Author: Kim Cameron

Technorati's identity tag page is really cool. I'm certainly adding it to my feeds. I still don't have a very complete understanding of how Technorati works or what it is. Other beginning bloggers are probably in the same boat. Can anyone send us a link to an explanation?

Thanks to FeedDemon, I've located Ben Hyde's “Ascription is an Anathema to any Enthusiasm” blog and his interesting take on the Laws:

Kim Cameron’s Laws of identity reminded me to two things. First it reminded by of the This American Life episode on superpowers. One of the segments in that episode involves asking people which superpower they would pick: invisibility or flying. That implodes into a discussion of what the choice tells you about the person. My frivolous brain then meandered into thinking what superpower would I pick if I wanted to solve the identity problem; since Kim took “maker of laws”; I think I might pick “shaper of markets.”

The reason the Passport stumbled was that Microsoft hadn’t admitted that the shape of market power in their industry had changed. Prior to the Passport experience nobody in their “ecology” had aggregated enough market share (and in this case we are speaking of share of the identity market) to both care and decline to their leadership. Prior to that time frame Microsoft, on their bad days, could keep the puppies living in their ecology chasing tail lights.

What changes in the shape of the market was three fold. First the scope of the market blew wide open. Just to pick one example the Internet market included all the telephone companies where the jungle where Microsoft was king of the forest didn’t. Second the internet had already created a huge bloom of new players. Some of those were already really large; e.g. Yahoo, AOL, Amazon, eBay, etc. etc. Of those only eBay chose to follow Microsoft’s leadership. The third aspect was how critical this functionality was to the business models of some of the players.

Kim recently said that Passport failed because it broke one of his design constraints, i.e. that identity architecture will be more stable it’s designed to assure that the fewest parties are involved. That is absolutely a key constraint. Not because it’s more stable in the long run. No. In fact it’s probably much more stable in the long run. Consider eBay; eBay is a very very stable business architecture; because it inserts a nominally unnecessary party – a middleman – into every single transaction.

That constraint is desirable because it makes your offering less threatening. It accelerates adoption, it isn’t a long term stabilizing force it’s a short term driver of growth. The kind of thing firms often, intentionally or not, use as the fulcrum of a bait and switch. Have you noticed that the email announcing you have made a purchse at eBay now includes a link that hands you off to Paypal thru DoubleClick!

Yes, Passport failed because it broke that constraint; but it would be a hell of a lot more straight forward to say that Passport failed because it fundamentally threatened the customers’ businesses and Microsoft lacked the market power to get away with that.

The second thing the use of the word “laws” rather than say “first draft design constraints” was the drawing on the right taken from here. When the software industry was defined by the desktop Microsoft could thrive as a business on the lowest rungs of that ladder. For example when it would Consult would be done at arms length thru market research or ad-hoc conversations at developer conferences. Placation was a job for PR. Partnership was an occasional activity to be engaged in with Intel, IBM, possibly Apple or Sony. The bottom three rungs where the job, for example, of the developer network.

Marc Canter wrote recently that solving the Identity problem is 98% political. Absolutely. But, damn it. For most of the vast majority of the leaders in this industry their model of politics was framed the crimes of Nixon and Vietnam. Their model of the industry is small startups and the wonderful empowering of small players enabled by the PC and Moore’s law. The word politics is right up there with necrophilia on the list of ethical activities. An attitudes make it very difficult to work constructively on the top rungs of that ladder. Notice, the guy that drew that ladder couldn’t bring himself to label the top rungs “politics.”

The bag of of governance models for working on problems is huge. The standards process around Atom is a very modern example. But, I do not believe that Microsoft know how to work at these levels; 25 years of habit aren’t easily changed. I do not see any sign they have made significant progress in learning how since the Hailstorm debacle. I don’t think they even know what kind of debacle Hailstorm was. Look at how hard they fought to keep Sun out of WS.

If you want think seriously about working at that level there are two groups trying to do that. WS and Liberty. I was involved in Liberty (and I’ve taken money from other players in this market) but it appears to me that only Liberty is actually trying to work on the political problem of solving the identity puzzle. Much higher on that ladder than any other group, by far. Not high enough; but much higher.

I can't help it – I find Jamie Lewis‘s most recent discussion of the Laws so cogent I am just going to let it rip.

