Alex Barnett blog : identity

Chris Anderson: Charlie Rose interview discussing FREE

alexbarnett — Sat, 03 May 2008 16:51:00 GMT

I spent some time this morning watching the Charlie Rose interview with Wired's editor, Chris Anderson, discussing FREE.

The interview covers the economics and ideas driving the Internet's current (and future) state: the Gift Economy; the Attention Economy; and the Reputation Economy. Rose leads the conversation into topics such as covering the Freemium business model and consumer perceptions about the value of privacy (or lack of thereof).

The interview also moves to the topic of the Yahoo! and Microsoft merger. Rose asks: "Why is it that Yahoo! can't recruit the people at Google - through some extraordinary salary offers - that would let Yahoo! replicate what Google has?"

Anderson's answer (paraphrased): "There is a basic philosophical difference between Google and Yahoo! Google is a Machine company. Google believes that data, machines and the Algorithms will drive the company's growth. Yahoo! is a people company - it believes content created by people and the conections made between them with its drive growth."

"And what about Microsoft?", Rose asks. Anderson responds (again, paraphrasing) - "Microsoft is a pre-web software company that philosophically wants to be somewhere in between Google and Yahoo!" An oversimplified analysis, surely (hey, it's a TV interview answer), but I think the Anderson's conclusion is pretty accurate at its heart.

Social Clouds, XML 10 Years Old, and Honourable Mentions

alexbarnett — Tue, 12 Feb 2008 13:51:00 GMT

The Social Cloud

Kevin Marks is a software engineer at Google, was principal engineer for Technorati and one of the founders of Microformats. In this video Kevin talks about the big picture re: the phenomenon of online social networks in a presentation called The Social Cloud. Great backgrounder to the topic. More Lift videos here.

My Open ID?

Chris Brogen asked Question about OpenID:

"I’ve chosen to use the Wordpress.com installation of OpenID. I tied it to my Wordpress.com account and have so far used it in only two places. I’m thinking that every time I offer up an OpenID, I’ll point to that one. So far so good, right? ( To get up to speed on OpenID, go here).

What happens if Wordpress.com folds? What happens if they change their mind and start charging me, or I leave them for someone else, or whatever?"

Good question, to which you'll find multiple useful answers provided in the post's comments.

Semantic web enablement

The XML spec first public draft was November '96, the final release as a 1.0 was Feb 1998. XML was ten years old Feb 10, 2008. Tim Bray provides a history of the people involved and the events leading up to the birth of XML in his XML People.

Semantic news discovery

Silobreaker "provides relevance by looking at the data it finds like a person does. It recognises people, companies, topics, places and keywords; understands how they relate to each other in the news flow, and puts them in context for the user."

I need to play more to find out how useable / useful this service is, but I like the idea.

Honourable mention

RIA Weekly #06 - What’s Behind Code-Behind, JavaFX with Adobe tools, Microsoft/Yahoo!, and other acquisitions. The Redmonk podcast with Michael Coté and Ryan Stewart (Adobe). Topics include Kevin Lynch as new Adobe CTO, JavaFX vs. Silverlight vs. Air, code-behind annoyance, Google's Android, and the Oracle / BEA deal. I get an honourable mention on the show.

Random but good

Visual Music Instruments - via Kevin Kelly. No manual required, but it would probably help.

OAuth Podcast

alexbarnett — Sat, 03 Nov 2007 14:45:00 GMT

Chris Messina (aka FactoryJoe), Larry Halff (of Ma.gnolia) and Eran Hammer-Lahav accepted our invitation to join Ted and me and discuss OAuth in our latest Bungee Line podcast.

What is OAuth? From OAuth Getting Started - Part 1, here's the jist of it:

"OAuth allows you to share your private resources (photos, videos, contact list, bank accounts) stored on one site with another site without having to hand out your username and password.

...Users don’t care about protocols and standards – they care about better experience with enhanced privacy and security. This is exactly what OAuth sets to achieve. With web services on the rise, people expect their services to work together in order to accomplish something new. Instead of using a single site for all their online needs, users use one site for their photos, another for videos, another for email, and so on. No one site can do everything better. In order to enable this kind of integration, sites need to access the user resources from other sites, and those are many times protected (private family photos, work documents, bank records)."

