Johannes ponders

Johannes wonders : "What is the best way of storing identity data?":

This question often comes up in a product context, such as "We have all these enterprise directories already, they will work just fine for the new era of pervasive identity, right?"

Unfortunately, I don't think the answer is as simple as that, because I don't think there is one single way of storing all the identity data that's needed in the times of pervasive identity, that meets all needs. Compare two simple examples for identity information: my first name, which doesn't change (or at least not very often), and which needs to be retrieved frequently for many applications. Compare it to my location information (obtained through GPS or cell triangulation, for example), which arguably is part of my identity information and useful for many applications, which often changes every few minutes, and which is shared with far fewer parties.

That both data elements can be efficiently managed using the same kind of storage and retrieval infrastructure (directory, database, in-memory, XML, what have you...) sounds fairly impossible to me. For example, directories are usually optimized for read access and fairly slow for write access; putting real-time location information into a directory sounds like a bad idea.

Even the mundane phone number, long a data item in directories and considered largely static, becomes an entirely different animal once we think of it in the context of presence and situation, and all the fancy new multi-modal communications frameworks that are popping up where callers get redirected depending on who they are, and on the to-the-minute status and presence of the person they are trying to reach, never mind which set of phones, PDAs, laptops, and beepers they chose to carry this morning.

[Real-world customer example: when I asked about whether phone numbers are held in the official company directory of this enterprise, they responded: "sure, they are there, but many are out-of-date, and even if they weren't, the directory doesn't matter because we all use cell phones and the directory doesn't know about them and couldn't be updated as frequently as we change phones and providers, because the process to update it invoves HR." Now I'm sure there are companies that do this better, but you get my point...]

And these are just some of the examples. There are many more examples we are coming across on an almost daily basis on just the incredible range of identity-related information that's growing pretty much everywhere. Further, as more and more information is available about indidividuals on-line (both under and outside of their control), much information will also just live wherever it lives on the network (buddy list in Jabber? Employment history in LinkedIn? List of people I've ever e-mailed to from Exchange? Reputation in eBay?), it may well turn out that the majority of identity information about a persona in the future will not be stored in any one place, but dynamically aggregated across the net. Which is of course what Opinity and ClaimID etc. are trying to do, although they are barely scratching the surface of this.

Nicely put, Johannes. The digital identity future is here, it's just not properly distributed yet. But proper distribution is not necessarily even distribution: different kinds of data will be suited to different storage/processing modalities. The key is that we evolve flexible ontological integration methods to bridge across these diverse data sources.

Technorati Tags: data_management, data_matching, delegation, flexibility, identity, identity_web, directory

Dusting off the old nihongo

I have been feeling a bit sad that my Japanese language skills have been rusting these last couple of years. Well, here's a chance to feed my dual passions of nihongo and the Identity Society: a new book by Joi Ito and Ryu SakamotoMurakami entitled 「個」を見つめるダイアローグ , which roughly translates as "Discovering identity—a dialogue". However, the character 個 ("ko") literally translates as "individual person", so as ever the Japanese retains an intriguing 曖昧さ("aimaisa"—ambiguity).

One might say, though, that 個, with its hard-wired connotations of individual identity, is a more self-limiting concept than the English word "identity". Perhaps this is why the Japanese often use the transliteration イデンティティー ("identity") to discuss the subject.

Anyhow, I will be salivating by the letter box these next three weeks... : )

Delusions of semiotic grandeur?

In the light of recent developments around the term "Web 2.0", I solemnly swear that neither I nor i-together will ever seek to trademark the term "Identity Web".

; )

Technorati Tags: identity_web, web2

Let them eat trust!

Paul Madsen compares the coming of the Identity Age with the advent of the Agricultural Age:

The invention of agriculture over 10,000 years ago spawned major changes for human societies, including:

1. food surpluses
2. the rise of large states & large-scale wars between them
3. public servants & politicians
4. vastly increased populations

Farming also allowed/forced people to settle in one place for significantly longer periods of time than had ever before been possible for hunter-gatherers. What had been small bands of hunters & collectors with populations likely numbering fewer than 100 became villages and then cities of thousands.

Compared to the gathering lifestyle, farming society brought people into contact with far more 'strangers', ie. those with whom they were not directly related or socially connected. Instead of dealing with the same small personal group from birth to death, the first farmers would have been constantly confronted with 'business partners' with whom they had no previous relationship. When dealing with these strangers , alternative mechanisms were necessary to replace trust based on personal experience - most notably money replacing mutual obligation and reputation replacing personal experience. The old traditions didn't scale.

As the Web becomes more about connecting people to people than people to data, we face the same challenge - just like those first agrarians we deal more and more with people with which we've never met before, and are unlikely to meet in the future. Whether it's a financial transaction or a romantic one, we need help in determining whether to proceed if we can't rely on trust based on personal experience (online or otherwise).

Agriculture emerged in the Fertile Crescent. It's doubtful that Iran and Iraq will be the centers of development of the mechanisms emerging to meet these requirements for online strangers.

So will this expanding concept of communal identity (note my blithe extrapolation of Paul's more grounded supposition of shared "trust" mechanisms) lead me inexorably to the point of considering myself primarily as a <gasp> human being </gasp> (as opposed to British/Buddhist/Black etc. person)? One can only hope...

