Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

Presos/Podcasts/Videos

Think cxap

· · Leave a Comment

Watch the video

Damian Conway’s killer parody presenation at oscon….the final animated slide.

This was the best presentation by being “the worst’ one ever. Damian made fun of bad presentations by putting everything bad into one big dooser. It made fun of Dick’s presentations on Sxip, r0ml, Kathy Sierra, Ruby on Rails, patents, pantent firms and was just hilarious.

Let the Vlogging begin

· · Leave a Comment

So, I went to VloggerCon and what does one do when one goes to a cutting edge technology conference espousing yet another cutting edge technology – one learns enough to ‘get it’ and dive in. So I began video blogging on Blip.tv I did two posts today on identity. I started out with a minute from Christine (she was at IIW) talking about why identity is critical and what will be its breakthrough moment. This is followed up by Mike from Blip.tv itself talking about why identity would be so useful to the emerging ecology of companies and how it helps them be like swarming smart pebbles.
I plan to vlog at all the conferences coming up. Let the Vlogging begin.

Technorati Tags: , , , , ,

VloggerCon reflections on day 1

· · 1 Comment

There was one good talk that I went to at VloggerCon that is worth sharing some information about here… The difference between video blogs and other formats.

  • Video get decontextualized – once it is out there it roams around
  • The display is smaller
  • It is bandwidth dependent
  • The audience control – they can decide what to watch and when
  • The interaction with the audience is more organic

Christine was at the event and counted how many women were there – 26% – relatively high ‘for a tech conference’ I don’t know if it is the venue or the early stage of this industry niche but it feels very ‘alpha’ – you know – my vlog is bigger then your blog, my vlogging tool is better then your vlogging tool.
I am trying to wrap my head around how to do this vlogging thing. They put the ‘advanced imovie and final cut pro’ in the second slot of the day before there was even a basic tutorial. They did have a story telling workshop that looked like it was good but I didn’t make it to that one.
I was craving more room (the venue was very cramped) and open space methodology. I will be back there today wearing my dabbler shirt – thanks Mary. If you are trying to figure out where there is good video on the web – dabble is the place for you. You can be my “friend” there too.

Technorati Tags:

Identity Map Developing

· · 1 Comment

I mentioned this earlier in my reflections about the conference. I had seeded a map that outlined the history of our community, gatherings, protocols, blogs, papers, podcasts, wikis, mailinglists. One of the participants took a very high resolution picture of the finished map. Phil has a picture of the initial map. On my original Omnigraffle version I have Kim’s Laws of Identity but on this one I didn’t get them up and Kim just pinged me to let me know it needed to be added. If there are things you think need to be added feel free to let me know.
I hope to bring the big map or another version to the conference at Berkman and DIDW for others to add more information to it.

Identity Gang 2 – How did John get involved?

· · Leave a Comment

This was the big identity event that I missed while I was away. The good thing about podcasting is that you get to listen to it after it is recorded. There was a question that Doc asked John Clippinger about where he really got involved with the identity conversation…he really was a bit stumped and was like PCForum…John Clippinger and Paul Trevethick came out the Planetwork in 2004 where identity was a big topic of discussion. I met them there.
I knew that Harvard was critical to get involved in the discussion so when I found out about the conference on Internet and Society I flew out there specifically to talk at length with John about what Identity Commons and i-names. We had a great meeting in the Charles hotel for about two and a half hours. I also on that trip spoke at length with Paul and Mary.
Then when we were out at PCForum for a pre-Forum identity gang. John couldn’t make that but got there late in the day. I set up a breakfast meeting with Owen Davis, Drummond Reed and John Clipppinger to talk about identity matters including how to get support from the big players for the kind of research and dialogue needed to address the social concerns. It seems the subsequent conversations went well and they secured some funding.
So…Doc that is part of the story about how John Clippinger and the Berkman Center got involved in the identity conversation.

Identity based DRM – will the 'get it'?