Adam Kalsey, summarizes it well:

"OAuth aims to standardize the way in which different consumer systems share data. The goal is to allow a person to give an application access to do some things on your accounts at other sites, but not everything. It’s role-based authorization for APIs."

OAuth is a big idea, but is it a "solution looking for a problem to solve"? I don't think so. The problem for end users today is real, i.e. authorizing one service to access your data by another service for use by the first service, securely and with control. For developers wanting to develop apps and services that create value through the use of customer data stored on other services, there is no standardized means set of protocols to lean on. Instead, developers need to waste time learning a new way for their app to be authorized to do so for each service provider, having to jump through the various specific means and idiosyncrasies of each service.

The current way is broken - too many means to the same end, for end-users, for developers leveraging service APIs and for the service providers themselves wanting to extend their services through web APIs.

OAuth is getting the attention from a number of people and services such as Six Apart and others ("Digg, Jaiku, Flickr, Ma.gnolia, Plaxo, Pownce, Twitter, and hopefully Google, Yahoo, and others soon to follow") have committed to run with it. This is good news, but we need to get the word out there and help make developers' lives easier. So, go listen to first OAuth podcast and evangelize OAuth!

Topics covered:

Background on Chris, Larry, and Eran
What problem is OAuth trying to solve?
What is the current identity landscape - what are the alternatives, and why is OAuth a better way for all?
How does OAuth work, who should use it?
What's the development experience like?
What's the end-user experience like?
What's the relationship between OAuth and OpenID?
Where is OAuth today?
What will it take for OAuth to succeed?
Who's backing OAuth - adopters?

E-Learning 2.0

alexbarnett — Tue, 04 Sep 2007 06:10:00 GMT

What happens to education, learning processes and knowledge sharing when you combine learning objects, MUDs, RSS, podcasting, tagging, social networking, social media, network effects, AJAX, REST, web APIs, interoperable ID systems and open courseware? Answer: a lot...In this video recording of a presentation given by Stephen Downes at the International Conference on Open Courseware and eLearning in Taipei, Taiwan, June 13, 2007, Downes shares his vision of the resulting phenomenon - E-Learning 2.0. Slides are here.

New concepts explicitly introduced to me in this video include: learning networks and learning mashups. If you're familar with "Web 2.0" concepts you can skip to half way through the video to get into relevance of these to E-Learning.

(thanks to Thomas Vaner Wal for the link to Downes' homepage)

Closed is Still the Old Closed.

alexbarnett — Fri, 17 Aug 2007 13:45:00 GMT

Kim Cameron, Microsoft's Chief Architect and the man behind Windows Cardspace (was infoCard), has shared his perspective the question of whether or not OpenID would make customers' lives better on social networks. There appears to be a general agreement that allowing a Single Sign On (SSO) service across properties (think "social networks", email services, and anything else that requires authentication / authorization) is good for the customer. There's no question that from customer's (or prospective customer's) point of view that idea of not having to create multiple accounts, usernames, passwords, etc has to be an appealing prospect. There doesn't seem to be much controversy here.

The controversial questions are: would the net effect be positive or negative for the online property owner if

a) they supported SSO and,

b) let competing services leverage "their data" - data generated by customers using while using their service.

The old way of thinking is the "walled garden" way of thinking. The logic goes something like this: Why would FaceBook, MySpace, x-socialnetwork or x-service make it easy for other properties or services to extract user profile information (i.e. "my data") from their service? Because openness is great? Yeah…right.

Kim's answer to these two questions are the right answers in my opinion. His view is that the net effect would be positive.

I'll quote myself from my 20 Thoughts on Attention post as to some of the reasons why I agree with Kim's point of view:

People care about the portability and security of their data.

Software and services that allow customers to take their data with them will do better than those that don't.

Letting customers share and take their data with them will be a competitive feature of successful online services.

New entrants into markets are more likely to allow customers to take their data with them than the existing market leaders.

Market leaders want to lock-in their customers by locking in their data.