Technorati Tags: agriculture, identity, identity_society, identity_web, trust

Amnesty's IRREPRESSABLE.INFO campaign

From the website:

The web is a great tool for sharing ideas and freedom of expression. However, efforts to try and control the Internet are growing. Internet repression is reported in countries like China, Vietnam, Tunisia, Iran, Saudi Arabia and Syria. People are persecuted and imprisoned simply for criticising their government, calling for democracy and greater press freedom or exposing human rights abuses, online.

But Internet repression is not just about governments. IT companies have helped build the systems that enable surveillance and censorship to take place. Yahoo! have supplied email users’ private data to the Chinese authorities, helping to facilitate cases of wrongful imprisonment. Microsoft and Google have both complied with government demands to actively censor Chinese users of their services.

Freedom of expression is a fundamental human right. It is one of the most precious of all rights. We should fight to protect it.

This is clearly a cause worth championing. Yet it's interesting to note that Amnesty's Human Rights agenda is not just about freedom of speech, but also privacy. While the article above does touch upon the privacy issue, to solve both freedom and privacy problems will require more than simply an opening up the public Web to all comers—it demands the creation of an Identity Web that embodies self-determination, with respect to both freedom and privacy, in its very fabric.

In the meanwhile, courtesy of Amnesty's data feed, here's my little window onto the Darkweb:

Technorati Tags: Amnesty, democracy, freedom_of_expression, government, human_rights, identity, identity_society, identity_web

What is "identity data"?

Johannes ponders:

How does identity data relate to transactional and other kinds of data?

Is it non-overlapping? The same, or a subset? Is there overlap; if so, where, and under which circumstances?

[...]

The conclusion: a separation between these different kinds of data, and allocation to different kinds of information systems with strict boundaries between them, might have made sense in the past, and within a tightly structured IT environment (and even then, show me the enterprise application that does not have at least a bit of identity information in it). Today, on the open web, with social software being one of the primary areas of innovation, this separation is increasingly anachronistic, if it is performed for the purposes of "separating identity data from transaction data". (There are good other reasons, such as differing performance profiles. But conceptually, we should be thinking about one tightly cross-referenced set of information, even if we decide that data item A should rather sit in system B than C because it's faster, or cheaper, or ...).

What we need, in the end, is an approach that considers the entire web and enterprise IT infrastructure, warts and all, one giant, distributed, decentralized meta-directory (or meta-database, or ...) that has parts that are optimized for different requirements, but that can be accessed uniformly so application development "native to the web" is possible. Identity data elements are a subset of all of that information, and tightly related to other data elements, both identity and not. And that way, we don't even need to draw an artificial line whether or not information item X (say, somebody's presence or transaction record on eBay) is or isn't a piece of identity information.

Hear, hear, Johannes... but to accomplish this feat, we will need more flexible data models than those available to date. This will enable us to create a quasi-organic information ecosystem.

Technorati Tags: data_model, ecosystem, identity, identity_web

Ducking the Card

Robin Wilton points out that it's not just money British citizens could save by renewing their passports early...

Technorati Tags: government, id_cards, passport

Cherish your lightbulb

Don't ya just love these cartoon visuals of a tech startup entrepreneur, doting on his precious lightbulb? : )

The advice looks useful, too...

MDM applications—and limitations

Andy Hayler points towards a piece by David Waddington on the business use cases for Master Data Management (MDM). A quote from the latter:

Many organizations and their business leaders still wonder, "How do we know if we have an issue with master data?"

In an attempt to help them answer this question, Ventana Research offers the following list of symptoms of master data problems. If you recognize more than a couple of them, a lack of consistent master data may be holding back your business.

• Your analysts spend more time reconciling data than analyzing it; for example, there are conflicting sets of total sales figures aggregated from different sources.
• It takes weeks rather than days to close your financial accounting books.
• You cannot calculate quickly your total spending by suppliers across divisions.
• You don't calculate profit margins consistently across the organization.
• You have difficulty determining whether two apparently different customers are actually one and the same.
• Standards for attributing production and marketing costs differ from location to location.
• Much of your data is held in spreadsheets, and it is hard to tell whose spreadsheet is correct.
• You have no central records of R&D efforts throughout the organization - and may be duplicating research programs as a result.
• Your businesses have multiple and inconsistent charts of accounts.
• You struggle to determine total product sales to global customers.
• It's unclear who is accountable for maintaining the quality of information quality and/or for defining new customers, products and other key categories.
• You cannot manage globally the purchasing of raw materials.
• Customers rate your service poor. You have trouble tracking trading partnerships; for example, you don't know how much gelatin you buy from supplier X.
• You have a high and growing number of calls for supply chain support, regarding wrong deliveries, incorrect invoices and other errors.
• Delivering consistent consolidated information following mergers and acquisitions is difficult to achieve.
• It takes longer than expected to implement data warehouses and data marts.
• ERP implementations and upgrades take too long and suffer delays.

If you can say honestly that these situations do not occur in your business, you probably already have your master data under control. But if these problems are familiar, then it's time to learn how master data management can help resolve them.

This is all good stuff, and leading MDM vendors (such as Andy's Kalido) are clearly already providing massive value to the enterprise with their flexible and powerful data management solutions.

Just imagine, then, how much more powerful again would be a solution that integrated flexible data discovery (currently the domain of Enterprise Search solutions) with MDM's flexible data management—and did so in an application-neutral manner that avoided solution vendor dependency.

That way, data discovery could flow seamlessly into data management, , both within the Enterprise and across the Web, enabling the Enterprise to adapt dynamically to a massively complex and constantly changing data environment.

An ecosystem approach to data integration, if you like.

But to achieve such a scenario, we will have to make technologes that embody whole spectrums of semantic precision, just as our human conversations with one another do: not a trivial task, but one surely worth striving to accomplish?

