Equals Drummond

I’m biased but I think this post is one of Doc Searl’s best about VRM and what’s going to compel it forwards. It’s about the July 31 Wall Street Journal article about behavioral tracking on the net.

He’s been preaching that a paradigm change is coming and he’s dead right (hint: see PDS). That’s why I’m travelling all the way to Boston for the VRM+CRM conference Aug 26/27 in Boston. This despite my standing rule of NO CONFERENCES IN AUGUST. (Damn fool Americans need to learn from the Europeans about how to enjoy life, especially summer, especially in Seattle.)

But I’m making an exception this year (and also for the Privacy Identity Innovation 2010 conference, which is easy because it’s in Seattle) because this paradigm shift is so important.

And because it’s one of the key breakthroughs that user-centric identity has been developed to enable.

My primary involvement as a member of the board of the Data Portability Project has been input about XDI as an open standard for portable data. But I’ve always been very enthusiastic about DP’s work on Portability Policies. The DP Project just announced their first Portability Policy deliverable via this blog post on TechCrunch.

On the DP Project board call this morning I shared the view that Portability Policies are an inevitable first step — and a highly welcome one — towards widespread adoption of personal data stores (see my posts earlier this year about PDS here and here). When PDS finally arrive, the irony is that the policy will turn in the other direction, i.e., the individual will have their own data sharing terms and the vendor will be agreeing to those. That’s the essence of VRM.

Iain Henderson of VRM pioneer Mydex is already working on the terms for such an agreement at the Information Sharing Working Group at Kantara.

Bit by bit, the age of personal data stores and personally-controlled data sharing is dawning.

Joe Andrieu has a wonderful way of cutting the Gordian knot on complex socio-technical topics, with clear prose, compelling arguments, and clever illustrations that explain why you should look at something decidedly differently.

Now he wields that knife on the very knotty “problem” of data ownership.

I passionately agree with Joe (and his Kantara Working Group co-chair Iain Henderson) on this subject; I suspect it’s because my perspective on it was long ago warped by the lens of XDI, which itself is a new way of thinking about data.

Turn the telescope to look at personal data from the standpoint of who controls its  sharing with whom, and many pieces finally come into focus.

Keep that in mind as we move into an XDI-enabled world.

According to Facebook founder Mark Zuckerberg, yes. See the video with your own eyes and read the ReadWriteWeb analysis of the interview he did with TechCrunch’s Michael Arrington.

Is the age of privacy really over, or does Mark Zuckerberg just want it to be over?

Myself, I don’t think so. Istead what’s headed for extinction are companies that try to make their money by convincing people they need less privacy.

Watch this space – more coming on this topic coming soon.

This entire fall has been intense with work, thus the paucity of posts here. The holidays brings a welcome respite and a chance to catch up with a few key mental threads.

One of them is the growing awareness of the need for what the VRM community calls personal data stores (PDS). The concept is relatively simple: an online store for your own personal data — anything from classic PII (personally identifiable information), such as your identity and contact data, to any other data that you generate or control (files, blog posts, pictures, papers, music, videos, etc.)

Three things have surprised me about PDS:

1. How generally accepted the notion is by almost anyone who spends much time online, even folks well outside the identity community. It’s a relatively intuitive idea as soon as you understand the basic premise that individual people should have their own data source online.
2. How many names have been applied to the same general concept. As I indicated, PDS is only the term applied by the VRM community. The same general concept has been called probably a dozen other names. Here’s an excellent blog post by Mark Dixon that calls it a Personal Identity-Persona Service and a Security Identity Bank Vault.
3. How hard it is to implement. Though there have been several attempts, such as the Mine! Project, nothing has come remotely close to catching on yet.

I have several theses as to why this is so (and yes, the need for a Internet data sharing standard like XDI is high on the list), but I’ll save those for another blog post.

Here, I’ll just conclude with a simple prediction: it’s a threshold problem. Once the first practical solution for PDS starts to take hold, it will catch on and grow just like the first social networks did. The only question is what application will provide that initial traction.

At the Glue Conference this week I’m enjoying a great set of speakers lined up by Eric Norlin on the topic of how everything in the networked universe gets glued together using Web 2.0 tools and beyond. (The talk Mitch Kapor gave this morning was worth the trip all by itself.)

In a few minutes I’ll be on a panel called Implementing the Open Web. In chatting with Lloyd Hilaiel of Yahoo, Kevin Mullins of MIT, and Phil Windley of Kynetx about this topic last night, we hit on one key point that Phil articulated this way: “People tend to conflate ‘open’ with ‘public domain’, i.e.,  that anything that qualifies as open must be freely available to all.”

It struck me how true this is. It reminds me of the Richard Stallman quote describing open source (cited in the Wikipedia Gratis versus Libre article): “Think free as in free speech, not free beer.”

In terms of data on the Open Web, what this means that even though a particular pool of data may be available via an open standard, publicly-accessible interface, it does NOT mean this data must be publicly available to anyone. If that were true, the whole concept of a personal data store — a key premise of VRM (Vendor Relationship Management) — would not be possible.