I love the way Jamie articluates the fact that exchange of identity is organic, and related to and interwoven with other meaningful activities. It's not some abstract problem. This idea of the connectedness between parties through relationships transcending technology is one of the most important ideas in the current discussion – I'll come back to it in future posts.

Kim Cameron responded to my post regarding the connotation of “universal” identity systems, agreeing with my concerns and saying that he’s more recently been using the term “unifying identity system.” That’s a great term, certainly more straightforward and clear. It clearly communicates precisely the intention of the fifth law.

Speaking of the fifth law, like Scott Lemon, I was a bit surprised when there wasn’t more of a collective “hallelujah” in response to its posting. That surprise motivated me, at least in part, to post my comments on the term “universal” in the first place. And as I said in that post, I have more to say on the subject, so here goes.

Simply put, the concept behind the unifying or “meta” system for identity is crucial. While we certainly need structure and standards for an Internet identity system, the notion of a wholly top-down, centralized and “universal” system flies in the face of experience. On several occasions, I’ve said that such a system will grow organically. These organic (and contextual) elements of identity systems are both important and hard to grok due to their intangible nature.

Think of it like any social structure. Most social structures evolve organically, based on the emergent needs and properties of the social systems they support, leveraging the virtuous cycle of need, invention, and formalization. (Many business structures follow a similar path.) And it’s rare that all of us humans agree on one way of doing anything. If we’re trying to instantiate social structure in a virtual space (the Internet), why would we think it will be any different in how it evolves?

Organic growth implies a level of self-organization that the Internet identity system mustn’t just accommodate; it must encourage it. Given the right tools, ad hoc groups, formal communties, social structures, and, yes, even large companies will implement and manage identity in a fashion that suits their needs. The digital identity systems that American Express needs for its employees won’t work for social networking software. That’s why things like FOAF, SxIP and LID are coming to fore. (While FOAF, SxIP, and LID are interesting developments, it’s unclear at this juncture which of these, if any, will succeed.) But the inverse is also true. These different communities must be free to self-organize, using identity systems that meet their needs.

Different IDs for Different Needs

Kim addresses this reality in the fourth law, the Law of Directed Identity. While somewhat inscrutable at first glance, his idea of omnidirectional and unidirectional identities encompasses the reality that one ID won’t get me access to everything. I will have multiple identities, especially in different social contexts. I’ll probably have identities that are applicable only to very private relationships. This isn’t to say we don’t need standards; we obviously do. But getting agreement now on one single standard that works for to all needs is highly unlikely. These different scenarios all have different requirements, and thus systems must be free to adopt standards that work for them, or we’ll wait forever for the one “uber” system that works for everything.

To illustrate the point, let’s take something like the registration process, which is where the digital identity train first leaves the station. I’m an audio/video enthusiast (my wife would say freak), so I’m a member of the Audio Visual Sciences Forum. I self-asserted my identity when I signed up, and that’s fine for the AVSForum. As long as I play by the forum’s rules, the folks that run the forum are fine with me being around using whatever identity I’ve established for myself. The reputation system inherent in the AVSForum takes care of many governance problems. The forum’s moderators and administrators step in with full authority when they have to.

But will self-assertion alone work for my bank? Hopefully not (or I need to change banks). Yes, the AVS Forum could rely on the identity my bank issues, but I might not want to use such an unambiguous (and valuable) identity in that social context. And why should AVSForum do that anyway? The cost could well outweigh any benefits it may gain. Once you get past registration, you get to the differences in policies (credential type and strength), attributes, and the management systems necessary to propagate and use identity in each of these very different contexts. In large part, these things must be need-driven, and one size will not fit all.

Context Is Everything

In other words, identity is the most contextual element you can possibly imagine; in fact, all social interaction is highly contextual, especially online. Who we choose to be, what of ourselves we choose to share, what faces we choose to show, depend entirely on the context in which we’re operating. Sherry Turkle did a great job of examining this dynamic in her book Life on the Screen, Identity in the Age of the Internet, which is even more amazing considering the fact it was published nearly 10 years ago. (It should be noted that this book is not about technology, but about human psychology. It’s easy for identity technologists to forget that we are talking about representing human behavior, not machine behavior.)