Technorati Tags: data_matching, ecosystem, enterprise, enterprise_search, MDM, semantic

fleXML?

Phil Windley reports on an interesting initiative to melt (somewhat) the rigidity of XML hierachies.

XML queries are asymmetric because they’re hierarchical. Rearranging the hierarchy requires changing the query. This work is aimed at making a single query work across multiple structures. This is useful when you don’t know what the schema is, for heterogeneous or irregular data, or when the schema evolves.

Flexible is certainly the way to go...

Technorati Tags: hierachy, flexibility, XML

Mac black

Posted in a feedback form to the Vodaphone Web Team:

Your "Future Vision" demo displays a static inky-black screen on Mac Safari 2.0.3 (OS X 10.4.6).

Is the future black, rather than orange, then?

RDF: Really Dumb Folly?

The W3C still haven't given up on RDF for the Semantic Web?! I can't help feeling the prolonging of this project's death throes is due mainly to the reputation of one man...

Tim, location as a metaphor for information exchange is fundamentally limited. It worked fantastically for the early Web, but semantics are quintessentially subjective, and thereby un-mappable in a globally objective manner.

The maturation of the SPARQL RDF query language notwithstanding, to realise the semantic Web—the Identity Web—we need to get beyond the concept of linked domains to one of mutually resonant entities. That way, we can all think in our own way, yet leverage the resonance of that thinking with others'.

Technorati Tags: identity_web, RDF, SPARQL, W3C

No software patents for Europe

CNet News reports:

Software patent campaigners have reacted with surprise to an apparent change in the European Commission's stance on those patents.

The Commission said last week that computer programs will be excluded from patentability in the upcoming Community Patent legislation and that the European Patent Office will be bound by this law.

Well, this is a turn up.

Technorati Tags: patents, IP

Semantic tension

Nick Carr writes about the apparent conflict between two models for creative culture:

"The problems with books are many," intones the blogosphere's resident philistine, Jeff Jarvis. "They are frozen in time without the means of being updated and corrected. They have no link to related knowledge, debates, and sources. They create, at best, a one-way relationship with a reader ... Print is where words go to die."

Gee whiz. I used to kind of like books. I liked that they were "frozen in time" and couldn't be "updated and corrected." I liked how they created a "one-way relationship" with me, the reader. I never found them to be cut off from "related knowledge, debates, and sources." In fact, I often found that words were at their most alive when they found their way through a writer's pen into print. What a nincompoop I was.

Jarvis's post is a hamfisted gloss on Kevin Kelly's New York Times article about how the digitization of text will allow books to "seep out of their bindings and weave themselves together [into] a single liquid fabric of interconnected words and ideas." (It's such a big thought that it can only be expressed through two metaphors.) I gave my own thoughts on Kelly's piece last week. As Andrew Keen points out, the Washington Post reports today on John Updike's response to Kelly's article in a speech at BookExpo America in Washington on Saturday. After quoting a few passages from the article, Updike bit back:

Updike went on at some length, heaping scorn on Kelly's notion that authors who no longer got paid for copies of their work could profit from it by selling "performances" or "access to the creator." ("Now as I read it, this is a pretty grisly scenario.")

Unlike the commingled, unedited, frequently inaccurate mass of "information" on the Web, he said, "books traditionally have edges." But "the book revolution, which from the Renaissance on taught men and women to cherish and cultivate their individuality, threatens to end in a sparkling pod of snippets. So, booksellers," he concluded, "defend your lonely forts. Keep your edges dry. Your edges are our edges. For some of us, books are intrinsic to our human identity."

"Edges" is the right word. It all comes down, I think, to two different visions of culture. One is a vision of integrity - of the integrity of individuals and their works. These are the building blocks of culture. In combining them, you do not destroy their integrity, or erase their edges. It's their edges that give the entire construction its form and its solidity: edges butted up against other edges. The other is a vision of disintegration. It devalues the individual and his work, cherishing instead a dream of a communal higher consciousness that dissolves all edges. Culture becomes a formless liquid, an "Eden of everything," as Kelly puts it. But an Eden of everything is also, inevitably, an Eden of nothing.

The web is where culture goes to die.

It seems to me that this all comes back to our understanding of "identity".

We use "identity" to denote a whole spectrum of meanings: at one end of the semantic scale, it denotes "identicality" of entities; at the other, we use it to mean "me not you". In between these two extremes, we "identify" with someone, yet do not experience ourselves as identical to them—"identity" here expresses a loose affinity.

The tension between the two polar senses of the word makes "identity" an unstable concept, and we see this playing out in the interplay between the two concepts of creativity Nick discusses.

To be human is to seek individuation and self-knowledge; it is also to poke the boundaries of "self", which we find are infinitely subtle and highly porous.

What fun!

[Thanks to my dad, Peter Razzell, for the conversation about "identity" that prompted my observation of the tensions between its polar meanings]

Technorati Tags: co-creation, culture, identity, self

That will be two flowers and five petals, please

A currency of pressed flowers? How enchanting!

Seriously, though, I wonder if there really is a big future for alternative currencies? The convenience of being able to spend my hard-earned pound/dollar/yen anywhere in the world (with the aid of relatively stable and standardised exchange rate mechanisms) would be hard to give up.

I participate in myriad communities (work, family, friends, interest groups, non-profits, my nation etc.), and I want to be able to carry value seamlessly from one community to another.

