电竞|投注推荐

                          Posts with keyword: identity


                          Relationships and Identity

                          We build digital identity systems to create and manage relationships—not identities. We need our digital relationships to have integrity and to be useful over a specified lifetime. Identity systems should provide relationship integrity and utility to participants for the appropriate length of time. Participants should be able to create relationships with whatever party will provide utility. SSI provides improved support for creating, managing, and using digital relationships.
                          Continue reading...


                          What is SSI?

                          If your identity system doesn't use DIDs and verifiable credentials in a way that gives participants autonomy and freedom from intervening administrative authorities, then it's not SSI.
                          Continue reading...


                          Held Hostage

                          We need to replace platforms that intermediate transactions with protocols built on a universal trust framework like Sovrin to avoid a future of hostage taking and retaliatory regulations.
                          Continue reading...


                          The Impact of a Network of Networks on Censorship

                          Creating a network of networks, where multiple ledgers serve as anchors for credential definitions, has consequences for the overall system's ability to resist censorship. This post explores why.
                          Continue reading...


                          Supporting LESS and Trustless Identity

                          Avoiding future identity catastrophes requires that we put technical and legal structures in place now to protect privacy and autonomy and provide censorship resistance.
                          Continue reading...


                          The Sovrin SSI Stack

                          The Sovrin Identity Metasystem is based on a sophisticated stack of protocols, implemented in open-source code, backed and supported by hundreds of organizations, large and small, around the world. The metasystem can be used to build identity systems for any context and provides people with autonomy and freedom to make choices about how information that identifies them is shared and used. This post describes how the metasystem is implemented by the Sovrin SSI Stack.
                          Continue reading...


                          Building Identity Systems on the Sovrin Network

                          An identity metasystem like the Sovrin Network provides the foundation for creating tens of millions of interoperable identity systems for every conceivable context and use. This post discusses how These identity systems are built, illustrative use cases, and the potential marketplace for credentials.
                          Continue reading...


                          Centralized Services Needn't be Evil to be a Problem

                          Relying on a single actor to make things work for millions is no way to do something as fundamental to human autonomy and dignity as digital identity.
                          Continue reading...


                          Four Pillars of an SSI Network

                          Building an operating network takes more than protocols or even code. It requires aligning the efforts of people to get a hard thing done. We created the Sovrin Foundation to foster a thriving ecosystem for an identity metasystem.
                          Continue reading...


                          Recent Revisions to the Sovrin Governance Framework

                          The latest revision of the Sovrin Governance Framework is aimed squarely at showing how the Sovrin identity metasystem is compliant with GDPR and other privacy regulations. Compliance is an important part of adoption and creating "identity for all."
                          Continue reading...


                          Fidelity, Provenance, and Trust

                          In this post, I look at the words we use to describe verifiable credential exchange with an eye to being more specific about the part different components of the SSI stack play in providing trustworthy data exchange.
                          Continue reading...


                          Self Sovereign is Not Self Asserted

                          Self-sovereign does not mean self-asserted. In fact, self-sovereign identity is squarely aimed creating a model where people can bring to bear evidence from trusted parties to any interaction.
                          Continue reading...


                          Life-Like Identity: Why the Internet Needs an Identity Metasystem

                          Sovrin is an identity metasystem that provides the Internet's missing identity layer. By creating a general-purpose system for constructing context-specific identity systems, the metasystem represents a universal trust framework. A universal trust framework is the foundation for supporting life-like identity in our digital lives.
                          Continue reading...


                          Answering Questions about Self-Sovereign Identity

                          Identity professionals continue to have questions about self-sovereign identity (SSI). In this post, I answer a few questions that Susan Morrow raised about the commercial viability, security, privacy, and desired user experience of SSI.
                          Continue reading...


                          No on Universal Patient ID

                          Just as we're finally at a point where online identity system can solve the health care records problem without using a universal identifier, the US is poised to explore one. Let's not. Instead let's use identity systems that protect privacy.
                          Continue reading...


                          Thoughts on Libra

                          Facebook has announced their Libra cryptocurrency. This is good news for cryptocurrencies and market-incentivized networks. I worry that Libra's financial inclusion might come with an attendent loss of privacy or autonomy.
                          Continue reading...


                          DID Messaging: A Batphone for Everyone

                          DID Messaging can provide a secure, authenticated, and verified channel for every relationship you have.
                          Continue reading...


                          Decentralized Identifiers

                          Decentralized identifiers are one of the foundational ideas for supporting self-sovereign identity. This post describes how decentralized identifiers work.
                          Continue reading...


                          The Laws of Identity

                          In this post, I make a case that Sovrin not only conforms to Kim Cameron's Seven Laws of Identity, but constitutes the identity metasystem he envisioned in 2004.
                          Continue reading...


                          Verifiable Credential Exchange

                          Verifiable credential exchange is the foundation of decentralized, online identity. This post describes how it works.
                          Continue reading...


                          The Sovrin Ecosystem

                          Sovrin is a vibrant ecosystem with many players. This post talks about the relationships of some of those players.
                          Continue reading...


                          Decentralization in Sovrin

                          Sovrin is more than a ledger and its claim to being a decentralized identity system rests on more than that. Sovrin comprises three layers, each of which promotes and strengthens decentralization and self-sovereign identity. This post discusses each layer and the decentralized features that underpin it.
                          Continue reading...


                          Multi-Source and Self-Sovereign Identity

                          Self-sovereign identity is multi-source, but not all multi-source identity systems are self-sovereign. Self-sovereignty requires that people and organizations have control of their credentials and interact as peers.
                          Continue reading...


                          You've Had an Automobile Accident: Multi-Source Identity to the Rescue

                          The real world is messy and unpredictable. Creating an identity system that is flexible enough to support the various ad hoc scenarios that the world presents us with can only be done using a decentralized system like Sovrin that allows multiple credentials from various authorities to be shared in the ways the scenario demands.
                          Continue reading...


                          The Sovrin Foundation

                          This article describes the role that the Sovrin Foundation and associated groups play in governing, operating, and using the Sovrin Network. The Sovrin Network is designed and intended to be decentralized so understanding the key influence points and community groups is important.
                          Continue reading...


                          Exploring Self-Sovereign Identity in India

                          I spent almost two weeks talking with people about self-sovereign identity in Switzerland and India. I'm more excouraged than ever that self-sovereign identity holds the key to real change in how we live our digital lives with security, privacy, and dignity.
                          Continue reading...


                          Identity and India

                          In July I'll be circling the globe to talk about self-sovereign identity and learn about how others are approaching and using it.
                          Continue reading...


                          Multi-Source Identity

                          Multi-source identity systems like Sovrin enabled richer digital identity transactions that mirror the decentralized, ad hoc nature of identity in the physical world.
                          Continue reading...


                          Coherence and Decentralized Systems

                          Building decentralized systems requires more than defining a few specifications and hoping for the best. In order to thrive, decentralized systems need coherence, the social organization necessary to get otherwise independent actors to cooperate.
                          Continue reading...


                          Building Your Business on Sovrin: Domain-Specific Trust Frameworks

                          A domain-specific trust framework is a collection of policies, legal agreements and technologies that provides the context for claims in a given domain. Sovrin Foundation provides a structure and supporting systems for groups defining trust frameworks. This post describes how domain-specific trust frameworks function.
                          Continue reading...


                          Announcing the Sovrin Whitepaper

                          The Sovrin whitepaper is now available. Identity in real life is much richer than online identity, flexibly and conveniently solving all kinds of thorny problems. Now with Sovrin, we can bring those rich identity transactions online. This paper shows how that happens and why it will impact every sector of the Internet in significant ways. I hope you'll spend some time reading it.
                          Continue reading...


                          Secure Pico Channels with DIDs

                          Decentralized identifiers are a perfect complement to the event channels in picos and provide the means of performing secure messaging between picos with little effort on the developer's part.
                          Continue reading...


                          Fixing the Five Problems of Internet Identity

                          Sovrin capitalizes on decades of cryptographic research and the now widespread availability of decentralized ledger technology to rethink identity solutions so that we can have scalable, flexible, private interactions with consent despite the issues that distance introduces.
                          Continue reading...


                          Is Sovrin Decentralized?

                          To determine whether Sovrin is decentralized, we have to ask questions about the purpose of decentralization and how Sovrin supports those purposes.
                          Continue reading...


                          Equifax and Correlatable Identifiers

                          We can avoid security breachs that result in the loss of huge amounts of private data by creating systems that don't rely on correlatable identifiers. Sovrin is built to use non-correlatable identifiers by default while still providing all the necessary functionality we expect from an identity system.
                          Continue reading...


                          Sovrin Self-Sustainability

                          For Sovrin to become a global, public utility that helps everyone create and manage self-sovereign identities, it must be independent and self-sustaining. This post outlines four idependence milestones for Sovrin Foundation.
                          Continue reading...


                          The Case for Decentralized Identity

                          We cannot decentralize many interesting systems without also decentralizing the identity systems upon which they rely. We're finally in a position to create truly decentralized systems for digital identity.
                          Continue reading...


                          Identity, Sovrin, and the Internet of Things

                          Building the Internet of Things securely requires that we look to non-hierarchical models for managing trust. Sovrin provides a Web of Trust model for securing the Internet of Things that increases security and availability while giving device owners more control.
                          Continue reading...


                          Sovrin Web of Trust

                          Sovrin uses a heterarchical, decentralized Web of Trust model to build trust in identifiers and give people clues about what and who to trust.
                          Continue reading...


                          Sovrin In-Depth Technical Review

                          Sovrin Foundation has engaged Engage Identity to perform a security review of Sovrin's technology and processes. Results will be available later this summer.
                          Continue reading...


                          Life-Like Anonymity

                          Natural anonymity comes from our ability to recognize others without the aid of an external identity system. Online interactions can only mirror life-like anonymity when we have decentralized identity systems that don't put all unteractions under the purview of centralized administrative systems.
                          Continue reading...


                          Sovrin Use Cases: Portable Picos

                          This article describes a method for using the Sovrin distributed identity ledger to lookup picos by name rather than location. This allows picos to be portable between hosting engines without loss of functionality.
                          Continue reading...


                          Sovrin Use Cases: Education

                          Sovrin's verifiable claims provide the means of creating a virtual university with little or no traditional integration between the various players.
                          Continue reading...


                          Sovrin Use Cases: Healthcare

                          Sovrin can improve healthcare and make it less costly by providing an identity system that combines a secure means of exchanging verifiable claims and patient consent that is a structural component of the system.
                          Continue reading...


                          Sovrin Use Cases: Authentication

                          This use case discusses authentication in a self-sovereign identity system called Sovrin. Sovrin simplifies authentication, reducing friction while providing a system that businesses can trust without building or maintaining it.
                          Continue reading...


                          On Sovereignty

                          Sovereignty is much more than control. Sovereignty is about relationships and balance of power.
                          Continue reading...


                          When People Can Share Verifiable Attributes, Everything Changes

                          Verifiable, owner-provided attributes are the engine that will drive wide-spread adoption of self-sovereign identity systems. This article explains how this models the way credentials work in the physical world and describes benefits of owner-provided attributes.
                          Continue reading...


                          TL;DR: How Sovrin Works

                          An animation showing how Sovrin works.
                          Continue reading...


                          How Sovrin Works

                          This article describes how Sovrin works by showing the interactions of a Sovrin user, Jane, with organizations she does business with. The examples highlights Sovrin's features and method of operation.
                          Continue reading...


                          Announcing the Sovrin Foundation

                          In London today, we're announcing the formation of the Sovrin Foundation. Sovrin Foundation is a private-sector, international non-profit that was established to govern the Sovrin Identity Network (SIDN). SIDN is a public, permissioned distributed ledger purpose built for identities. The Internet was created without any way for people and organizations to be identified. On the Internet, only machines get identities in the form of IP numbers. This is understandable given what the creators of the Internet were trying to achieve. But the lack of a decentralized, heterarchical, and interoperable identity system has created an environment where the services most
                          Continue reading...


                          Self-Sovereign Identity and the Legitimacy of Permissioned Ledgers

                          This post justifies the claim that an identity system based on a permissioned distributed ledger is legitimately self-sovereign. The post also examines the claims to legitimacy that social login and distributed ledger identity systems make.
                          Continue reading...


                          An Internet for Identity

                          Online services and interactions are being held back by the lack of identity systems that have the same virtues as the Internet. This post describes what we can expect from an Internet for identity.
                          Continue reading...


                          I Am Sybil

                          Our online identities are fragmented, hosted by multiple services. This limits people's ability to act independently online. We can fix that.
                          Continue reading...


                          Why Companies Need Self-Sovereign Identity

                          All the talk of self-sovereign identity can come off sounding anti-company. The truth is that companies and other organizations stand to gain as much from a self-sovereign identity system as individuals. This post explains how self-sovereign identity systems solve problems for companies, using healthcare as example.
                          Continue reading...


                          Principles of Self-Sovereign Identity

                          Self-sovereign identities are increasingly necessary in a world where large portions of our lives are intermediated by software systems. This post references ten principles that self-sovereign identities should have to be effecting at protecting human freedom.
                          Continue reading...


                          Self-Sovereign Identity and Legal Identity

                          We've finally gotten to a place where self-sovereign identities are technically possible. This is a huge milestone. The next hurdle is getting organizations, including governments to allow the use of self-sovereign identities as the basis for their administrative identities. In the case of legal identity, this would provide 1.8 billion people who have no legal identity with a way to establish one.
                          Continue reading...


                          Decentralized Public Key Infrastructure

                          Centralization leads to security, usability, and privacy problems. This paper shows that the problems of centralized directory systems like DNS and PKIK can be addressed through the use of decentralized directories like the blockchain to create a distributed PKI (DPKI).
                          Continue reading...


                          Soverign-Source Identity, Autonomy, and Learning

                          Our goal at BYU is to teach students to be life-long learners. We believe that giving students autonomy and control is the surest way to achieve that goal.
                          Continue reading...


                          Personal Learning Systems and Life-Long Learning

                          This post is about personal learning systems, the student's side of the LMS. Not only would a personal learning system provide a better experience, but also give students a tool for life-long learning.
                          Continue reading...


                          Regaining Control of Our Data with User-Managed Access

                          User-managed access is real and promises to change how we control our personal data. This article describes one of the problems that UMA solves and shows what that's good for user control.
                          Continue reading...


                          Culture and Trustworthy Spaces

                          Culture is an important component of self-organizing systems. In this post, I explore this concept as it relates to the Society of Things I described earlier.
                          Continue reading...


                          Authorization, Workflow, and HATEOAS

                          Workflow can be seen as a way of doing authentication. This blog post discusses how API access management is done and why workflow should be part of that.
                          Continue reading...


                          Social Things, Trustworthy Spaces, and the Internet of Things

                          Social things interacting in trustworthy spaces represent a model for an Internet of Things that is scalable to trillions of devices and still works. This post describes that concept and proposes picos as a platform for building social things.
                          Continue reading...


                          API Management and Microservices

                          Microservices need the advantages of API management just as much as externally facing APIs do.
                          Continue reading...


                          Sessions I Want to Hold at IIW

                          I'm going to hold a few sessions at IIW. Here's my list so far. And there's a homework assignment for the bureaucracy session.
                          Continue reading...


                          Self Sovereign Authorities and the Epic Struggle for IoT

                          I finished reading three things this week that all tied together in my mind and so I wanted to mention them. One is a full-length book, but the other two are short essays. This post describes them and my thoughts about how they relate to my earlier post on the CompuServe of Things.
                          Continue reading...


                          Blockchain and Bearer Tokens

                          We can use the blockchain to create a class of bearer tokens that act more like keys in the physical world: they can only be used by one entity at a time and take effort to transfer. This post describes why that might be interesting. I'm interested in your feedback.
                          Continue reading...


                          On Names and Heterarchy

                          Heterarchical (non-hierarchical) naming systems are vital if we are to avoid the pitfalls and dangers of surrendering our rights and our privacy to a tyranny of connected computers and devices that intermediate our lives at every level based on centralized authority. This post explores names and alternatives to names, including the use of bitcoin as a distributed directory that is immune from the problems that hierarchical solutions impose.
                          Continue reading...


                          Own Your Identity: Important Principles

                          If we are to have agency online, freedom of contract and substitutability are two vitally important principles that we should strive to build into online services.
                          Continue reading...


                          Social Login Considered Harmful

                          When we launched SquareTag we did so without social login—the option to use Twitter, Facebook, Google, and the like to authenticate. We did so less for practical reasons than for philosophical ones. This post explains those reasons, the cost, and what we believe is a reasonable compromise.
                          Continue reading...


                          Building a Webfinger Client for my Personal Cloud

                          This post shows how the Webfinger client for the Kynetx CloudOS allows you to link two personal clouds. The post also shows how the client was built.
                          Continue reading...


                          Standard Information Sharing Labels

                          The Standard Label Kickstarter project is raising money to design a label that will standardize how Web sites let you know why they want your data and what they'll do with it. I'm a backer and I hope you will be too!
                          Continue reading...


                          The Multiple Passport Problem: Declaring Digital Sovereignty

                          The promise of user-centric identity and personal data is better models of people and what they need and want online. This leads to greater value for everyone without people having to sacrifice their privacy, a rare win-win.
                          Continue reading...


                          The Foundational Role of Identity in a Personal Cloud

                          If we're to build personal clouds supported by a cloud operating system (COS), then we need to understand the key services that the COS would provide to the user. Operating systems are not monolithic pieces of software, but rather interlocking collections of services. One of the most important things to figure out is how a cloud OS can mediate an integrated experience with respect to authorized access to distributed online resources.
                          Continue reading...


                          Roles in an Identity Ecosystem

                          I created a diagram for another document trying to map out some roles in an identity ecosystem as a way of understanding them better. I'd thought share it here.
                          Continue reading...


                          E-Verify Isn't the Answer

                          Expanding E-Verify isn't an easy fix to solving immigration problems. In fact, it's likely to make things worse for employees and employers while expanding identity fraud.
                          Continue reading...


                          The Problem with Identity Proofing

                          As part of settling IIW Europe, I needed to send a wire transfer for $5000 to a company in London. I logged onto my account at my bank and set it all up. This process involved not only logging in with my secure password, but also having a "security code" sent to my phone four times along the way that I needed to type into the Web page to prove I was in possession of my phone--or something: once for setting up the wire account, once for setting up the recipient, once for sending the wire, and once for
                          Continue reading...