It stands to reason, then, that domains of activity will emerge, and they will have their own identity mechanisms, probably their own identifier, which will be unique and appropriate within the context of that given domain.

Federation is Not a Four-Letter Word

It’s when these different domains (or communities) need to interact that things get really interesting. It will happen, but it will happen organically. Identity connections between communities will not form just because we have an uber-GUID and a registry that have been blessed by a committee, for example. Such connections will form because individuals, groups, organizations, companies, and other forms of human endeavor will need those connections.

In other words, the requirement to plug in to a larger system (and context), exchanging identity information with other communities, will be an emergent property of a given domain of activity (or community). Some potential for value and substance must necessarily precede identity connections; otherwise, there isn’t any point in making the connections. When the need to connect does emerge, those domains will need to federate with other domains. Remember: small pieces loosely coupled. (For me, this concept is largely consistent with and is reinforced by some of the other laws.)

To return to my example of the AVSForum, my self-asserted ID is fine for basic information gathering, posting, and communication. But if my activities on the forum move from to commerce, my (theoretical) bank-issued ID suddenly becomes more relevant. But it will be much better (and safer) for the bank to vouch for (or assert) my identity (without having to reveal the identifier that gives me access to my money) via a federated mechanism. We can call this function into play when we need it, instead of waiting for everyone to agree to use bank IDs before we can do anything.

Instead of one massive uber identity system to bind them all, we need the backplane that Kim, Craig Burton, Doc Searls, and others discussed on the Gilmore Gang. We need infrastructure that acknowledges the reality that there will be many different identifiers, and many different identity domains. Simply put, an identity system can be “universal” (connoting wide acceptance and applicability) only if it’s based on the principle that one universal system to rule us all is simply not a good idea.

If we agree on that principle, then the most important discussion we can have is about the interoperable infrastructure that will connect (or unify) identity systems, not how to construct the one uber identity system that everyone will use. So it’s important to differentiate between identity systems and standards that can support one or more activities (that’s how I see LID, FOAF, et al) and the metasystem, which will truly universalize digital identity by enabling interoperability through federated mechanisms (the backplane). In combination with the users (people), all of these things comprise the identity metasystem, or the unifying identity system, if that’s the term you prefer.

Summing Up

Kim sums this up in a breathless reply to Doc Searls and others in his introduction to the fifth law (it’s a long sentence, and you may need to open a window after parsing it). He says,

“Different identity systems need to be able to exist in a metasystem based on a simple encapsulating protocol and surfaced through a unified user experience that allows individuals and organizations to select the appropriate identity providers and features as they go about their daily activities.”

More to the point, he goes on to say,

“The universal identity system must not be another monolith. It must be both polycentric (federation implies this) but also polymorphic (existing in different forms).”

It’s polycentric because it’s comprised of multiple, federated systems, not a single system. It’s polymorphic because those connected systems must be free to contextualize identity in a fashion that suits the needs of the communities they serve.

So, as I said in my earlier post, the fifth law is a fundamental architecture principle. If we can’t agree on that one, we’ll forever be arguing over how to make the other six work. Getting there won’t be easy, and I’m not entirely convinced that the idealism inherent in this thinking will in the day. But I’m willing to work for it. But that and the other laws are topics for other posts.