Where the real local variance occurs, it seems to me, is in the mapping of financial value ("a pound") to data value. The value of data is a quintessentially subjective matter, because data gains meaning according to semantic context—and community is a key part of that semantic context. This contrasts with the value of commodity physical goods and services, which is more easily quantifiable in an "objective" manner.

As usual, old Will has the last word on the subject. Did the flower children have it right after all? ; )

Since brass, nor stone, nor earth, nor boundless sea,
But sad mortality o'er-sways their power,
How with this rage shall beauty hold a plea,
Whose action is no stronger than a flower?
O, how shall summer's honey breath hold out
Against the wreckful siege of battering days,
When rocks impregnable are not so stout,
Nor gates of steel so strong, but Time decays?
O fearful meditation! where, alack,
Shall Time's best jewel from Time's chest lie hid?
Or what strong hand can hold his swift foot back?
Or who his spoil of beauty can forbid?
O, none, unless this miracle have might,
That in black ink my love may still shine bright.

William Shakespeare

Technorati Tags: alternative_currency, community, flower, shakespeare, value

The spreading "privacy" meme

William Heath quotes Bruce Schneier (via Guy Herbert):

He moves beyond the nothing to hide nothing to fear argument and the clever responses we all rehearse:

My problem with quips like these -- as right as they are -- is that they accept the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.

Two proverbs say it best: Quis custodiet custodes ipsos? ("Who watches the watchers?") and "Absolute power corrupts absolutely."

Cardinal Richelieu understood the value of surveillance when he famously said, "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." Watch someone long enough, and you'll find something to arrest -- or just blackmail -- with. Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies -- whoever they happen to be at the time.

Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance.

Two cheers that, finally, the privacy meme seems to be gaining virility within a broad constituency.

Let's save our third cheer for when government ministers unblock their ears...

Technorati Tags: government, id_cards, identity_society, privacy, surveillance_society

A Titanic waste of money?

A storming piece by Kim Cameron on the UK ID Card scheme. A choice quote from a piece worth reading in full:

My central “aha” in studying the British government’s proposal was that the natural contextual specialization of everyday life is healthy and protective of the structure of our social systems, and this should be reflected in our technical systems. A technology proposal that aims to eliminate compartmentalization rejects one of the fundamental protective mechanisms society has evolved. The resulting central database, where everything is connected and visible to everything else, is as vulnerable as a steel ship with no compartments - one perforation, and the whole thing goes down.

The starting point for a security thinker is that there will be perforations. In low value systems, the breach will come from neglect. In a high value system, there will be conscious attacks mounted both from without and within, and one must assume that one of these will succeed.

Our art consists in reducing the frequency of such perforations, and - once a breach occurs - minimizing the damage that is done. The current British proposal masterfully maximizes such damage, like a fire extinguisher full of gasoline.

A powerful image indeed (and quite funny in the last sentence).

What's perhaps harder to visualise is the way that in a truly user-centric "ship", the compartments do not represent government departments (for example), but myriad different yet often overlapping aspects of the user's identity itself—as perceived by the user herself.

CRB blunder: the product of a dodgy conception of identity?

Ruth Kennedy writes about how "nearly 1,500 innocent people have been wrongly labelled as criminals because of errors by the Home Office's Criminal Records Bureau":

The Mail on Sunday reported that the mistakes had seen ordinary people - from court ushers to students - wrongly identified as pornographers, thieves and violent robbers. In some cases, the paper said, people had been turned down for jobs or university places while others had had to be fingerprinted at their local police station to prove that they were not criminals.

I perhaps wasn't that surprised that such mistakes could have arisen. But I was pretty amazed that:

...the Home Office offered no apology for the errors, simply saying that they were "regrettable". It said that the mistakes were a result of "mismatches" which arose when the Criminal Records Bureau (CRB) was carrying out checks on people applying for jobs working in positions of trust with children or vulnerable adults. "Last year CRB checks prevented 25,000 unsuitable people from gaining such positions, and customer satisfaction is now at an all-time high," a Home Office spokesman said.

Clearly the 1,500 'customers' mentioned above might have been less than satisfied with the service offered, especially if they had wrongly been denied employment in, say, their local primary school. What if incorrect information about paedophile status had leaked out?

"We make no apology for erring on the side of caution. We are talking about the protection of children and vulnerable adults. This is not about the CRB making 'mistakes': where there has been a mismatch, it is because the individual's details are similar or even identical to someone else's conviction data on the Police National Computer. "

What is the WIBBI here? I am all for erring on the side of caution in protection of the vulnerable. But clearly it is extremely unfortunate if you share a name with a convicted criminal (or even a suspected one, in the case of enhanced CRB disclosures).

I added a comment:

WIBBI [Wouldn't It Be Better If] the CRB construed the information they hold on a given citizen as representing not their “identity”, but rather a partial and fallable view of that identity?

Language useage is a big factor in our formation of assumptions about reality, which thereby guide our actions.

Technorati Tags: government, identity, identity_society, data_matching

The domestic panopticon?

Danah Boyd opines:

[...]

Privacy folks should be worried about where privacy is going with the next generation, but the erosion is happening on the home front, not on the corporate/governmental level. Unless we figure out how to give youth privacy in their personal lives, they are not going to expect privacy in their public lives.

Interesting point...

Technorati Tags: privacy, home, surveillance_society

Apple as meta-brand?

Now that's what I call brand transparency!

Technorati Tags: apple, art, brand, transparency

A Google identity crisis?