· · Leave a Comment

I am not a fan of the MPAA, RIAA or any other big industry conglomeration trying to hold on to their existing business model of selling creative works (before you view/listen to them).
I have like many many folks participated in this system. I have bought first albums then cassettes and then CD’s (and now people buy songs online too – but I have yet to). When I make a purchase of these artists works I have bought the right to listen to them freely. People who had albums upgraded to cassette tapes (maybe) but likely for sure upgraded to CD’s. If they did this they bought the work ‘twice.’ In the digital realm it gets even stranger where if you buy a piece of music on apple i-tunes you only get to copy it three times.. from one computer to the next to the next. Then it ‘runs out’ of copies. mmmm…but didn’t buy the right to listen to it when you first bought it no mater which medium you as the owner of that music choose to listen to it in.
So far the whole frame around DRM has been device based. This means every time there is a new form that plays media – (record player, cassette deck, CD Player, MP3 on desktop, ipods and zen players….and there will be more in the future.
If DRM is to exist and not completely alienate those who are the end users of music it should be identity based. I – ME – I buy a copy of a song and I get to listen to it forever on what ever the ‘medium’ of the day is.
I would like to propose a better system that still means folks get money. Music and other digital work is completely FREE.
It is all on the web and we call all access it all. I as a listener to music only have so much time that I spend listening to music. I allocate some amount that I will contribute to the music payment pool in a month $50 – $500. Then the attention ‘given’ to each song is recorded. The money I allocate amongst all the artist/podcaster etc. is distributed between them (perhaps with me giving particularly enjoyable ones a bit more) based on my attention data stream. The artist I listen to actually get money! If I like them and listen to them over years and years they will get more money then they would if they sold me a song once. This of course needs a functioning micro-payments system it may be worth the music industries business to actually do this.

Technorati Tags: ,

Halley and I talk Identity – Podcast from BlogHer

· · 1 Comment

One of the highlights of BlogHer for me was my first podcasting experience with Halley Suitt. I was sitting around at a ‘podcasting’ station and she showed up and the John Furrier who runs PodTech was there and so we did a spontaneous recording… here is the result. Wow! listening I actually don’t mind my voice.

How do we make the internet a trusted place?
Is the net a more dangerous place for women?
Halley discusses her digital identity experiences – writing about sex on the net, and lingerie photos of her on the net.
I mention the founding of Virtual Rights to address this new era of personal representation online. I share what inspires me how we can use these tools to empower us as citizens.

Co-Evolutions of Knowledge Networks

· · Leave a Comment

I listened to this podcast last night and was surprised to learn that national science foundation is funding the building of a really cool DataWeb. Enjoy…Noshir Contractor at MeshForum 2005
Dr. Contractor presents a multi-theoretical multilevel model of using technologies to understand knowledge and social network organization through the discussion of real-world examples. From the ‘Lovegety’ to Amazon purchase suggestions and beyond, Dr. Contractor outlines the concepts that form the basis of social and knowledge networks.
Those concepts are:

  1. the social network, “it’s not what you know, but who you know”;
  2. the cognitive-social network, “it’s not who you know, it’s who they you think you know”;
  3. the knowledge network, “it’s not who you know, it’s what they think you know”;
  4. the cognitive-knowledge network, “it’s not who you know, it’s what who you know knows.”

Technorati Tags: , ,

NTEN-SF: EFF Keynote

· · Leave a Comment

I had a really busy two weeks. It ended finally on Friday with the NTEN (Nonprofit Technology Enterprise Network) Conference on Emerging Technology. I got to hang with some of my favorite folks from the NonProfit Tech world but more on that later. One of the good things was we keynote talk from Kevin Bankston from the EFF.
He was less articulate then Daniel Solve about why the courts have ruled that information held by third parties are not protected under the 4th amendment. It is because the courts interpret a third party even the service provider of knowing your phone number (because they are providing you that service) as not private. In the digital age this third party status expands to so many many things.
He talked about the laws they have and are considering about e-mail. They basically mandate the service providers keep copies of everything that comes to your in-box and the records of where you travel on the net. He gave a great analogy about this. It is like the government is mandating the post office to photocopy every piece for mail you ever get and store it for 10 years in case some government agency needs to search it.

Technorati Tags: , , , ,

Passel: identity. remixed.