                          Podcast: Kaliya Hamlin Interview Me on Personal Data Ecosystems

                          Kaliya interviewed me for her Personal Data Ecosystem podcast series. Here's her description? In this podcast Kaliya talks to Phil Windley who is the CTO and co-founder of Kynetx and co-founded and co-produces the Internet Identity Workshop with Kaliya & Doc Searls. He gives his perspective on the key differentiator between today's social networks and Personal Data Ecosystem the emergence of the personal data store where individuals control their own data. He also covers the event based architecture his company Kynetx is developing and refers to the project neck pain demo. In the podcast he mentions Twillio.
                          Continue reading...


                          IIW XI Is Next Week

                          IIW begins in a week on Tuesday November 2nd. We are really excited about all the attendee's who are registered so far. The emerging themes we have identified are reflected in the topics proposed: Personal Data Ecosystem Federated Social Web User-Centric Identity applied (OpenID, OAuth, XRD, SAML, InfoCard, Activity Streams, etc.) Vendor Relationship Management Active Clients (tools in the browser and other clients) Identity in the Cloud It is not to late to register. If you want invite friends to IIW-Nov still you can give them this 10% discount code good for Regular that ends at Thursday at midnight:
                          Continue reading...


                          PDX Principles

                          There was a lot of discussion around Personal Data Stores (PDS) and Personal Data Lockers at IIW East. Every time slot on both days had at least one and sometimes two sessions on the subject. (As an aside, if you're not familiar with IIW, the agenda is created in real time, by the participants, not months in advance by a program committee, so it represents more fully the interests of the participants than a normal conference aganda might.) I'm confident that this will also be a major theme at the upcoming IIW in Mountain View CA in November. The
                          Continue reading...


                          Referencing and Encoding Metadata

                          We need data permissions to be as portable as the data itself. So too for all metadata. Over the course of IIW East, I had a revelation (for me) that there's real power in having metadata encoded in the same format as the data itself and, in a related way, allowing self-refernce so that the meta data can be referenced from the document it describes. I think I've always believed that, but hadn't really articulated it to myself until yesterday. Certainly, this idea isn't new. Just look at XML for the largest, recent example. Nearly everything about and XML
                          Continue reading...


                          Changes for IIW

                          There are a couple of changes coming to IIW, one pragmatic and one philosophical. First the pragmatic... Due to some scheduling snafus, the Computer History Museum is not available during the time we'd advertised for IIW XI (Nov 9-11). After much thought and discussion we've determined that the best course of action is to move it to another day rather than change the venue. CHM has many things to like and it's become the workshop's home. So, we're moving IIW XI to November 2-4. We realize the 2nd is election day and hope you'll vote early. We also realize
                          Continue reading...


                          Twitter and the OAuthalypse: A RESTful Misfire

                          Yesterday was the OAuthalypse--the day when Twitter stopped accepting HTTP Basic authorizations on theis API. I had a few apps break--like almost everything I've done with Twitter. To get them back working I'll have to spend some time on each moving them over to OAuth. For some that won't be hard--they're already using a library that supports OAuth. For others it will be more work. All of them are single user apps (like the UtahPolitics retweeter and so will use the OAuth single token pattern. The reason for moving to OAuth is so that apps won't need to ask
                          Continue reading...


                          Come to Internet Identity Workshop East Next Week

                          The East Coast edition of the Internet Identity Workshop (IIW) will happen next week on Thursday and Friday (Sept 9-10) at the Josaphine Butler Parks Center in Washington DC. The theme for this edition of IIW is Open Identity for Open Government. You can register online. Late registration fees kick in after Friday, so register now.
                          Continue reading...


                          IIW XI, IIW East, and IIW Europe

                          In addition to our traditional semi-annual meeting at the Computer History Museum on November 9-11, IIW is also holding events in Washington DC and London this fall. Unlike other identity conferences, IIW's focus is on the use of identity management approaches based on open standards that are privacy protecting. The IIW East (more info here) will be September 9-10 at the Josephine Butler Parks Center. I suspect that because of the location and discussion that's going on around identity in government circles that this event will have a distnctly different flavor and set of sessions than IIW has traditionally
                          Continue reading...


                          The Future of Internet Identity: Data Access and Modeling

                          In my previous blog post, wrapping up IIW X and discussing what wasn't discussed, I talked about what was missing at IIW: discussions about authentication. What was hot at IIW were discussions about authorization and personal data. OAuth, UMA, and PDX talks were happening in every corner this time and these topics (with data access and modeling as their unifying theme) will be a major area of focus as IIW continues. Back in the dark days of the Web, if you wanted access to data in your account in someone's system via an API, you had to pass along
                          Continue reading...


                          IIW Wrap-Up: Moving Past Login...Sort Of

                          The 10th iteration of the Internet Identity Workshop wrapped up yesterday in Mountain View, CA. Since Kaliya, Doc, and I started IIW in 2005, we've always wondered when (or if) there would be a "big bang" when internet identity just took off. If this IIW wasn't the big bang, it was certainly a great indication that we're headed toward one. There were about 240 people at IIW this time, 80 more than the highest past attendance. There were companies represented that you'd not think of as "early adopters" in internet identity. And the discussion has finally, mostly moved on
                          Continue reading...


                          Come to Digital Death Day

                          The day after IIW (that would be May 20th), Kaliya is running a workshop called Digital Death Day at the Computer History Museum. Death is a part of life but what does death of the physical self mean for the digital self? This is a conference focused on this question and others around "digital death". What does it mean for loved ones of the departed? What does it mean for professionals in end of life care and post mortem services? What does it mean for online tool and service providers? What does it mean for estate
                          Continue reading...


                          The Power of Pull

                          This week on the Technometria podcast, Scott and I talk to David Siegel, the author of The Power of Pull. David talked to me one or two times quite a while back about identity as he was researching this book, but I didn't really know what the book was about or why he cared about identity. In appreciation, he sent me a copy of the book when it came out and I left it sitting on my desk for a number of weeks before I picked it up. When I did, I was blown away. I'm certain that the
                          Continue reading...


                          Using the .tel TLD for Managing Contacts

                          This week's Technometria podcast is with Henri Asseily, the CTO of Telnic. Telnic is the registry for the .tel top-level domain. The .tel domain is a little different than most domains you might run across. For one, you can't point it at a Web site (although you can get email through it using MX records). The registry controls the A records for the domain and they all point to a contact page. For example, here's my .tel domain: windley.tel. I, of course, control all this data using a Web page that they provide for that purpose. The nifty thing
                          Continue reading...


                          Who Owns Data About You?

                          On Saturday, I blogged about a bill before the Utah Senate that would allow law enforcement to use administrative subpoenas to get data about you from your ISP when they suspected you of crimes against children. This would be done without a warrant and without any real oversight (as currently drafted). This morning Rep. Brad Daw is testifying about his bill before the Senate Edcuation Committee (yeah, it's confusing). @sausagegrinder (a Daily Herald reporter) tweeted that Daw said: Daw: 4th amend doesn't apply to his bill. The subpoenas would be for information owned by a company, not property of
                          Continue reading...


                          Redirectionless OAuth Credentials Exchange

                          Image via CrunchBase Am I missing something here? Twitter is working with select partners to test what is variously being called OAuth delegation or browserless OAuth credentials exchange method (not sure why browserless since it's not about the browser, it's about the redirection). The bottom line is that in an effort to be more user friendly, this removes the redirection to the Twitter site where you authoirize access by letting the third-party site (the site being delegated to) collect and then pass along the user's username and password to get the OAuth credentials. Abraham Williams captured the POST headers
                          Continue reading...


                          Subscription Models are Chic

                          Image via CrunchBase A recent blog post by Dave McClure, the investor in charge of the Founders Fund seed investment program makes the assertion that "subscription models are the new black" and we've lost a decade of innovation by people living off the table scraps of Google's $10B pay-per-click ad system. (Warning: the blog post is pretty raw.) In a seeming non-sequiter, he moves on to talking about passwords. But pay attention, because what he's really doing is talking about friction in subscription models and the friction that they inpose. I think it's interesting that the iPhone app store,
                          Continue reading...


                          Using OAuth to Access Twitter from KRL

                          The latest build (Build 391) of the Kynetx Rule Language (KRL) includes support for accessing Twitter data intrinsically within the language. Integrating interesting data with KRL is an important part of what makes the language so useful for building cross-site applications that mash-up data and user interactions. But what's really interesting about this release is that we're using OAuth to access the Twitter API and have built primitives into the language for dealing with the Twitter OAuth interaction to save developers from doing it. Not only are we making it easy for developers to write apps that use Twitter,
                          Continue reading...


                          We Need More Than a Selector

                          If you glance at Johannes Ernst's latest blog post, Why We Really Don't Need an "Identity Selector", you might think he's speaking out against identity clients, but in reality, he's speaking out against identity "selectors." That is, the idea that the most important, useful feature of such a client is "selecting" an identity. He says: The correct product is not a "selector". It also must be: An identity "de-selector", with which the user can become anonymous again (or perhaps even remove all the information from the site which was conveyed during the "identity selection" phase). The much-desired "single sign
                          Continue reading...


                          The Forgotten Edge: Building a Purpose-Centric Web

                          Abstract Since it's inception, the primary metaphor of the Web has been one of location. By framing the Web as a collection of places, we have necessarily caused Web development to focus on servers. But people don't get online to go to a server. They get online to get something done--achieve a purpose. This talk argues that focusing on purpose allows us to build Web applications that more closely align with what people want from the Web. Focusing on purpose will require a move to more intelligent client-side applications. Technological development in the area of Internet identity over the
                          Continue reading...


                          IIW IX Is Coming Up! Register and Spread the Word

                          The Ninth Semianual Internet Identity Workshop (IIW IX) is coming up in about 9 weeks: November 3-5 (Tuesday to Thursday) in Mountain View California at the Computer History Museum. It's time to register and to help us spread the word about the event. We are excited about all the developments in the industry with protocol evolution in the social web space AND larger and larger scale deployments of open identity technologies including OpenID and Information Cards. There will be much to talk about at this fall's event. We have low rates for early bird registration until September 16 then
                          Continue reading...


                          The Eighth Internet Identity Workshop - IIW2009A

                          Image by Adriana Lukas via Flickr I can't believe that a week has passed since IIW8 ended. I was planning on writing a wrap-up blog post then and time has just slipped away. When we were planning for this IIW, we were pretty worried about whether people would come and whether we'd get sufficient sponsor support. As it happened, things turned out fine. We had more people than ever--about 180. And while some sponsorships went unsold, overall we had great support for which we're grateful. The workshop itself was one of the best ever. There was a lot of
                          Continue reading...


                          Making Sense of Digital Identity

                          Image by dsearls via Flickr Gabe Wachob is going to be teaching a course on digital identity as part of the Blue Oxen Associates Sense Making series. From the intro: Digital identity has always posed unique social and technical challenges centered around security, privacy, and convenience. The Internet has made these challenges even more complex. The good news is that a number of new technologies are creating new opportunities for creating a secure and private Internet, where individuals are in control of their own data. This is a win-win scenario, because it creates new opportunities for service providers. The
                          Continue reading...


                          Just in Time for Valentine's Day: Bob Blakley on Relationships

                          Image by orcmid via Flickr When Bob Blakley presented his ideas on relationships at IIW a while back I blogged it and so did others (like Drummond). After Bob released his paper on the subject to Burton Group subscribers, I blogged about relationship providers (with pictures even). Then Scott and I interviewed Bob on the subject for IT Conversations. Needless to say, I think this is an interesting idea. Now, I'm happy to report that Bob and Burton Group have made the paper publicly available. Go get it and read it. There are some great ideas in there.
                          Continue reading...


                          A Great Internet Identity Workshop!

                          Computer History Museum About a month ago, Kaliya and I had a serious conversation about possibly having to cancel the Internet Identity Workshop this time. Registrations were not coming in as fast as usual and no one had committed to any of the major sponsorships. I was concerned I'd end up personally eating the cost of the conference if we moved forward. Shortly after that, Ping Identity and Microsoft both stepped up and gave us confidence to move forward. That's a good thing because this turned out to be the best IIW I can remember. There seem to be
                          Continue reading...


                          Supporting Authentication Discovery in a Standard Way

                          I'm sitting in a session at Internet Identity Workshop that is discussing what standardized support browsers could provide to all authentication systems. Right now all browsers support one: Username/Password over HTTP Authentication. Authentication's come a long way since 1993. Dick Hardt of Sxipper made the observation that users view what's "inside the chrome" as the application. The browser chrome is largely ignored. That seems right to me. Authentication systems like basic form-based, openid, and information cards are all existing without explicit browser support. Forms have password fields, but that's just so that the browser blanks out the characters. Beyond
                          Continue reading...


                          Suing Over Reputation

                          This Ars Technica story tells of an ebay seller who is suing a buyer over negative feedback. Since eBay removed negative feedback for buyers, there's no other way for sellers to leverage what could be vindictive buyers. On the other side, that leverage sometimes leads to buyers being unwilling to leave feedback. Of course the threat of a lawsuit does that in spades. eBay has a reputation problem they need to solve or the whole thing could fall down. As the article concludes: [S]ellers were a bit miffed at eBay's feedback changes, and organized a week-long strike that resulted
                          Continue reading...


                          Getting Ready for IIW2008B (Nov 10-12)

                          We'll be holding the Internet Identity Workshop (IIW) again on November 10-12 at the Computer History Museum in Mountain View CA. The Internet Identity Workshop focuses on what has been called user-centric identity; basically asking the question how can people manage their own identity across the range of websites, services, companies and organizations that they belong to, purchase from and participate with. IIW is a working meeting for a range of groups focused on the technical, social and legal issues arising with the emergence identity, relationship and social layer of the web. Providing identity services between people, websites, and
                          Continue reading...


                          Doc Searls on Relationships (DIDW)

                          Doc Searls has taken the stage for todays keynote. He started with a brief review of the history of DIDW and the identity space and how we got where we're at leading up to a discussion of VRM. VRM is all about relationships between people and the entities they want to interact with. One thing he said that stuck with me is that big companies should embrace the networked individual and small companies should enable them. Free customers are more valuable than captive one. Businesses still thing that the opposite is true. That's what we think the free market
                          Continue reading...


                          Jamie Lewis on the Importance of Relationships (DIDW 08)

                          Jamie Lewis at DIDW08(click to enlarge) Jamie Lewis gave the opening keynote this morning on the state of digital identity. The first part was pretty straightforward review of where we've been and where we are. Then Jamie started riffing on the relationship idea that Burton has been talking about lately. Digital identity exists to enable human experiences online. In human experience, trust (I'd say reputation) is critical. He references Alan Greenspan's book The Age of Turbulance where Greenspan talks about the global economy being based on trust. With current technology we don't enable trust in the way humans use
                          Continue reading...


                          Relationship Providers

                          Businesses spend a great deal of time and money trying to identify their customers. By "identify" I mean not just get a name and credit card number, but find, learn about, and discover the attributes, preferences, and even desires of customers. They spend millions of dollars on "customer relationship management" (CRM) systems that are really "customer dossier systems" in a quest to manage the identity data they collect about customers. In the same way, customers spend a great deal of effort identifying businesses. Which business sells the product that will meet my needs at a price I'm willing to
                          Continue reading...


                          One Is the Loneliest Number: Relationships on the Internet

                          Bob Blakely is speaking about building a relationship layer for the Internet. A relationship is the context within which we observe one another. Past history and even attitudes are not directly observable. This is imperfect--distant relationships are the basis for inaccuracies. More observations at a closer distance make for a more useful and feature rich relationship. Bob puts forward the emergence of the credit card industry as an example. Rather than requiring shoppers to create intimate relationships with every merchant, you create a single intimate relationship with your bank and the merchant has an intimate relationship with their bank
                          Continue reading...


                          What's Your Architecture's Agenda?

                          One of the topics that came up in today's free range small groups discussions are IIW2008A was the idea that architectures have agendas. Brad Templeton voiced the idea that all designs have defaults and those defaults represent an encoding of some kind of agenda. For example, let's say that you collect click streams from your web site visitors in order to give them recommendations, optimize banners, or whatever. What is the default for how long that data is stored? One week? A month? A year? Forever? You might not think of that default as an agenda, but it is
                          Continue reading...


                          IIW Is Just Around the Corner

                          If you are wondering what the Internet Identity Workshop is all about we have a new articulation posted on the main wiki page for our upcoming conference. It goes into the range of topics covered along with the technology and social issues. This is our 6th event and I think it will be a great one. MONDAY IS FREE (beginning at 1PM) We have Monday’s program figured out and Monday afternoon is FREE to anyone who wants to come and check out the emerging field. We will open at 1pm. We will open with a ‘newbie’ perspective from Ryan
                          Continue reading...


                          Web Authentication with Selective Delegation using SRP

                          Bryant Cutler and Devlin Daley developed a methodology for adding selective delegation to relationship-based identity systems. This afternoon I presented that work at WWW2008. The talk went well. There were probably about 40 people in the room. There were some good questions afterwards, so all in all, I'm pleased. Here are the slides (PDF) if you're interested.
                          Continue reading...


                          Trust-Based Recommendation Systems

                          Reid Andersen from Microsoft Research is talking about trust-based recommendation systems (PDF). To build a personalized recommendation, you need a trust graph among users. What system should you use to determine the recommendation? The researchers use an axiomatic approach. The context of their axiomatic system is social choice theory (see Arrow's impossibility theorem for voting systems from 1951). More recent treatments are Webpage ranking systems (Altman, Teeneholtz, '05). The details are fairly complex, but the basic idea is that by proposing axioms until you get an inconsistency in the axiom set and then backing off and exploring other axioms
                          Continue reading...


                          What's the @ in Twitter?

                          Pretty much everyone at Kynetx has started using Twitter. That led to a new crop of my other friends starting to tweet as well. Today @fulling asked my "what's the @"? He didn't know he was opening up a can of worms. Steve Gillmor refuses to use the @. He rightly points out that the Web client moves those out of the tweetflow and that while thick-clients do a better job of that (I use Twitterific, for example), that's not a solution for people who want to use the iPhone or other mobile platforms. Now I'm getting pushback for
                          Continue reading...