From the comments to Nicholas Carr's piece on "Mr Google and Dr Spock" (nice mixed cultural references there), a contribution from "JG":

In addition to convincing us that they are "all about search", the other thing Google sold us on was PageRank, with all these marvelous ideas in its mission statement about how it was making use of the Democracy of the Web, and somesuch.

Now, you have Google expanding not only into maps and mail, but also into non-Web search, such as enterprise search, book search, etc. In all of these latter situations, PageRank is non-existent, because hyperlinks are non-existent.

And you'll notice that people aren't really buying the corporate search appliance. The Google secret sauce has many ingredients, but PageRank was supposed to always be the basis of it all.. PageRank was Mr. Spock. And now that Google is doing search without PageRank, i.e. now that Nimoy is playing other parts, people still only see Google as capable, when PageRank is involved.

That is my interpretation at least. Sound plausible?

It does to me. Another observation to build on that one: the absence within the Web of a data model that enables more community granularity than the global Web as a whole—as with hyperlinks—is starting to really hurt Google in its attempts to truly personalise search.

Search without community (and we're not talking walled gardens here) is an abstract and impersonal affair at best...

Technorati Tags: community, google, identity, identity_web, search

Dude, where's my perimeter?

Radovan Semančík points out a subtle hole in perimeter-based security:

To have "Perimeter Security" you need two things: a perimeter and security.

: )

BBC News: "Monkeys 'string words together'"

BBC News reports that "Monkeys 'string words together'":

The first evidence monkeys can string "words" together to communicate in a similar way to humans, has been found.

Putty-nosed monkeys in West Africa share the human ability to combine different sounds to mean different things, according to researchers.

So does linguistic ability—like so many aspects of consciousness—exist along a continuous, albeit granular, scale of sophistication and abstraction across species?

Only this morning, Charla and I were debating how self-conscious our cat Felix is (as I pondered the subject of my previous post...). : )

BT rolls out broad area metropolitan WiFi—a mixed blessing?

BT rolls out (commercial) broad area metropolitan WiFi.

Interesting that they see it not only as enabling net access but also, potentially, smart WiFi phones and more pervasive surveillance technologies such as CCTV and traffic monitoring.

Is blanket WiFi coverage perhaps a mixed blessing, then, in the absence of a functional Identity Web..?

Technorati Tags: BT, identity_society, identity_web, CCTV, surveillance_society, wifi

Identity as consciousness

"Identity is consciousness".

Discuss. (My further thoughts are in the tags).

Technorati Tags: consciousness, freedom, god, identity, metaphysics, spirituality, unity

Digital identity tipping points—and a missing puzzle piece

Phil Becker is incisive as usual on the convergence of Web service and digital identity protocol evolution towards a tipping point of rapid wide-spread adoption.

For me, the hole that remains in this eloquent argument, though, is the absence in existing identity protocols of a solution, even partial, for the rich semantic data integration, or "ontology" problem that comprehensive web application integration will necessitate.

My identity is about so much more than my personal details, and the information I want to be able to move between Web services is commesurately richer.

Technorati Tags: identity, ontology, phase_behaviour, tipping_point

SOAP & REST Web services comparison

This comparison of SOAP & REST Web services is really well written—and has diagrams too!

[UPDATE: Gunnar Peterson responds on his blog (as well as in the comments below), pointing out the limitations of a polarised "SOAP or REST" analysis:

[...]

When it comes to security, SOAP v. REST is not a zero sum game. Security support can be:

a) in the framework (declarative)
b) in the code (programmatic)
c) both of the above
d) none of the above

Simply ruling out choice a for developer convenience is not a fair tradeoff.

So the future is SOAP/REST mashups? Interesting...]

Technorati Tags: mashup, REST, SOA, SOAP, WS

The wrong Guy

Oh dear me.

Technorati Tags: authentication, identity

Mashup matrix

Intriguing: a mashup API matrix and a mashup tag cloud.

Technorati Tags: mashup, tags

OScar

An open-source car—how cool is that? : )

[via Andrés]

Technorati Tags: car, opensource

"leopard and spots" or "arse and elbow"?

Microsoft's Kim Cameron is one of the leading proponents of user-centric privacy in technology, and is spearheading the related Identity Metasystem initiative, tangibly in the shape of the Windows "InfoCard" identity selector.

Yet here we are with the Microsoft XBox 360...

Andrés writes:

(via The Guardian). Big Brother is watching you. Actually, Microsoft is watching your Xbox 360, and getting all sort of gaming stats from their users about the amount of time they spend online, what games they are using and how much do they spend in each one. This information is then relayed to Microsoft in XML format as a "Gamer Card". Privacy rights advocates can pause here to have a heart attack.

What is perhaps scarier is that some people are using an online service to show this information to the world. 360voice.com is a blog created by the Xbox, telling the world what their owner has been up to. It can be sort of cute. Some Xbox posts:

- Overburdened didn't play any games yesterday... big loser...

- WhitePhantom87 likes to game, I like to game, this is a match made in heaven! It takes a gamer score like 4361 to be as cool as him. He played G.R.A.W., PGR 3, DEAD OR ALIVE 4, and almost cried with joy. I have that affect on people.

- Good thing I have access to Major Nelson's entire MP3 collection streamed off his computer. It keeps me busy on days like yesterday when he never shows up to game.

- Pick it, pack it fire it up, come along, lets get Karl89's gaming on! Gamer score is 2338. He played Battlefield 2: MC, and laughed with joy and glee the whole time. I like making people happy.

Weird? Creepy? The surveillance society gone mad? You decide.