Scott Lemon has done a very nice posting where he reviews the Law of Pluralism from the point of view of his experience at Novell. He begins by recalling the fifth law: The Law of Pluralism: A universal identity system MUST channel and enable the interworking of multiple identity technologies run by multiple identity providers. Then this – and here's a secret – I think I have a sealed box of Novell FTAM too: This reminds me of the original work at Novell on Open Protocol Technology – OPT – which was when we began to support multiple application protocols for file system access. As a brief history, NetWare was a “next generation” kernel and operating system when it was introduced to the market. For a transport protocol, it used a variation of the Xerox XNS protocols that Novell renamed as IPX, SPX, RIP, SAP, and others. On top of this transport (the equivilent of TCP/IP in the Internet) was the application protocol for making file system requests – the NetWare Core Protocol or NCP. To simplify this, NCP can be thought of as similar to NFS … a file access protocol. So where UNIX systems would use NFS on a transport of TCP/IP, NetWare servers would be accessed from DOS workstations using NCP on a transport of IPX. The first step towards Open Protocol Technology – or a form of Pluralism – was with Novell NetWare v2 (actually it was version 2.15 in 1988!) when Novell added support for the Apple Talk Protocol Suite, allowing Apple Macintosh computers to see a NetWare server as though it were an Apple server. This was done by adding support for the Apple transport protocols, and also the file protocols. So now DOS and Windows workstations could access files on the server using NCP/IPX, and Macintosh computers accessed the same files … using their native tongue, the Apple File Protocol. Soon after this, Novell added support for TCP/IP, NFS, and FTP with the release of NetWare v3. It actually went even further when Novell implemented the OSI protocol stack on NetWare. I still have a sealed box of NetWare FTAM which was the product where Novell implemented the FTAM file protocols on top of an OSI protocol stack! In this example of “pluralism” Novell was able to create a product that supported file system access via numerous transport protocols, and numerous file access protocols. We had demonstration networks showing where machines running DOS or Windows, along with Macintoshes(?), and UNIX machines, were all sharing files on the NetWare server. This was in 1989 through 1991! If we fast forward to now this is a common feature of almost any operating system! Even the Linux systems in use today have the ability to mirror this type of functionality with multiple transport protocol support, and projects like Samba, Netatalk, etc. To me, this law is a very common sense approach to systems design and allows for flexibility in implementations and usage. This makes complete sense.

In response to my question about how Future Salon's Identity Meeting had gone, Robert Scoble just sent me a link to Niall Kenedy‘s amazing full report. The blogsphere still blows my mind.

Last night I attended a Future Salon presentation about digital and online identities. The event was hosted at SAP in Palo Alto.

Eric Sachs of Google spoke about Google's relatively new entry into the digital identity realm with services such as Orkut and Gmail. Jeff Hodges of Liberty Alliance talked about identity systems in the enterprise marketplace. Fen Labalme of Identity Commons talked about identity systems built at the grassroots level for non-governmental organizations.

I recorded all three speeches as well as the question and answer period using a directional microphone from my seat in the front row.

Eric Sachs

MP3 audio

19:14, 8.7 MB

Jeff Hodges

MP3 audio

15:40, 7.1 MB

Fen Labalme

MP3 audio

22:49, 10.3 MB

Questions & Answers

MP3 audio

36:34, 16.6 MB

Just in passing, Scoble's recent piece on geek jewlery was right on target. Coming back from Open Group I sat beside a cat who was flying the full shuffle regalia and did he ever look cool. And happy.

While perusing the Future Salon, I came across something which I have to call a must-see. To quote the futurists:

ACLU has an excellent video clip out that beautifully crystallizes what is at stake with you and your Identity

This is a brilliant communications work by Micah Laaker of Sedapa, who founded his agency “with the express goal of making content understandable through the use of solid information design.” He's worked for clients ranging from Def Jam Recordings to the Partnership for a Drug Free America, and here he has hit a home run in terms of clarity.

In two minutes, Micah conjures up, with sardonic humor that freezes in mid laugh, a world in which the laws of identity are all broken simultaneously. This is a battering ram for knocking over any system embodying disrespect for identity's laws. That might prompt some to just take it “as propaganda”. But anyone who did that would be missing the point. Micah's piece is a harbinger of what is to come should we, technologists, not succeed in understanding our own subject matter.

One can argue that ACLU has an agenda, and created this piece in keeping with that agenda. Certainly it intends to use the video to influence legislation. But ACLU too is a predictable entity responding to and creating objective phenomena. Another indication that, if we want a unifying identity system, the laws of identity must be taken as laws, not simply architectural principles.

A group of Bay Area futurists had a meeting on Identity this week called, “Who am I? Your identity online and beyond.” (Details here). The organizers were familiar with the Laws of Identity.

It featured Eric Sachs from Google, Jeff Hodges from Liberty Alliance, and Fen Labalme from Identity Commons. Does anyone who attended want to tell us how it went?

I've never belonged to a futurist organization, but it sure must be fun. Imagine an environment where you have to say, “Will you people stop thinking about the future for a moment, and just think about today?” Yikes.

Doc Searls, Editor of Linux Journal, has written a note pointing people to this conversation.