                          Dan Solove on Reputation

                          Clifford Thomson sent me a link to a talk Dan Solove gave at Google on his new book The Future of Reputation. I interviewed Dan on Technometria a while back about his earlier book The Digital Person. Dan's a very interesting speaker and raises important issues in his books and in this video. This is well worth watching if you're interested in the intersection of privacy and reputation in the Internet age.
                          Continue reading...


                          Why Electronic Employment Verification Is a Bad Idea

                          When Americans (led by Lou Dobbs) scream "do something about illegal immigration" at the top of their lungs, you know we're going to get saddled with a bunch of awful ideas. One of those is Electronic Employment Verification, or EEV. EEV is a plan to create a big federal database of everyone eligible to work. Before a potential employer could give you a job, you'd have to be "cleared to work" by the Feds. Even worse, it will just be an API call to a big database in the sky. In theory, this seems like a great solution. After
                          Continue reading...


                          IIW 2008 Happening May 12-14

                          The announcement and registration pages for IIW 2008 are now live. Please take minute and do three things: Register so we know you're coming. Having a good count early makes the whole thing go smoother. Help us spread the word by blogging about it. Put a badge for IIW on your Web site if you can. Here's the code for the badge you see on the right hand side of my blog: We expect that IIW2008 will be every bit as productive and fun as past IIWs have been I hope you can make it.
                          Continue reading...


                          Utah May Reject REAL ID

                          Yesterday, the Government Operations Committee of the Utah House of Representatives voted unanimously for a bill (HB449) that would bar the Utah Driver's License Division from implementing the REAL ID act of 2005. Utah isn't alone, a number of other states have opted out of REAL ID by statute, have passed legislation opposing it, or have legislation pending. REAL ID would standardize the identity documents required to get a driver's license across the US, standardize some of the information on the driver's license itself, and introduce a common machine readable technology for driver's licenses nationwide. In addition, REAL ID
                          Continue reading...


                          I'm on Interviews with Innovators

                          A while back Jon Udell interviewed me for his Interviews with Innovators podcast. We talked about reputation.
                          Continue reading...


                          Ping vs Sun

                          A few days ago, someone at Sun made a video that poked some fun at Ping Identity (disclosure, I'm on their advisory board--I think--it's been a long time). Ping fired back with a humorous video of their own. Heck, if they both keep acting like this, the world's going to have to pay attention to federation, just for entertainment value alone!
                          Continue reading...


                          Achieving Accountability

                          Dave Winer's Club140.org gives us a good example of how hard it is to protect data. For those of you not following along at home, Dave created a site, called Club140, that lists any tweets he sees on Twitter that are exactly 140 characters long (the max allowed by Twitter). Today, Dave posted this on Twitter: i just added code to http://club140.org/ to filter out messages from people posting from "protected" accounts. hadn't thought of it before. The issue is that some people have their tweets protected so that only people who are following them can see what they
                          Continue reading...


                          What's New in OpenID 2.0?

                          OpenID 2.0 was finally release yesterday. I've put a piece up at Between the Lines on what's new in OpenID 2.0. There's some important capabilities that will move this forward in a big way.
                          Continue reading...


                          Understanding OpenID

                          Here's a screencast that Dan Lullich sent me showing how OpenID works using a whiteboard cartoon. Very clever! Dan was also my guest on the Technometria podcast this week. We talked about reputation--go figure.
                          Continue reading...


                          Reputation at IIW2007B

                          Doc juggles(click to enlarge) I just posted a summary piece from Tuesday at IIW2007B at Between the Lines: Reputation taking center stage. I also have pictures. Look for more IIW coverage with the iiw2007b tag.
                          Continue reading...


                          Placing the User at the Center of Identity

                          Coincidentally, a feature I did for InfoWorld on user-centric identity appeared today. Here's what I contributed: Federating identity for the WebUser-centric innovations CardSpace and OpenID may finally bring the promise of federation within reach Understanding OpenID and CardSpaceOpenID and CardSpace are at the forefront of user-centric identity. Here's how they work Podcast: An identity layer for the WebMicrosoft's Kim Cameron speaks to the advantages of placing the user at the center of enterprise identity systems Podcast: User-centric identity in the enterpriseBurton Group's Mike Neuenschwander discusses the state of federated identity, delving deep into the business proposition user-centric identity presents
                          Continue reading...


                          IIW2007B Kicks Off

                          IIW2007B is underway. I flew to San Jose with two of my grad students, Bryant Cutler and Devlin Daley this morning. We went to Costco to buy food for snacks and showed up at the Computer History Museum about noon. The first day of IIW continues to evolve. Kaliya and her design team set out an agenda this time that included a set of parallel tracks to start off. The parallel tracks allowed us to run a real "intro" track for new comers alongside some working groups sessions. I was in charge of the intro track. Paul Madsen started
                          Continue reading...


                          Using CardSpace in Low-Value, Low-Overhead Situations

                          Kim Cameron has a nice post, including a screencast on how to use CardSpace in low-value, low-overhead installations like blogs. (By "low-value" I mean that the cost of a bad authorization decision isn't high, e.g. a spam comment).
                          Continue reading...


                          I'm on YDN Theater

                          While I was at Defrag, I sat down with Jeremy Zawodny for an interview on the Yahoo! Developer Network Theater. You can watch it here: Alternately, you can download it. We talked about a variety of topics, including the idea behind my new startup, Kynetx.
                          Continue reading...


                          Barbie Key Signings

                          What's hot for Christmas 2007? Barbie key signings.
                          Continue reading...


                          The New Federated Identity

                          I've been asked to put together a feature for InfoWorld on user-centric identity. The feature will include written text, a couple of podcasts, and some flash animations. I'm a little excited about the opportunity to use these different media to communicate the idea of this important topic to business. The podcasts will be 15-20 minutes each on the following topics: Podcast on user control and laws of identity Podcast on state of identity in enterprise I've already got these scheduled with guests, so please don't ask to be on the podcast. The initial outline for the written part is:
                          Continue reading...


                          Dick Hardt on Trust

                          Dick Hardt is giving a new talk at Defrag. He's talking about trust; his thesis is that trust defrags identity. Much of what's he's saying is right in line with the reputation work (PDF) my students and I have been working on. He makes a critical link to identity: identifiers bind personas together to increase trust. Intuition doesn't work well online because of the absence of clues and the ability to create false context. Institutions haven't done much better. He brings up another key concept this is largely about accountability. Key point: binding behavior from multiple sites together leads
                          Continue reading...


                          ProQuo - Stopping Junk Mail

                          I just created an account at Proquo and spent 15 minutes stopping the insane amount of junk mail I get. Most of the "do not mail" lists you get on with a simple click and some require filling out a form off the site. The most obnoxious was the DMA, which charges a dollar "to cut down on fraud"--yeah, sure. Like I trust them. The credit card link, unfortunately, didn't work--I'd love to get Capital One out of my life. I'll see if in a few months the volume has significantly reduced and let you know.
                          Continue reading...


                          Barx: A Proxy Resolver for XRI

                          Victor Grey and Kermit Snelson have created an XRI proxy resolver in Ruby called Barx. In it's most simple form, a proxy resolver returns an XRDS document when given an XRI. From the spec: "Proxy resolvers enable applications even those that do not natively understand XRIs but can process HTTP URIs---to easily access the functions of an XRI resolver remotely." An example is xri.net. Barx implements the entire XRI resolution spec with the exception of SAML trusted resolution. According to Victor, "[t]he proxy resolver is a fast HTTP server based on Mongrel and Merb that can be run as
                          Continue reading...


                          Managing the Legislature

                          There was a time that people in the Drivers License Bureau didn't want to be in the ID business. I can remember having the head of Utah's DL bureau tell me in no uncertain terms that the drivers license was not an identity document. Times have changed. I can only imagine that the emergence of REAL ID has given the bureaucrats an idea of how much power there could be in being the primary arbiter of truth. This change is reflected in the sessions at a conference on REAL ID for state bureaucrats that Jim Harper brought to my
                          Continue reading...


                          Digital Identity 101 at DIDW

                          I gave my tutorial this morning. The room was almost full, which pleased me. I didn't have enough time--never enough time--to get to everything that was interesting, but I think we hit the high points. I promised people I'd my my slides (PDF) available here. At the end of the talk, I demoed using a signon.com issued OpenID to log into Jyte and authenticated at signon.com with a self-issued InfoCard using the DigitalMe card selector on OS X. We didn't have time to trace through what was happening, but interested people can at least try it themselves and see
                          Continue reading...


                          Kim Cameron: Why Claims Will Change Everything

                          Kim Cameron is talking about claims. Today's landscape is filled with silos. The perimeters are purposely impermeable. Users are reduced to the system's definition of them within those boundaries. Digital experience is organized from the point of view of the system, not the user--who employs many systems. There are gates at the edges to control movement in and out of each system. The technology landscape is rigid in terms of protocols, formats, syntax and semantics. The system represents a single source of truth. Users want to obtain a service, not be defined by it. We face all kinds of
                          Continue reading...


                          Phil Becker's State of Digital Identity

                          Some thoughts on identity from Phil Becker. Identity transforms security from "keep out unauthorized" to "allow access by authorized." Digital identity is the organizing construct for a distributed, service oriented computing that allows it to dynamically adjust to the needs of each user while simultaneously following the policies of various authorities who control and manage the data and applications being used, ad enabling visibility into what occurs. Identity today: Identity deployments now succeed far more often than they fail Identity virtualization and federation are prover technologies with growing deployment base Authentication has evolved significantly in response to use experience
                          Continue reading...


                          Finally! An InfoCard Selector for OS X

                          I posted a short piece at BTL about the Bandit project's InfoCard selector for the Mac. There have been some solutions in the past, but they were hard to install or flaky. This one is solid and the install is a breeze.
                          Continue reading...


                          User Centric Identity Tutorial

                          Here's the slides from the user centric identity tutorial that I gave this afternoon. The PDF won't show the embedded screencasts. I've included them separately. Here's one on using CardSpace and one on using OpenID. If you're interested in getting my Perl wrappers for using the JanRain OpenID libraries and the guestbook application, contact me.
                          Continue reading...


                          Reeds Law and Social Networks

                          David Cushman has brought together a lot of different pieces in a thoughtful article about Reed's Law and social networking. As I read his thoughts about our identity (personal rather than digitial), I'm reminded of a recent conversation Moira Gunn had with Goff Moore and David Thomson (podcast) about how we relate to each other in this first decade of the 21st century.
                          Continue reading...


                          FreeNum Links Phone Numbers to the Internet

                          I loved John Todd's ETel presentation (podcast) on FreeNum, a scheme for bringing phone numbers to the Internet. Of course, I love identifiers and addresses and all that they enable, so it was a natural. Suppose you were a university campus and when you looked at your phone bill, you noticed that a lot of calls were to other universities. You've got a VoIP telephone system; they've all got VoIP telephone systems. You might wonder "isn't there some way to route these calls over the Internet and save some serious money?" The answer, of course is "yes" but making
                          Continue reading...


                          User-Centric Identity Events at DIDW

                          There are several user-centric identity events happening at the upcoming Digital Identity World. Identity Open Space User-Centric Digital Identity is gaining traction. OpenID is one of first of several efforts moving out on the web. There is a cluster of working groups working on various issues including Identity Schema's, Identity Rights Agreements, Interoperability with OSIS, protocols working together on the Concordia Project and others. You're invited to participate in a half-day Identity Open Space being held in conjunction with Digital Identity World on September 26, 2007 (Wednesday) at the San Francisco Hilton. Cost for this afternoon of open space
                          Continue reading...


                          User Centric Reputation Slides

                          Today I gave a talk at AOL in Virginia about reputation. I also had a chance to talk to a small working group on reputation and to the Architecture Council. The discussions were very good and gave me some food for thought. I came away more convinced than ever that what we need to build are reputation systems that bring more cues about people and their actions to bear, in a way that allows the user to control the privacy issues, and with as much emergent behavior as possible to avoid overt configuration. Such a system should reward people
                          Continue reading...


                          Social Graphs and Identity Systems

                          I just posted about social networking and identity at BTL. This represents some of my views on Brad Fitzpatrick's paper on the social graph problem as well as Dave Winer's podcast on the subject. Both Brad's paper and Dave's podcast (not just the summary) are worth paying attention to.
                          Continue reading...


                          We're Planing on Beefing that Up

                          I'm listening to Jon Udell's interview of Mike Hudak about the video sharing service blip.tv. The interview is great--good quality sound and excellent discussion. There's some interesting riffs on design, sharing, economies of plenty, and even origami. What caught my attention, however, was a comment Mike says. At one point, talking about how tagging can happen in a distributed way, he says something like "We've got some basic identity in the system. At some point we plan on beefing that up to deal with comment spam, etc." I'm not dogging on Mike, because I may be misinterpreting this comment,
                          Continue reading...


                          Vote for IT Conversations at Bloggers Choice Awards

                          If you enjoy IT Conversations, consider voting for IT Conversations as the best podcast at the Blogger's Choice Awards site. Naturally, we'd love to win. As an aside, you have to go through a registration process to vote. Sorry. This is the perfect kind of application for OpenID--too bad they don't use it.
                          Continue reading...


                          Double Your ID Pleasure with TSA

                          Via Jim Harper, a report on the TSA's ruling that requires some passengers to present two forms of ID. What's ironic is these are the passengers who signed up for the Registered Traveler program, designed to let frequent fliers escape the inspection line. The TSA is requiring that these registered travelers present a government issued ID (like any other traveler) in addition to their RT card. Beginning last fall, TSA suddenly required that RT members using the RT line show a picture ID and their RT card right before entering the line. These are the same RT cards that,
                          Continue reading...


                          I'll Be at Utah Open Source Conference 2007

                          I've received word that my proposal to give a tutorial on user-centric identity technologies at this year's Utah Open Source Conference has been accepted. I'm excited to be able to participate. I don't know what day I'll be presenting yet. As an aside, I know that conference is still still looking for sponsors, so if your company would like to tap into the open source community in Utah, check it out.
                          Continue reading...


                          Bandit's Cross Platform Selector

                          Novell asked me for a quote for this press release on the Bandit cross-platform card selector. I said: "For the vision of user-centric identity to thrive, ecosystems like information card selectors have to extend beyond a single operating system. As a vendor of a major Linux distribution, Novell is in a great position to lead the use of information card selectors on Linux. I'm very encouraged by these developments." I haven't tried building the card selector for OS X yet. If anyone beats me to it, I'd love to hear a report. As I said in my post about
                          Continue reading...


                          Linking OpenID and CardSpace: SignOn.com

                          PingID (disclaimer: I'm on the advisory board) released the beta of SignOn.com today. SignOn.com is an OpenID identity provider that also accepts InfoCards. Once you've signed up, you can register an InfoCard with SignOn.com, you can use that to authenticate when you use your SignOn id at a Web site. Confused? Here's an example: I go to Jyte.com and click "login" Jyte asks for an OpenID, so I give it my SignOn OpenID (windley.signon.com) SignOn asks me to authenticate (since I'm not currently logged in there) and I choose to authenticate with an InfoCard The card selector pops up,
                          Continue reading...


                          CAS: Simple Authentication

                          Ken McCrery, from Virginia Tech gave a presentation at JA-SIG on their experience using Central Authentication Service (CAS) to provide single sign-on and single sign-off for their campus systems. CAS is an authentication system originally created by Yale University to provide a trusted way for an application to authenticate a user. It's freely available for download. VT orginally used a home grown system called AuthPortal but their middleware group couldn't keep up with the portal groups requirements. They determined to move to something that was more widely used. They found that CAS 2.0 was easy to deploy Previous AuthPortal
                          Continue reading...


                          JA-SIG Keynote on Digital Identity

                          I gave my keynote presentation on the social and economic impact of digital identity to the JA-SIG 2007 Summer conference. JA=SIG promotes the development and use of open architectures in higher education. In addition to their semiannual conference, they also have several projects that members develop and contribute to. The presentation went pretty well, I thought. There were probably about 150 people in the room. The PDF of my slides is available as well as a screencast demoing CardSpace and another screencast demoing OpenID which I showed in lieu of live demos. Neither is edited nor does either have
                          Continue reading...


                          Milestones at IIW2007A

                          Dale Olds just put up some thoughts on IIW2007a and the significant events that occurred. He concentrates on the interoperability session and has some great pictures. Mike Jones gave some detailed stats from the interoperability session.
                          Continue reading...


                          XRDS and Self Asserted Claims

                          Andy Dale posted posted some cautions in response to my post on using XRDS. He later summarized his concerns very succinctly: SEPs in XRDS must be considered self asserted claims and as such should not be trusted on their face. Service Providers should publish the mechanisms by which SEP claims should be validated to be about a specific subject (authenticated identifier). From The Tao of XDIReferenced Tue Jun 05 2007 13:48:15 GMT-0600 (MDT) For an authentication service, this isn't a problem. If I claim 2idi.com is my authentication service, the method for a relying party to check that claim
                          Continue reading...


                          Using XRDS

                          Back when people were trying to bring OpenID, LID, and i-names together, something called Yadis was born. At the time, it was all pretty abstract to me, but over time I've come to understand more of the details. Yadis was a discovery protocol for identifiers that was based on XRDS, or eXtensible Resource DescriptorS. The basic idea was that when you resolved an identifier, you'd get back an XRDS document that would tell you which authentication service the identifier was associated with. I'll talk about the details of how this happens in a minute. First, let's talk about why
                          Continue reading...


                          Obfuscating Passwords in Forms

                          Most are familiar with password fields in Web forms. When you use a password field, anything the user types is obfuscated. This is, to my knowledge, to reduce the danger of shoulder surfers stealing the password by reading the screen as it's typed in. As long as I've used computers, this has been standard practice--the IBM Selectric terminals I used in 1976 would pre-print multiple characters on the paper before having you type your password so it couldn't be stolen from the printout. What would you think of a social networking Web site that in the interest of reducing
                          Continue reading...


                          Internet Identity Workshop 2007: Day Three

                          Tuesday dinner at the Monte Carlo in Mountain View(click to enlarge) If you're interested in following blogs about IIW2007, you can look for the iiw2007 tag on Technorati. First thing this morning (after picking up bagels) I went to a presentation on Sxipper, Sxip Identity's login and form filling plug-in for Firefox. I've been using Sxipper since the last IIW and have come to rely on it. When I first started using it, it had some usability problems (at least for me) so I stopped using it for a while. When I switched to Firefox 2.0, however, with automatic
                          Continue reading...


