Day: October 23, 2005

I've always thought Andy Dale was a very interesting person, but somehow missed out on the fact that he has been putting together a major body of work on his blog at xditao. In case it's not obvious, the name combines XDI as in xdi.org, and tao as in what makes the world go round. I found it informative to go through the archives – you really get an outstanding grasp of what XDI can do for us. Here's a sample – and presto, you understand Link Contracts.

I have talked a lot about Link Contracts lately, so why stop now. As I have said, Link Contracts are composed of several, signed, parts. Some of the parts are network enforceable and some are not. The non-network enforceable bits are meant to be enforced in some social system of accountability. These non-network enforceable bits are what I refer to as the ‘Terms and Conditions’ of the data sharing. The bit that says “You may not sell my data. You may not use my data for any purpose other than the original purpose of this agreement”, that kind of stuff. The problem with these terms and conditions is, they aren’t meant to be network enforceable or, therefore, machine understandable.

So if we don’t do this right this is what happens:

I address an email to you with your i-name. My email client asks your authority for your current email address. Your authority returns a response that says; you can have that info if you agree to these terms and conditions. My client is meant to sign these terms and conditions and return them to your authority in order to get the data I require. SO, the problem is; I don’t want to read some terms and conditions every time I do anything that involves someone else’s data. You know I’m not going to read it anyway, but I don’t even want to have to do that extra click. I mean, who knows what’s in those terms and conditions? What’s to stop you from adding some line 20 pages down that says “By signing this agreement you agree to pay me $500”. If this is how it worked, the Dataweb would be broken before it even started.

So… what do we do?

Rather than us all writing and using our own DSA (Data Sharing Agreements; terms and conditions) we will use ones provided by ‘trusted third parties’. I can read IDC (Identity Commons) Standard DSA #5 once and setup a preference that I am always willing to accept data under those terms. So in future when I ask for your email, you will say “under IDC DSA #5 (version 1.3)” my email client will simply sign the contract and send it back.

Now, the reality is, I’m probably not even going to read the IDC DSAs but that’s the point of having it provided by an organization that is ALL about trust. I know that if IDC publishes this DSA under their name… it must be ok. Ultimately there may be other organizations that provide DSAs that we can all trust, or at least use; Visa, HIPAA, SEC, etc…

For now we need to bootstrap this ecosystem. I have worked with Owen of IDC to outline three basic DSAs that can get us started;-

1. Basic – This one will put some simple constraints on the consumer of the data to ‘respect’ the owner’s privacy. This is the first real step toward giving the individual some control over their virtual self. It will include:

• No selling my data
• No giving my data away
• Only use my data in the context in which this agreement was forged
• Upon request or discontinuation of this agreement you will anonymize or remove my data, remove all PII (Personally Identifying Information) and any contact channel information (address info). I call for anonymization as an option as companies must have the ability to execute their operational reporting and auditing.

2. Wild West – This is for the organization that wants to take advantage of the higher quality data source that the Dataweb provides, but cannot, for technical, business or other reasons, conform to the restrictions of the Basic DSA. Accepting this agreement would be no different from filling out a registration form at a service today, just easier for all concerned.

3. Full Empowerment – This agreement is for the truly forward thinking organization. Under this agreement the requester of the data offers reciprocation. They say they will give you a copy of your transaction records in exchange for having access to your data. In practice this would mean that I give netflicks access to my contact info and they will, automatically, programmatically, give me a copy of the list of movies I have rented ( and how much I spent, and how long I kept them and all that good stuff). When the contract ends, I still have a copy of that information that I can take with me to my new movie rental provider.
I characterize option 1 as individuals having privacy statements instead of organizations. Option 2 as, status quo and option 3 as the next step in the evolution toward a fully empowered consumer.

Ultimately, I believe, option 3 evolves to a point where vendors simply use our repositories as the place that they keep the data about us. By giving us that level of control, and trust, and respect; why would we go to another vendor?

Please let me know if you think we need another DSA, or that I am totally off base!!

People who saw Adele and me on TV over the last few days have been writing to ask if we're OK – they saw us lined up at the Cancun airport trying to “escape hurricane Wilma.”

Thanks to everyone who has expressed their concern. We are fine!

It's funny how TV works. The image and interview became part of the Wilma system. They were replayed day after day as Wilma stalled and mercilessly bashed the Yucatan.