Kim's work would be remarkable in any case. The fact that he does it for Microsoft is especially portentious — in a positive way. Kim has always been a tireless advocate for heterogeneity, inclusiveness and interoperability. Given that fact, plus his genius, it's fun to watch the back-and forth between him and other important voices in the Identity Conversation.

I admire Doc as a man who understands a whole lot about our society and sees with super clarity that everything is in motion, in a process of continuous renewal. He always surprises me and that keeps me coming back to the fount.

And he's big enough to allow renewal to encompass all of us, instead of just those of us on “this side of the barrier”. He's one of the main reasons I wanted to blog.

My reference last week to Governor James should have been to James Governor – which just goes to show I'm a dyslexic colonial. But I'm proud of it.

Thanks Governor – I mean James.

Now that I have FeedDemon, I've been able to catch up on what's happening in some more blogs. Where should I start?

James Kobielus has been doing some interesting stuff. You may remember we had a little spat where he bonked me for my “cypherpunk ways”. Is there such a thing as a “bad blog day”? Anyway, the truth is we agree on a lot more than we disagree on – and he has written very cogently about the issues I am passionate about.

There's a lot of ground to cover, but today I'll talk about his recent post on email as federation. He says:

Internet e-mail has been a federated messaging environment for quite some time: that’s been key to its success. I define “federated messaging” as “messaging domains that establish trust relationships under which they can choose to accept each other’s messaging assertions and honor each other’s messaging decisions – or reject them – subject to local policies.

I like this, though I would add that the key to early success seems in retrospect to have been that everyone chose a policy of “whatever” – or “no policy“. Who configured a security policy in SMTP back in the eighties or even the nineties?

Then he points out – and I really like this – how the essence of the messaging problem is the identity problem:

Federated messaging depends on a constrained variety of federated identity—in this case, each mail domain being able to register, vouch for, and manage its own mail identities (e.g., username@maildomain1.com).

So I like the framework James proposes, though as far as I can tell, we are only beginning to move toward email relationships based on proactive policies employing federated identity. In fact we've only gone a few inches (or maybe centimeters) in the right direction.

An example of progress? Well, some corporate SPAM filters are now designed to accept mail from known partners and servers – those with whom there is an established pattern of communication. Meanwhile they may apply extremely stringent controls to mail from unknown parties. And more recently people have begun working on designing and deploying “edge servers” that use cryptography and more formal trust relations.

But aside from these late initiatives, made necessary by goops of SPAM clogging our communications channels, hasn't SMTP messaging basically been a free-for-all with an identity system drastically weakened by its lack of authentication?

It's not as if we didn't know better. The 1988 X.400 specification had thoroughly captured all the issues (except, er… usability) and responded with a rigorous (some might say authoritarian) design. A bunch of people, like me, had even implemented systems based on it that worked. But in practice, the very necessity of establishing relationships between domains (federation) and the business models of the federators (e.g. – at the time – various telecom players) made X.400 look lugubrious and heavy-handed in comparison to the bottoms-up do-your-own-thing of SMTP.

I sure saw the writing on the wall. The score was to be Simplicity 98, Security 2. And we need to learn from this outcome, because the factors shaping it continue to apply even as we come, at the social level, to understand more about the need for privacy (of which protection from SPAM is an aspect).

So I'm not quite as pessimistic as James when he says:

Messaging federation, it seems, hasn’t deterred identity thieves in their efforts to grab identities scattered all over kingdom come. Instead, it’s made them more ingenious, creating a widespread directory-harvest-attack infrastructure. Lots of machines throughout the cybershmear are trained to raid the many mail-directory honeypots for unprotected spammunition.

I think the attacks he enumerates result from the lack of authenticated federation, rather than being caused by it. And I think our Unifying Identity System will in the end be the most significant contributor to solving these problems (there will also be short-term tactics that play a role as we get from “here” to “there”).

It was predictable that SMTP would triumph over X.400 in the early days of electronic mail because of its ease of deployment and use. It was predictable that this very ease of deployment would lead to the ravages of email SPAM. And it is now predictable that new identity-based technologies will arise to solve the problems of which SPAM is actually a mere symptom. Again, these are all examples of objective dynamics – from which superior architectural principles did not shield us.

James closes with two darn good questions about the inevitable attacks on the emerging identity infrastructure – questions which should not leave our minds for one second:

What form will they take? How can we nip them in the bud?