So what makes any system or node participating in the Web “open” is not that its data is public, but that the metadata and services for accessing it are available via a publicly discoverable, open-standard interface. The public discovery portion of this is the goal of the XRD work now underway at the XRI Technical Committee at OASIS (based on the original XRDS work – see this blog post by Eran Hammer-Lahav of Yahoo to understand the differences). The open standard portion is the output of IETF, W3C, OASIS, and all the other SSOs (standards-setting organizations) for the net. (The potential of the Open Web Foundation, once it finishes its bootstrap stage, is to make this process of creating open standards even more lightweight and distributed.)

This combination – open discovery of open interfaces accessible over open protocols – is the DNA of the Open Web. And it applies equally to both public and private data. In fact it can finally open up what might be called the Permissioned Web - the Web of all all data that any one party has permission from other parties to access.

That would lead us to the need for integrating identity and permissions with the data, which brings us to the motivations for XDI as a semantic data sharing format/protocol – but my panel is about to start so that will have to be another post.

I’m going to start referring to her as the Venn Queen. Eve Maler has done another Venn diagram, this time to show the relationship of whole areas of the “user-centric” sphere of activities. Going into Digital ID World next week, I’ll use this to help orient conversations around why there needs to be a simple, consistent way for users to control and manage identity and data sharing relationships no matter what site, application, or type of relationship is involved. We just need to build it! (hint: OpenID + relationship cards + XDI =

So much for the naive thought that I’ have time at the Burton Catalyst conference last week to finally blog about two subjects near and dear to my heart that I knew would be covered at the conference. It backfired because they were too topical — all available time was consumed by related conversations.

I did manage two posts about the first one — launch of the Information Card Foundation — about which there will be much more to say in the coming months.

But the other one — relationship cards — is long overdue. I first promised to blog more about r-cards after both doing a demo and hearing Bob Blakley’s fantastic talk on The Relationship Layer at Spring IIW in May. Then Joe Andrieu and Eve Maler both posted about them and asked me to add more details. Then I fell into an abyss of work (actually building this stuff) from which I have yet to climb out.

But Bob’s new talk on The Relationship Layer at Catalyst last week, followed by Eve’s talk on The Care and Feeding of Online Relationships, plus the upcoming VRM (Vendor Relationship Management) Workshop at the Harvard Berkman Project on July 14-15, compels me to finally post about why I believe r-cards may be what finally pushes Internet identity across the chasm.

—-

First: what is a relationship card (”r-card”)? At the most general, the definition I would offer is:  “a digital object instantiating a mutually authorized data sharing relationship between two or more parties on a network”. The abstraction is intentional: the generic concept of an r-card, like the generic concept of a folder, a link, or a network, can take different forms in different implementations.

To take a step more towards the concrete, the concept of an r-card was conceived at the Higgins Project as a new kind of information card (i-card). For their part, i-cards were first conceived by Kim Cameron and team at Microsoft, where they have been promoted as a key element of Microsoft’s vision of an identity metasystem. These memes subsequently took hold at Higgins, among other places, where the concept of an i-card was generalized to the definition that currently appears on Wikipedia:

An i-card is a rectangular icon displayed in the user interface of an identity selector (sometimes also called an identity agent) that represents a digital identity–a set of claims about some entity (typically a person, but it could also be an organization, application, service, digital object, etc.).

The i-card metaphor is based on familiar physical identity credentials like business cards, credit cards, library cards, association cards, driver’s licenses, badges, etc. However, just as computer file folders are similar to but more powerful than real-world file folders, i-cards are similar to but more powerful than real-world identification cards. The i-card metaphor is identical to the information card metaphor used in numerous identity selectors.

So what distinguishes an r-card from a plain-vanilla i-card? The capability to instantiate an ongoing data sharing relationship. In other words, a standard i-card invokes a one-time exchange of a set of digital claims using a security token. An r-card, by contrast, exchanges a set of claims and associated policies that enables both parties to continue to share other information over time, e.g.:

• Updates to the initial values of the claims
• New claims
• Permissions and controls over communications via other channels
• Changes to the r-card itself

A simple analogy would be: a standard i-card is like showing your driver’s license to a bartender to prove you are of age: you use it once and put it away. An r-card is much more like giving a business card to an associate or a customer: it is an invitation for an ongoing relationship via the address(es) and other information shared on the card.

—-

But while instantiating a private data sharing channel by exchanging a digital object is cool — sort of like RSS on steriods — for some reason that aspect alone doesn’t capture the real power of r-cards. Case in point: after a live participatory enactment of how r-cards work with audience members during the first day of IIW in May (all based on business cards, scissors, and string — no computers involved), several audience members came up to me and said, “Why didn’t you show this years ago? Anyone can understand the value of r-cards. They are the most compelling use case we’ve ever heard for all this Internet identity stuff.”

After that experience, even I was trying to grok what it was that made r-cards so intuitive and attractive. I was having trouble putting it into words until I was listening to Bob Blakley’s talk on The Relationship Layer again at Catalyst last Wednesday morning. At the midway point, he put up an “intermission” slide with five bullets summarizing the first half of his talk. Two of them hit me like they were shot out of a gun:

Relationship is the context which protects the security and the privacy of identity information.