Is it a case of the leopard never changing its (privacy-infringing) spots, or simply a case of a sprawling organisation that is singing from more than one song sheet? Conspiracy or cock-up?

Knowing Kim's sincerity, I'll bet on the latter. That said, Microsoft need to sharpen their act up—fast—if they are not to lose the respect within the "digital identity" world that Kim has worked so hard to establish.

[UPDATE: Thanks to Trapper Markelz of 360voice.com for correcting me in the comments—it seems that Andre neglected to mention in his original post that the XBox 360 has built in privacy options. My apologies to Microsoft.]

Technorati Tags: identity, microsoft, surveillance_society, xbox360

Identity peers

Eric Norlin has come up with a list of "the top 10 people in Identity", and now people on the Identity Gang mailing list are squabbling over who should be on it.

This all seems very silly to me.

The whole point of the Identity Web that we're dreaming of is that everyone on the planet is of equal value.

As Doc Searls says so beautifully about the "Live Web", human presence within the Web is becoming increasingly like a constellation of stars—we can all be stars to one another.

And to the extent we obsess over a silly list we are forgetting that point (and will therefore probably fail in our mission to be a significant part of what will happen, one way or another, with or without us).

imho ; )

Technorati Tags: identity, identity_web, equality

BBC News: "Dolphins 'have their own names'"

How enchanting... : )

Dolphins communicate like humans by calling each other by name, scientists in Fife have found.

The mammals are able to recognise themselves and other members of the same species as individuals with separate identities.

[...]

Technorati Tags: dolphins, identifier, language

Un-thingifying "identity"

William Heath asks at Ideal Government:

"Why should I be worried about Govt forcing me to have a single identity, if I am not a terrorist/benefit scam artist etc?"

Lots of interesting comments follow his post.

I added one too:

A small suggestion that the use of “identity” to denote a set of constructs about a person is confusing. Our identity is ultimately our unknowable essence—anything else is a construct of identity or “persona”.

In fact, ironically, when we talk about government forcing us to have “a single identity”, we may evoke in the reader a sense of “well, its only natural that the government would want to know my *real* identity"—missing the chance to point out that one of the biggest dangers of the monolithic approach is that it tends to lead to perception of “real” and “complete” knowledge of identity, while in reality that knowledge is certain to be violable and partial.

Identity is always mediated by perception. Let's seize the memetic high ground and talk about perceptions and constructs of identity rather than the illusiory “thing” of identity itself...

Technorati Tags: government, identity, identity_society, meme, language

Paul Madsen jests

Amusing... : )

Given that there is a proposed new disclaimer for the internet itself, perhaps we need something comparable for identity:

Your identity is precious, share it on the Web at your own risk. Many sites will ask you for it, you almost certainly should decline. If you do decide to share, do not place any great hope that you can control the uses of your identity information once you click the 'Send' button - it's gone. Repeat after me - 'gone'. If you provide your email address, you should proactively add the site to your email filters 'spam list' because, regardless of what you told them, they will probably send you 'newsletters'. You should never give your real identity, instead make up the details of your life - it works for you in the bars, why change? If you provide your shipping address, expect that it will be sold and you will subsequently receive junk mail alerting you to 'incredible time-share opportunities' (do not buy into the Poconos - it's a bubble and your investment will be lost). When asked to provide a password, chose something easily memorable - hackers will appreciate the courtesy and possibly do less damage. And you know those people that say that the risk of giving your credit card to a restaurant waiter is greater than sharing the number online - well those people probably bought into the Poconos Bubble. The Web is no place for your identity, keep it in your wallet.

Technorati Tags: identity, silliness, security

Jerry Fishenden encourages UK government to think about business and tech issues

Microsoft's Jerry Fishenden writes about...

...providing evidence to the House of Commons Science and Technology Committee inquiry into how the Government makes use of scientific and technological evidence. The session was focused on the UK identity card and followed on from the sessions a few weeks ago with Katherine Courtney and her team from the Home Office (a draft transcript of which is available online here).

[...]

Of course, when the evidence is published, you’ll be able to see verbatim what we all said and the Committee’s reaction. But in the meantime, I’'d summarise some of my comments into three broad areas:

- the ID cards consultation to date has been focused more on the procurement process than the business requirements and technology issues. The Home Office team expressed a desire not to stifle innovation by getting into the specifics of potential architectures. But I think it would be really useful to see a UK government study into the risks, feasibility and comparative merits of centralised versus decentralised identity systems in terms of systems reliability theory, or modern computer security concepts (including the widespread contemporary experience of large scale data breaches, social engineering and phishing attacks).

- given the fastest growth in ID fraud is online (through for example phishing attacks), it was unclear how the ID card would work in online scenarios (would it default for example to just chip and PIN?). And given that the delivery of online public services is a key part of the Transformational Government agenda, this is clearly an area in which a well-designed ID card could yield major benefits and tie in well with other identity initiatives including across health, local and central government and the private sector

- some concerns arose from the limited number of publicly available scenarios of how the ID card could be used in practice. And of those available, there are potential issues with their descriptions of the card’s usage in practice. For example, the scenario here indicates that the ID card will disclose your date of birth to any third party that needs proof of age entitlement (eg to buy alcohol or to get an old age pensioner discount). However, I believe this is not good practice based on our experiences with ID fraud. All that needs to be revealed in such a situation is that the person is over 18 or over 60/65. Neither their date of birth or age needs to be revealed. In fact, handing over personal information such as date of birth to anyone who requests sight of an ID card could generate vulnerabilities elsewhere: for example, telephone banking uses date of birth as one of the ‘secrets’ to prove who you are when you phone up. We need to be very careful that the ID card does not add to any potential identity fraud issues when there is a great opportunity for it to help enhance our privacy, as Dave Birch indicated in his evidence.