                          Internet Identity Workshop 2007: Day Two

                          IIW2007A Agenda Wall(click to enlarge) The second day at IIW started in the traditional way: building the agenda. I was surprised that almost half to rooms stood up to propose a session. The wall is pretty full and there are lots of interesting sessions. If you click through on the thumbnail at the right (two clicks), you should be able to read the details. One of the sessions I attended this morning was on the OpenID 2.0 spec and what's left to be done. There seems to be some feeling among potential users that there is an opportunity lost
                          Continue reading...


                          IIW2007 Has Begun: Day One Activities

                          After months of preparation, IIW2007 has begun. Whew! I always feel a big relief when the "train leaves the station" as Mike Jones said. During the introductory presentation Eugene Kim asked how many people were here for the first time and probably one-half two-thirds of the audience stood up. That's great. He also asked how many people had been at the first IIW in Berkeley and there were a dozen or so people in that group. We're starting off differently this year. We broke the group into smaller groups of 7 or 8 and asked them to discuss the
                          Continue reading...


                          User-Centric Identity Tutorial Resources

                          Banff Springs resort. (click to enlarge) I gave my tutorial on user-centric identity today. There were around 40 people there--a good crowd and very interested in identity. I promised that I'd post a list of resources, so here we go. First, my slides in PDF format. Warning: the upload from the hotel is going very slowly, so this probably won't be available until later tonight. Here's the tarball for the demonstration code I did with OpenID. I add authentication to a simple Web application using a separate, general login controller. There are pictures in the slides. It's in Perl.
                          Continue reading...


                          Sun Supports OpenID and Opens the Question of Reputation

                          Sun announced (or at least Tim did) that Sun's supporting OpenID at openid.sun.com. Sun has taken the additional step of stating that only Sun employees will have IDs there. So, if someone presents an OpenID with a base domain of openid.sun.com, you can be assured that Sun is vouching that they are an employee of Sun. The biggest problem with this set up, of course, is that the attributes of an identifier ought to be transfered orthogonally to the identifier itself. The fact that the URL has a certain form should encode data like whether someone's an employee or
                          Continue reading...


                          Best Practices for Using Info Cards

                          Mike Jones is pointing to a newly released guideline for how to put InfoCards on your Web site: Patterns for Supporting Information Cards at Web Sites: Personal Cards for Sign up and Signing In.
                          Continue reading...


                          License Plates as Identity

                          Finding cars online(click to enlarge) The other day I was walking through the Novell parking lot and came upon the car pictured at the right. If you look at the larger image, you'll notice that the bumper sticker on the car says "Use my license plate to find me on the Internet" with the large URL: license-plate.com. Maybe it's just my bias, but I thought that this was a Web site that allowed license plates to be used as general purpose identifiers, allowing license plates to be linked to email and Web addresses. I wasn't sure what use that
                          Continue reading...


                          2.9 Million Georgians at Risk for Identity Theft

                          ZDNet news reports that "A CD containing personal information on Georgia residents has gone missing, according to the Georgia Department of Community The CD was lost by Affiliated Computer Services, a Dallas company handling claims for the health care programs, the statement said. The disc holds information on 2.9 million Georgia residents, said Lisa Marie Shekell, a Department of Community Health representative." When I was Utah's CIO, identity theft on this kind of grand scale didn't make the news as much as it does now. If I were in that position today, I'd be very scared. It's not so
                          Continue reading...


                          Drummond Reed on XRI and Identity

                          This week on the Technometria podcast, Scott and I talk with Drummond Reed about XRI, the eXtensible Resource Identifier. With respect to the podcast, Drummond says: Last week I had a long talk about XRI with Phil Windley and Scott Lemon that they just posted as an IT Conversations podcast. If you ever wanted to know the full XRI story from start to finish (verbally, at least), this is the podcast for you. Phil tends to draw out the details from me, so there's quite a bit of "verbal whiteboarding" (I live for whiteboards), but altogether it amounts the
                          Continue reading...


                          Novell Demos InfoCard Selector for OS X and Linux

                          I just put a story up at Between the Lines about the InfoCard selector that Novell demo'd today at Brainshare. Very cool stuff.
                          Continue reading...


                          Authorization Models and Delegation

                          I promised yesterday that I'd talk a little more about our discussion on delegation. I've since had a profitable discussion with Devlin and Bryant as well. The problem with delegation is that it requires something that has eluded organizations since computer security first became an issue: how do you build good authorization models? Most applications are built without much prior thought to the authorization model and then it gets slapped on afterwards. For organizations, it's even worse. The business has fuzzy ideas about authorizations and they change them all the time. "Oh, we're spending too much money on catering;
                          Continue reading...


                          On Impersonation and Delegation

                          An Elvis Impersonator(click to enlarge) A couple of my students, Devlin Daley and Bryant Cutler, are doing some work on delegation in OpenID. Kim Cameron has been posting about delegation and that led to some interesting discussions in the lab. First we distinguished between impersonation and delegation. The former is an authentication issue, the second is an authorization issue. Kim's point, and I think fairly made, is that you don't ever want some one other than the entity to whom the identity belongs to authenticate as that identity. Rather, you want the entity (be it a service or human)
                          Continue reading...


                          Digital Identity Management Workshop 2007

                          The announcement for the Digital Identity Management workshop for 2007 has been posted. The Call-for-Papers closes June 15, 2007. The workshop itself is being held on Nov 2, 2007 in conjunction with the 14th Annual Conference on Computer and Communications Security. I'm serving again on the program committee.
                          Continue reading...


                          Are You Over 21? Attributes and Identity

                          Utah Driving Privilege Card(click to enlarge) This story from the Salt Lake Tribune about driving privilege cards and getting into bars is a good example of the issues surrounding identity, attributes, and authorization. For some background, a few years ago, Utah passed a driving privilege card (DCP) law that gave undocumented workers a legal way to drive without issuing them a drivers license. A drivers license has legally mandated identity functions for the federal, state, and local governments that extend beyond authority to drive--voter registration, as one example. The reasoning for issuing any card at all to undocumented individuals
                          Continue reading...


                          Where is OpenAttributes?

                          Gunnar Peterson, has a thought provoking post on OpenID and attributes. He quote heavily from another interesting post on names from Mike Neuenschwander. The idea is that names, without attributes are not very useful. I agree wholeheartedly with the assertion that we have to get OpenID and other wide-area identities past simple authentication for them to really be useful. Mike says: I understand why from a programmer's perspective, it would be so much more convenient if everybody could simply have one globally unique, unambiguous, resolvable name. But such a quaint design constitutes a wanton disregard for reality. The tech
                          Continue reading...


                          FreeYourID.com

                          I played around a bit with FreeYourID.com this morning. The service gives you a personalized URL, email address, and an OpenID. The domains are in the .name TLD. This is an interesting concept: combine three identity services into one and offer real personalization. They're giving free 90 day trials. in some ways this reminds me of a poor-man's i-name. i-names are resolvable to various services. Right now, you've got to use an URL transform to make i-names work, so using them is not as straightforward as it be if browsers did native XRI resolution.
                          Continue reading...


                          Reputation for OpenID

                          I'm teaching a graduate class on reputation this semester. I did the same thing last year and the class project was building a reputation framework. The ideas surrounding reputation intrigue me, if you haven't figured that out from reading this blog. I've had various ideas for this semester's project, but finally settled on the idea of reputation for OpenID. With OpenID gaining steam, there are concerns on user side about how to know whether to trust an OpenID provider. Even if you pick someone with obvious standing, like AOL, how do you know if the site you've been redirected
                          Continue reading...


                          Monkey Pornography, Social Status, and Reputation

                          Britt is further developing his thoughts on relative celebrity. He points to a study that looks at social status in monkeys and their willingness to sacrifice food to look at the faces of high-status individuals and what amounts to monkey pornography. On the flip side, they demand more food to look at the faces of low-status individuals. Male rhesus macaques sacrificed fluid for the opportunity to view female perinea and the faces of high-status monkeys but required fluid overpayment to view the faces of low-status monkeys. Social value was highly consistent across subjects, independent of particular images displayed, and
                          Continue reading...


                          Relative Celebrity and Reputation

                          Britt's working on a concept he calls Relative Celebrity. The idea is that in the world of the long tail, there is some ranking and "every member of a network must be related to someone who is closer to the action - relatively speaking, a celebrity - and also act as a valued conduit of news, gossip and conjecture for others, acting as that person's relative celebrity." It's an intriguing idea and one that makes me think about reputation and it's value in a global Internet sense. To date, online reputation systems have been localized to a particular Web
                          Continue reading...


                          Identity Open Space in Europe

                          We're going to conduct an Identity Open Space event in Brussels in April. This will be like the one's we've done in Vancouver with Liberty and in Santa Clara with DIDW. Like the Vancouver IOS, this one will also be at the tail end of the Liberty Project meeting--this time in Europe. Here's the Liberty announcement and the IOS wiki. On April 26th, we'll create the agenda (in open space style) at 11am, have lunch, and then begin sessions which will continue until 4pm on April 27th. The early registration fee will be US $195.00 until Friday, March 23,
                          Continue reading...


                          Why You Should Love CALEA

                          I published a show from Emerging Telephony on IT Conversations that consisted of three lightening talks by Bill Weinberg, Brad Templeton, and Johannes Ernst. Bill gave a good talk about open phones and why we don't have one yet. Open phones are a subject I care about, so I enjoyed that. Johannes gave one of the best short presentations I've heard on the multiple identifier problem. But Brad really entertained with his talk on why you should love CALEA. Brad's talk starts about 15 minutes in. Actually, I should clarify. Brad didn't really give the presentation, rather it was
                          Continue reading...


                          OpenID Economics Centers on Relying Parties

                          Tim Bray has written a post saying that OpenID seems pretty useless and then points out some problems and possible solutions. The ironic thing is I can't argue with many of his points, but come to a very different conclusion. I don't intend to respond point by point. He's spot on, for example, in what he says about TLS. While the OpenID spec tries to stay away from specific authentication mechanisms and has been subjected to considerable security analysis over the months, there's not reason not to require HTTP transport happen over TLS. In practice, however, I doubt any
                          Continue reading...


                          Using OpenID Delegation

                          In a comment on my post about OpenID being an official lifehack now, Richard Miller asks "which OpenID provider do you suggest?" The good news is that OpenID has a layer of indirection builtin, so it's not critical that you choose correctly. Here's how it works. First, you need pick a URL to serve as your OpenID. It doesn't need to be an OpenID provider and you don't need to install a server at that URL. I'd recommend choosing one that you believe you'll be able to hold onto for a good long time. That's going to be the
                          Continue reading...


                          Leaving Arkansas

                          I'm about to board my flight to Salt Lake City, leaving Arkansas after my first visit ever. Besides being able to put another notch in my belt, the trip was a good one for other reasons as well. I enjoyed the small town feel of Jonesboro, the drive from Little Rock, and, especially, the BBQ. The Identity Solutions Symposium was good, providing me with some new things to think about and many new contacts in the world of identity. All in all, a worthwhile trip.
                          Continue reading...


                          OpenID is a Lifehack

                          Lifehacked reposted a screencast (original from Simon Willison) today showing how to sign up for and use an OpenID. OpenID is now, officially, a way to make you live better, more efficient, and happier. Really.
                          Continue reading...


                          The Economics of OpenID

                          I spoke at the Identity Solutions Symposium on the topic of Social and Economic Aspects of Identity (PDF of slides). This is a difficult topic because there is so much to say and so many issues that you could cover. One of the things I didn't talk about that I wish I'd had time to cover was the developing economics around user-centric identity. With announcements like OpenID and CardSpace interoperability and AOL's support for OpenID only a few weeks old, I think that we're getting very close to the identity "big bang" that Kim Cameron talks about. If you're
                          Continue reading...


                          Cancelable Biometrics

                          One of the problems with biometrics is that they're difficult to reset. Lose your password, you get a new one. If someone compromises your biometric data, how do you get new fingerprints? The invariance over time of biometric data is one of it's greatest strengths as well as one of it's greatest weaknesses. The biggest threat isn't that someone will steal your fingerprints, retinas, or other body parts from you (action movies being the obvious exception). Rather, it's that once the biometric data (features) about the artifact have been stored in the computer, they can be stolen and replayed.
                          Continue reading...


                          Digital Identity for Cattle

                          Marion Berry is the representative for the Arkansas First District in Congress, and the opening keynote at today's meeting. He seemed passably informed on identity issues, noting how important identity is in modern society. He's a supporter of the Real ID act, which makes me wonder whether he understands the implications of identity policy. He took questions at the end of his talk. One questioner asked him to respond to Arkansas farmers opposition to cattle tagging. I wasn't aware of the issue before. The program is part of some federal effort to track food supplies. I've written about this
                          Continue reading...


                          Arkansas and Identity

                          I'm in Arkansas at the Identity Solutions Symposium and Workshop in Jonesboro. I speak Thursday on the social and economic aspects of digital identity. I'm looking forward to it. I've never been to Arkansas before. I flew into Little Rock and drove up to Jonesboro because the flights into Memphis didn't work out timewise. The drive is about 2.5 hours, so I had plenty of time to get acquainted with Northeast Arkansas. The rental car lottery gave me a PT Cruiser. I've never driven one before--I wouldn't say it's a particularly fun car to drive. Boring actually. But I
                          Continue reading...


                          Two Factor Authentication with a Bookmarklet

                          I've been meaning to write about this all week, but kept forgetting. Ben Adida has proposed a two-factor authentication scheme using a bookmarklet which looks pretty cool. Ben calls this a "bookmark," but I prefer "bookmarklet" since it's a bookmark that contains a runnable Javascript. The solution seems pretty cool. My biggest question centers on usability. When you imagine this scenario with one site, it seems simple enough, but if every place you wanted to log into on the 'Net needed a bookmarklet, you'd have a bookmarks file full of entries to allow you to log in. What a
                          Continue reading...


                          AOL Deploys OpenID

                          On Wednesday, John Panzer of AOL announced that AOL has deployed OpenID on top of their identity system. What this means is that if you have an AOL identifier (including AIM), you've got an OpenID and can use your AOL identifier to login to OpenID enabled Web sites. Here's what John says: Here's where we are today: Every AOL/AIM user now has at least one OpenID URI, http://openid.aol.com/. This experimental OpenID 1.1 Provider service is available now and we are conducting compatibility tests. We're working with OpenID relying parties to resolve compatibility issues. Our blogging platform has enabled basic
                          Continue reading...


                          Repricocity, Trust, and Reputation

                          Chris Slater presented A Computational Model of Trust and Reputation today in class. The paper introduces three concepts--reputation, reciprocity, and trust--and how they relate to each other. We talk a lot about reputation and trust, but don't often consider reciprocity. They define reciprocity as a "mutual exchange of deeds (such as favor or revenge)." In a reputation system focused on stopping blog comment spam, for example, the engine that calculates the score is calculating reputation, the threshold that you set in your software (e.g. moderate commenters with scores below 20) is the trust metric. Reciprocity is the probability that
                          Continue reading...


                          How Many of Me?

                          We all know that names aren't unique identifiers, but just how many people share your name? HowManyOfMe.com gives you an answer. I benefit from having an unusual last name and a fairly uncommon first name as well. There are three of me: HowManyOfMe.comThere are:3people with my namein the U.S.A.How many have your name? The numbers estimated from statistical and demographic US Census Bureau data.
                          Continue reading...


                          Jim Harper Testifying Tomorrow

                          Jim Harper, who spoke in Utah last November will be testifying before the Utah Government Operations Committee at 8:15 in Room W010 of the Capitol. I'm sure his testimony will be in regard to this resolution against the RealID Act. Jim's an advocate of states taking a firm stance in opposition to the Federal government on the RealID act. He makes very good points about why the RealID act is ill-conceived and will be as ineffective at stopping terrorism as it is effective at invading the privacy of everyone else.
                          Continue reading...


                          On the Importance of Names

                          Phil Hagelberg of Technomancy references the essay on Confucianism and Technical standards with this quote: In a famous passage, Analects 13.3, Confucius was asked by a disciple what his first order of business would be if he were to govern a state. He replied, 正名, meaning roughly "make right the names," "insure that names are used properly," or "rectify the names." His disciple was somewhat incredulous and asked, "Would you be as impractical as that?" Confucius strongly rebuked his disciple and explained that proper nomenclature is the basis of language and that language is central to taking care of
                          Continue reading...


                          The Role of Intellectual Property in Protecting Reputation

                          Today in class, we went over a paper called The Value of a Reputation System by John Kennes and Aaron Schiff (both of The University of Auckland). The paper presents a complicated mathematical model of markets that are similar to eBay and other auction sites, although the example in the paper is "pick-your-own" orchards. I've also been reading Peter Navarro's book The Coming China Wars recently and the two ideas got me thinking about the value of intellectual property in properly functioning markets. In Keenes and Schiff's paper, they model markets where there are product with high and low
                          Continue reading...


                          Cheap Pseudonyms, Privacy, and Sex Offenders

                          The BBC is reporting on a move by the British government to require convicted sex offenders to register their online identities. Of course, it only takes a minute of thought before you realize that its so easy to get a new email address that registering one doesn't do much good. There are some scary responses to that, like this one: If everyone had a single internet identity for life, like a National Insurance number, this would make it far easier to track people, he said. Child internet safety expert John Carr, of children's charity NCH, said: "This is a
                          Continue reading...


                          Making CardSpace and OpenID Interoperable

                          Microsoft, JanRain, Sxip, and VeriSign have agreed to work together to make OpenID and CardSpace interoperate. This isn't totally unexpected since the community has been moving forward in this direction. Kim Cameron has been discussing the details of how it might work in recent weeks. Here are the specifics from the press release: As part of OpenID's security architecture, OpenID will be extended to allow relying parties to explicitly request and be informed of the use of phishing-resistant credentials. Microsoft recognizes the growth of the OpenID community and believes OpenID plays a significant role in the Internet identity infrastructure.
                          Continue reading...


                          Funding Public Radio (and ITC) with VRM

                          In a post at Linux Journal about identity and VRM, Doc Searls says that rather than boil the VRM ocean, he would rather pick a specific problem. Beyond cash for goods or services, I would like the option of having some range in relating. Maybe I want nothing more than give an artist some cash and a high-five. Or I may want a subscription to notices of new work, or to performances near where I live. The thing is, this mechanism needs to live on my side: to be mine. It must be able to relate to a first
                          Continue reading...


