ating Spinach at the Internet Identity Workshop 2008

This is my first report from Internet Identity Workshop 2006, and, okay, that heading’s slightly unfair. Besides, eating spinach is good for you.

But, really, the next time I need to read the conference “materials” more carefully, so I’m prepared for what’s actually happening rather than what’s in my head. In my head were small groups figuring out tomorrow’s agenda. In reality, there was one speech after another from 1:00-5:00, with a small break thrown in. Note: this was clearly announced, and it’s my own damned fault for misunderstanding it.

So here’s the way the day went. I will later post in some detail about the points the  speakers made once I’ve had a chance to go over my notes, think about them, and figure out what my considered response is–probably after the workshop is over.

First up was Eugene Kim because Doc Searls, scheduled to open the show, was still on the highway.  This is the second time I’ve heard Eugene talk, and I really like the way he does it: he’s well-informed, genial, and knows how to connect with his audience. He talked about user-centric identity, what it means, and why it’s important.

Next up was Paul Trevithick, from Social Physics, affiliated with the Berkman Center for Internet & Society at Harvard Law. He presented the results of a concerted effort to define a common lexicon for digital identity. He had some luck, but once he got well into it, the whole thing began to feel a touch medieval–scholastics arguing aspects of transubstantiation, that sort of thing. Also, people started picking at his definitions, generally with cause. Still, he’s right about one thing: the domain of digital identity is absolutely plagued by semantic uncertainty and instability, to the degree that confusion abounds in many discussions, and stabilizing the lexicon is a necessary gig, and a tough one.

The schedule lurched once more because Dick Hardt, the scheduled speaker, got held up in one airport or another. (He came in from Canada, I believe, and is probably lucky they didn’t throw him in a cell on general principles.) So Johannes Itten, oops, just kidding, Johannes–that’s Johannes Ernst, got moved up in the batting order. He did an excellent pitch for the use of URLs as identifiers and the workability of Yadis’s approach to doing so. It was another good presentation: very well-informed, lucid, reasoned, detailed, enthusiastic.

Then came a break–the room was overflowing, and the attendees had to be moved. Unlike Christine Herron, I didn’t have any trouble hearing the speakers in the smaller room even though (a) I was at the very back of the room and (b) I’m pretty good at not hearing the speakers. At any rate, we adjourned to a much larger venue upstairs. There I spent the afternoon trying to get back online–out of six people at my table, four did fine with wireless–I think all of them had Macs, and you can draw whatever conclusions you will. A woman likewise hamstrung with Windows XP and I shook our heads at one another periodically, affirming that we were still cursed.

After the break, we had Dick Hardt from SXIP Identity, doing a new version of his famous “Identity 2.0″ presentation. As numerous people have remarked, Dick rocks. He first summarized the problems posed by the Internet’s lack of effective identity management and then made an excellent case for Sxip’s s latest incarnation–its openness, robustness, usefulness, and general usefulness at solving these problems.

Then Mike Jones, from Microsoft, talked about Kim Cameron’s Seven Laws of Identity and how Infocard puts them into practice. He showed a mock-up of how Infocard would work on Amazon, which was pretty cool, and made the pointed repeatedly that users need a simple, transparent, and uniform way of identifying themselves online–something easier and harder to crack, spoof, and etc. than the usual username/password combo. Again, good pitch, good details.

Next came two (actually, four, packaged as two) presentations, the first by Eve Maler & Associate, talking about SAML and the Liberty Alliance; the second by Drummond Reed and Associate, talking about XRI and XDI, and I hope that I’m never quizzed on  crucial points of either.

I’m afraid that I had hit the wall on listening to lectures, due to fatigue/Attention Deficit Disorder and technical incompetence. I think I was in a light coma, from which I emerged briefly, periodically, in order to check if my wireless connection was still buggered, and it was. During these evanescent zones of attention, I heard recurrent acronyms and arcane technical terms and had relapses.

Finally, Doc Searls came on, finishing the show rather than starting it. I struggled back into sustained semi-consciousness, aware that The End Was Near, and found Doc being his usual smart, relaxed, and funny self. He did a brief summary of digital  identity over the past few years, starting with The Cluetrain Manifesto and ending with a call for something on the order of Creative Commons for user-centric identity. I’m intending to follow up on this one because I’m fascinated by the notion.