Both my written evidence and oral evidence provided yesterday will be published in due course by the Committee along with those of the other witnesses. I’'ll let you know when that happens.

I look forward to seeing the Committee’s overall conclusions and recommendations on how scientific and technological evidence is impacting public policy. There are enormous benefits to UK plc to be taken from the incorporation of scientific and technological advice into the very heart of policy-making itself.

In fact, I’'d argue that it’s essential for us to do so for our future economic prosperity.

Nice one, Jerry. Our government needs continuing almighty kicks up the arse from as many quarters as possible on this stuff, lest they plunge on towards implementing the Surveillance Society completely unchecked!

[via William Heath at Ideal Government]

identity ID Cards privacy technology politics Parliament government Microsoft

Identity Rights Agreements evolving

Christine Herron summarises the discussion at the Internet Identity Workshop over Identity Rights Agreements (IRAs):

An examination of identity rights agreement paradigms (along with much anti-lawyer sentiment) was fostered by Drummond Reed and Phil Windley at the Internet Identity Workshop. Highlights included:

Creative Commons developed license agreements in simple language, and formally articulated the casual licensing that had become a web norm. In other systems, an informal relationship between two parties is enough. What will be needed in the new identity commons?

It's hard to start articulating legal responsibilities when we haven't yet articulated user requirements for privacy. What are reasonable user policies? What are the international boundary transitions? Windley stepped up to the whiteboard in order to work up an outline for suggested user policies:

• Broadcast freely
• Share with others under the same agreement umbrella as you
• Use content for a specific duration, until revoked, or forever
• Use once and destroy
• Permissions are limited to just one of read/write/transmit

Parties could include you, related purposes, affiliates, and the public viewer
Each one of these categories can spawn lists upon lists of options. How many of these lists do we need to keep? The shorter the list, with the more concrete variables , the more likely it is to be adopted. This implies that we need a standard way of responding to issues and establishing contracts. Also, it's important to note that policies like these aren't synonomous with permission and authorization. These policies represent social agreements, which may become legal, and should be accounted for in reputation systems.

If someone breaks my as-yet-undefined identity rights contract, I can
either contact a lawyer or give that person negative feedback towards
their reputation. There haven't been many other ideas developed yet, so
Windley suggests that interested parties go to the identityrights.org wiki in order to share proposals on how to handle contract breaches. The community also needs to address issues such as: As a user, how do I manage several groups of data that are subject to different contracts? Is this list of guidelines something that is proactively enforced, or something that is referred to only when complaints arise?

Unsurprisingly, we ran out of time before coming to good resolution on these issues...look for the dialogue to continue.

The "reputation" part of all this is a big can of worms: it brings us slap bang up against the "ontology problem". The question here is what is the semantic context for a given measure of "reputation", and how do we facilitate convergence on ways of describing that intrinsically complex and subtle information across domains and individual and communal ways of thinking?

Technorati Tags: identity, ontology, IRA, reputation, subjectivity

"Identity Web"?

If Microsoft et al are intent on making "Identity Metasystem" synonomous with WS-* mediation of data exchange, how about the "Identity Web" for a broader term?

It seems like we're increasingly realising, as a broad community, that to meet the identity challenge, we have to tackle the thorny issues around SOAP v. REST web services, microformats, tagging, current-DNS identifier privacy and data security issues, new addressing mechanisms (XRI) and data level encryption—and to tackle those issues within an integrated conceptual framework.

This realisation is pointing us to a deeper reconsideration of the nature and architecture of the Web itself, rather than simply seeking to build an abstraction layer on top of legacy approaches.

It's uncertain that SOAP WS can achieve their stated overarching goal of distributed data service integration, given the data standards dependency of WS-DL, UDDI and so forth. Anecdotal evidence points to WS deployment remaining firmly bounded by the enterprise perimiter. The "Identity Web" will have to tackle the ontology problem (data exchange across diverse ontologies), and this is just not part of the WS remit, as far as I can see.

Regardless of the relative merits of various identity-enabling infrastructure technologies, though, the term "Identity Web" seems to me to have the potential to subsume the concepts associated with those technologies. In this scenario, the "Identity Metasystem" (WS-*) and "Web 2.0" (REST-ful web services) become sub-sets of the nascent "Identity Web".

Incidentally, I also find Doc Searl's "Live Web" an appealing name for the same sort of concept.

[Revised from original version]

Technorati Tags: identity, identity_web, microformat, microsoft, REST, SOAP, UDDI, ws, WS-*, WS-DL, XRI

Kaliya's identity spectrogram

This conference activity facilitated by Kaliya Hamlin looks like a physicalised version of the "value spectrum" concept I wrote about on the Identity Gang mailing list. Sounds fun!

IIW2006: Wednesday Sessions

Kaliya started the day with a call for anyone else who wanted to create new sessions and then did a “spectrogram.” She put a long piece of tape on the floor and asked questions where people arrayed themselves along the spectrum represented by the tape. She interviewed people at spots on the tape. A good way to get a feel for how the group is thinking about some things.

Value spectrums basically facilitate the mapping of ranges of subjective perceptions onto discrete objective realities: all will be explained in a forthcoming paper on the Identity Society I am co-authoring with John Madelin of BT...

Technorati Tags: identity_society, value_spectrum

Microsoft Grid?