                          Social Networking Without a Safety Net

                          Jeff Jarvis just got back from Davos where he found plenty of identity-related discussion. Jeff says "One of the thin threads I saw cutting through much of my Davos experience was the notion of identity" and goes on to enumerate many of them, including the trade-off between privacy and reputation and the relationship between reputation and transparency. What caught my eye though, was this: All this opens up lots of opportunities in technology. I said to a couple of my fellow participants at Davos --- a media mogul, an internet entrepreneur --- and I will say it in another
                          Continue reading...


                          Mobile Identity Workshop 2007

                          Doc Searls is hosting the first Mobile Identity Workshop at cNet headquarters in San Francisco today. I flew out last night. Doc's now a fellow at Harvard's Berkman center and this is one of the topics he's put on his list of things to explore. There's about 100 people here, so it's promising to be a great day. The usual identity gang is here, but there's quite a few new faces as well given the emphasis on mobile. Doc started off the day with a list of statistics, noting that there are 800 million cars in the world, 1.2
                          Continue reading...


                          Exploring Interoperability Space

                          Paul Trevethick has put together a document identifying the dimensions along which components and data flows can be changed in user-centric identity systems. His space is a diagram that is general enough to cover most wire-level interactions of various user-centric identity systems. I found it instructive. For any specific set of interactions with various components some of the components or flows would drop out. This is timely because we're trying to figure out how to do interoperability demonstrations for IIW07 in May. That requires mapping out scenarios that various parties will try to play in. Paul's diagram gives a
                          Continue reading...


                          Digital Certificates for State Government

                          The State of Illinois has been a big proponent of digital certificates for citizens and has been issuing them for some time. People can use these to authenticate to eGovernment applications. Of course, you don't want to force people to use a digital certificate when they renew their driver's license, but there are somethings that require strong authentication and the lack of good ways to accomplish it hampers digital government. According to this story from Government Technology, they just issued their 100,000th digital certificate. They have also cross-certified with the Federal Bridge Certification Authority (FBCA), so these state-issued digital
                          Continue reading...


                          Who Owns Your eBay Data

                          In the Who Owns "You" panel at Supernova (available on IT Conversations) the question came up about eBay reputation. An eBay seller's reputation score is calculated from how other eBay users rate the seller. Does that score belong to the seller, the eBay users who contributed to it, or eBay? Pretty easy actually, when you consider the principles of reputation. The eBay score is eBay's story about the user. They calculate that story and it's pretty simple but still they're the ones deciding the algorithm that's used. The eBay users and eBay jointly own the ratings. That is, each
                          Continue reading...


                          Identity Crisis Book Forum

                          Jim Harper will be conducting a book forum on Thursday January 18 at 12pm EST at the Cato Institute in Washington D.C. on his excellent book Identity Crisis: How Identification is Overused and Misunderstood. The event will be streamed if you can't make it to Washington by Thursday. After Jim speaks, there will be comments from, and discussion with, James Lewis of the Center for Strategic and International Studies and Jay Stanley of the ACLU. Jim spoke here in Utah last year and I recorded the talk and placed it on IT Conversations where it continues to attract listeners
                          Continue reading...


                          I-names and Usability

                          Kaliya likes i-names. She does a good job in this post of articulating why. There are a few things she points out, however, that will only be "good" and "simple" if we choose to make them so. In particular, she says "[d]omain names system usability sucks." The unstated implication is that XRI resolution won't. It's hard to tell since the tools for letting users do that aren't really available yet. Will they be better and easier to use? WE can only hope. Also, i-names are deceptively simple now because not many people are using them. What happens when all
                          Continue reading...


                          Presence for Your Presents

                          I put a piece about user-centric presence up at Between the Lines this morning. Hope you're enjoying the holidays.
                          Continue reading...


                          OpenID Delegation

                          Simon Willison (whose blog used to be green) has an excellent tutorial on setting up OpenID delegations so that you can use your own domain name (see what I said about persistence here) as your OpenID. In fact, you can use any URL where you control the resource (what gets returned when you GET the URL) as an OpenID. Delegation is an important part of OpenID because it allows you to switch OpenID identity providers, your OpenID stays the same. Just change the link tags in the resource associated with the URL you're using as an OpenID and you're
                          Continue reading...


                          Making XRIs With XRDS

                          User-friendly view of my XRDS file(click to enlarge) Yesterday I posted a piece on XRIs and i-names at Between the Lines. Now that 2idi, my i-name registrar, is supporting forwarding, I've configured several XRIs that resolve to specific places on the 'Net including my blog, RSS feed, and even me at Skype. I mentioned William Tan's FoXRI extension to Firefox that allows native resolution of XRIs (e.g. xri://=windley/(+blog)) instead of using an XRI proxy. Playing with that tool, I realized that the XRDS document for =windley was pretty skimpy. William informed me that 2idi has a new experimental feature that
                          Continue reading...


                          OpenID and XMPP

                          Via Scott Kveton, a link to an OpenID server that uses XMPP authentication (the undelying protocol for Jabber). Fun stuff!
                          Continue reading...


                          Jim Harper Audio On Identity

                          I just posted Jim Harper's talk on identity at IT Conversations. It's a good talk and well worth listening to if you've got any interest in identity and public policy. Unfortunately, we didn't have a mic for the audience, so the Q&A session didn't make it. That's too bad since there was some really good interaction.
                          Continue reading...


                          IIW2006 Lost and Found

                          After IIW2006B was over last week, we found a few things. Kaliya has them, so if they're yours contact Kaliya to get them back. Here's pictures (click picture to enlarge): Phone charger Glass case IBM power adapter Macbook (65W) mag power adapter
                          Continue reading...


                          Bohemian Rhapsody in the key of ID

                          On Tuesday evening, we were treated to the debut performance of Bohemian Rhapsody in the key of ID (lyrics by Eve Maler, Laurie Rae, Peter Tapling, Derek Fluker, Bill Johnson, and Wes Kussmaul). Conor Cahill shot a video:
                          Continue reading...


                          Computational Reputation

                          I did a session on online reputation (or "computational reputation" as I've taken to calling it to distinguish it from reputation work in other fields). I didn't have time to take notes, but if I find others who have, I'll post an update here. In the meantime, here's the picture of the whiteboard I took and a link to my paper on reputation.
                          Continue reading...


                          i-names...Again

                          Salim Ismail(click to enlarge) I went to a session on the future of i-names this morning. Drummond Reed started off talking about what they are now. DNS names abstract IP numbers. URLs, based on DNS, typically point to specific locations. XRI provides an abstraction layer on top of the URL. i-names and i-numbers are synonyms. i-names provide a semantic identifier and i-numbers are a persistent identifier. i-numbers are never reassigned, but i-names might be. Having a non-assignable identifier ensures that I can't lose my identity (and the rights that go with it). Any synonym in the XRI namespace resolves to
                          Continue reading...


                          The State of User Centric Identity

                          Johannes Ernst has a good summary of the current user-centric identity landscape in his updated triangle diagram.
                          Continue reading...


                          Beyond Passwords

                          Hacking CardSpace in the Hi-Fi Lounge (click to enlarge) In the session on authentication without passwords (beyond passwords) put, Lisa Dusseault made the assertions (with some help from the room): Existing browsers do not succeed in verifying site identity to users HTML forms for login considered harmful. Browser-based third-party identity systems habituate user to redirect to enter their password (task fixation). When you catch someone in the middle of doing something, they will plow through all kinds of barriers to "get the job done." Current password redirection schemes (most of them) redirect users to authenticate. Any password-based system is vulnerable
                          Continue reading...


                          Speed Geeking

                          Chuck Mortimore demos XMLDAP(click to enlarge) Speed geeking turned out great. I saw some things that really interested me and I got it in a quick hit. The following projects or demos were done: Earthgrid.org - Video worth paying for xmldap - Chuck Mortimore gave a demo that showed using en OpenID as a CardSpace card to log into Kim Cameron's blog. Safari Inforcard Selector - This is a plug-in for Safari that implements an CardSpace card selector from Ian Brown. AOL WebAIM Service nice demo showing how to get AIM data using a Web API. I would like to
                          Continue reading...


                          Vendor Relationship Matters

                          I went to Doc's discussion of VRM (vendor relationship management). We had a great discussion around a number of scenarios. There's Doc's (by now) famous rental car discussion. Dave Winer brought up Yahoo! Movies and Netflix and sharing data back and forth between them. This kind of session easily turns into a discussion of how messed up most companies are. Doc summed it up thusly: "Living in a silo is self-destructive." Doc said there were three pieces: transactions, intentions, and preferences. Avery Lyford boiled these down to three points: What you've done What you want What you like Intentions
                          Continue reading...


                          Lightbulb: Bringing SAML to PHP

                          Pat Patterson spoke on using SAML in a "Web 2.0 World." SAML provides a good mechanism for transporting identity attributes. But to use SAML on the wild Web, you've got to support dynamic languages like PHP. Pat has a mechanism for using SAML from PHP. One way to do this is using a PHP/Java bridge that talks to an existing federation manager. This is overkill if you've got one little site you want to use federation on. Pat has a project, called Lightbulb, that puts SAML directly into PHP. No custom PHP modules required. Future parts of Lightbulb may
                          Continue reading...


                          Trusting OpenID

                          We started off the morning, as is our tradition by building the schedule for the conference. Lots of good sessions proposed and many I will have to choose between. I love seeing these things come together. I started off the morning at David Recordon and Josh Hoyt's talk on OpenID authentication in the new OpenID 2.0 spec. During a discussion of how OpenID 1.1 works, a good discussion of phishing broke out. Someone asked what's to keep a relying party from purposely misdirecting a user to a site that's spoofing the user's IdP and stealing the user's credentials. David
                          Continue reading...


                          Introducing User-Centric Identity

                          Doc Searls(click to enlarge) The Internet Identity Workshop (2006B) has begun. I flew in this morning and spent the time before the conference started shopping for things we need for snacks, etc. Today is not an unconference event--that starts tomorrow. Today we have a more structured program intended to get people new to the space up to speed--but people who've been in the identity space for years come anyway. Kaliya and Mike Ozburn started off the day with some discussion of the identity space map. Dick Hardt spoke on the identity lexicon and the laws of identity. Next up was
                          Continue reading...


                          Jim Harper on Identity and Public Policy

                          Jim Harper(click to enlarge) Tonight Jim Harper gave a talk on identity and public policy at the Utah State Capitol. I've recorded the talk and will hopefully have it up on IT Conversations soon. Jim starts by telling the story of his book, Identity Crisis: How Identification is Overused and Misunderstood. . A few years ago, Jim joined the CATO institute and was invited by the ACLU to join them at the US Capitol for an event on national ID cards. He read the ACLU briefing and thought it was good, but overly simplistic. He sat down to read
                          Continue reading...


                          Managing Vendors Before They Manage You

                          On this week's Technometria Podcast, Scott Lemon, Matt Asay and myself are joined by Britt Blaser and Doc Searls. We have a great discussion about how Internet tools can be used to manage vendors instead of them managing us. Doc calls this "vendor resource management." Good name.
                          Continue reading...


                          Discussing Identity Public Policy in Utah

                          Since the terrorist attacks of September 11, 2001, public officials have been under increasing pressure to employ identity in the name of security. Advancements in identification and surveillance technologies -- biometrics, identity cards, databases, RFID, and so on -- threaten privacy and civil liberties, enable identity fraud, and subject people to unwanted observation. But there is no going back. Rep. John Dougall has invited Jim Harper to discuss his book, Identity Crisis: How Identification is Overused and Misunderstood. Identity Crisis is a superb primer on identification, identification theory, and identity policy. Citizens, technologists, and policymakers alike need a good
                          Continue reading...


                          FCW Government CIO Conference

                          Hotel Del Coronado(click to enlarge) I've been at the Federal Computer Week Government CIO conference today in San Diego. I was asked to speak on Digital Identity and they were even good enough to give away some copies of my book. Here are the slides from my talk. I wish I'd had more time to develop some of the themes. The conference was at the Hotel Del Coronado, a lovely place on the beach. I took a few pictures. Tomorrow I heard to Chicago to talk about Web services and data sharing.
                          Continue reading...


                          Contextual Authority Tagging

                          Terrell Russell has a good post about the wisdom of crowds and expertise and why they're not the same. Crowds are good at giving opinions, but experts have knowledge. Folksonomies are about the wisdom of crowds. Great for classification. Terrell things tags can be used to "[discovering] and [defining] cognitive authority through reputation." He's working on something called contextual authority tagging to fill this gap. Contextual Authority Tagging is the use of folksonomy to discover and define cognitive authority through reputation within communities of users. Authority is granted by individual users to other individual users with regard to their
                          Continue reading...


                          Using OpenID and Liking IT

                          Norman Walsh is using OpenID in his photodata.org application and liking it. He has Ruby code (not Rails) that you can swipe if you like.
                          Continue reading...


                          Federated Identity Hubs

                          I put a piece on federated identity hubs like InCommon and Covisint up at Between the Lines.
                          Continue reading...


                          OpenID Sightings

                          Stuffopolis is accepting OpenID for users leaving reviews.
                          Continue reading...


                          Reputation at USU

                          I had a good time speaking at USU today. I gave a talk on digital identity and the reputation framework. While I was there I met and got to spend a little time with Justin Ball and Dave Wiley from the Center for Open and Sustainable Learning. They've got a project right now that will require them to choose a cross-domain identity (user-centric ID) system. We had a good discussion of the options.
                          Continue reading...


                          Digital Identity and a Pint

                          Stephanie Kesler sent me a link to Isaac Szymanczyk's blog showing a picture of my book. Cheers, Isaac!
                          Continue reading...


                          Announcing IIW2006B

                          The announcement for IIW2006B has been up for a while, but we really haven't drawn much attention to it. Please put Dec 4-6 on your calendar if you're planning on coming. The format and organization will be about the same as May's IIW: half a day of more tutorial material on Monday followed by two full days of open space/unconference on the 5th and 6th. You can register using the IIW registration page. The costs are the same as last time, $75 for students, $150 for unaffiliated and independents, and $250 for corporate folks. If you're company's going to
                          Continue reading...


                          Yahoo!'s BBAuth: Browser Based Authentication

                          Today Yahoo! announced BBAuth or Browser Base Authentication (I found out from Dave Winer). Google has a similar service. Once a user has logged in to Yahoo! (after a redirection from your site) they specifically authorize your application to retrieve certain user data that you've requested. You then get back a token (one hour TTL) that can be used with Yahoo! APIs to get the data. Jeremy Zawodny says that right now only Yahoo! Photos and Yahoo! Mail are supporting BBAuth. Dan Theurer has a post about getting it ready to go. I'd like to use this in the
                          Continue reading...


                          Does Your Four-Year Old Have a Full Time Job?

                          An article in this morning's Deseret News revealed that the Social Security Numbers of as many as 600 Utah children under the age of 12 are in use somewhere in the state by someone else. These workers might be using these SSNs mistakenly or they might not... The real story however, is that Utah law doesn't provide clear avenues and reasonable tools for the Dept. of Workforce Services to try to correct the mistakes. Workers are afraid of privacy law violations and have no authority to require employers to fix the problems. So, if your four year old gets
                          Continue reading...


                          Digital Identity Is the Greatest Challenge on the Planet!

                          Forget global warming war, and famine. Digital identity is the "biggest challenge on the planet today." At least that's what Sun Chairman CEO Scott McNealy thinks. Given that, I can't understand why my book isn't on the NYT best seller list. :-) I wonder if Scott has a copy?
                          Continue reading...


                          Using Reputation to Combat Online Fraud

                          Last week at DIDW, I had the opportunity to sit down with Iovation CTO Dan Lulich. I'd met Dan at the Berkman ID mashup in June, but didn't really know what Iovation did. I found that we had much to talk about: Iovation does reputation. Iovation's reputation services aren't for people--they're for devices. Being able to link devices to undesirable activities and also to the accounts they log into is a great way to combat fraud in online gaming, eCommerce, and other places where money is at stake. Denise Howell just interviewed Iovation's CEO Greg Pierson on IT Conversations.
                          Continue reading...


                          Wrapping Up DIDW

                          One of the things that distinguishes a great conference from a good one for me is that I not only learn new things, but I'm inspired with new ideas. Occasionally I come away from a conference with lots of new ideas, having met lots of new, interesting people, and having deepened friendships with people I already knew. That happened at DIDW this year and that's what will keep me coming back. Phil and Eric hit the nail on the head this year. I'm headed out to the airport, sorry I'll miss Doc's closing keynote, but glad I came.
                          Continue reading...


                          whobar

                          SXIP seems to ta always come up with clever names for things. The entry this year is whobar, SXIP's software or relying parties that allows them to accept CardSpace cards, i-names, or OpenID itentifiers from users.
                          Continue reading...


                          Kaliya Wins DIDW Award

                          Kaliya Hamlin won a DIDW award for "behind the scenes" work on the Internet Identity Workshop and th Identity Gang. It was well deserved. Kaliya is a motive force in this area and someone who makes the community better. Over and above that, she's a genuinely nice person and someone who's a pleasure to work with. Congratulations Kaliya!
                          Continue reading...


                          Pretexting

                          The word for the week is pretexting.
                          Continue reading...


                          Passive Federation

                          Patrick Harding, CTO at Ping, is speaking with Kim Cameron on using CardSpace in the enterprise. Patrick discusses how traditional federation allowed user data to flow between enterprise systems without the user's consent. Rather than refer to the case where the user is structurally involved as "user-centric" however, he introduces the term "active federation," calling the traditional federation scenario "passive."
                          Continue reading...


                          Jamie Lewis Keynote: The Evolving IdM Landscape

                          Jamie Lewis, CEO of Burton Group(click to enlarge) Another highlight of DIDW each year is Jamie Lewis' keynote. Jamie is the CEO of the Burton Group (and, incidentally, wrote the forward to my book on Digital Identity). He believes that the market has moved beyond the products and suites stage to the services stage. Good news for the people I've met at the conference this year who are hoping to build service-based businesses. Stronger authentication is not going to solve most of the problems we see in the identity space. User IDs and passwords are still around and replacing them
                          Continue reading...


                          Microsoft's Open Specification Promise

                          Yesterday Microsoft made an important announcement regarding the intellectual property that they have surrounding many of the WS-* specification. I wrote about it at Between the Lines. You can find details at Kim Cameron's blog.
                          Continue reading...


