Identity – Page 12 – Kim Cameron's Identity Weblog

IIW 2008B November 10-12 in Mountain View

The next Internet Identity Workshop (IIW) is coming up in November. Identity Woman Kaliya and Phil Windley do a great job running this, and I did a double take reading Kaliya's list of what was accomplished there. It really happened.

If you attend, you'll meet people thinking deeply about identity from a hundred points of view – and doing great software. Here's Kaliya's description:

The community that comes together at the workshop is really amazing. It is a working meeting for a range of groups focused on the technical, social and legal issues arising with the emergence identity, relationship and social layer of the web. The key thought leaders in the area are all there in a highly interactive environment.

We have been focused on “user-centric identity” – considering how end-users, regular people, can manage their own identity across the range of websites, services, companies and organizations that they belong to, purchase from and participate with.

A lot has happened since we first met in the fall of 2005 in Berkeley:

We have several foundations that have formed around key technologies – OpenID and Information Cards.
LIberty Alliance continues to be actively involved in the community
OASIS TC's have started actively participating.
The Vendor Relationship Management project has sprung up out of the community continues to evolve.
OSIS – (Open Source Identity Systems) was founded at IIW and is working on its 4th major interop event happening at DIDW next week (#3 was at RSA in the spring).

As a community we have been exploring these kinds of questions:

How are social networking sites and social media tools applying user-centric identity?
What are the open standards to make it work? (identity and semantic)
What are technical implementations of those standards?
How do different standards and technical implementations interoperate?
What are the new social norms and legal constructs needed to make it work?
What tools are needed to make it usably secure for end-users?
What are the businesses cases / models that drive all this?

You can check out our community aggregate blog http://www.planetidentity.org

Here is my blog on the conference http://www.identitywoman.net/?p=784

Who comes to IIW?:

Anyone interested in identity (user profiles, social linking, user history & metadata etc) on the web and in digital systems.
Entrepreneurs who are working companies about people and their identities online – profiles, social linking, group formation. Basically those doing ANYTHING with the word SOCAIL in it.
Product Managers who are trying to figure what to do now and plan for interms of user-identity and information sharing in your product.
Engineers/Programmers who have to implement the emerging standards that are covered at IIW.
Researchers/Academics studying identity online.
Lawyers who are interested in end-user agreements and how new technologies change/improve how people interact with companies.
Sociologists, Anthropologists who are considering online life and the implications of identity online.

This is a conference where you get out of it what you want. If you have something to present you are most welcome to. If you have questions you need answers to you can find them.

You can read what community members have said about the quality of the event.

Cost:

The event is VERY affordable for a 2.5 day high quality conference with the leading professionals in the industry.

Students – $50
Independents (small startups, nonprofits)- $200
Corporate – $350

Jerry Fishenden in the Financial Times

It's encouraging to see people like Jerry Fishenden figuring out how to take the discussion about identity issues to a mainstream audience. Here's a piece he wrote for the Financial Times:

Financial times

If you think the current problems of computer security appear daunting, what is going to happen as the internet grows beyond web browsing and e-mail to pervade every aspect of our daily lives? As the internet powers the monitoring of our health and the checking of our energy saving devices in our homes for example, will problems of cybercrime and threats to our identity, security and privacy grow at the same rate?

One of the most significant contributory causes of existing internet security problems is the lack of a trustworthy identity layer. I can’t prove it’s me when I’m online and I can’t prove to a reasonable level of satisfaction whether the person (or thing) I’m communicating or transacting with online is who or what they claim to be. If you’re a cybercrook, this is great news and highly lucrative since it makes online attacks such as phishing and spam e-mail possible. And cybercrooks are always among the smartest to exploit such flaws.

If we’re serious about realising technology’s potential, security and privacy issues need to be dealt with – certainly before we can seriously contemplate letting the internet move into far more important areas, such as assisting our healthcare at home. How are we to develop such services if none of the devices can be certain who or what they are communicating with?