· · Leave a Comment

DizzyD presented on Passel and The Identity Gang is in the HOUSE! Johanes, Doc, Phil, Mary and Mary – wow three identity women.
He also didn’t really approach it right he didn’t get all the different systems and how they worked and we were all in the audience correcting him. It really highlighted the need for the workshop we are hosting in October.
Here is the summary:
How do I as user my identity on the web?
The ‘story that started it all’
Wife’s machine got Trojan. I had to change all passwords everywhere.
What is Identity?!
Identity is just another class of information we manage.
It’s a second-order problem. When I get on the net I get on it to do Identity Management other tasks.
What is Identity [Italicized] ?
Depends on the setting
Bottom line two fundamental types
third party vouch for and self asserted
His summary of the other stuff..
What are the options:
Passport
All others are not inherently evil.
everyone is throwing protocols against the wall and seeing which ones stick.
who do you trust to host you identity?
SAML
SAML/Liberty
trust relatinoship between two entities on your behalf
“asserting” used a lot in this world….and I will use it a lot

Standards are well documented and widely deployed. Lots of infrastructure required for trust relationships. Conditionals and trust relationships not viable from an open source stand point. Took a lot of time for a second order problem.
SXIP
Identity is locked into who the identity provider. You can change home sites. not locked in. Run on own machine. Powerful for users with centralized for user to move.
LID
Send information back and forth and urls based.
OpenID
No dynamic scripting needed. You have your identity URL tell via meta tag where identity server is. enter URL – blog URL. LiveJournal do you allow it to authenticate?

Can’t i-names do this?
He asserted wrongly that there was not reputation (global services launch will embed reputation in the messaging/contact system.
For Internet-scale Identity needs

  • Aggregate IDentity
  • Decentralized and open
  • Divers programming Language/environments
  • Interoperable implementations
  • Bootstrap off existing trust models

PASSEL
Gives you more control over data
Aggregates your identity via user-centric three-piece architechure
implemntations already started Perl, PHP, Java and C#
Pluggable trust models.
Generalized model for proving any DNS-based identifier
Trust Model

  • how you prove the signer
  • person x
  • Moving identity information proving that a
  • protocol how move around
  • plug in how you trust information

PIECES:
Agent (principle’s computer)

  • aggregates into portfolio
  • public private key and fingerprint
  • natively if not
  • Zip file on key – use on different locations

Signer (site that makes assertions)

  • signer issues token with for example 4 hour life span
  • agent must retrieve new token from dizzyd.com

Target (relying party)

  • how does the
  • retrieval of public key.

Technorati Tags: , , ,

R0mL..as I was saying

· · Leave a Comment

Ok in the treasure trove of yet to be posted posts is this gem from OSCON. R0ml gave an amazing (part II) of his talk that he did not complete last year. He will likely give part three the conclusion next year. The audience will be eagerly anticipating it. Here is the summary as best I can (his words are in italics). I must preface this by saying that words in text form are a poor representation of this man’s work as he takes presentation very seriously as a form of performance art.
He began with … as I was saying
Semasiology is the science of the meanings or sense development of words; the explanation of the words.
I wonder if we can collectively do a Semasiology of Identity perhaps that is a topic we can invite R0ml to consider with us since Optaros is considering and ‘identity’ practice.
He returns to a quote from the princess Bride where the guy says Inconceivable ‘I do not think it means what you think it means’
Summarizes last year’s talkwhere he made the point that the source of open source was not ‘code’ but instead was the requirements.
PART II – Really it was all about the CODE

Programs must be written for poeple to read, and only incidentially for machines to execute.

APL progammling language by Kenneth Iverson it was ‘easy to read’ and designed for Notation an a Tool of Thought.

(check out what it really looks like – totally not ‘easy to read’)
Why read?
70-80% of all “software development is maintenance
70-80% of all maintenance is reading old code and understanding
49-64% of the cost of CODE
WEB originates from this work Literate Programming by Donald Knuth. It is a method of composing programs. He felt the time was ripe for significantly better documentation of program and saw them as Works of Literature. He was an essayist whose main concern is with exposition and excellence of style.
With Literate Programming there are two steps
Tangle (create the code)
Weave (create the documentation)
Hence the aphorism: Given one Literate eyeball, most bugs are shallow.
This language and its associated programs have come to be known as the WEB system.