                          Digital Identity in BC Government

                          Dave Nikolesjsin, CIO, Prov. of British Columbia(click to enlarge) Dave Nikolesjsin is the CIO for the Prov. of British Columbia. No less an authority on identity than Dick Hardt has told me that I really had to see what they were doing in identity. So, when I saw that Dave as speaking at DIDW, I knew that was one session I had to attend. Serendipitously, I sat with Dave at breakfast and got a chance to get acquainted. The title of Dave's talk is "Citizen-Centric Identity." He shows a picture with a citizen, in this case a little girl from
                          Continue reading...


                          Location and Identity: A Powerful Team

                          Something Phil Becker said in his annual state of digital identity talk at DIDW this morning made me think about location and some of the things that go along with identity and mobile devices. I wrote those up and posted them at Between the Lines.
                          Continue reading...


                          Vitamins, Pain-killers, and Viagra

                          Dick Hardt(click to enlarge) Dick Hardt intro'd a panel on identity at big sites (meaning eBay, Yahoo!, Google, MSN, and so on). He used a great analogy of vitamins, pain-killers, and Viagra. We've been selling ID Management as vitamins. Everyone knows that they're good for you, but there's no urgency. With pain-killers, there's urgency. Viagra, on the other hand lets people do things they couldn't do before. User-centric identity is a pain-killer for users, but only a vitamin for big sites. How do you turn user centric identity into Viagra? He uses eBay as an example. By using a user-centric,
                          Continue reading...


                          Jim Harper on Identity

                          Jim Harper is the author of Identity Crisis: How Identification is Overused and Misunderstood. Jim is an analyst at the Cato Institute, a non-profit thinktank with Libertarian leanings. Phil Becker introduced him by saying his book was a great introduction to the theory of identification. He uses the discussion of a national ID card to launch into a discussion of identification and it's theory. There are serious challenges in identification and policy makers will do a better job if we do a better job of articulating what identification is, how it works, and why it fails. Surveillance is easier
                          Continue reading...


                          DIDW Opener

                          Phil Becker and Rob Clyde(click to enlarge) Our IOS event ended at 3pm. We had 5 sessions--too short, really, to get into the spirit of the event, but there were about 80 people there and lots of good discussion. We'll be doing a 3 day IIW in December. You can register now. Phil Becker started DIDW with an interview of Symantec CTO Rob Clyde. I've been critical of DIDW keynotes before, so I have to give them credit on this one. Phil did a great job of guiding the interview and keeping it from being a marketing speech. One of
                          Continue reading...


                          Identity Schemas

                          Mark Wahl on identity schemas(click to enlarge) Mark Wahl of Informed Control led a session on identity schemas and how to deal with them. People reinvent schemas, they use different labels for the same data, there's problems bringing these various schemas together. Moreover, a community shouldn't have to go to a standards body every time they have an identity data storage problem. He brings up Ham Radio operators. If they want to use call signs as identifiers, who should decide how that fits in? X.509 dealt with many of these issues. There are well known problems with X.509 collapsing under
                          Continue reading...


                          Intro to User-Centric Identity

                          Kaliya leads a session at DIDW IOS(click to enlarge) Due to a mix-up with my plane reservations (completely my fault), I ended up flying into San Jose today rater than last night which meant that I ended up at the DIDW identity open space event 30 minutes late. Poor Kaliya ended up with all the set-up herself. I arrived (sans shampoo and toothpaste) just as the session planning session ended and the real sessions began. Kaliya had volunteered to lead a session introducing user-centric identity for people new to the meetings. Kaliya did a good job of introducing the user-centric
                          Continue reading...


                          Digital Identity in the Real and Virtual Worlds

                          Last week Jon Udell and I spoke on the phone about digital identity. A serendipitous lead-up to this week's Digital ID World conference and the associated Identity Open Space event that Kaliya, Doc and I put together. Jon has published the discussion as part of his Friday podcast. Speaking with Jon is always enlightening and fun. The discussion follows how real-world identity scenarios collide with the digital realm.
                          Continue reading...


                          Register for the DIDW IOS

                          If you're planning on attending the Identity Open Space on Sept 11 in Santa Clara, please take a minute and register. We need a good head count before we order lunch. We're perfectly happy to have you sign up late or even just show up on th 11th, but you'll be on your own for lunch. We've only scheduled 30 minutes for lunch, so that will be pretty tight. If you're in the Bay Area and are planning to attend, you can help us keep costs low by bringing a projector. I've added a place at the bottom of
                          Continue reading...


                          Identity Open Space and DIDW Event: Register Now!

                          We're doing an identity open space on Monday Sept. 11, 2006 in Santa Clara in conjunction with Digital ID World. DIDW starts Monday afternoon and we're going to do 3/4's of a day of open space beforehand to talk about user-centric identity. The format will be largely the same as the Internet Identity Workshops that we've been having--just shorter. If you're coming to DIDW or just in the Bay Area, we'd love to see you there. You can expect good discussion and meetings with people at the fore-front of this emerging area. If you're coming to DIDW and have
                          Continue reading...


                          Undistinguished Identity and Reputation

                          I just posted an article on undistinguished identity and reputation at Between the Lines. People typically don't want their online activities correlated, but reputation is largely built from such correlations. Understanding and coming to terms with the tension between those two facts is going to be a large part of building reputation systems that work. The principles of reputation that Kevin Tew, Devlin Daley, and I discuss in our paper describing our reputation framework are aimed at lessening that tension.
                          Continue reading...


                          Dresdner Bank, BYU's Partner in Germany

                          Dresdner Bank(click to enlarge) In Germany, many of the ATMs were in enclosed vestabules that required a card to enter. Some seemed OK with any bank or credit card, but others apparently needed a specific card (the bank's ATM card, I presume). In Koln, we were in a hurry to get money to catch the train to Munich and the Dresdner Bank was the one closest to the hotel. It is in the latter category, neither my bank card nor my credit card would open the door, even though I was fairly certain that once I was in, either would
                          Continue reading...


                          The Long View of Identity

                          Andy Oram wrote an entry at OnLamp.com on the long view of identity. The article is good overview of his thoughts after attending the Berkman Identity Mashup. He concludes: I can't end this article without sharing some of the most pessimistic fears aired at the Mashup by some of its most well-informed participants, such as Stefan Brand. Brand admitted to feeling near despair sometimes, because we could easily move into a society where RFIDs are embedded in our bodies and every move is tracked. "I'm afraid that, despite all our best efforts, our technical solutions may drive us into
                          Continue reading...


                          A Reputation Framework

                          Today on the Diane Rehm show, Diane's guests were Jennifer Golbeck, research associate, Institute for Advanced computer Studies, University of Maryland, College Park, Md, Albert-Laszlo Barabasi, professor of physics, University of Notre Dame and author of "Linked: How Everything is Connected to Everything Else", and Kathleen Carley, professor, Computer Science, Institute for Software Research, Carnegie Mellon University. The topic was Social Networks and the Web At one point Diane said something like "But you don't know who these people are who are contacting you. This is an identity issue!" Indeed. In fact there are two issues. When Diane says
                          Continue reading...


                          Identity Open Space in Vancouver

                          There's an Identity Open Space happening in Vancouver BC July 20-21. This is bring jointly produced by Liberty Alliance and Kaliya Hamlin, Doc Searls, and I (the IIW folks). The goal is to create another highly interactive event and move the conversations forward. We're hoping that by having it close to the Liberty meeting we'll involve some people who haven't been part of the conversation before. Liberty Alliance has open their meeting, which is happening right before the IOS event, to non-members. If you're curious about Liberty and user-centric identity or just want to spend some great time in
                          Continue reading...


                          Identity Commons Sessions

                          Eugene Kim has posted a summary of Identity Commons sessions from last week's Berkman Identity Mashup. He says: There are a number of grassroots community projects that involve multiple stakeholders and that are happening independently of any centralized direction. These decentralized efforts could all benefit from some shared infrastructure, which could be as simple as a shared, neutral brand (i.e. "IdentityCommons") or as complicated as a set of rules that help ensure fair participation and governance among multiple parties. Our strategy is to build an organization organically that addresses the needs of these different community projects. From eekim.com: EEK
                          Continue reading...


                          Blog CAPTCHA

                          The last week or so I've been getting slammed by "Nice site" blog comment spam that just wants a link to some dubious Web site. I'd turned on "approval for everyone" but that just means that it doesn't show up on the site--I still have to delete it and it got to be a pain. In an effort to fight spam while keeping my site as open to feedback as possible, I've added a CAPTCHA to the comment page. The package I'm using is SCode (Movable Type). It's not too sophisticated, but it works and I imagine it will
                          Continue reading...


                          Prepare to Be Aggregated People!

                          Marc Cantor introduced the alpha of his PeopleAggregator. I spent a little time on it and built a profile, etc. The interesting part from an identity perspective is built-in support for SXIP 2.0, OpenID 1.0, and Flickr ID in the system, in addition to the native authentication service. As Marc said in a note to me: We'll be introducing the notion of using any or either or these ID systems within our system, so they'll be a lot of 'explaining' to do. But instead of hiding all that away (as I've been told I should) we're going to proudly
                          Continue reading...


                          ClaimID Launches

                          ClaimID has launched. ClaimID is a service that allows you to aggregate and contextualize URLs that are about you. So, if you've got a common name or there's material about you that's hard to find, you can make sure it's findable. If you've got a blog and are good about linking to things about yourself, it probably won't offer much benefit, but for people who don't blog, this could be a valuable service. There's a link to reputation here.
                          Continue reading...


                          Identity 2.0 Talk

                          My presentation on Identity 2.0 (PDF) went well this morning. I was first up (8:45), so the crowd was a little smaller than I'd have hoped for, but I got some good questions and lots of interesting discussion afterwards. Rod Boothby spent some time going over his talk from yesterday with me since there was some good agreement on key points.
                          Continue reading...


                          Unifying Internet Identity Systems

                          I put a post about today's OSIS announcement, a project to unify addressable identifier systems (LID, OpenID, XRI) and token based identifier systems (Higgins, CardSpace, SXIP), at Between the Lines. This is a historic development.
                          Continue reading...


                          Principles of Reputation

                          Building the open space agenda for day three(click to enlarge) Today was an open space day. The more I participate in open space, the more I'm convinced that it's the right way to do workshops. I wish we'd had two days of open space because the agenda for today was so packed with things I wanted to hear about. The first session I attended was labeled "The Laws of Reputation." I also wanted to go to Marty Schleiff's meeting on XRI, but I felt like I had to do the reputation thing. I don't know that we got to "laws"
                          Continue reading...


                          ID Mashup Photos

                          John Clippinger(click to enlarge) I've got photos from the Berkman ID Mashup on my gallery. There are also photos at Flickr, including this prize from David Berlind. At some point, I may need to start using Flickr instead of my own system. I really with that Flickr could see and use my photos in a decentralized manner so I didn't have to choose.
                          Continue reading...


                          Towards and Open Identity Layer

                          The first afternoon session was on Towards and Open Identity Layer and Trusted Exchange: What Might it Look Like? The panelists were Paul Trevithick, Parity Communications; Dale Olds, Novell; Tony Nadalin, IBM; Kim Cameron, Microsoft; and Marc Rotenberg, EPIC. John Clippinger, Berkman Center was the moderator. One of the topics that was discussed was security. Kim Cameron made the point that CardSpace doesn't build all the walls that might need to be built, but it changes the paradigm so that the walls can be built. Marc Rotenberg brought up the issue of electronic voting systems. He says that there
                          Continue reading...


                          Long Tail Markets, Social Commerce and Open Business Models

                          I'm attending the session on Longtail Markets, Social Commerce, and Open Business Models. The panelists are Philip Evans, Boston Consulting Group (moderator) Greg Steltenphol, adina, Glenn Fogel, Priceline.com, Mark Greene, IBM, Karim Lakhani, MIT Sloan School of Management, and Jean-Francois St. Arnaud, My Virtual Model, Inc. The discussion quickly moved to whether users will be interested in open identity or not. Glenn Fogel says that his customers just want to get tickets and reservations and move on. Priceline has 17 million customers. They've collected data on these, but most of them didn't volunteer it by filling in preference forms.
                          Continue reading...


                          What Signals Are You Sending Out?

                          David Berlind's write-up of Judith Donath's presentation yesterday at the ID Mashup on signaling is well worth reading. Signalling is important for reputation. We don't have the infrastructure, at present, to easily pick up on signals and use them. Should I trust some one with an "edu" TLD in their email address more than a Hotmail account? Probably. Universities, as a rule, vet the people they give email addresses to. Hotmail, obviously, doesn't. Part of the problem is that the signals that are there aren't easy to see. For example, why doesn't my email client (Mail.app) show the URL
                          Continue reading...


                          Interoperability, Open Identity and Identity Brokers

                          These are some notes from my session. I didn't capture it all and may have mischaracterized things. I didn't try to record who said what. If I've missed something or misstated something, feel free to leave a comment. There's a problem with interop, namely the huge anthropological problem around identity that wasn't there with internetworking. There are too many deep, philosophical discussions that can happen when you start talking about identity. We need language and social interop--conceptual interop--to get technical interop. Identity brokers provide the role of interchange between protocols. Common user experience is important in identity because people
                          Continue reading...


                          Reputation and Wi-Fi

                          I'm sitting in the Ames Courtroom at Harvard Law School right now waiting for day two of the Berkman identity Mashup to begin. I missed yesterday because I wasn't willing to fly out on Father's Day. My panel in identity brokers will be at 9am. As I got here and opened up my laptop, I signed into the Harvard wi-fi network. They allow temporary guest logins; you have to provide an email and telephone number. I don't know what keeps people from just giving them dummy data. Probably nothing. I was thinking, however, that you could use a reputation
                          Continue reading...


                          Identity Brokers and Business Models

                          Next week, I'm moderating a discussion at the Berkman Identity Mashup in Boston. Our panel is at 9am on Tuesday if you're coming. The title of the panel is "Interoperability, Open Identity, and Identity Brokers." Here's the description: Very likely there will be a new industry of identity brokers, identity providers, and relying parties using those digital identities. Will it become subject to power laws and vendor concentration? What forces will play a role in shaping this new industry? The Higgins open source software framework is one emerging implementation for identity systems that allows for interoperability and integration, utilizing
                          Continue reading...


                          Novell's Bandit

                          Novell announced the Bandit project yesterday. Bandit open-sources key identity management technologies and creates projects for extending them. From the press release: The Bandit project is focused on delivering a single, consistent experience of digital identity and includes several common identity services such as authentication, roles, policy and compliance: The Common Authentication Services Adapter (CASA) provides interoperable authentication that enables application and enterprise single sign-on with a secure vault for user and system credentials. The Common Identity service is an implementation of the Higgins framework for representing digital identity. The Role Engine service can be integrated into any application
                          Continue reading...


                          Identity Management Panel

                          I attended an identity management panel moderated by Arnaud Sahuguet of Google. On the panel were Rick Hull, Bell Labs, Conor Cahill, Intel, Kim Cameron, Microsoft, Mike Neuenschwander, Burton Group, and Stefan Brands, Credentica & McGill University. Arnaud started off with the famous "no one knows your a dog" cartoon and the ACLU pizza video. He asked each panelist how many different identities they have. The answers ranged from 40 to 313 (Cahill knew exactly). Kim said he uses classes of identities (my own strategy) for different kinds of sites. Converged networks (wireless, television, Internet) make the problem of
                          Continue reading...


                          DIDW and IIW: Two Great Tastes that Taste Great Together

                          The Digital ID World conference will be held September 11-13 this year in Santa Clara. We're going to have a 3/4-day IIW event on the 11th before the keynotes begin in the late afternoon. We're hoping to attract some of the usual IIW crowd to DIDW and some of the DIDW crowd to IIW. I'd like to see more cross over there. Attendees at the IIW event will qualify for a discount registration at DIDW. We'll have details forthcoming soon. Watch this space!
                          Continue reading...


                          SOA Forum Wrap-up

                          Halley Suitt(click to enlarge) My laptop was giving me grief yesterday (I think it's a memory problem) so I didn't get to everything I was planning on writing up. For example, I went to Halley Suitt's talk at Syndicate in the afternoon. Halley is one of the early bloggers and a great writer. She writes Halley's Comment and is the CEO of Top Ten Sources. She's also a sometime contributor at IT Conversations, doing a show called Memory Lane (I'd like her to do more shows--hint, hint). The panel on SOA Governance went very well and we had some great
                          Continue reading...


                          Your Cell Phone Is Watching You

                          One of my favorite programs from last week was Nathan Eagle's Where 2.0 presentation on using cell phones to predict user behavior. Using only publicly available data, Eagle was able to deduce relationships between pairs and groups of individuals. There are privacy concerns to be sure. Your cell provider already has much of this data. Every time two cell providers merge, what little protection we get from disparate carriers is broken down. What interested me most though it not the privacy concerns, but the potential to infer and enhance social interactions using the wearable computers each of us carries
                          Continue reading...


                          Reputation Podcast

                          Tom Maddox had his podcasting gear at IIW2006 and was interviewing people both days. He was just sitting in the main hall, so there's quite a bit of background noise, but they material is pretty good. So far, he's published the following: Christine Herron Phil Windley Dick Hardt The Intention Economy Doc Searls
                          Continue reading...


                          IIW Identity Space Map

                          Kaliya created a wall hanging from butcher paper and lots of little colored construction paper icons to hang on it. This was hanging on the wall the entire workshop and people were free to add to it. The "map" was designed to represent the evolution of Internet or user-centric identity over the last 2 years or so and look into the future about a year. Kaliya had already pre-populated it and I took a picture to represent the intial state. The above picture is the final state, at the end of the conference and reflects everyone's additions. Steve carter
                          Continue reading...


                          IIW2006 Wrap

                          After a day of decompressing from Internet Identity Workshop, I've had a few random thoughts that I thought I'd record. I was very pleased with how things turned out, that participation, the venue, the food, everything. Here are some specific things: First, Kaliya (aka Identity Woman) did an amazing job of putting the program together. She does this professionally, so if you're running a workshop that you'd like to do in a "unconference" format--she's someone you have to hire to do it for you. You won't be sorry. The Computer History Museum was a great venue for this sort
                          Continue reading...