Identities are built in the context of relationships.

This Copernican revolution Bob was proposing — that relationship is really the sun around which identities orbit — suddenly made me look at r-cards in a new way. It wasn’t just that r-cards enabled bidirectional data sharing. It was that r-cards create the context for a relationship. And by doing so, they call forth all social dynamics of real world relationships that are often missing on the Web today. Dynamics like:

“I am more inclined to trust you because we both know if you break that trust, I can terminate the relationship.”

“Of course you wouldn’t share our private shared information outside our relationship — friends always respect each other’s privacy.”

“Each of us shares information in proportion to the value it brings to the relationship — both of us are incented to build that value.”

That’s why people find r-cards so intuitive — they are a way of creating and managing the same balanced, mutually-controlled, give-and-take between two parties over a network that we have in the real world relationships we manage every day. And they can apply to any form of relationship — person-to-person, person-to-community, person-to-employer, person-to-vendor, etc.

—-

Okay, okay, at this point I know all the geeks are screaming “enough with the soft stuff — where’’s the technical beef??” I don’t want to duck that question, because as I’ve told Joe Andrieu, chair of the VRM Standards group, I’m knee-deep in it every day. But with the limited time I have left for this post, I can only give the high-level recipe we are currently putting to the oven test at Parity and the Higgins Project:

• Take a conventional i-card as currently defined by the Microsoft ISIP documents (which can’t get into an SDO fast enough).
• Add an OpenID — or to be precise, an identifier on which you can do XRDS discovery to locate a data sharing endpoint. In Higgins we call this form of identifier a UDI (Universal Data Identifier).
• When the r-card recipient receives the r-card, use the UDI to perform XRDS discovery of an Internet data sharing protocol supported by both parties.
• Intiatite data sharing via the selected protocol, using the UDI and other supporting claims on the r-card as necessary.

Of course readers of this blog know what data sharing protocol I have in mind: XDI — specifically the XDI RDF model. It’s particularly well-suited to r-cards because XDI link contracts provide a portable, machine-readable description of the mutually-agreed data sharing controls. But it’s important to clarify that any data sharing protocol supported by both parties will work. As an example, Asa Hardcastle showed a wonderful demo of OpenID-enabled Liberty ID-WSF at Spring IIW, and we are deep in conversations about how UDI discovery for ID-WSF endpoints can work. OpenID Attribute Exchange is another option because any OpenID identifier can already support XRDS service discovery.

—-

I know that’s only the tip of the iceburg, but this is a huge topic that I’ll be posting about for months. For example, in Bob’s talk he showed a relationship schema that he, Lori Rowland, and their colleagues at Burton group have already started to develop. I eagerly anticipate working with them to map that to XDI link contracts to make sure we have all the bases covered.

And I’d like to find time to start posting some example r-card XDI messages using super-simple X3 format to illustrate common use cases like the VRM personal address manager.

But right now I’m going to work on maintaining a particularly important relationship — with my wife — by getting to bed!

YAF? (“Yet Another Foundation?”) Some in the identity community have had that reaction to the announcement of the Information Card Foundation (ICF) today at the start of the Burton Catalyst conference in San Diego.

As one of two members of the ICF board who also serve on the OpenID Foundation (OIDF) board (Mike Jones is the other), and also wearing my Identity Commons steward’s hat, let me share some perspective on this.

Last spring I had the pleasure of working with Eve Maler on an IEEE article called the Venn of Identity, based on Johannes Ernst’s original diagram of the three “pillars” of Internet identity development: SAML/ID-WSF, OpenID, and information cards. The paper was an opportunity to compare and contrast the strengths and weaknesses of all three approaches. I could not leave it without the feeling that the ultimate solution­—the “TCP/IP of identity” as it is often called—lies somewhere in the overlapping middle.

Exactly where, I’m not sure anyone can say yet. What we can say, to borrow an analogy from OIDF board discussions, is that if you want to climb the Internet’s never-been-summited Mount Identity, it’s best not to ignore any promising route.

(As I write this I have firmly in my mind a picture of the glorious Mt. Rainer, the Northwest icon that anchors the southwestern skyline of Seattle. Though I have never climbed it myself—I hope to someday with my two sons—many of my high-school classmates have, including one friend whose ascent with famed mountainer Willi Unsoeld ended in tragedy when Willi and a student were killed in an avalanche at Cadaver Gap.)

In this decade we have made great progress up that mountain. An early, well-equipped group of explorers have pushed steadily up the SAML couloir. Then a second party banded together to attempt the OpenID ridge. Now a third group is navigating by way of the Information Card snowfields.

The closer we come to the last and steepest slopes—the hardest and most dangerous part of the journey—the greater the chance we can all help each other take the peak (a lesson Willi would have preached in spades). In fact paths of intersection are starting to appear everywhere. OpenID information cards. OpenID login to ID-WSF. SAML SSO with OpenID. Relationship cards.

I’ll sum it up this way: ever since the “i-card” session at the Berkman Identity Mashup in June 2006, I’ve been convinced that identifiers (OpenID) and claims (information cards) are both essential tools for scaling the mountain. And I’ve always felt that assertions (SAML) and identity services (ID-WSF) could not be left behind either.

