Day: December 1, 2004

Governor James says, “Strange -your feed hasn&#39t been updating in bloglines? I had no idea you had been so busy.” I moved my blog from RadioLand to www.identityblog.com. Does anyone know if there is something wrong with the way I did the transition?

Meanwhile Craig Burton, who can&#39t resist a good line, writes:

You gotta love it when Kim goes off on passport and states a law that makes it obsolete for its supposed original purpose. Of course Kim is so diplomatic that you almost forget that what he is saying is that Passport failed. Further Passport will not be the basis of Microsoft&#39s Identity infrastructure.

I like the drama, but I fear Craig has missed on my main point. Which makes me think I mustn&#39t have been quite clear enough. So let me try again.

Microsoft put a lot of effort into an important identity experiment early in the Internet cycle. As is the case with many projects we undertake when creating new technology, Passport was successful at some things and unsuccessful at others. I try to show it was very successful when in line with the Third Law, and unsuccessful when not in line with it.

But my main point is that there has been an important “learning” here. And it will apply to everyone who wants to get involved with identity. This is full of implications for any party who tries to develop a business plan based on intervention in identity processes

Craig goes on to say:

Think of the implications of this new law. If Microsoft is going to participate in providing infrastructure that meets the criteria of the three laws, it will have to be willing to allow infrastructure that can operate sans Windows. Hmmmm. It could happen.

No. Not it could happen. It really really should happen.

As I promised Marc Canter, I want to see the big bang that will occur in software innovation shortly after we as an industry put in place a new distributed identity fabric open to all and fundamentally respectful of the people using it.

That is what I think the Web Services stack allows us to do – if we can rise to the occasion. Let&#39s do it.

I would like to hear more of Scott Lemon&#39s ideas about how philosophical thinkers can help us figure out ways we can write software that intuits – this is my word and perhaps it is too rhetorical – our identity decisions for us…

I&#39ve heard a number of people talk about intelligent policy engines capable of doing this type of thing, but so far, I haven&#39t seen one I would choose for my own personal use.

I certainly think you can have simplistic policy – configuration, really – that decides things like whether, having once decided to interact with an identity, you want to do so automatcially in the future.

And I can understand policies along the lines of, “Trust the identifying assertions of people recommended to me by Scott for access to my discussion papers”.

And I&#39ll even go along with, “Place items containing the words Viagra or Investment in the Spam folder”.

But in general I have become very suspicious of systems that purport to create policy that affects me without asking me for approval. One of the worst outcomes of such technology is that the user ends up living in a “magical system” – where decisions she doesn&#39t understand are constraining her experience. Our systems need to be translucent – we should be able to see into them and understand what is going on.

But I&#39m probably ranting. I&#39m sure Scott meant that an engine would put forward policy proposals and the user would be asked to approve or reject them.