                          IIW2006 Kudos for Unconferences

                          Kim Cameron has some very nice words for IIW2006 and the unconference format on his blog: Everyone in attendance was awe-struck by the IIW 2006 that just took place in Mountainview. It was incredible. With Doc Searls and Phil Windely navigating at the macro-level, the amazing Identity Woman Kaliya orchestrated an ”unconference” that was one of the most effective events I’ve ever attended. It’s clear that creating synergy out of chaos is an art that these three have mastered, and participants floated in and out of sessions that self-organized around an ongoing three-day hallway conversation - the hallway actually
                          Continue reading...


                          Speaking at Yahoo! on Reputation

                          Yahoo!(click to enlarge) I gave a presentation on identity and reputation at Yahoo! today as Chad Dickerson's guest. The talk (slides) introduced user-centric identity and then introduced the reputation framework that my students built. I hope we'll have releasable code and a paper available soon. I'm looking for funding to support further development of the framework. If reputation is interesting to you or your organization, contact me. I'd be happy to talk to you about what we've done and how you might be able to participate.
                          Continue reading...


                          IIW2006: Wednesday Sessions

                          Randy Farmer leads the skeptic session(click to enlarge) Kaliya started the day with a call for anyone else who wanted to create new sessions and then did a "spectrogram." She put a long piece of tape on the floor and asked questions where people arrayed themselves along the spectrum represented by the tape. She interviewed people at spots on the tape. A good way to get a feel for how the group is thinking about some things. I did my session on reputation and showed off the reputation system we built in my 601 class last semester. Generally well received
                          Continue reading...


                          IIW2006: Tuesday Afternoon Sessions

                          Doc, Dave Winer, and Don Park(click to enlarge) The afternoon started for me with a session that Dave Winer led on identity in OPML and RSS. There's a need to identify owners and authors in OPML and RSS without creating email addresses that can harvested by spammers. This is a good time to have this discussion because OPML 2.0 is being spec'd. The <head> section in the spec includes a <ownerId> that is defined thusly: [T]he http address of a web page that contains an HTML a form that allows a human reader to communicate with the author of the
                          Continue reading...


                          IIW2006: Tuesday Morning Sessions

                          Monday Dinner(click to enlarge) Last night's conference dinner was very well attended and very good. We started the morning in true unconference fashion by putting together the agenda. This happens by having anyone who wants to lead a session write it down on an 8.5x11 inch piece of paper and post it on a time grid on the wall. Everyone who posts something gets an opportunity to say something about their session. the agenda is fairly full and there are some good topics. Putting together the agenda(click to enlarge) Kaliya said that the guy who invented open space spent a
                          Continue reading...


                          IIW2006: SXIP, InfoCard, XRI, and Doc

                          The new "just right" room(click to enlarge) We moved upstairs to accommodate the crowd and ended up with a lot more elbow room. Dick Hardt was the first speaker after the break. he gave a new version of his famous Identity 2.0 talk. Dick mentions BCeID, a government identity service that forms a basis for digital identity in BC. I've long argued that governments have abdicated the responsibility for provide commerce supporting infrastructure online. (By "infrastructure" I mean legal frameworks more than hardware and software.) BCeID looks to be mostly about government online services, but Dick points out that he's
                          Continue reading...


                          IIW2006: Identity, Lexicon, and URLs

                          The identity map(click to enlarge) One of the nice things about an informal workshop is the freedom to rearrange things as necessary. Doc, who was opening, was running a little late, so we re-did some of the schedule. Eugene Kim was first up at IIW. Eugene's job was to introduce the ideas behind user-centric identity. He introduces the concepts of identity by introducing himself. User centric identity is about users controlling their own identity. Where does that lead us? Eugene Kim(click to enlarge) Eugene contrasts the idea of single sign on with portable identity. While many people use a single
                          Continue reading...


                          IIW2006: Getting Started

                          The Internet Identity Workshop starts today. I'm actually sitting in the Computer History Museum right now, getting things set up. It's not too late to come, if you're interested. I've added a one day option to the registration page. That includes snacks, lunch, and dinner (on Tuesday). I'll be live blogging, as will others. Instead of doing some kind of Planet aggregator like I did last time, I figured we could just advertise that we were using iiw2006 as the tag and then count on others, like Technorati to pull them all together.
                          Continue reading...


                          IIW2006: Monday Activities

                          It would be helpful for us to get a count of people who are planning on attending Monday's afternoon session, the dinner that evening, or both. If you're planning on being at either of those activities, please visit this page on the wiki and add you name to the appropriate list.
                          Continue reading...


                          Story of Digital Identity

                          Kaliya was on Aldo Castaneda's Story of Digital Identity podcast this week talking about the Internet Identity Workshop. We're expecting a good crowd.
                          Continue reading...


                          How Does OpenID Work?

                          I've been trying to dissect OpenID and make sure I really understand what's happening. The spec is the ultimate source, but obviously covers all the bases. What I wanted was a picture, but I couldn't find one. So, I made one. Part of the problem with understanding the spec is that the text tells what has to happen, but there are some implementation details which, while variable, as still helpful for decoding the ins and outs of the most common scenarios. For implementation details, I turned to a Web proxy to help capture the HTTP request/response pairs. The one
                          Continue reading...


                          IRAs Reduce Risk

                          I was speaking with Aldo Castaneda this morning about Identity Rights Agreements. Aldo was one of the co-authors, along with Kaliya Hamlin and myself of a position paper on IRAs. We had a good time talking and there were some good thoughts, but one in particular that I wanted to record dealt with getting business to accept IRAs. The problem, of course, is that if IRAs are seen to come from "privacy nuts" then business will perceive a lot of risk for not much reward. IRAs will be seen as creating a liability where none existed before. There's an
                          Continue reading...


                          DIM Workshop 2006

                          I've been asked to be on the program committee for the ACM CCS2006 Workshop on Digital Identity Management, which will be held November 3, 2006 at George Mason University in Fairfax, VA. The tagline for the workshop is "Exploring User-Centric Identity Management." Papers are being solicited on the following topics: Basic principles -- what makes an identity system user-centric? Client-hosted identity Consistent UI for identity transactions Identity lifecycle management Identity Metasystem Identity theft prevention Privacy-enhancing identity management Private Credentials Social networks Strong authentication Unlinkability of Transactions URI-based identity systems Papers are due on July 7, 2006. This should be
                          Continue reading...


                          IIW Gear Available at CafePress

                          Shirts and other stuff with the cool Internet Identity Workshop logo are available now at CafePress. All this is at cost--there's no markup. If you're planning on coming to IIW May 1-3, I'd really appreciate you registering as soon as possible so that we can use reasonably good numbers for planning food for breaks, etc.
                          Continue reading...


                          Navigating User Centric ID Systems

                          If you've been following along, you'll remember that I set up a OpenID enabled MediaWiki for the Internet Identity Workshop. Yesterday, Johannes Ernst told me that you can use MyLID to sign in as well. Cool. This works because MyLID not only understands LID, but OpenID as well. I've been wondering how to make the wiki accessible to LID, OpenID, i-names, InfoCard and others, but may have had it backwards. Because MyLID (the identity provider) is multiprotocol, the IIW wiki (the relying party) doesn't have to be. That is, if MyLID, MyOpenID, 2idi (an i-name broker), and other identity
                          Continue reading...


                          InfoCard and MediaWiki

                          A few days ago, I mentioned that we'd put up a version of MediaWiki that supports OpenID for the Internet Identity Workshop. I know that Johannes Ernst and others trying to get it all working with Yadis generally. A month or so ago, Kim Cameron InfoCard-enabled his Wordpress blog. I'd love to see this all working together. Is there any MediaWiki code that does InfoCard yet? If so, can these things co-exist?
                          Continue reading...


                          Identity Privacy Contracts

                          I had a nice chat with Jeremie Miller this morning and he pointed me at a post I'd missed from Peter St. Andre on what he calls Identity Privacy Contracts. This is a well though out discussion on the levels of protection one would want in identity rights agreements. I think there will be a lot of discussion on this at IIW in May. Identity Commons is being reborn and hopefully this can be a mainstay in it's mission. To work, IRAs or IDPCs need organizational muscle, legal work, etc. Identity Commons, reconstituted, is probably the right place to
                          Continue reading...


                          Separating Authentication and Authorization

                          Yesterday I was talking to Kelly Flanagan, BYU's CIO about the OpenID enabled wiki we have for the Internet Identity Workshop. I'd love to see BYU put an OpenID server on top of their directory. That way I could easily have my students authenticating on my wikis and blogs. Of course, BYU has all kinds of APIs for doing this, but I have use certain development environments, have permission, etc. Solutions like OpenID are much more loosely coupled. Our discussion ultimately got down the distinction between authentication and authorization. OpenID is a pure authentication system. It doesn't even support
                          Continue reading...


                          New Digital ID World Blog

                          Phil Becker and Eric Nolin has started blogging at ZDNet, moving their old Digital ID Blog onto the ZDNet blog machine (where I blog on Between the Lines). Welcome to both!
                          Continue reading...


                          OpenID and MediaWiki

                          Ross Mayfield generously donated a wiki for the Internet Identity Workshop and we used it to good effect for the event last October. This time there was some interest in using OpenID (and even Yadis, if possible) to do authentication and it just so happens that Jonathan Daugherty has created an OpenID patch for MediaWiki. With some help from the group at #openid on Freenode, especially Jonathan, I was able to get a patched copy of MediaWiki up and configured to use OpenID. It's now the official Internet Identity Workshop Wiki. Here's what I did to make it all
                          Continue reading...


                          Liberty and Federated Identity

                          When I wrote about Federated Identity Governance for InfoWorld, I spoke to 5 or 6 companies who were successfully federating identity and had been dealing with governance issues. Most of these were also members of the Liberty Aliance. A few people have asked me how it happened that I wrote an article about federation, talked to so many members of Liberty, and yet failed to mention Liberty Alliance in the article. The easy answer is space. I had to cut 500 or 600 words as it is and was trying to get the key ideas into the space I
                          Continue reading...


                          Blatant Ripoff?

                          I'm not sure what to make of this. Last month, I was interviewed (for about an hour) by Celeste Biever who was writing a story on InfoCard for New Scientist. The story came out yesterday. Also yesterday, I got a Google News alert that pointed me at this story from TMCnet. The story seems to be the New Scientist story, at least the first few paragraphs are the same--New Scientist puts the rest of the story behind a paywall. The TMCnet story references New Scientist, but provides no link and doesn't say that Celeste Biever is the author. TMCnet
                          Continue reading...


                          Federated Identity Feature

                          SAML Federated ID (InfoWorld)(click to enlarge) My feature on Federated Identity Governance came out today in InfoWorld. There are three pieces: The hidden challenges of federated identity - Federation is the logical goal of identity infrastructures, but achieving it takes more than just technology User-centric identity brings federation close to home- Agreements between peers can add up to an effective federation Scaling a federated identity infrastructure - Most identity federations start small, but as they grow in size you may need to rethink your approach If you read them and want to know more, buy the book!
                          Continue reading...


                          MicroID - A Microformat for Claiming Ownership

                          This morning I learned about MicroIDs from Doc Searls. Jeremy Miller has proposed MicroIDs as a microformat that "allows anyone to simply claim verifiable ownership over their own pages and content hosted anywhere." A MicroID is a hash of two hashed values. The first is a verified communication ID (like an email address that you can prove belongs to you). The second is the URI of the site that the content will be published on. You end up with a unique, long string of gibberish that can be put in the header of a Web page or even wrapped
                          Continue reading...


                          Trusting Google Authentication

                          In an earlier entry, I said With no fanfare at all, Google has created a universal login for anyone who wants to use it. From Phil Windley's Technometria | Using Google's Universal Authentication EngineReferenced Tue Mar 21 2006 08:22:50 GMT-0700 (MST) Well, not quite. I had a couple of my students, Devlin Daley and Harsh Nagaonkar spend a little time playing with it. As presently constituted, the token you get back is long lived and replayable. It's better than giving a third party site your password, but not much. Anyone with your token can use it to log in
                          Continue reading...


                          IIW2006 Registration

                          The registration page for the Internet Identity Workshop is now live. Please register as soon as you can: we have early deposit requirements at the Computer History Museum that we're hoping registration fees will cover.
                          Continue reading...


                          Using HTTP Authentication

                          HTTP authentication has been pigeonholed into protecting back-end systems and whole sites. In fact, it's much more versatile, as this tutorial shows. Ever wanted to use HTTP authentication from a Web form or allow HTTP authenticated users to logout? This shows you how using standard server-side techniques and very little code hacking.
                          Continue reading...


                          Internet Identity Workshop 2006

                          Kaliya Hamlin, Doc Searls and I will be holding another installment of the Internet Identity Workshop at the Computer History Museum in Mountainview, CA on May 2 and 3. We're also holding a half day "intro for newbies" on the afternoon of May 1st for people who want to join the conversation on Tuesday and Wednesday. I've put up an announcement with details. Look for a registration page later this week, but I wanted people to be able to get it on their calendars now. Please link to the announcement and help spread the word.
                          Continue reading...


                          Answers About Identity

                          James McGovern asked me some questions about identity. Here are some answers: James: If I work for a premier outsourcing firm and I have been asked to develop a software architecture document describing how identity should work and be consumed within an enterprise application I am thinking about, what should this document look like? That's a question with a long answer. The short answer is "read chapters 13-20 of my book. There are multiple parts, including a data model, a process model, an interoperability framework, a policy set, and multiple reference architectures. Taking the above question, one step further
                          Continue reading...


                          Mary Hodder on iTags (ETech 2006)

                          Mary Hodder is talking about itags. An itag is a tag + author identity + CC license + media object. Media objects can be text, photo, video, or audio. Trusing tags means trusting the maker of the tag. By uniquely identityfy the object, the tag, the author, and the licensing; the itag can live anywhere. The goal of all this is to put tags and objects together so that they can be included in places like feeds. "I-tagging would remove the requirement for a tag to be coupled with the originating URL (blog post URL) because identity would be
                          Continue reading...


                          Dick Hardt on Identity 2.0 (ETech 2006)

                          Dick Hardt's company has a big sponsorship presence at ETech, the badge lanyards and even the room keys bear the SXIP badge. This morning he's doing the sequel to his Identity 2.0 talk, made famous by his style and humor. This morning's talks is titled "Who's the Dick on My Site?" How do I prove I am who I say I am? How do Web sites know the things I want them to know without them to know with minimal disclosure? The content was new, but the message was very much the same, but the presentation is more tutorial
                          Continue reading...


                          User-Centric Identity with Liberty

                          Flash demo of Liberty specifications being used in user-centric ID scenario(click to enlarge) Hubert A. Le Van Gong of Sun has a flash demo showing how a user-centric identity system can be built now using existing specifications from the Liberty Alliance. The demo shows some clear, user-centric behavior. You could nit pick about the applet and whether that's the best client, and so on, but that's not the point. The point is that user-centricity doesn't have to be "anti-Liberty" as some suppose. Liberty can be used in a number of ways. The real battle is educating companies in user-centric ideas
                          Continue reading...


                          Federated Identity Checklist

                          I'm putting together a checklist of things to do to help federation succeed for the feature I'm writing for InfoWorld. Here's my list so far. Any other's that ought to be in there based on your experience? Find win-win situations where both parties benefit from the federation Start with internal projects Find an experienced partner for your first external federation Create a center of excellence in the CIO's office Establish a federated identity council to get input from business users Educate the legal department about federation and develop an in-house legal expert Pay attention to privacy Make sure your
                          Continue reading...


                          Presentation at W3C Workshop

                          The paper Kaliya Hamlin, Aldo Castaneda and I put together for the W3C Workshop on Transparency and Usability of Web Authentication was accepted for presentation. The paper discussed identity rights agreements. W3C has released the draft program. This looks like a really good event. Unfortunately, I've already committed to moderating a panel at the InfoWorld SOA Executive Forum in San Francisco those days and the workshop's in NYC. I'll have to rely on my co-authors to make the presentation.
                          Continue reading...


                          Position Paper at W3C Workshop on Web Authentication

                          Kaliya Hamlin, Aldo Castaneda, and I have had a position paper accepted at the W3C Workshop on Transparency and Usability of Web Authentication. The workshop will be March 15 and 16 in New York. Our paper is Identity Rights Agreements and Provider Reputation. Identity Commons Position Paper. This is probably the most complete discussion of our thinking around identity rights agreements to date.
                          Continue reading...


                          VeriSign's VIP

                          Verisign has announced a system for better authentication on the Internet that will be supported by eBay, Yahoo! and PayPal. The system uses a USB hardware token. I'm interested to see if people will use it. American Express had a card (I think it was called "blue") a long time ago that included a smartcard and gafve away the readers. People didn't go for it. Maybe if they can get someone to put them in this really cewl wristband, they will.
                          Continue reading...


                          Lightweight Identity Systems

                          Eve Maler has a nice list of Internet Identity systems. Good summary. Johannes Ernst adds some thoughts in the comments to Eve's post, so be sure to read the whole thing. Eve also offers up some slides (PDF) that introduce Liberty and SAML.
                          Continue reading...


                          Defining Reputation

                          I defined reputation in a recent post. More specifically, I said that reputation isn't identity. Dick Hardt disagrees. To tell the truth, I hadn't remembered that slide from his famous identity presentation. Dick refers to a definition of reputation from dictionary.com reputation: 3. A specific characteristic or trait ascribed to a person or thing and says To me, this makes it clear that reputation is part of your identity. Phil states that identity data is not transaction data or reputation data. I think it is. An example of transaction data being identity: "I'm the guy that bought that black
                          Continue reading...


                          Registering Identity

                          A couple of bills caught my attention today. Both bills, under consideration by the Utah Legislature, deal with identity. The first, HB158 would require convicted sex offenders to renew their driver's license yearly. The idea is that while sex offenders are under no pressure to keep their data current in the state's online sex offender registry, they need a driver's license. The bill turns a manual process of checking into a more automatic process where renewing a driver's license updates the registry. The second, HB429, places restrictions on the sale of components used to make meth. Anyone purchasing medicines
                          Continue reading...


                          A Model Regime for Privacy Protection

                          Daniel Solove and Chris Hoofnagle have published a paper entitled A Model Regime of Privacy Protection. The paper outlines patches that could be applied to current US law to increase privacy protection. In the paper, Solove and Hoofnagle build the model regime around Fair Use Practices, a set of very general principles: There must be no personal data record-keeping system whose very existence is secret. There must be a way for an individual to find out what information about him is in a record and how it is used. There must be a way for an individual to prevent
                          Continue reading...