So while it may appear from a distance like introducing the Information Card Foundation adds another divergent element to an already confusing landscape, I see just the opposite. It fills in a key piece of the trail that will help us connect other routes and advance everyone’s efforts. Until pretty soon (shall I go out on a limb and say the end of the decade?) we’ll break through the last ice shelf and summit the mountain.

And just imagine the view from there.

Denise Caruso published a wonderful article in Sunday’s New York Times on a subject very close to my heart: how to best go about protecting personal identity, profile, and preference data as new technologies like OpenID, Higgins, and XDI make it possible for individuals to aggregate and share this information much more easily. Call it the “new power of personality” – digital personality.

One of the most intriguing ideas Denise covers in the article is one from Mike Neuenschwander, Lori Rowland, Bob Blakely, Jamie Lewis, and their colleagues at the Burton Group. They propose the idea of a new legal entity explicitly for protection of personal identity data: the Limited Liability Persona (LLP, a nice play on the Limited Liability Partnership). Given the amount of time I’ve spent at the intersection of law and technology and personal data, I’m increasingly believing that the Burton Group is right – digital personas will be granted their own status as a legal construct, just as corporations, patnerships, and sole proprietorships have been in many jurisdictions. I blogged about the LLP when I first heard Jamie Lewis speak about it at Digital ID World 2006, and I think it’s time may be coming. I’m adding it as a category on this blog, and I’ll make it a point to keep reporting on it as it develops.

Last week I mentioned the Social Web User’s Bill of Rights that was drafted for the Data Sharing Summit last Friday and Saturday. When it was first posted, it included the phrase, “ownership”, as in “user’s should own their personal data”.

Mary Hodder, the entrepreneur behind Dabble.com, Paul Trevithick, and I were initially wary of using this term for two reasons:

• “Ownership” is very tricky legal territory, not just in the U.S. but all over the world. Personally I believe the term “identity rights” and “identity rights agreements” is actually more appropriate (see more below).
• Mary made the point that it’s really “co-ownership”, i.e., when users share data with sites, it’s for the benefit of both, and sites need to know they can use the data to provide the services they are giving the user.

However in a blog post today, Mary said that after conversations at the Data Sharing Summit, and then with others in the industry and Dabble advisors, she became convinced that the spirit of “ownership” is correct, and so she’s endorsing the Bill of Rights and adjusting the Dabble TOS (Terms of Service) to reflect this concept of user ownership of their data.

Good for her. I fully agree that the spirit is right, and so, with the caveats I expressed above, I’m on board too. So is Doc Searls in a post he just made.

Interestingly, the very last session at the Data Sharing Summit (in fact, after the closing circle – that’s how dedicated the attendees were) was on Identity Rights Agreements (IRAs), a Working Group formed at Identity Commons in the spring of 2006. The whole idea of IRAs is that users actually license their data to sites, and that if the IRA Working Group could come up with a small set of easily understood user data licensing provisions, similar (but not identical to) the Creative Commons license suite for digital works, it could usher in a whole new era of increased trust between users and sites.

Victor Grey called the IRAs session because he’s doing XRI-based data sharing projects where he needs IRAs today, and he wants the IRAs Working Group to start publishing even very simple ones just to get the learning started (Creative Commons licenses all went through several revisions too).

The outcome of the session was to jumpstart the work of the IRAs Working Group. Victor has already set up the mailing list. Please do join us if you support this work and want to help.

I believe IRAs have the potential to remove the last social hurdle to standardized user-controlled personal data sharing (XDI removes the last technical hurdles). I intend to be very active on the IRAs Working Group (as badly time-sliced as I am these days) so that we can make user ownership of personal data not just laudable but actionable.

Certain events scream out for live blogging. The Data Sharing Summit is one of them. So these are my notes from first half of Day 1. (Then why are they being posted at midnight, you ask? Because there was too damn much to talk about during the second half of the day. More on that tomorrow.)

First, this is the list of problems that attendees want to see addressed:

• The distributed schema mapping problem – how do you map across zillions of different local schemas?
• The “Social Web Bill of Rights” or “identity rights agreement” problem – how can you have “Creative Commons licenses for data sharing”?
• The protocol problem – how do you move social graph data around?
• The “too many IDs” problem – how can we not require more IDs (even with OpenID there is starting to be a proliferation of IDs)?
• The directory or “friend discovery” problem – how do you find other people in the social graph (a “People’s Guidestar”)?
• The addressing problem – how can data be addressed in a consistent manner across distributed locations?
• The user privacy and control problem (also called the “fear” or “surprise” problem) – how can users not be spooked by the idea of their social graph data “getting loose”; how can they maintain control over portable social graph data?
• The granular access control problem – how can control be easily brought down to the individual attribute level, e.g., date of birth?
• The regulation problem – how can social graph portability be accomplished within the bounds of data sharing regulations that currently do not permit certain types of personal data to be shared across certain jurisdictions?
• The safety problem – how can portable social graphs not be subject to the same spam, phishing, and phraud problems as email and the Web?
• The political problem – how can we make it “politically necessary” for sites and applications to offer social network graph export?
• The “friend description problem” – how can we have a interoperable means of providing richer description of “friend” relationships?
• The calendar sharing problem – of all the different types of social graph data, how specifically can we reach alignment over sharing of calendar data?
• The adoption problem – what are the compelling uses of social graph portability that will drive large-scale adoption?
• The internationalization problem – how can attribute sharing work across all world languages?
• The user experience problem – how can social graph sharing operations be made simple and understandable to everyday Web users?
• The operational problem – how will large-scale data sharing affect network loads, caching, firewalls, security perimeters, etc.?
• The “invitation fatigue” problem – how can we stop being overwhelmed by yet another source of messages and “click-to-accept” links?