In front of us lies an age in which everything and everyone is linked and joined through an all pervading system – a worldwide digital mesh of billions of devices and communications happening every second, a complex grid of systems communicating within and between each other in real time.

But how can it be built – and trusted – without the problem of identity being fixed?

So what is identity anyway? For our purposes, identity is about people – and ”things”: the physical fabric of the internet and everything in (or on) it. And ultimately it’s about safeguarding our security and privacy.

If we’re to avoid exponential growth of the security and privacy issues that plague the current relatively simple internet as we enter the pervasive, complex grid age, what principles do we adhere to? How can we have a secure, trusted, privacy-aware internet that will be able to fulfil its potential – and deserve our trust too?

The good news is that these problems are already being addressed. Technology now makes possible an identity infrastructure that simultaneously addresses the security and public service needs of government as well as those of private sector organisations and the privacy needs of individuals.

Privacy-enhancing security technologies now exist that enable the secure sharing of identity-related information in a way that ensures privacy for all parties involved in the data flow. This technology includes ”minimal disclosure tokens” which enable organisations securely to share identity-related information in digital form via the individuals to whom it pertains, thereby ensuring security and privacy for all parties involved in the data flow.

These minimal disclosure tokens also guard against the unauthorised manipulation of our personal identity information, not only by outsiders such as professional cybercrooks but also by the individuals themselves. The tokens enable us to see what personal information we are about to share, which ensures full transparency about what aspects of our personal information we divulge to people and things on the internet. This approach lets individuals selectively disclose only those aspects of their personal information relevant for them to gain access to a particular service.

Equally important, we can also choose to disclose such selective identity information without leaving behind data trails that enable third parties to link, trace and aggregate all of our actions. This prevents one of the current ways that third parties use to collate our personal information without our knowledge or consent. For example, a minimal disclosure token would allow a citizen to prove to a pub landlord they are over 18 but without revealing anything else, not even their date of birth or specific age.

These new technologies help to avoid the problem of centralised systems that can electronically monitor in real time all activities of an individual (and hence enable those central systems surreptitiously to access the accounts of any individual). Such models are bad practice in any case since such central parties themselves become attractive targets for security breaches and insider misuse. Centralised identity models have been shown to be a major source of identity fraud and theft, and to undermine the trust of those whose identity it is meant to safeguard.

It is of course important to achieve the right balance between the security needs of organisations, both in private and public sectors, and the public’s right to be left alone. Achieving such a balance will help restore citizens’ trust in the internet and broader identity initiatives, while also reducing the data losses and identity thefts that arise from current practices.

Now that the technology industry is currently implementing all of the components necessary to establish such secure, privacy-aware infrastructures, all it takes is the will to embrace and adopt them. Only by doing so will we all be able to enjoy the true potential of the digital age – in a secure and privacy-aware fashion.

Clarification

In response to my post earlier today on some OpenID providers who did not follow proper procedures to recover from a bug in Debian Linux, a reader wrote:

“You state that users who authenticated to the OpenID provider using an Information Card would not have their credentials stolen. I assume that cracking the provider cert would allow the bad guys to tease a password out of a user, and that InformationCards require a more secure handshake than just establishing a secure channel with a cert. But it still seems that if the bad guys went to the effort of implementing the handshake, they could fool CardSpace as well. Why does that not expose the users credentials?

I'll try to be be more precise. I should have stayed away from the word “credential”. It confused the issue.

Why? There are two different things involved here that people call “credentials”. One is the “credential” used when a user authenticates to an OpenID provider. To avoid the “credential” word, I'll call this a “primordial” claim: a password or a key that isn't based on anything else, the “first mover” in the authentication chain.

The other thing some call a “credential” is the payload produced by the OpenID provider and sent to the relying party. At the minimum this payload asserts that a user has a given OpenID URL. Using various extensions, it might say more – passing along the user's email address for instance. So I'll call these “substantive” claims – claims that are issued by an identity provider and have content. This differentiates them from primordial ones.