He said: I chose the name WEB partly becasue iftwas one of the fe three-letter words of the Engligh lanauge not applied to computers
We can also invite some other words to describe the programming process from this set of words.
SPIN (create requirements) …a ask in spining a yarn
Knit (create the test cases)

Fashion (generate the models)
We might wonder how good our spinning, knitting and fashioning are going in the identity space. Hopefully the IIW in October can help with all three.
Warning this next section has a lot of free association
Steven Roger Fischer wrote A History of Reading

How many people are computer literate?
The census bureau says there are 600,000 programmers in the US.
If you include other professions that also would read code as part of their job you reach about 1.9 million which is less then one percent. It is about 16 million people world wide which is 1/6th of one percent world wide.
Where does reading come from? All early reading involved simple code recognition very task oriented.

Sumarian writing developed
Enheduanna was the first poet in 2285 BC. and was the daughter of Kin Sargon.
Ada Byron – first programmer Countess of Lovelase is the daughter of a poet.

In Sumaria at the time this poem was written only 1% of population knows how to read in the Great City of UR.
Around 500BC.. Athenians 5% could read.
This was the Dark Ages 500 AD at it was asserted that what writing made presnet to reader pictures make present ot the illiterate.

That is the GUI…(Graphical USer interface)

Words were written down for Public Performance:

scripta manet verba volat

script remains verbal is volitle
writing is eternal, talk is ephemeral


This phrase did not mean this
To ‘read’ was to transmit, not to receive. Things written were written as memory aids.
To read was to speak…because of not for orators…
So this phrase really meant:

Writing reposes, speaking soars


Writing isn’t any good unless you read it out loud. Existance of the book meant that the speaker could be anybody.
GPL3 – GPL is a copyright.
Copyright protects against unauthorisze copying derivation, distribution or publicly performance.
What does it mean to publically perform software?
It means to ‘run the code’

The purpose of the code is to be performed.

GPL defines source code’s preferred form of the work for making modifications to it.
Refrain
Voices of the Absent
The spanish theologian – Isidor of Seville (560-636 BC) – praised silent reading, too, for being without effort, reflecting on the which has been read rednering their in.

In 1999 St Isidore was named the patron saint of programmers
Why?
He wrote a treatise – Etymologiae (source) or Origines as sometimes called.
He compiled it – all existing knowledge and literature.

Authorship does not matter the collection of knowledge matters.

What happen next? In the early middle ages changes our understanding of authorship changed. Integrity of the Authors Source Code
Something changed meaning of word to read… it was now possible to read in silence…

789 Admonitio Generalis no standards improve aimed specifically at educaiton reading and writing.
Carolingian Minuscurle brought some standards in.
Alcuin of York 798-804
Words are separated use a blank space.
What 0 did for math the space di for reading.
Irish scribes created the fullstop, comma, semicolon
Standards emerged for heights (m) ascenders (b) decenders (g)
Reading went form public act to private act – reader is no longer shared the text with others.

Reading and writing was collaborative and became individual.
Reusable Software is collaborative.
will it become individual?
Readable software needs typography.
If you write scripts they will need maintenance.
If you write readable code they will soar.

Writing reposes, speaking soars
scripta manet verba volat

Programming is literature.
Reading is not performance.
Two gods of literature the reader and writer.
Rewriting of what the author has originally authored.
Moving away from respect to original author when writing became a silent and private act.
Intellectual Property is invented in 1251
So we flip back to authorship…

In antiquity we gave credit to original author because failure to respect honored ancestor.
Post renaissance -> more about legal requirement.
Couple hundred years 40-50% will read can read CODE.
When this happens will the collaborative nature dissipate?
Power of collaboration is essence of what it is about now but it may become a private act.
Symbolic manipulation skill.
Extent to writing skill – literary skill.
We have done this before.
Speaking venacular of that people are talking.
Semiotic agreement about core set of concepts.
Be liberal in what you understand.
Be strict in what in what you are trying to say.
Poetry is obfuscated.
Poetry is set in LINE.
The white space is significant.
Prose it is not.

Come to OSCON for Part III next year.