Second, this is the list of solutions being offered at the DSS:

• An OpenID interoperability testing service (Marc Canter)
• A new open source project & community for social data portability using Higgins and Higgins context providers.
• A community dictionary service for schema mapping (Markus Sabadello, Drummond Reed, Paul Trevithick)
• Different companies offering the potential to have open APIs for sharing their social graph data (AOL/AIM, Yahoo, Google, Cyworld).
• OpenID-based attribute exchange (Dick Hardt & Sxip)
• An open API format for social network portability and sync’ing (Brad Fitzpatrick and David Recordon)
• A social network export service (Upscoop from Rapleaf)

Third, here are the demos that were shown before lunch:

• Cloudtripper: Paul Trevithick and Markus Sabadello showed how Higgins in conjunction with Higgins context providers (code chunks that know how to talk to specific data sources) can be used to pull a user’s social graph data together directly to their own desktop client.
• Community Dictionary Service (CDS): Markus Sabadello and I demo’d a new service contributed to the Identity Schemas Working Group at Identity Commons. Intended to help solve the schema mapping problem for highly distributed data sharing, the CDS is a “Wikipedia for machines” – a way for applications to discover and map elements from different data schemas. (I’ll blog a bunch more about this after the Summit is over, but please do see it for yourself.)
• FOAF crawler: David Recordon (now back at Six Apart) showed a service that crawls public FOAF, XFN, or other relationship metadata to produce aggregated social graphs.
• Pownce: Leah Culver demo’d a social network aggregation service that lets users aggregate their own social graph.
• XRI-based data sharing: Mike Mell showed an implementation of a data sharing solution based on XRI structured identifiers for La Leche League International.

No, I haven’t fallen off the face of the earth. But this has been a summer of big transitions — big enough that it will take several posts to cover it all.

Yet on this, my first day “back to school”, I want to share the simple observation that the value of “vacation mind” is vastly underrated. Robert Pirsig, in Zen and the Art of Motorcycle Maintenance (don’t get me going on that book) doesn’t use that phrase precisely, but he does refer very eloquently to that heightened state of energy and creativity you enter into after you’ve been out fishing for a few days and have completely relaxed inside and out. Once your mind is truly “off” things…

…suddenly it’s able to get “on” things like never before.

I’ve experienced it every year now for four years running (after two-week plus summer vacations) and I can’t rave enough about it. I come back to an explosion in new ideas and perspectives that seems to drive me forward until at least Christmas.

There’s great juju there. I look forward to exploring that phenomena in more detail once there’s a breather. But there’s not going to be a breather for quite a while. After Brad Fitzpatrick’s and David Recordon’s Thoughts on the Social Graph set a wildfire last month on the topic of social network portability, and now with Marc Canter, Joesph Smarr, Robert Scoble, and Micheal Arrington publishing a Bill of Rights for Users of the Social Web; and with Marc and Kaliya facilitating the Data Sharing Summit starting Friday…

…this new “school year” at the University of Digital Identity and Data Sharing is going to be a whopper. And fresh from vacation mind I’ve got a huge backlog of topics to write about. I’ll squeeze them out as fast as I can squeeze them in.

May 3, 2006, mid-afternoon. The second Internet Identity Workshop had just wrapped up. It was so thick with sessions and discussions that Paul Trevithick, Andy Dale, and I just kept passing each other in the halls saying, “We need to talk!” but never having the time to actually do it.

We finally agreed to meet in one of the conference rooms after the main event was over. We migrated to a whiteboard and started drawing pictures to help us answer the key questions that kept coming up over the past two days, “How exactly are Higgins and XDI different? What does Higgins do that XDI doesn’t and vice versa?”

There was great irony in this. Besides heading the Higgins project, Paul is a member of the XDI Technical Committee (TC) at OASIS. Besides being the leading implementer of XDI, Andy has been a member of the Higgins project. And I’ve been working with both of them for several years now. Yet still none of us had a really good answer to this question.

As we kept drawing and redrawing the diagrams on the whiteboard, wrestling with how things lined up, I noticed Kaliya, Doc Searls, Phil Windley (collectively the organizers of IIW), plus several other late-stayers had joined the room and were happily monitoring to our progress. They were as interested in the outcome as we were!

I stil remember the late afternoon sun streaming in though the second-story window of the Computer History Museum as I pondered that whiteboard. All three of us had the unsettling feeling that there was much more to this story than we were able to divine off this particular diagram at this particular time. And then poof, our fifteen minutes was up and we all had to split for our respective trains, planes, and automobiles.