Customers won't want their data locked-in.

Markets leaders will have to follow the trend of letting their customers take their data with them in order to grow their customer base.

Multiple online identities is the norm, not the exception. Attention data reading will need to account for multiple identities and contexts.

These are assertions, and I could spend ages providing data and examples as to why I believe in these, but the bottom line is this: the whole revolution we're witnessing where "consumer" properties are investing heavily in the provision API services that allow "their" customer's data to be retrieved and leveraged by potentially competing properties is driven by the acceptance of these assertions. Contrary to what Seth might think ("Closed is the New Open"), Closed is NOT the new Open, Closed is Still the Old Closed.

Companies providing these APIs "get" the future and they are benefiting in the here and now. They realize it is a two-way street and that the barriers to new customer acquisition will be lowered if

a) they interoperate with multiple ID systems (via something like OpenID)

b) allow customers to immediately leverage their existing data generated and residing on external properties / services

c) the data created and residing within their own service / property can be leverage elsewhere.

On point c), Facebook's latest "opening up" where the social network is allowing their ~~users~~ customers to extract their Facebook updates is yet another incremental step in this 2-way direction.

ID Cards - Get Less For More

alexbarnett — Sat, 12 May 2007 14:02:00 GMT

When the UK ID Card scheme was first announced in 2002 the cost was estimated at between £1.3 billion and £3.1 billion over a period of 13 years.

The Home Office's most recent estimate has revised it upwards, again, to be £5.31 billion over a period of 10 years (2006 to 2016).

I haven't seen the maths reported elsewhere as follows, but it occurs to me this latest estimate from the government works out to be an increase of 122% per annum over the high-end of their original estimates (five years ago). And that is after a recent scoping down and delay of the project.

Yet another wonderful example of the UK government's track record in IT project management: "get less for more".

Thoughts on 'Reinventing the Internet' and Identity

admin — Fri, 08 Sep 2006 06:46:00 GMT

Jason Kolb has been writing a great series of posts called 'Reinventing the Internet'.

I've been bookmarking and sharing some of these posts via Del.icio.us (and if you're sub'd to me, you would have seen these in my feed). Dipping in and out of these since the first post of his series, they seem to be getting better with each post.

In Jason's first 'Reinventing the Internet' intro post, he starts off with the assertion that:

Why?

"If somebody wants to know something about me, I point them to www.jasonkolb.com to find out about me, or to my personal site if it's on a personal level. Everyone I know tells people to find them via their MySpace account, LinkedIn account, or blog. Or, people who still don't have an account on a social network of some type (they will) give out their email address."

As Jason points out in his second post 'A domain name in every pot', companies bet their existence, brand, success and ability to be trusted on this very premise - the domain rules. So, Jason asks, why not for you and me?

And then a quick reminder:

"owning your own domain name is like owning the title to your car. Otherwise, MySpace, LinkedIn, your blog provider, or your email provider owns the title to your online identity."

I think somewhere along the line of my reading the series, Jason kicked me into action as I recently moved my blog to my new domain. Come to think of it, I'm amazed that I hadn't done this years earlier. I've been playing on the web for 12+ years, 10 of those years professionally. It's taken me some time, yes, but now I'm here, wow - it feels good!

And so on to the fundamental question Jason begins to tackle in his series::

should a blog at a domain name that you own be the epitome of an online presence?

Well a blog today, and something else tomorrow. The the point he makes is your domain is yours (as long as you keep paying the rent that is - Jason has another idea on that permarent issue.)

If the answer to Jason's question is 'yes', then what does it mean? What does it enable and why does it matter?

In the next few posts, Jason describes an architecture involving personal servers, URIs as unique personal online addresses and distributed applications, that will allow everyone to:

"eventually have their own personal server hosted at their own personal domain, and those servers will be able to talk to each other and collaborate with each other.
...be a node on an open source peer to peer social network."

It is a fascinating idea and it opens up some interesting scenarios (I'll get to those in another post). There are two key advancements he has discussed so far that would enable this vision:

an identity system that provides an authentication service that then allows the authorization of the user to connect and interact with distributed systems via their personal server
the internet becomes one giant relational database.

