over here…Sem Web folks are working on their things. WE STILL DON’T KNOW but we do know it will arise out of the communities we are participating in and the emergent effect of the tools we use. The Newspaper people didn’t really roll up their sleeves and dive in to learn about the web and how to do what they do but in more interesting web ways (like linking in their articles that are online). Clay sites Craigs List as an example – of “we didn’t know” twitter is another more recent one.
Last year I worked with folks bringing the Journalism that Matters conference to Silicon Valley. I was hired specifically for my expertise in facilitating unconferences in geeky communities. They didn’t really want to hear what I had to say about what was needed in the event design to attract geeks (not that many came even though it was at Yahoo!). A month before the event happened they decided to just go ahead without further help/advice from me. I learned from this experience

They don’t understand web architecture (the first thing I told them was to get their online digital presence in order. – they had a different blog for each event, a bad late ’90’s site, they didn’t get how to organize a wiki).
Journalists work alone generally (making collaboartion with co-organizers on the conference a challenge).
There is a higher normative level of conflict in the tech world compared to the journalism world.
They are not experts in facilitating time/space for large groups of people (some how the agenda development was driven by the journalist’s need to “let certain people speak”)
They are in deep morning and loss for the way of their profession and were unable to engage/look at the future – they would need a lot of “emotional clearing” before they could think in new ways about the future.

There is one asset that was developed that I am quite proud of it is a value network map of the newsroom and the new news ecology.

I think these says a lot about what is going on and how to think about things in new ways. One of the reasons these got developed is they kept talking about “the news room” and I challenged the assumption that eveyone would know what that was.

on Women talking at technology conferences

Kaliya Young · February 27, 2009 · 2 Comments

Chris Messina has a good post up about women and the Future of Web applications (the conference and the tools).

As far as I’m concerned, one of the greatest opportunities to seize the future of web apps is to cement the necessity of diversity in our processes and in our thinking, not for the sake of diversity alone (deserving though it is) but because the technology that we produce is better for it, being more robust, more versatile and flexible, and ultimately, more humane.
The future of web apps — and the conferences that tell their stories — should not be gender-neutral or gender-blind — but gender-balanced. Today, as it was two years ago, we suffer from a severe imbalance. It is my hope that, in raising the specter of consequences of the lack of women in technology, we begin to make as much progress in stitching diversity into the fabric of our society as we are making in producing source code.

I actually invited participants at Gnomedex 2006 when I was the “MVP” (that is – i didn’t have a schedulled speaking slot but the audience “voted” me on stage to fill a 15 min void for the MVP audience member) to think about these things.
I said that the app builders in the audience should get out of their boxes and start thinking about apps that socar mom’s, and churches and other realms of social civic engagement that could really use some good apps. Places that are not brimming with white guys under the age of 30 (in San Francisco). The audience wasn’t so sure about this idea.
I personally have been asked to speak at one conference this season – Community 2.0 in May. I am working with my speach coach on the talk and very much looking forward to redeeming myself. I worked with her on the last talk I gave at Net Squared in June that went ‘ok’ and I was thankful for that.
I think my story might be helpful in addressing this issue – which is why I am sharing it.
I was tapped by O’Reilly folks to speak at eTel and Web 2.0 in 2006. I didn’t do that great at eTel – I had never given a 10 min speech. I didn’t get any outside voice to help me and I should have but it didn’t even occur to me that one might hire someone to help one in such a situation. I thought I had to do it all on my own.
After the talk they suggested I talk to a speech coach for my upcoming talk at Web 2.0 Expo that they had tapped me to do (that is I didn’t go through the submission process they just asked me) that some of their own hosts of conferences had used – I figured this was a good recommendation. I listened to his advice but it actually failed me – he was not available to help (health issues) but was not clear about how limited his ability to help would be until to late. O’Reilly conferences were not clear with me what the composition of the audience would be (it was a CMP audience not an O’Reilly audience) so I gave the wrong kind of talk.
I was very nervous about the speech – didn’t prep well for (speech coach sort of 1/2 helping (when if I had just been on my own it would have been better) he also encouraged me to push beyond what I had originally said I would cover in the talk – I didn’t sleep that much the night before. I was visionary but that didn’t match what was in the program. 1/2 the audience walked out and I was shaken to the core – basically had stage fright for a year. (here is my blog post following it). There was no talk with O’Reilly folks about what had gone wrong, what could have been better – just silence and never an invite back.
I was “on my own” it was “my responsibility” but I was also in a vacuum. YES it is up to women to take responsibility but if the whole industry is serious about changing who is “always on stage” it also takes a village of – encouragement, good advice, and support.
Women don’t self-promote like the alpha dog’s in the industry do. Sorry it is just true. Ask women in leadership hiring in the software industry. Men over promote their skill set by double when seeking employment (generally) and Women under promote their skill set by 1/2.
I am am getting much better as a speaker. I certainly know what I am talking about in the realm of user-centric digital identity having facilitated over 15 events in the field in the past 3.5 years, doing technical and non-technical evangelism and working on the subject matter for 5 years now. I don’t run around telling conference organizers that I should be speaking at their conferences either. I did apply to RSA to be a Peer-to-peer discussion leader and was chosen to do so for the second year in a row. I also was tapped to facilitate a panel on OpenID, Oauth and the enterprise at SXSW. That is all the speaking I am doing so far this season.
I organized She’s Geeky as a way to address the challenges that we face – both being small minorities at conferences and not many of the faces on stage. She’s Geeky is the most diverse technology conference I have ever been to – it has the most non-white faces I have ever seen at a technology event. Please don’t get me wrong like the woman on stage at FOWA – I love dudes. I don’t think you last long in this industry if you don’t like men, enjoy working with them and can get along in their culture. I also wish there was more women and have decided once in a while to have a women’s only space to geek out in would be a fun thing to support.
I think it is also important to mention something else. As a woman putting yourself out there is risky. I watched what happened to Kathy Sierra – it was kinda freaky. I talked to a friend of mine – another prominent women in tech that week saying how deepy what happened to Kathy had shaken me. She said – well that is what happens if you become prominent enough – you get hate speech and death threats – basically this is what you signed up for if you chose this career path. It is another reason just go about doing my business – working on facilitating the identity community rather then “raising my profile” so conference organizers might tap me. I have had a mild case of a stalker around my work as identity woman a few years ago and I really don’t want another one. Not something guys think about really when they do their day jobs in technology. The latent misogyny is apparently REAL in some corners of this community. We need to know that we have the support of community behind us and won’t be attacked for speaking out against hate speech.
The issues are complex. I hope that as an industry we can continue to address them.