But the question was NOT answered, and it kept gnawing at the three of us. It was still there at Digital ID World in September, only now it was starting to surface in another direction: the relationship of OpenID 2.0 (which supports XRI) and Higgins. Could Higgins support both OpenID authentication and CardSpace authentication of the same digital subject? If so, was a URL or an XRI the common identifier of the subject? And how would this relate to attribute sharing?

Again the three of us swore we needed to get in a room together to get to the bottom of this and finally answer these questions – for ourselves, and for everyone else that was asking. We even knew of at least one context where we might get that opportunity – a new project from Paul Hawken’s Natural Capital Institute called WISER (World Index for Social and Environmental Responsibility) that will provide an indexing and data sharing platform for the entire international NGO/civil society sector. It looked like an effort on which we could all collaborate.

Still it took until December for the WISER Commons project to gel to the point where we could finally schedule three days together last week to develop a recommended identity and data sharing architecture for WISER.

As planned, the first day we spent understanding the requirements of this groundbreaking project (about which I’ll blog more soon). This gave us just what we wanted: several flagship use cases against which we could compare the Higgins and XDI architectures in detail. The next morning we sequestered ourselves in front of a white board in a conference room at Andy’s offices. We took the first use case and started diagramming it. Step by step by step we worked through how it would be implemented using the Higgins framework and the XDI protocol. But this time, where before we had drawn big boxes and circles and arrows…we started drilling down. Blowing up each box into its subcomponents and drawing the next level of circles and arrows…and when we got stuck, drilling down to yet another level below that.

As expected, there was a boatload of terminology frustration on both sides. Higgins uses “context”, “contextref”, “digital subject”, “subjectref”, and “context-unique ID” or “CUID”. XDI uses “authority”, “type”, “instance”, “i-name”, “i-number”, and “cross-reference”. But as we slowly peeled the onions, we began recognizing intersection points from which we could start mapping the terms.

For example, we knew going into it that both Higgins and XDI were based on schema-independent, context-independent data models, and those models are fundamentally based on RDF subject/predicate/object graphs. But it wasn’t until we peeled the onion all the way down to these core data models and started drawing the RDF graphs that we found ourselves not only on solid ground…

…but common ground. Acres of it. Whole continents of it. In fact, as we used to say at the gold dredging operation where I worked in Alaska, we hit bedrock – and that bedrock extended all the way under the mountain range.

Suddenly for the first time we were no longer looking at each other as “the other way of doing it”. Instead we saw we were both on the same side, building fundamentally the same thing: an interoperable way of sharing data between any two systems and applications.

The next morning when we reconvened with the WISER Commons team we hit upon the perfect analogy: it was exactly like the transcontinental railway projects in the 1800s. Higgins was building from East to West (Paul being from Boston), i.e., from the user-interface and application layer down towards the protocol layer (Paul coming from a background in page layout and desktop publishing). Andy and I and the rest of the XDI TC had been building from West to East (Andy being based in Berkeley and me in Seattle), i.e., from the protocol layer up towards the application and UI layer (Andy coming from the enterprise database and messaging world).

And although we had been building two entirely different railroads for moving data from coast to coast, suddenly here we were, meeting in the middle of the continent. And, to our mutual astonishment, finding that we were both using the same guage tracks! In other words, with a little work, you could hook the two together and data would flow as smoothly up and down the Higgins/XDI stack and across Higgins/XDI-enabled systems as steam locomotives could move across the interconnected intercontinental railway system.

The secret was the guage itself – RDF. We had both arrived at it as the common core model for data description. And although the railroads we have respectively built from it have many different features and can go different speeds and handle different types of passengers and freight in different ways, they are fundamentally interoperable.

So we dubbed this “The Golden Spike Meeting” of Higgins and XDI (Laurie Rae informs me that in Canada it was called “The Last Spike”, but there’s something more romantic about a golden spike). And hopefully it will represent as important a milestone in our progress towards an open interoperable data sharing layer for the net. At a minimum you can know that Paul and Andy and I are committed to bolting these trains together as quickly and efficiently as possible and showing for real how the data can just start moving.

All aboard!!

Many of us in Internet identity like to joke about how we all work for Doc Searls, since he’s the one who initiated the Identity Gang and the whole current movement towards user-centric identity. But we may all seriously end up working for Doc in the new industry he’s setting out to create: VRM (Vendor Relationship Management). You can get a feel for it from the VRM wiki at Harvard’s Berkman Center, and there’s already a serious set of bloggers explaining how it will be the next big thing.

All I can say is: VROOOM! We can’t get to the starting line fast enough. As powerful as you think this idea might be, wait until the rubber meets the road and VRM services and solutions start hitting the market. It’s going be a tangible example of what Kim Cameron calls the “identity Big Bang”.
Like the Cluetrain Manifesto, I don’t think anything short of crawling inside Doc’s brain can really explain how much VRM will change marketing and CRM as we know it. But I plan to do everything I can to help, and with luck that will be plenty, because this is EXACTLY the kind of application for which XRI/XDI infrastructure was conceived.