Find Use Share and Expand all Knowledge

· · Leave a Comment

danah boyd talked briefly about this new initiative at BlogHer yesterday. FUSE is the name of the new initiative that Jeff Weiner from Yahoo outlined at SuperNova.
I had fun at BlogHer 🙂 I did my first podcast there with Halley (you can see the picture over on Marc’s site) It was about 10 min talking about identity in various forms. I wonder when Podtech will put it up?
Yahoo! who hosted the cocktail party and did demo’s of Yahoo 360. I got to talk with one of the guys from the company and he raised some issues about identity 2.0 that I had not thought about. The power to enforce the of the EULA (end user license agreement) for a company like Yahoo! is in large part tied to their right to ‘terminate’ identities when the principles behind them misbehave. It seems key to include them more of the folks working for ‘the big guys’ in our identity workshop discussions and perhaps particularly policy usability.
Talk about changing identity (if where you work is a part of ones identity) Dana now works for the Yahoo! Berkeley Research and resigned from Google.

July Planetwork FOCUS on DIGITAL IDENTITY TOOLS

· · Leave a Comment

July Planetwork FOCUS on DIGITAL IDENTITY TOOLS

Thursady, July 28th doors at 6, program at 7
CIIS, Namaste Hall,3rd Floor
1453 Mission St. San Francisco (2 blocks from Civic Center BART)

With my emerging persona as Identity Woman curated this line up that provides a great opportunity to learn more about some of the latest tools for next generation digital identity.
Light Weight Identity – LID
Johannes Ernst NetMesh Inc. .
Light-Weight Identity(tm)– LID(tm)– a new and very simple digital identity protocol that puts users in control of their own digital identities, without reliance on a centralized party and without approval from an “identity provider”.
OpenID
Brad Fitzpatrick Six Apart, Ltd.
OpenID, a decentralized identity system, but one that’s actually decentralized and doesn’t entirely crumble if one company turns evil or goes out of business. An OpenID identity is just a URL.
Sun Single Sign On
Pat Patterson Sun Microsystems
Sun is announcing the intention to open source web single sign-on. This project, called Open Web Single Sign-On, or OpenSSO, gives developers access to the source code to these basic identity services allows them to focus on innovations that solve more urgent problems, such as securely connecting partner networks, ensuring user privacy, and proving compliance.
Opinity, Inc
Ted Cho
Opinity provides open reputation for end users. It is a young start up offering free online reputation management related services so that individuals can authenticate, aggregate, and mobilize their website (eBay, Amazon, etc.) reputations. Opinity also offers reputation management tools so that individuals can monitor, build, and work to enhance their own reputation going forward. Individuals can also review other individuals at the Opinity website.
_______
Planetwork has been hosting monthly networking forums in the Bay Area for the last 3 years. We are a unique network sitting at the nexus of technology use for social and environmental good. To support the monthly forums we invite voluntary donations (in a basket on the food table).
If you would like to join our mailing list to get more information about upcoming events please go to this page and get a planetwork i-name and then set your mail preferences.

Catalyst Round UP

· · Leave a Comment

First of all thanks to Cordance, Opinity and ooTao who supported me in representing them and the whole ecology of folks around Identity Commons. It was a great week with lots of fruitful networking.
Jamie you are the calmest conference organizer I have ever met. Your staff was together and very helpful. Thanks!
Here are the roundup highlights:
Identity Management Market Trends – guitar introduction by Mike Neuenschwander.

Every move of your mouse you make
You’ll get a browser cookie for pete’s sake
Every username you fake, every federated claim you stake
They’ll be watching you
Every night and day
Every online game you play
Everything you say in IM, e-mail, VoIp or some other way
They’ll be watching you

Jamie Lewis kicked of the final afternoon with a keynote on user-centric Identity summed up by Dave Kearns with these talking points

*Heady mix of optimists, pessimists, idealists, cynics
*Agendas, governments, commercial interests could subvert the process
*Indicators of the constant tensions virtualization, digital ID create
*The tug of war will continue, and we all have a stake in the outcome
*Demonstrates the relativistic nature of identity, need for
polycentrism

Bob Blakley talked about his Axiom’s of Identity – they were quite though provoking and a great addition to the Identity Gang/Workshop conversation.
Dick gave a new and improved lessig style presentation on Identity 2.0 / User Centric Identity.
These two both belong to the “mac” community and gave their presentation on them. I got a lot of comments about my decorated Mac. It is nothing compared to Mary’s though.
Identity Workshop on stage. It was great to get a name and face for more of the Identity folks this included Stefan Brands of ID Corner and Scott Blackmer. Who I know was there but didn’t meet was David Kerns.
Strangest Job title: Ryan from Sxip – Sales Engineer (huh?)
Best Hospitality Suite themes matching the company:

