Identity Open Spaces are always interesting – uninterrupted hallway conversations that let you get to the nub of things – but this week's was different from the others because it was held in conjunction with a meeting of the Liberty Alliance. This threw us all together with a bunch of people we hadn't met before, and frankly I think it was very useful. We all got to present and discuss our work, interests and concerns.
It's hard to explain – or even imagine – what these meetings are like, because people are coming from such different places that their take-aways differ dramatically. I'm sure a number of people will blog about this, but I'll just start by quoting Marc Canter of Macromedia fame. One of the interesting things about Marc is that he just wants results – identity he can use in his products.
As I sit here in the blazing heat, periodically jumping into my pool – Iâ€™m feeling good about the last few days I spent in Vancouver. It was great for me to get away from answering sales calls, improving user interfaces and dealing with Angel investors. I found myself right back smack dab in the middle of an evolution of technology, where enterprise, mil spec encryption, security and privacy technology was being deployed for the purposes of each and every one of us to be able to control our content and meta-data.
Moving and controlling profile data is important, but we ALSO gotta control access to our content – based upon our relationships to the viewer. Apparently Vox does this pretty well – but I havenâ€™t checked it out – yet.
A lot of time and energy was spent up in Vancouver trying to define and speak clearly of all the different platforms and their nuances. It was an Open Space effort, designed to correspond with a Liberty Alliance meeting, so lots of loosely structured meetings occurred where real work was accomplished.
One on hand you had all these academic and enterprise researchers and experts who are managing bank accounts, mutual fund accounts and health records, debating on details like â€˜is it THIS or really THAT. Then a bunch of the open folks – like Neustar and Cordence were there – more or less hawking their goods.
So in other words this was the â€œopen user-centric folksâ€ meet the SAML/Federated trust enterprise wonks fest.
Iâ€™d say it came off pretty well – espeially with Kaliya Hamlin leading the organization, facilitating the conversations and keeping things lively. I did my best to also â€œkeep folks awakeâ€ – while only dosiing off a few times myself, during those insipid debates on â€œdo you mean WHAT you mean or is that a semblence of meaning in your declaration?â€ It was that bad.
As a vendor I went to this meeting knowing that I was a downstream participant, some one whoâ€™s issues are allot different from the folks who are tryign to stake our real estate around â€™standardsâ€™. You see – we (by defintion) have to support ALL the standards, so my only real motivation is to get as many of them to work together and adhere to each otherâ€™s standards.
And thatâ€™s what I did. There was a whole session on â€˜Protocols Convergingâ€™ (led by Dick Hardt) and that led to a few private meetings out in the hallwway, which is where al the real work gets done. I myself am excited about what Dick is gonna show and unveil at OSCON next week,but I canâ€™t tell yah about it.
Or else Iâ€™d have to kill youâ€¦â€¦
Anyway – based upon what I heard at this meeting, here are some issues that are pretty easy for me to make:
- At best weâ€™ll get 2% of the populace using this stuff – even within the next few years
- But many more people WOULD/COULD use it if it was readily accesssible, easy to use and they understand what the fuck it meant
- Doesnâ€™t really matter if it implements authentication, if thatâ€™s ALL it does
- I agree with Kim Cameron – there will be two approaches to this area – card based and address based
And thatâ€™s the best way we can describe it to the humans.
The Identity space is really complicated, and our clients expect me to be an expert at it. So I nerded out over the past few days and have the next generation acrhiutecture for PeopleAggregator designed with it in mind.
Itâ€™ll make sure that real value can be delivered to humans – real soon now- regardless of whether or not theyâ€™re (the humans) willing to jump through all the hoops and grok all the nuances of the Identity puzzle.
Thereâ€™s one inherent tradeoff for this. If you donâ€™t want to jump through all the hoops of getting a card or sigining up for an address (of just hacking one yourself) then you CANâ€™T COMPLAIN if you donâ€™t get a phishing proofed, crypto encoded, secruity tight, hacker proof, scalable, long term, persistent unique identifier.
But if all that really gets you off, then you wonâ€™t mind jupning through all the hoops. Those hoops require opting in, sharing, moving and adhering to all these rules – about Personal Identity Mesh.
Getting a info card to be compatible with Kim Cameronâ€™s Info Cards system, which will be built into Vista and is available for XP – right now – will be about getting something called a .crd file. Kim showed using Info Cards to log into WordPress – just to prove that it works on a LAMP stack, open source platform.
David Recordan (of Verisign) led an excellent session on OpenID and talked about its status. Drummond Reed was there to talk about XRI and XDI.org and inames. All the major players in this space were there and talking to each other.
Dick Hardt had a session on coming up with a name for the unique thing weâ€™re doing. Its not a traditional federation, or circle of trust – its recognizing that inviiduals rely upon portals (or fancy webapp) software to get their services and that theyâ€™re probably dealing with LOTS of these services. Each o these portals have all sorts of assertions, backend technology, web services, aliance partners and otehr infrastructure. But what we SEE is the portal or NetVibes or PageFlakes or MySpace or Vox.
The human is then supposed to confer and rely upon (whatâ€™s known as) an identity provider or identity broker – which is usually an objective 3rd party – to verify their claims, assertions and transactions. We debated upon what to call it – but we all agreed that its something new and unique. I call this the â€œPersonal Identity Meshâ€ – cause anybody can use any Identity broker – yet weâ€™re all supposed to trust and believe in these â€˜reputation systems (especially is Auren Hoffman has his way – with Rapleaf.)
Whatever the term is – its the universe that PeopleAggregator is going to support and help make happen. But we need LOTS of vendors to participate and the big boys – too.
I really like the term “Personal Identity Mesh” that came out of the “naming” discussion led by Dick Hardt. It sums up what a lot of us are trying to do.
I should also make it clear that I don't think there are very many who see information cards and URL-based identities as being opposed to each other. A card can represent a URL-based identity, and a URL can be used, in a number of use cases, to represent the identity that would be conveyed through a card. This doesn't work in all cases, but it works in enough important cases that it is very useful.
Finally, I think Marc's estimate of 2% over three years is overly pessimistic. The big sites and big players can accelerate adoption a whole lot with the flick of the switch. I've already had people tell me they are going to enable hundreds of millions of accounts with Information Card support. If they do what they are saying they'll do, and if people like the experience as much as I think they will, there can be a serious network effect here.