I’ve added VRM as a category to my blog, and plan to attend Doc’s VRM development workshop before his Mobile Identity unconference at the end of January, so watch for more stories on it as the New Year unfolds.

I should have suspected this — we finally get to the biggest inflection point in the evolution of i-names and I’m too busy to blog about it.

Oh well, that’s life. In less than two hours we finally flip the switch on the first user-centric digital address registry. See the news at http://biz.yahoo.com/prnews/060620/nytu091.html?.v=54

The ceremony itself is going to be the simultaneous popping of a dozen champagne bottles (some non-alcoholic) representing the first 7 i-brokers (see the list), 4 XRI registry infrastructure developers (XDI.org, Cordance, NeuStar, and AmSoft), and 1 for the users of the world to whom this is all dedicated (and whom we’re asking Doc Searls to represent. After all, as Paul Trevithick put it in a session this morning, all of us in user-centric identity ultimately “work for Doc”.)

My hope is that this is one more tangible step in the road to Doc’s vision of Internet identity infrastructure that truly empowers all of us as users.

Phil Windley just posted a good assessment of what is becoming one of the key topics in the growth of interoperable Internet identity infrastructure — i-brokers and their business models. Phil makes the point:

There will be hundreds of identity providers and I’ll have accounts at dozens of them. Still, I don’t want to pick which identity provider I choose to use for a particular task according to what protocol they speak (that should be below the radar) but rather according to other “business” criteria. I may choose to use my Amazon account sometimes and my BYU account other times.

Phil is spot on. With all the focus on digital identity protocols and technologies, it’s easy to miss the obvious: in most cases an i-broker is going to have strong business motivations to shield his/her customers from needing to care about the technical details at all. Just as I have no idea how my bank clears a check, settles my credit card, or handles a wire transfer, most i-broker customers are only going to care that:

• their single sign-on service works everywhere they want it to (hmm, sound familiar?)
• their contact page functions flawlessly and doesn’t let any spam through.
• their forwarding service maintains persistent links to anything and everything that matters to them.
• their calendar/photo/file/other data sharing service operates without a hitch with all their devices and all their contacts.

It’s not rocket science: ISPs maintain our physical pipes, i-brokers will maintain our “social pipes”. Yes, there many more security/privacy issues at this higher layer, but the protocol people (SAML, Liberty, WS-*, XRI, OpenID, LID, SXIP, DIX, XDI) will provide the basic plumbing to get the job done. The role of the i-broker is to be the water company: make sure the social data flows smoothly and doesn’t leak.

Funny, but I remember being at BBSCON (remember that) in 1991 when the term “ISP” was just starting to be used. Within three years it was almost ubiquitous. At Digital Identity World the past two years, there hasn’t been a single session on “Becoming an I-Broker”. How much do you want to bet that this is one of the most popular sessions at Digital Identity World 2007?

Objectivity of the press? If you read this CNET article you’d think the Higgins project from Social Physics and Parity is a competitor to Microsoft’s InfoCard architecture. Nothing could be further from the truth. In fact the two have been collaborating closely for months now.

But rather than rail against the tendency of the press to look for controversy (which could leave us here all day), I’d rather make the point that Higgins and InfoCard are in fact very complementary. InfoCard as an authentication mechanism can fit nicely into the Higgins framework for relationship management and vice versa. I encourage anyone looking at Internet identity and relationship management technologies to check out both.

Paul Madsen makes another very good point about identity rights agreements (hmm, the acronym is going to end up “IRA”):

This work would be really interesting & valuable. Identity agreements and their identifiers could be common across particular identity systems (e.g. Liberty, Shib, OpenID, LID, SXIP, WS-*, etc) and so serve as a key piece of any metasystem that underlies or unites such systems.

Paul also points out (as has Peter Davis to me in an email) that…

Liberty ID-WSF has a container in our protocols for carrying such identifiers (an empty container because, as yet, we have not ourselves defined any policy syntax or identifiers – despite some early work along this route).

I believe it would be ideal for Identity Commons to work with Liberty Alliance and all the Identity Gang participants to define this vital new piece of the identity metasystem. I continue to have the feeling it may just be the fuse on Kim Cameron’s “identity big bang“.

The term “identity rights agreements” was coined by Phil Windley, Doc Searls, and friends in a discussion about identity after OSCON last summer. The full story is in a blog post with that title by Phil.

At the Internet Identity Workshop last October, we held an open space session by that name because a number of Identity Gang folks have been talking about the general concept for several years now. In particular, from an XRI/XDI perspective, identity rights agreements fit perfectly with the concept of data sharing controls embodied in link contracts.

Now the idea is moving from concept to reality. Identity rights agreements are becoming one of the galvanizing forces for a revitalized Identity Commons. One of the reasons is the oft-used analogy that “Identity Commons should be to identity rights what Creative Commons is to copyright”.

I want to take a moment to explain why I believe this analogy may be so profound — and thus why identity rights agreements may become one of the hottest topics in digital identity.