  • Elementalwith their Ice Carved Bar and Earth and Fire graphics on the wall.
  • BridgeStream does role based enterprise Identity Management. So they had had Impro Theater (IT) Shakespeare provided by Theater Sports LA (Michelle, Brianand Floyd) where they each played improvised “roles.” They were kind enough to do an improvised sonnet about Identity Woman (I was really sad I didn’t have a tape recorder :() They also handed out world beach balls for the ‘globe theater.’

Talked to Scott Mace a bit on the first hospitality suite evening about podcasting. It is something Identity Woman might start doing.
Phil Windley, Doc Searls and myself worked out more details regarding the Independent Identity Workshop we are pulling together for the fall.
The Spiritual element of what identity is – the unnameable quality was honored with two different Lau Tzu quotes.
Sailing San Diego Bay with Mary Rundle was the closing highlight.
Thanks to all for a great conference! I am looking forward to coming back next year.

Catalyst: Logic of Identity – Bob Blakley Chief Scientist IBM

· · Leave a Comment

This is a summary of Bob Blakley’s talk at Burton Catalyst:
Opening – Sermon on Laws

Laws of Planetary Motion
Kim’s Laws what happens to Identity if you make stupid or subtle mistakes
Newtons Law – gravity
Why things happen
Introduction – Looking Back Digital Signatures
A while back we decided we needed non-repudiation and did digital signatures by issuing certificates.
We forgot to figure out why do signatures work in the real world.
So, we got how they worked wrong in the technical world.
Having signatures not work is bad looking forward having privacy not work is bad.
Body of Talk
Definition:
Identity is a collection of attributes by which a person or thing is generally recognized or known
Identity Relativity
The Identity of X according to Y: The set of attributes believed by Y to be true of X.
Axiom: Utility
An identity attribute has value if and only if knowing that attribute reduces risk for some party
Reducing one party’s risk often creates risks for other parties.
Consequence: Identification is Power
Identity allocates risk.The ability to create or eliminate a risk for another confers power over the other.
Axiom: Contention
Because identity claims allocate risks, they will be disputed.
Identity Attributes

  • Commercial Interest – Convenience
  • Government Interest – Security
  • Individual interest – Privacy

Definition
Privacy: is the ability to lie about yourself and get away with it.
Axiom: Subjectivity
People disagree about one anothers identity attributes
In general, there’s now easy way to tell who’s right and who’s wrong
Axiom: Temporality
The name that can be named is not enduring and unchanging name. All identity attributes change over time.

  • Prince -> symbol
  • Michael Jackson Black -> Plastified

Axiom: Obscurity
Identity attributes can be

  • what you know – you can lie
  • what you have – loose / leave
  • what you are – alter disguise

Axiom: Publicity
Identity attributes cannot be secret
By definition attributes aren’t observable can’t be used to use attributes
Axiom: Contextually
Identity is inherently subject to effect of scale.
Brandon Mayfield – guy who did not blow up trains
His finger print matched one at Madrid Bombing (it was not an accurate assertion)
Large databases -> not completely reliable
To scale identity information one needs to collect — more information
Consequence: Powerlessness
Identity is in they eye of the beholder – subjectivity.

  • You can’t control what other people think or say about you.
  • You can’t even know who knows what about you.
  • Can control what you tell people but not what people find out

Consequence: Privacy Erosion
Scale requires distinguishing between lots of individuals which requires lots of information.
In a sufficiently large population the commonly agreed to be public attributes will not distinguishing individuals well enough.
So information about sensitive attributes will be collected.
In the UK they are look at putting in scanners (QinetiQ) while entering the subway to detect knives but what about creep in the use of other things identifying tatoos?
People push back against government identification.