With this vocabulary I can express my thoughts more clearly. By using a self-issued Information card like I employ with my OpenID provider – which is based on strong public key cryptography – we make it impossible to steal the primordial claim using the attack described. That is because the secret is never released, even to the legitimate provider. A proof is calculated and sent – nothing more.

But let's be clear: protecting the primordial claim this way doesn't prevent a rogue identity provider who has guessed the key of a legitimate provider – and poisoned DNS – from tricking a relying party that depends on its substantitve claim. Once it has the legitimate provider's key, it can “be” the legitimate provider. The Debian Linux bug made it really easy to guess the legitimate provider's key.

Such a “lucky” rogue provider has “obtained” the legitimate provider's keys. It can then “manufacture” substantive claims that the legitimate provider would normally only issue for the appropriate individual. It's like the difference between stealing someone's credit card, and stealing a machine that can manufacture a duplicate of their credit card – and many others as well.

So my point is that using Information Cards would have protected the primordial claim from the vulnerability described. It would have prevented the user's keys from being stolen and reused. But It would not have prevented the attack on the substantive claim even in the case of PKI, SAML or WS-Federation. A weak key is a weak key.

The recently publicised wide-scale DNS-poisoning exploits do underline the fact that OpenID isn't currently appropriate for high value resources. As I explained in more detail here back in February:

My view is simple. OpenID is not a panacea. Its unique power stems from the way it leverages DNS – but this same framework sets limits on its potential uses. Above all, it is an important addition to the spectrum of technologies we call the Identity Metasystem, since it facilitates integration of the “long tail” of web sites into an emerging identity framework.

Getting down with Zermatt

Zermatt is a destination in Switzerland, shown above, that benefits from what Nietzsche calls “the air at high altitudes, with which everything in animal being grows more spiritual and acquires wings”.

It's therefore a good code name for the new identity application development framework Microsoft has just released in Beta form. We used to call it IDFX internally – who knows what it will be called when it is released in final form?

Zermatt is what you use to develop interoperable identity-aware applications that run on the Windows platform. We are building the future versions of Active Directory Federation Services (ADFS) with it, and claims-aware Microsoft applications will all use it as a foundation. All capabilities of the platform are open to third party developers and enterprise customers working in Windows environments. Every aspect of the framework works over the wire with other products on other platforms.

I can't stress enough how important it is to make it easy for application developers to incororate the kind of sensible and sophisticated capabilities that this framework makes available. And everyone should understand that our intent is for this platform to interoperate fully with products and frameworks produced by other vendors and open source projects, and to help the capabilities we are developing to become universal.

I also want to make it clear that this is a beta. The goal is to involve our developer community in driving this towards final release. The beta also makes it easy for other vendors and projects to explore every nook and cranny of our implementation and advise us of problems or work to achieve interoperability.

I've been doing my own little project using the beta Zermatt framework and will write about the experience and share my code. As an architect, I can tell you already how happy I am about the extent to which this framework realizes the metasystem architecture we've worked so hard to define.

The product comes with a good White Paper for Developers by Keith Brown of Pluralsight. Here's how Zermatt's main ReadMe sets out the goals of the framework.

Building claims-aware applications

Zermatt makes it easier to build identity aware applications. In addition to providing a new claims model, it provides applications with a rich set of API’s to reason about the identity of a caller using claims.

Zermatt also provides developers with a consistent programming experience whether they choose to build their applications in ASP.NET or in WCF environments.

ASP.NET Controls

ASP.NET controls simplify development of ASP.NET pages for building claims-aware Web applications, as well as Passive STS’s.

Building Security Token Services (STS)

Zermatt makes it substantially easier for building a custom security token service (STS) that supports the WS-Trust protocol. These STS’s are also referred to as an Active STS.

In addition, the framework also provides support for building STS’s that support WS-Federation to enable web browser clients. These STS’s are also referred to as a Passive STS.