The trigger for these thoughts was Bob Blakely’s post On the Absurdity of Owning One’s Identity, in which he makes an argument why Kim Cameron’s First Law of Identity is, to use another legal term, “unenforceable”. While I think Bob makes a number of strong points in his post (and illustrates them with fascinating, richly researched examples — who says the art of the essay is dead?), I ultimately disagree with his conclusion only because I think he misinterprets the importance of the first word of the First Law:

Technical identity systems must only reveal information identifying a user with the user’s consent.

In other words, although much of what Bob says is true, only it applies to the people and businesses that operate identity systems and collect/disseminate identity data, not to the technical systems themselves, which is what I believe Kim meant the First Law to apply to.

But that’s a different subject. What really struck me about Bob’s essay was the knock-down-brilliant points he makes about the fundamental privacy concept of “consent”. To quote his introduction to this topic:

Consent

Negotiating the terms on which you will disclose self-image information is what Consent is all about.
In many cases there are laws and regulations constraining what an organization can do with information it collects about you in situations like this, but you don’t control the content of those laws and regulations – so you’re not making the rules (and in fact the interests of society and the interests of corporations influence the content of laws and regulations at least as strongly as the interests of individuals).

If you want to control your identity based on consent, you have to decide between two approaches:

1. Build one set of terms which covers all uses of your information, and let an automated system take care of negotiating your terms and enforcing your rules. In this case, you need to figure out in advance what all the possible scenarios for use of your identity are, and write a policy which covers each scenario.
2. Negotiate terms manually each time someone asks for your information. In this case, you need to get notified each time someone tries to use your identity, and make a decision about whether or not to grant consent.

Case 1 clearly isn’t going to work all the time; you can’t know in advance what benefits are going to be offered in exchange for identity information, and you can’t know in advance what risks are going to be created by giving that information out – so no matter what your policy is, there will always be cases it doesn’t handle correctly. This means there will be lots of exceptions to your policy, and when these exceptions arise you’ll have to fall back on case 2.

Case 2 doesn’t really work either. We know because we’ve tried it. Look here, or here, or here, or here for examples of what you’re already being asked to consent to. How well do you understand these terms? How likely are you to take the time to clear up the things you’re not sure about? How likely are you to say “no”?

Bob then goes on to explain that there are three forces behind his assessment of the problems with consent:

The forces at work here are obscurity, coercion, and burdens.

I encourage anyone who’s interested in this topic to read Bob’s arguments in great detail. But the one I want to highlight here is:

Because Identity Allocates Risk, society makes rules to make sure Identity is used fairly. Two typical rules are (1) someone who wants to use your information has to tell you what it will be used for (”notice”), and (2) someone who wants to use your information in a way that might create risks for you has to get your permission (”consent”). You have to pay close attention here: the rules don’t say that businesses and other parties can’t create risks for you – all the rules say is that other parties have to tell you when they create risks for you, and they have to get you to agree to the creation of the risks.

These rules create obscurity, because in business, the language of risk is law. The bank makes lots of loans, and therefore it is exposed to lots of risk. Because it’s exposed to lots of risk, the bank is willing to spend some money to protect itself against that risk. It spends that money on people who speak the language of risk – lawyers – and those lawyers write consent agreements that let the business do what it needs to do profitably (in this case, it needs to create risks for you by using your identity information) without breaking the rules.

You probably aren’t a lawyer, so the language in which consent agreements are written is foreign, and confusing, to you. On the other hand, you don’t value your privacy enough to hire your own lawyer each time you encounter a consent disclosure – so you end up doing something (reading a complicated legal agreement which allocates risks between you and the corporation) which you’re not really qualified to do, and it’s confusing and frustrating (Don Davis calls this kind of situation a “compliance defect“).

Bingo! Now, if you haven’t done so already, go here right now and read Phil’s very simple and intuitive description of the purpose of an identity rights agreement.

The two fit together like hand and glove. What identity rights agreements could solve — possibly in a very short period of time — is the problem Bob has labelled obscurity. By establishing a small number of very well-known identity rights agreements — and giving them very simple and highly recognizable visual icons that don’t require a user to read A SINGLE WORD — the use of “obscurity” as a tool to all-but-eliminate the value of consent disappears.

Why could identity rights agreements catch on so quickly? For the simple reason that sites who want to give users the real power of consent will start to advertise that fact by posting identity rights agreement icons right on the Web form where they collect personal data. Just as millions of Internet users were first exposed to Creative Commons licenses by seeing the icon for a CC license posted on a blog or Web page they were reading, they will be exposed to Identity Commons identity rights agreements icons on Web forms. One click through to see what they mean and I predict the reaction will be, “Wonderful! I hated those indecipherable legal agreements anyway. I’m going to support sites that use these icons to let me know they are being straight with me about the use of my personal data.”

And suddenly sites become motivated to choose this simpler and more user-friendly form of consent — possibly leading to one of those rare but real “virtuous cycles” (to use a term I first learned from Bill Washburn) that can infect an entire ecosystem.

That’s why — despite my current 150%-of-my-time focus on establishing fully operational XRI infrastructure — I plan to invest time in supporting the creation of the first operational set of identity rights agreements at the revitalized Identity Commons. I’m challenging the rest of the current and new Identity Commons supporters to do the same — I want us to present the first draft set at the next Internet Identity Workshop in May.