We'll explore the 'internet as a database' idea further in another post (a topic close to my heart), but for now I'm going to stick with the ID question.

As his posts unfolded, I wondered how he saw his ID vision fitting, if at all, with CardSpace - formerly Infocard, the identity metasystem effort led by Kim Cameron.

Today, Jason posted an 'interlude post' responding to some of the feedback he's received on his series so far and he called out CardSpace specifically. Bottom line is that Jason believes there is no fit. Jason write of CardSpace -

"The alternative to this are identity metadata schemes like CardSpace. These assume, however, that you will still have pieces of your online identity scattered amongst various providers, which is precisely what I want to get away from. Consider this statement from the CardSpace information page:
"Different kinds of digital identities will always be necessary—no single identity will suffice... No single organization can unilaterally impose a solution."
Basically what I'm saying in this series of posts is that I completely disagree with this statement. The individual himself should be the single source of online identity. There IS a single organization that can unilaterally impose a solution, and that's the individual. Power to the people ;) "

Jason and Kim (and others in the community working with Kim) agree on the 'power to the people' mantra. I've spoken to Kim, met him and heard him present a couple of times on this and it's a prominent theme in CardSpace (hey, he even blogged me!). I realize Jason has at least looked into CardSpace - he quoted from the Seven Laws of Identity - but I'd encourage him to find out more on what CardSpace has to offer in helping him achieve his vision.

I'd like to highlight two other quotes from Seven Laws of Identity. For the uninitiated, think of these Seven Laws as a base set of requirements that any ID system must meet:

"1. User Control and Consent
No one is as pivotal to the success of the identity metasystem as the individual who uses it. The system must first of all appeal by means of convenience and simplicity. But to endure, it must earn the user’s trust above all.
Earning this trust requires a holistic commitment. The system must be designed to put the user in control of what digital identities are used, and what information is released.
The system must also protect the user against deception, verifying the identity of any parties who ask for information. Should the user decide to supply identity information, there must be no doubt that it goes to the right place. And the system needs mechanisms to make the user aware of the purposes for which any information is being collected.
The system must inform the user when he or she has selected an identity provider able to track Internet behavior."

Back to Jason's objections, I think the following is another key concept to point out with the identity metasystem - the need to support multiple identity providers and systems.

"5. Pluralism of Operators and Technologies
A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.
So when it comes to digital identity, it is not only a matter of having identity providers run by different parties (including individuals themselves), but of having identity systems that offer different (and potentially contradictory) features."

(My bold). Does this mean that universal identity system proposes or requires the use of a gazillion different username / passwords? No, precisely the opposite in fact. However, the metasystem design accepts a heterogeneous internet as a fact of life (you know, Utopia is a very hard thing to come by, if not impossible - I've tried...).

So, should Jason try to solve today's identity nightmare by trying to get everyone to use his one system, or does he try and solve what he really cares about by using a common layer above the various ID systems, including his, that abstracts out the differences (various UIs, behaviors, etc) of these systems out and away from the user? You know that the banks / merchants / services ain't going to replace / swap out their ID systems for years, if not decades or at all.

Instead of asking them to replace their systems, they could just adopt an additional (not replacing) protocol that we can all agree on and that provides an single common UI / ID experience for the users, and go from there. That is what we want for users - a better experience, right? But to get there, we need to accept that:

"The universal identity metasystem must not be another monolith. It must be polycentric (federation implies this) and also polymorphic (existing in different forms). This will allow the identity ecology to emerge, evolve, and self-organize."

The last point is what allows us all to win. In other words, if Jason's system works, and it works well, it will interop with any other system that also uses the universal identity metasystem. If his works really well and populous like it, then Jason's solution could become the system of choice by the majority of internet users, if that is how it turned out to be. But without at least an initial level of interoperability between his and the multitude of other systems (that users will want to use via their personal servers), the chances of mass adoption of Jason's vision / solution are vanishingly small compared to the alternative route.

As I see it, in the ID space there is no downside to playing with the rest of the others. You can have your cake and it. I really think Kim and James can and should have a discussion on this.