Consequence: Due Process
Because identity is subjective, contextually, contention and obscurity and temporality.
IDENTIFICATION REQUIRES DUE PROCESS
But due process undermines the business case for identity. Due process requires transparency. Transparency reveals how identity attributes are collected and synthesized to make judgment. Collection and Synthesis are the only sources of completive value.
They do it because they like costumer intimacy.
Supply and Demand mismatch between favorable and unfavorable information.
Favorable information is easy to get.
The subject is happy to give it to you and the subject is happy to help you authenticate it. Therefore the supply is large and the value is low. But it’s worse: Demand is also low! Because favorable information is less likely to reduce another party’s risk. Especially the case when the other party has lots of potential customers.
The business case fore identity service provider infringes privacy.
The business of identity service providers is risk reduction withholding adverse information decrease the value of business.
Collecting more adverse information makes more.
Identity and Privacy are Incompatible.
Adverse information has positive identity value but negative privacy value.
Favorable information has zero identity value and zero privacy value.
Fable about MARIA
Recent guatemalan immigration
she has AIDS and she doesn’t want anyone to know. The health insurance company wants to know this information because it is a $180,000 not to know this.

Catalyst: SSO Simple Secure and Open – Dick on Identity .20

· · Leave a Comment

Dick – had a 580 slide deck done Lessig Style
This is a summary of his talk:
We found out about Dick’s Identity
We learned a about what Identity is
What I say about me
What other say about me (others trust this)
So,
identity=reputaiton
What others say about you
We learned about Identity Transactions:
Verbal in person (with visual cues)
Talk on phone (loss of visual cues)
Job Application (fill out form)
We learned about data verification using drivers licenses in the real world and how the process reduces Identity Friction.
Identity Transactions are Asymmetrical
There is separation of the acquisition and presentation of credential
The credential is reusable
Trust is social
What is digital identity?

Identity 1.0 Today

Today it is the hassel of filling out the same information again and again.
Basically today authentication is that you get to prove you are an entry in a directory entry. single authority on one credential – not portable – in silo.
Verified digital Identity is not what you give a site today.
e-bay -/-> Craigslist
We have walled gardens
Identity 2.0 is where the user can move it to any site.

Simple and open has a history of winning in new standards look at:

  • networking
  • e-mail
  • web – html

WHAT DOES IT LOOK LIKE?
Identity Credential exchange is transparent transaction that is scalable.
WHO WILL DRIVE THIS?
users? – to many user names and passwords

won’t pay – little influence

enterprise? – partners, contracts, agents

but risky to lead… can’t get there
Identity 1.5

e-government?

maybe

but localized

Banks?

motivated to solve
theoretical trust relationship

Identity Ecosystem will emerge where

users are loosely coupled
share user identity

We are in a new era

Webservices – Flickr, Mappr, SalesForce

Web 2.0 will drive identity 2.0

It will happen on the edge of the Internet (not the edge of the enterprise).

XRI/XDI no web-service apps

SXIP

name/value pairs
DIGS XML

The goal is to mimic photo ID
With Sxip Network

SXIP 1.0 has had a few tire kickers

SXORE Blog comment spam solution

SXIP 2.0 support web services
SXIP ACCESS
SSO – Simple Secure and Open

Jamie Lewis –
Q: So will this go into a STANDARDS PROCESS?
A: We are working on it. We want to get it very close to right then put it into standards body. I like IETF. Our goal is to be open

Catalyst: Government Adoption of Federated Identity

· · Leave a Comment

This is drawn from David Temoshok’s Talk. He is the Director of Identity Policy and Management GSA Office of Government Policy
Homeland security directive 12
“Policy for Common Identification Standard For Federal Employees and Contractors” – August 2004
HSPD 12 Requirements
1. Secure and reliable forms of personal identification that are:

  • Based on sound criteria to verify an individual employee’s identity
  • Strongly resistant to fraud, tampering, counterfeiting, and terrorist exploitation
  • Rapidly verified electronically
  • Issued only by providers whose reliability has been established by an official accreditation process

2. Applicable to all government organizations and contractors except National Security Systems
3. Used for access to federally-controlled facilities and logical access to federally-controlled information systems
4. Flexible in selecting appropriate security level – includes graduated criteria from least secure to most secure
5. Implemented in a manner that protects citizens’ privacy
Expanding Electronic Government
Needing Common Authentication Services for

  • 280 million Citizens
  • Millions of Businesses
  • Thousands of Government Entities
  • 10+ Million Federal Civilian and Military Personnel

You can learn more on the GSA website – http://www.gsa.gov/aces