The truth is, I had registered for Cancun weather notifications prior to starting my vacation. Monday morning, I received this email:

The tropical depression # 24 was upgraded this morning to Tropical Storm Wilma and it was located this morning at 502 miles east southeast of Cancun, Mexico. Interests in Cancun, Isla Mujeres, Cozumel, Puerto Morelos, Playa del Carmen, Puerto Aventuras, Akumal, Tulum and the Costa Maya area must monitor the development of Wilma over the next few days.

To see the most complete information about the storm please go to: http://www.cancun.bz/cancunweather.htm

The tropical storm names for this hurricane season has been depleted, this happened only in 1933 and Wilma ties that record.

I checked the site periodically. Tuesday evening the storm suddenly developed into a category 5 hurricane coming straight towards us.

As I told the TV crew, “I've been in a hurricane before, and don't want to be in another one.” Visions of holding out in an emergency shelter with no air conditioning spurred me to lay down my Margarita and get to my feet.

Again using the Internet, I bought tickets on a flight the next morning to Puerto Vallarta. That's another beautiful Mexican town, far from Cancun on the Pacific side of Mexico, where the sun was still shining and the dolphins still playing.

Only thirty-six hours before the eye of the storm hit Cancun, we drove to the airport on an empty road. Many of the local Mexicans, veterans of endless minor hurricanes, were skeptical that this one would hit them head on. Our ticket agent told us we were crazy to leave – he said we should go back to our hotel, where “recreation directors would be throwing hurricane parties in the ballrooms.” Tourists weren't aware of what was coming either. When I was interviewed by the TV crew, the only reason I was in a lineup at all was because I had accidentally joined a group of French tourists who were clogging the checkin lane waiting for their tour guide to arrive. The airport was no busier than it normally is.

Whatever the explanation, it all made for a good visual. And apparently got replayed many times.

The images coming back from Cancun and the Riviera now are more than frightening. The devastation is terrible. My heart goes out to the local people, who I have always found to be endlessly friendly and helpful. They know a lot about how to handle hurricanes, and I'm sure they'll recover as quickly as anyone could.

As for me, I count myself super lucky to have had access to information and mobility. It's another example of how much is changed by the Internet.

[tags: Wilma, Hurricane, Cancun, Puerto Vallarta]

Kris Magnusson, who was open source program manager at Novell, pinged me recently to tell me about his new blog called http://planetary.net. I see postings like this:

Yes, I Am. . . an advocate for the Identity Metasystem. Craig Burton convinced me for reasons he didn't know about and reasons I didn't explain to him.

The big reason I believe in it was that it fit my criteria for becoming Internet infrastructure, with an exception that I think can be rectified over time, namely that multiple reference open source implementations don't currently exist. However, the Metasystem is young and these things will most certainly change.

Everything else about the Metasystem is right. It doesn't displace any existing infrastructure, requiring only a simple plugin for web sites to interoperate with the Metasystem. The InfoCard system is a great way to put users safely in control of their own identity claims, and it looks like it will find its way into alternative browsers like Firefox and Safari, making it ubiquitous.

I really have a distaste for silos now that I've experienced the openness of the Metasystem. You'll have to pardon me if I seem too hard on them, especially Sxip, who have their heart in the right place by putting claims back in the hands of users, more or less. It's just that having worked with Dr. Marshall T. Rose and having had a taste of what standardizing Internet infrastructure is all about, and having had exposure to the Metasystem's openness, I don't want to go backward to silos and proprietary networks.

My gosh: Marshall T. Rose – author of the Open Book and the Little Black Book and grand savant of OSI. That brings back memories. Anyway, moving on, I continue to hope that sxip and lid and other emerging systems will develop implementations that are part of the proposed identity metasystem.

In his email, Kris sets up a direct question for me:

My hope is that the metasystem will become true internet infrastructure in the same way dns/bind or http is currently. I think in order for this to happen that multiple open source reference implementations have to be developed. I don't think Microsoft can go it alone. Moving the WS* specs through OASIS is fabulous, as is getting support from IBM and hopefully later from Sun, but open standards are not sufficient to make a software system internet-standard. Ubiquitous implementation is key. So i'm hoping that someone will step up to the plate and develop an open source implementation of the metasystem for non-windows platforms. What do you think about this?

I totally agree. I have heard Craig's recording of “I, I, I cry ubiquity…” and thought it pretty much catches the spirit of the times. Hard-wiring is fading fast, and we will need identity metasystem capabilities in every nook and cranny of the Internet.

[tags: Identity Metasystem, Craig Burton, Planetary]