According to the agenda, we were then supposed to do  “question harvesting for Day 2 & small group conversations,” which I do believe is where I originally got hold of that notion (and then fixated wishfully on it,). We were, however, flat out of time, so fleeting small group conversations it was. I presume that the organizers, Kaliya Hamlin, Phil Windley, and Doc Searls, harvested questions by some occult means and that we will see the results tomorrow, when the unconference portion of the workshop kicks into gear, and we will indeed talk to one another at length.

In summary, all irony, snarkiness, and general carping aside, this was very much the place to be if you wanted a quick, extensive tour through the general landscape of digital identity these days. If it’s spinach, it was very well prepared by expert cooks.

Lessig Endorses Infocard

In a Wired article, “Can Microsoft Save the Net?” Larry Lessig endorses Infocard. As I’ve already discussed, Opinity is implementing Infocard in the 2.0 version of our services, so I’m really happy to see that Lessig’s opinion of Infocard’s potential is so close to ours because Lessig is consistently on the side of the good guys, which is to say, those who want to preserve the openness of the Internet. Also, for years he’s been one of the most consistent, thoughtful, and creative thinkers about the Internet and privacy, property, and law–and I’m probably drastically understating the scope of his work.

Here’s the heart of his endorsement:

We who celebrate the brilliance of the Internet - and in particular, its end-to-end open design - tend to ignore the maliciousness that increasingly infects it. The Net was built on trust, and it lacks an adequate mechanism to prevent fraud. Thus, it’s no surprise that phishing expeditions nearly doubled last year - and phishing is just one of many evils proliferating online. It’s only a matter of time until some virus takes out millions of computers or some senator’s identity is stolen. When that happens, the liberties inherent in the Internet’s early design will erode even faster than the liberties said to be protected by the Constitution.

Now, with the debut of the Info­Card identity management system, Microsoft is leading a network-wide effort to address the issue. To those of us long skeptical of the technology giant’s intentions, the plan seems too good to be true. Yet the solution is not only right, it could be the most important contribution to Internet security since cryptography.

Now, of course, we all need to see Infocard in action–to see whether the promise of the technology works out in practice.

Finally, I should note that next week I’ll be doing a podcast with Larry Lessig, the first of what I intend to be many discussions with people who have made and are making a difference in the realms of reputation, privacy, and identity.

A Funny & Smart Lunch

Yesterday, Ted Cho, Opinity’s CEO, and I drove up to the Embarcadero Center in San Francisco to have lunch with a group of people Sylvia Paull had put together for a Reputation Roundtable (which sounds a lot more formal and focused than it was).

Steve Gillmor blogged the affair under the heading,  Funny you should say that:

Had a funny lunch with Ted Cho and Tom Maddox of Opinity, Dave Winer, Mile Arrington, Sylvia Paull, writer Carleen Hawn, and a funny guy, Laurence Toney GM of eBay. Arrington is hot hot hot, so I kicked back and heard about Opinity from Maddox who has logged on a blogger-in-chief. These guys are smart not to present any handholds that can be attacked as proprietary, preferring the kind of leverage that comes from validating identity and then stepping aside.

Hey, and Steve’s a funny guy, too. So, yeah, it was all funny.

Mike Arrington blogged it, too, but under the heading “smart” rather than funny:

[…] I had lunch today with a whole bunch of really smart
people. Dave Winer, Steve Gillmor, Sylvia Paull, Carleen Hawn (who I’ve
run into twice in the last two weeks), Laurence Toney, Ted Cho and Tom
Maddox. There was some incredible brainpower there and an interesting
discussion around blogging/journalism.

So it was funny and smart. Not bad.

In truth, it was a fascinating group. There were Dave and Steve , whom you might call old school if you’re into that sort of thing, and Mike, who’s definitely new school, Carleen Hawn, who was denominated (or accused, perhaps) of being old journalism, Lawrence Toney, who’s smooth as silk in an excellent way, from eBay–not sure what school that is, Sylvia, who’s Completely Sylvia (”Don’t you guys like anything?) and Ted–I won’t label Ted (hey, he’s my boss, so anything I say would be suspect)–and I was there, too.