                          Some Thinking About Reputation

                          In my grad class this semester, we're designing and building a reputation system. Today we had some discussions which I wanted to capture and get feedback on. First, the overall idea is that reputation is computed from identity and transactional data. So a reputation, R, is calculated as follows: I == a vector of identities TxI == a vector of transactions on I VI == a vector of verification data on I R = F(I, VI, TxI) Some thoughts Allow users to assert I The system would provide ways for users and others to verify I (forming VI) The
                          Continue reading...


                          IIW2006A Dates

                          We're planning dates for the 2006 Internet Identity Workshop (part A). We're planning to hold the workshop in the Bay area, but before we can finalize the venue, we need to pick dates. We've settled on May 2-3 or May 10-11 with a strong preference for May 2-3 right now. If you have strong feelings one way or the other, please let me know.
                          Continue reading...


                          IIW2006 Venue

                          We're looking for a venue for Internet Identity Workshop 2006. We're planning to hold it in the Bay Area in May. We need enough space for about 100 people and a way to hold 4-5 breakout sessions during part of the workshop. The workshop will last two days. If you have an suggestions, please let me know.
                          Continue reading...


                          Governing Federation

                          I'm doing a feature story for InfoWorld (to appear in March) on governing federated identity relationships. The core of the story is that the technology to do federated identity is here, works, and is maturing; technology isn't the biggest problem. The real problem comes down to governance. Once you start sharing identity information with partner companies and customers, the real gotchas lie in hammering out the relationships between all the parties involved and defining who has what kind of access to what data. Of course, my book is chock full of my ideas on that. One thing I don't
                          Continue reading...


                          Owning Identity, Not Reputation or Transactions

                          Bob Blakeley, who writes frequently about identity issues has an interesting post entitled On The Absurdity of "Owning One's Identity" in response to Kim Cameron's first law. The first law states: Technical identity systems must only reveal information identifying a user with the user's consent. Bob, rightly, recognizes that this really isn't a law and goes on to give various reasons why it's unenforceable. Drummond Reed points out, that Kim's talking about "technical" systems, not the processes that might be built on top of them. Even so, there are some interesting issues here that point out why identity and
                          Continue reading...


                          Algorithmic Authorizations

                          Yesterday I was reading Seeing What's Next: Using Theories of Innovation to Predict Industry Change by Clayton M. Christensen, Erik A. Roth and Scott D. Anthony and came across a story about how credit scoring changed the loan industry: In 1956, Fair, Issac created a standard predictive risk-assessment tool. It dramatically simplified the process of judging creditworthiness with a statistical methodology that plugged variables from an applicants credit history into an algorithmic formula that produced a score. Credit scoring's robust, scientifically based, quick assessment enabled a broader population of less-skilled people to make lending decisions. It occurred to me
                          Continue reading...


                          Felonious Acts on the Internet

                          I just posted a piece at Between the Lines that talks about a new federal law that make pseudonymous annoyances a felonious act. Good thing I don't blog under a pseudonym--I'm sure I annoy all of you from time to time.
                          Continue reading...


                          TPM and Positive ID

                          There's an article at MSNBC about how Trusted Computing Platform (TCP) chips, already installed in many computers, could be used to provide "positive ID" on the Internet and end anonymity. I find articles dealing with Internet identity in the mainstream media usually scare me--and this one is no exception. What scares me is the willingness people have to sweep aside technical hurdles, privacy concerns, and practicality in wide-eyed optimism about how technology will eventually solve all our Identity problems. With a TPM onboard, each time your computer starts, you prove your identity to the machine using something as simple
                          Continue reading...


                          XRI, XDI, and Identity

                          I flew down to Oakland today to attend Andy Dale's XDI Workshop (slides and video available, eventually, on the wiki). XRI's one of those things I've wanted to understand better and I decided that going to a workshop with Andy was the best way to do that. Call me lazy. Andy subtitled his presentation "an implementor's guide" and started off with an off-the-cuff comment that XDI is mostly at a stage where it can be implemented. Globally Unique identifiers You can't talk about distributed management without talking about global unique identifiers (GUIs). These are things like phone numbers. Local
                          Continue reading...


                          Capability Discovery for Identity Protocols

                          While is possible that a single identity system will emerge for the Internet, it's not likely. Hence the claim by Microsoft's InfoCard to be a "meatasystem" for identity. That is, an infrastructure that other identities can ride on. Alternately, others are building such a metasystem from the bottom up. Right now, that effort goes by the unfortunate moniker of YADIS. YADIS is a way of discovering the capabilites of various identity systems. Drummond Reed just announced that YADIS will also include i-names in addition to OpenID and LID.
                          Continue reading...


                          URLs as Identity

                          Johannes Ernst thinks that's URLs should be used to identify people. That's the basis of his LID identity system. Open ID is based on the same concept. Johannes notes that OPML has joined the party and talks about an emerging consensus on how it should work.
                          Continue reading...


                          XDI Workshop

                          I'm going to the XRI Workshop that Andy Dale is teaching Dec 5th in Alameda. The timing worked out perfect and I've wanted to dig deep into XRI for a while. This seems like the perfect opportunity.
                          Continue reading...


                          Digital Identity Reviewed

                          Ben Rothke reviewed Digital Identity at UnixReview.com. Overall Ben's comments were favorable, saying: Overall, Digital Identity provides the reader with a good introduction to the various areas necessary to develop a productive identity management infrastructure. Anyone planning to deploy an IMA or any sort of federated identity solution in a corporate environment will find Digital Identity a valuable reference. From Book Review: Digital IdentityReferenced Sat Nov 19 2005 16:03:58 GMT-0700 (MST) Ben especially liked the chapter on Identity Policies. He complained about editing mistakes and the number of first-person anecdotes I used. On the issue of typos, I sincerely
                          Continue reading...


                          IIW2005 Talks

                          If you missed IIW2005, or were there and wanted to hear something over again, the audio from the conference is now online. A big thanks to Scott Mace for recording the workshop and post processing the audio. You can link to the audio individually below or subscribe to this podcast. Opening remarks by Phil Windley, podcast from the Internet Identity Workshop, Oct. 26, 2005. (13:58) Identity in the Marketplace: The Rise of the Fully Empowered Customer, featuring Doc Searls, podcast from the Internet Identity Workshop, Oct. 26, 2005. (1:19:31) [Notes from my blog] Use Cases for the Social Web,
                          Continue reading...


                          Achieving Ubiquity With an Identity Metasystem

                          Brett McDowall, who gave a presentation on Liberty at IIW2005, has started a blog. At IIW2005, he said "the world belongs to those who show up" and his blog is an effort to "show up" in the blogosphere. Brett notes that there's a lot of misunderstanding about Liberty Alliance, even (or maybe especially) among the IIW2005 crowd. Some of that's FUD, but as he notes, there are technological barriers. The primary one he notes is that RESTians aren't likely to jump on board SOAP just for the privilege of using an identity infrastructure. I was interviewed this afternoon by
                          Continue reading...


                          IIW2005: Day Two Wrap-Up

                          Today we ran the conference using something called "structured open space." Kaliya Hamlin was anxious that we use it as a way of creating discussion. I'll admit that I was somewhat skeptical, but it turned out very well. Here's how it worked: As people came in at 8:30 we put them at tables with 8-10 people and told them to introduce themselves. About every 20 minutes we made them switch tables and reintroduce themselves to the new crowd. All along the way they were supposed to tell people what questions they most wanted answered in the workshop today. At
                          Continue reading...


                          IIW2005: Identity Rights Agreements

                          This afternoon there was a good sized group that got together to discuss Identity Rights Agreements. One big problem is the legal status of such agreements. Mary Rundle was very helpful to the discussion here. One point was that an organization (like Identity Commons) could create a "trustmark" that Web sites that take identity data could display saying they agree to abidee by IRAs. This provides some prtection under trademark law, but may not be the best way really punish violaters. Data protection privacy commissioners want to create a regime for protecting personly identifying information. What we're saying in
                          Continue reading...


                          IIW2005: Attention Data as Identity

                          Attention data is the record of what you've read, what you're spending time on, and what you should be paying attention to. Two different groups are thinking about attention data in a general way: Attention.xml and Attention Trust. My impression is that Attention.xml is more about the technology needed to track yourself while Attention Trust is more "rights" to "data you own." We had a discussion this morning at IIW2005 about attention data and identity. It's clear that attention data is founded on identity, it's less clear that attention data is identity in the sense of "digital identity" as
                          Continue reading...


                          IIW2005: Summary at Between the Lines

                          I posted some thoughts and a summary of Day One at Between the Lines.
                          Continue reading...


                          IIW2005: Pictures

                          I've posted some pictures I took today at IIW2005 on my Gallery. There's also some at Flickr that are tagged with iiw2005. I tried to get every speaker, but missed a few--just got busy writing and forgot to take a picture. Sorry.
                          Continue reading...


                          IIW2005: Joel Getzendanner on Identity Commons

                          Joel Getzendanner is introducing Identity Commons. Identity Commons (IC) is not a service provider, a technological alternative, or an umbrella organization. IC is a place for those working on identity. IC is technologically neutral. IC is intended to be a community of shared intent. IC is participant owned, egalitarian, and tries to keep control and content as local and distributed as possible. IC wants minimal authority over participants. The Identity Commons Web site seems to be mostly about i-names at this point, the primary thing they've been involved in thus far. That probably ought to be redone to more
                          Continue reading...


                          IIW2005: Paul Trevithick on Higgins Trust Framework

                          Identity is a three-body problem. When you use a credit card, there's pre-existing trust between the airline and the bank (brokered by Visa). You're the third party in that equation. Lots of groups that we belong to, lots of implementations. People want to manage relationships between extremely diverse contexts. This is where the Higgins Trust Framework (HTF) comes in. The goal of the HTF is to address four challenges: the lack of common interfaces to identity/networking systems, the need for interoperability, the need to manage multiple contexts, and the need to respond to regulatory, public or customer pressure to
                          Continue reading...


                          IIW 2005: Brad Fitzpatrick on OpenID

                          OpenID is similar to LID in that URLs are used for identifiers. Identity URLs can be static web pages so there's a low barrier to entry. Also, no SSL is required, nor is a browser plugin. OpenID is simply a way to prove you own a URL. OpenID can be stateful or stateless. Stateful access is faster, but requires more infrastructure to support. When you grab a URL, the URL has a way of saying who the identity server is (in the <link/> tag). The identity server provides a way for the person claiming the URL to prove (i.e.
                          Continue reading...


                          IIW2005: Johannes Ernst on LID

                          Johannes starts off with a discussion of REST because that's critical to his design principles for LID. He describes it this way: "everything that matters on the Internet has a URL, can be bookmarked, can be found via Google, can be hyperlinked, can be tagged, and can be accessed with a browser." People got very argumentative here. REST discussions do that. Johannes' conclusion: people need URLs. Similar argument to Drummond and XRIs, but with a different conclusion. Johannes gives a use case based on Doc's Company Relationship Management scenario and me trying to find a hotel in Berkeley. This
                          Continue reading...


                          IIW2005: Dick Hardt on Identity 2.0

                          Dick starts with a discussion of the SXIP 1.0 architecture. One of the things I note as I listen to Dick is the nomenclature problem. We have some people calling users "users" and others calling them "principals", some calling the relying party the "membersite", identity providers can be "homesites," and so on. This is hard to keep straight. You need a score card to keep up. I'm not picking on Dick here--he's picked his words and they're as good as anyone else's. The Identity Gang wiki has an identity lexicon that is attempting to "create a minimal set of
                          Continue reading...


                          IIW2005: Drummond Reed on XRIs

                          XRI is a syntax and resolution protocol for abstract identifiers---identifiers that are independent of the underlying network location, domain, application, or storage. It's an abstraction layer for identifiers of all types. You can use an XRI anyplace you can use a URI. An XRI can be downcast into a URI. There is also a standard way of making an XRI clickable called XRI Resolution. XRI is the product of an OASIS technical committee. In the same way that URI's unify the filename, IP address, and domain name layers into a single namespace, XRIs integrate URIs with names in the
                          Continue reading...


                          IIW2005: Brett McDowell on Liberty Alliance

                          Brett McDowall is speaking on Liberty Alliance to "engage the bottom-up community." The vision of Liberty Alliance (LA) is a networked world in which individuals and businesses can share identity information in a protected way. LA is working on technology standards and guidelines, business and privacy guidelines, and an ecosystem of interoperable products and services. The board and sponsors of LA are most of the big companies you'd recognize. But 50% of the membership is either non-profit or a company with less than 100 employees. Liberty ID-WSF 2.0 is based on SAML 2.0, WS-Security, and WS-Addressing. An earlier version
                          Continue reading...


                          IIW2005: Mike Jones on Identity Metasystems

                          We're trying to get to a world where there is a ubiquitous, user-centric identity solution for the Internet. The result should be a safer, more trustworthy Internet. Mike is showing a user experience for InfoCards, Microsoft's proposed identity solution. First time I've seen it. The solution, of course, is very thick client oriented since InfoCards is built into the OS. The vision is nice because there's a common experience for using InfoCards across every Web site. A ubiquitous identity solution must accommodate mutually contradictory requirements based on context. For example, most of the time we don't want people to
                          Continue reading...


                          IIW2005: Marry Ruddy on Use Cases

                          Mary Ruddy is speaking on Use Cases for the Social Web. Our hope is that by discussing use cases, we can lay a foundation for later discussion and give everyone a common frame of reference. Mary makes the point that use cases are stories. Keeping the discussion about stories helps people from different technology backgrounds to relate. Use cases: SSO, social commerce (Doc's example or recommender's, reviewers, and affiliates), augmented social networks, Katrina networking (lost and found people), soccer registration, Internet banking authentication, health care, etc. Question: can we move beyond authentication? Mary makes an interesting point that we
                          Continue reading...


                          IIW2005: Doc Searls

                          Doc is leading out today giving a foundation for why identity matters. Markets are places where people meet to exchange things and make culture. Free markets are not "your choice of silo." Doc notes that the difference between "content" and "speech" is critical. Congress can't regulate speech, but they can regulate the movement of content (his example is the FCC broadcast restrictions on obscenity). The 'Net needs to be a place for free speech and where free enterprise happens. This is an example of an issue that is not about left or right, Democrat or Republican. It can be
                          Continue reading...


                          IIW2005 IRC Channel

                          If you're trying to follow along at home, there is an IRC channel at irc.freenode.net/#identity
                          Continue reading...


                          Identity and Presence

                          I put a piece about the difference between identity and presence information at Between the Lines. The difference is pinpointed by iTunes in its use of proxies for presence to enforce its DRM policies--badly, as it turns out.
                          Continue reading...


                          Yet Another Decentralized Identity Interoperability System

                          There have been several proposals for Internet identity systems over the past 18 months or so, including Microsoft's InfoCard proposal, SXIP, and several URL-based systems including LID, OpenID, and Passel. Today Brad Fitzpatrick (of LiveJournal/Six Apart and inventor of OpenID), Johannes Ernst (of NetMesh and LID), and David Recordon announced a proposal to build an interoperability framework for LID and OpenID called YADIS (Yet Another Decentralized Identity Interoperability System). Here's part of what they said in the announcement: Working on this problem, we realized quickly that what we were really building was a bottom-up, light-weight interoperability framework for personal
                          Continue reading...


                          IIW2005 Blog Aggregator

                          I've set up an RSS aggregator for IIW2005 so that people not attending the conference will have a one-stop place to keep up with what attendees (and others) are saying about it in their blogs. If you're going to be blogging about IIW2005 and the presentations, please send me the URL of your RSS feed so that I can add it to the list. In addition, we'll be recording the sessions and podcasting them later.
                          Continue reading...


                          IIW2005 Hotel Redux

                          OK, I chickened out. After I posted that I was staying at the Hotel Shattuck, David Kearns posted a note indicating it
                          Continue reading...


                          IIW2005 Hotel

                          I just made reservations at the Hotel Shattuck for IIW2005 based on nothing more than gut feel. Let me know if I've made a huge mistake. If you're looking for a hotel for IIW2005, there's a list on the wiki. There's a little more than 60 people currently signed up. If you're planning on coming and haven't registered yet, it would help us a lot if you could do so soon so that we can order food. Also, if you'd like a t-shirt, you have to order it yourself.
                          Continue reading...


                          IIW2005 Shirts Are OK

                          I ordered a couple of IIW2005 shirts from Cafepress to make sure they looked OK. I ordered the long-sleeved T and the Ash Gray T. Both looked good. The logo looks great--no jaggies or anything and the T-shirt quality is good. I'm happy with them.
                          Continue reading...


                          Reverse the Question

                          In response to my questions about the word 'identity,' P. T. Ong says: You don't get definitions right, it's hard to have lucid thoughts, let alone unambiguous communications. "Do identical twins have different identities even if we can't tell them apart?" Define what you mean by "identity" and I'll answer your question. We can't even answer basic questions about the "things" we are talking about because we don't have common definitions of them. Convinced yet about the importance of a well defined ontology for the digital identity community? From Random Thoughts on Digital Identity: If a Tree Falls ...Referenced
                          Continue reading...


                          Perimeter Defenses

                          Peter Coffee wrote an article referencing my book, Digital Identity. It's hard to admit that you've been doing things wrong, especially when you've gotten really good at it. When a company--or even an entire industry--gets built on the foundation of a fatally flawed idea, something really big and obvious may need to happen before people are willing to move together toward a different approach. I found an excellent example of this behavior in Phillip Windley's newly published book, "Digital Identity," from O'Reilly Media. Most good computer security metaphors have been overused to the point of dreary familiarity, but Windley
                          Continue reading...


                          Roadblocks to Ubiquity

                          In a post about Dick Hardt's Identity 20 talk, Jon Udell makes an important statement: Even a tech-savvy person like me has a hard time envisioning, never mind comparing, the interaction scenarios proposed by various identity schemes including Sxip, Microsoft's InfoCard, Shibboleth, and federated PKI. From Jon Udell: Envisioning identityReferenced Mon Oct 10 2005 10:24:02 GMT-0600 (MDT) Johannes Ernst picks up on that and adds: I completely agree, and would add that nobody, not even the "insiders" really understand what consequences all the different proposed architectures have in terms of, say, who gets empowered and whose power diminishes how
                          Continue reading...


                                                  image

                                                  news

                                                  explore

                                                  car

                                                  Finance

                                                  culture

                                                  Second-hand housing

                                                  culture

                                                  Information