A Microsoft Grid?

Technorati Tags: google, grid, microsoft, yahoo

Roadblocks for MoSoSo

Danah Boyd writes about the challenges ahead for MoSoSo—mobile, social software.

From the beginning of her piece:

The next step in social technologies is mobile. Duh. Yet, a set of factors have made innovation in this space near impossible. First, carriers want to control everything. They control what goes on a handset, how much you pay for it and who else you can communicate with. Next, you have hella diverse handsets. Even if you can put an application on a phone, there's no standard. Developers have to make a bazillion different versions of an app. To make matters worse, installing on a phone sucks and most users don't want to do it. Plus, to make their lives easier, developers often go for Java apps and web apps which are atrociously slow and painful. All around, it's a terrible experience for innovators, designers and users.

Looks like the mobile telcos have the same "proprietary lock-in v. open eco-system" strategy conundrum that is becoming familiar across the tech world...

Technorati Tags: mobile_devices, mososo, telco

Programming the universe

I just bought this book having heard the author talk about it on a Quirks and Quarks podcast.

The Amazon synopsis (breaking their copyright conditions, but what the heck—I'm driving traffic into the Amazon "universe" with my link!):

The universe is made of bits. The way in which the universe registers and processes information determines what it is and how it behaves. It has been known for more than a century that every piece of the universe - every electron, atom, and molecule - registers bits of information. It is only in the last ten years, however, with the discovery and development of quantum computers, that scientists have gained a fundamental understanding of just how that information is registered and processed. Seth Lloyd calls this fundamental understanding of the universe in terms of information processing 'the computational universe', and the purpose of this book is to show how the programmed, computational universe works. Starting from basic concepts of physics, "Programming the Universe" shows how all physical systems register information. It gives an accessible account of how information is stored and processed at the level of electrons, atoms, and molecules. It shows how the information processing power of the universe can be harnessed to build quantum computers and explains how the universe itself behaves like a gigantic computer, transforming and processing information. It traces the history of information processing from the big bang to the present day, and reveals how the computational ability of the universe promotes the evolution of complex structures such as life. "Programming the Universe" is the story of the universe and the bits it is made of.

Intriguing stuff...

Technorati Tags: cosmology, physical_computing, quantum_physics

Google moving into the enterprise?

Nicholas Carr ponders intriguingly Google's enterprise strategy.

The point he makes that Google's single-pointed ethos of empowering the individual doesn't necessarily cut it in the enterprise environment, where emergent bottom-up relationship behaviours looks likely to be counterbalanced for the forseeable future by a management drive towards centralised control: individual and group interests in dialectic counterpoint.

No, to crack the web-enterprise thing properly, you'd need an ecosystem technology play...

Technorati Tags: enterprise, google, ecosystem

BBC News: "Cash card taps virtual game fund"

The boundaries between real and virtual economies continue to blur. The opening of the article:

A real world cash card that allows gamers to spend money earned in a virtual universe has been launched. Gamers can use the card at cash machines around the world to convert virtual dollars into real currency.

The card is offered by the developers of Project Entropia, an online role-playing game that has a real world cash economy.

Last year, a virtual space resort being built in the game was snapped up by a gamer for $100,000 (£56,200). The buyer, Jon Jacobs who plays in the game as a character called Nerverdie, is developing the space station into a virtual night club through which the entertainment industry can sell music and videos to gamers.

"We're bridging the gap between virtual reality and reality right now," said Jan Welter, founder of Project Entropia.

Technorati Tags: e-cash, economy, gaming

I-Tags

Mary Hodder, Kaliya Hamlin, Drummond Reed, and Andy Dale have come up with a draft specification for I-Tags.

From the I-Tag wiki home page:

The basic idea of an I-Tag (identity tag, independent tag, intelligent tag – take your pick) is that a user could tag an object on their own site (photo, video, sound file, text or an entire blog post), where the tag, and the object, could then go out through the RSS feed or be spidered, with some additional information that doesn't now exist in tags.

This tag and object would include the author's identity, the licensing for that object (if needed -- presumably people would use this more for rich media objects than for just a blog post, as most blogs already have licensing generally for text on the blog), the tag type, and the tag value(s). I-Tagging would remove the requirement for a tag to be coupled with the originating URL (blog post URL) because identity would be inside it. It would allow CC licensing of individual media objects, which rich media producers want to do sometimes, in order to differentiate the rich media object from the rest of their blog, which may have different licensing.

I-tagging would also address these other user desires besides those who wish to add links to their tags:

1. Create tags that are visible on the blog as well as to RSS feeds/spiders but which do not result in an explicit link.
2. Create tags that are not visible on the blog but still trusted (like categories, which in some cases are not visible on the blog but are still included in tag systems like Technorati's, where of the 100% of tags, 95% are actually category entries and only 5% are explicit tags).
3. Create tags that can be independently verified, to prevent tag spoofing and tag spamming and support the development of reliable author reputation systems.

I-tagging would also be completely compatible with current tag formats/systems, i.e., it would:

• Still allows users to create tags that do have explicit links if the user wants them.
• Be backwards compatible with Technorati's rel-tag and rel-license microformats, while enabling the additional functionality described above.

Interesting. Certainly, the way that Technorati tied tag links to a namespace always seemed to me to be primarily motivated by a desire to drive traffic to their own site, so decoupling I-Tags from namespaces seems like a positive move. Similarly, the decoupling of I-Tags from content-hosting URLs further frees content from a fixed network context.

Technorati Tags: itag, microformat