Steve and I had a talk that included topics such as identity, attention, open standards, and the old New York City comedy and jazz club scene, with special reference to Sam Kinnison and David Sanborn. It was preposterously interesting. I missed much of what was discussed among the others at some points–it was actually a Reputation Rectangulartable event, so folks were pretty much forced to form smaller groups to talk.

Steve thinks that what we’re doing at Opinity is complementary to what his AttentionTrust folks are up to, and I agree. As I see it, we’re both committed to the principle that users take control of information about them, which includes their attention, as revealed in their clickstream, and what I think of as the public presentation of self.

I did find time to disagree with Dave and Mike about Google Book Search, Google’s typically modest project to digitize all the books in the world. Dave and Mike both see if as copyright infringement, and Dave explicitly take the side of the publishers, whom he sees as being ripped off in the process. On the other hand, I think the project will almost entirely do good things for writers, as almost all of us need more readers rather than the very small royalties that we might receive over the years. In addition, the fact that copyright law has been hijacked by Disney and the Congress, among others, means that we need less enforcement of draconian copyright standards, not more.

I should add that disagreeing with Dave works fine for me. I respect him for any number of accomplishments, very much including his ongoing contributions to the Web, and he’s a sharp and straightforward guy, so disagreeing with him about something like this helps me clarify my own ideas.

So the hours at the funny & smart lunch were very much time well spent.

Web 2.0, Oh My

It’s been the year of Web 2.0, for certain, but that’s not a simple thing. The meaning of the term and even the reality of the thing are contested. Some people think the term signifies a profound shift in the way people will use the Web, or a resurgence of various high-tech industries, or even a shift in the way we all communicate with one another. Others see the term as, variously, a marketing ploy, a silly design style, a merely fashionable phrase that the cool people can use to show how cool they are, or another piece of Internet-driven fantasy.

…read full article…

The Logic of Microsoft’s Second Law of Identity

Earlier, in the Spring of this year, Kim Cameron started to talk about (publish) his advocacy of the Laws of Identity as they were understood, or coming to be understood, by him specifically and  within Microsoft generally.  The second of those seven “Laws” was stated as Minimal Disclosure for a Constrained Use.   In part it stipulated …

We should build systems that employ identifying information on the basis that a breach is always possible. Such a breach represents a risk. To mitigate risk, it is best to acquire information only on a “need to know” basis, and to retain it only on a “need to retain” basis. By following these practices, we can ensure the least possible damage in the event of a breach.

At the same time, the value of identifying information decreases as the amount decreases. A system built with the principles of information minimalism is therefore a less attractive target for identity theft, reducing risk even further.

The more I think about the logic behind the concept of mimal disclosure, the more excited I get about the potential power of this principle to help protect and serve the interests of both web users and website operators.

Sold to the Gentleman from Calcutta!

I just ran across an interesting blog, “Confused of Calcutta,” whose author, J. P. Rangaswami, writes on occasion about identity- and reputation-related issues.

In a recent posting, he tells about finding and buying an extraordinary record, “Pleasure Dome”–an actual LP–recorded in 1949 of poetry read by famous poets, including T. S. Eliot, W. H. Auden, and Dylan Thomas. Well, perhaps needless to say, the record is somewhat rare and collectible, so buying one was a bit of an occasion — alas, I can’t find a picture of the cover. He says:

• The seller preferred to deal locally, having been burnt by international would-be buyers before. Without my PayPal and eBay credentials, and without my Google visibility (this he only told me about later) he would not have sold it to me.
• Without my innate belief in humanity, and without my trust experience with eBay and PayPal, I would not have paid the pretty penny it took.

What I find fascinating about this is the trust and reputation elements involved. He had established himself as a presence online both through participating in PayPal and eBay and through writing his blog, and so the transaction could take place.

The whole thing constitutes a bit of a parable about doing things online, from the chance discovery of a rare and previously unknown artifact to the subtle calculations involved in both buyer and seller committing to a sale. It’s also good to be reminded that trust can be rewarded online.

Now if I could just find an MP3 of the thing …