Creating Information Cards

Zermatt includes classes that you can use to create Information Cards – as well as STS's that support them.

There are a whole bunch of samples, and for identity geeks they are incredibly interesting. I'll discuss what they do in another post.

Follow the installation instructions!

Meanwhile, go ahead and download. I'll share one word of advice. If you want things to run right out of the digital box, then for now slavishly follow the installation instructions. I'm the type of person who never really looks at the ReadMe's – and I was chastened by the experience of not doing what I was told. I went back and behaved, and the experience was flawless, so don't make the same mistake I did.

For example, there is a master installation script in the /samples/utilities directory called “SamplesPreReqSetup.bat”. This is a miraculous piece of work that sets up your machine certs automatically and takes care of a great number of security configuration details. I know it's miraculous because initially (having skipped the readme) I thought I had to do this configuration manually. Congratulations to everyone who got this to work.

You will also find a script in each sample directory that creates the necessary virtual directory for you. You need this because of the way you are expected to use the visual studio debugger.

Using the debugger

In order to show how the framework really works, the projects all involve at least a couple of aspx pages (for example, one page that acts as a relying party, and another that acts as an STS). So you need the ability to debug multiple pages at once.

To do this, you run the pages from a virtual directory as though they were “production” aspx pages. Then you attach your debugger to the w3wp.exe process (under debug, select “Attach to a process” and make sure you can see all the processes from all the sessions. “Wake up” the w3wp.exe process by opening a page. Then you'll see it in the list).

For now it's best to compile the applications in the directory where they get installed. It's possible that if you move the whole tree, they can be put somewhere else (I haven't tried this with my own hands). But if you move a single project, it definitely won't work unless you tweak the virtual directory configuration yourself (why bother?).

Clear samples

I found the samples very clear, and uncluttered with a lot of “sample decoration” that makes it hard to understand the main high level points. Some of the samples have a number of components working together – the delegation sample is totally amazing – and yet it is easy, once you run the sample, to understand how the pieces fit together. There could be more documentation and this will appear as the beta progresses.

The Zermatt team is really serious about collecting questions, feedback and suggestions – and responding to them. I hope that if you are a developer interested in identity you'll take a look and send your feedback – whether you are primarily a Windows developer or not. After all, our goal remains the Identity Big Bang, and getting identity deployed and cool applications written on all the different platforms.

Problem between keyboard and seat

Jeff Bohren picks up on Axel Nennker's recent post:

Axel Nennker points out that the supposed “Cardspace Hack” is still floating around the old media. He allows the issue is not really a Cardspace security hole, but a problem between the keyboards and seats at Ruhr University Bochum:

A while ago two students, Xuan Chen and Christoph Löhr, from Ruhr University Bochum claimed to have “broken” CardSpace. There were some blog reactions to this claim. The authoritative one of course is from Kim.

Today I browsed through a magazine lying on the desk of a colleague of mine. This magazine with the promising title “IT-Security” repeats the false claim and reports that the students proved that CardSpace has severe security flaws… Well, when you switch off all security mechanism then, yes, there are security flaws (The security researcher in front of the computer).

Sort of what developers like me call an ID₁₀T error.

Update: speaking of ID₁₀T errors, I originally mistyped Axel’s name as Alex. My apologies.

What identity providers will sites support?

Paul Madsen digs deeper into the factors that will influence the choices of Internet service providers as they move towards user-centric identity.

“Often times, in trying to be clever and sarcastic, I dive too deep into the ‘satire pool’. The urge to be witty and contrarian surpasses the urge to be clear. Consequently, the ‘point’ I am trying to make can, on occasion, be buried underneath surface frivolity and snideness.
“As happened with my recent post on HealthVault‘s chosen model for OP acceptance.

“With that post, I have confused Kim, and for that I here apologize.

“I was responding to a post of Simon Willison, in which he defended HealthVault's right to choose OPs selectively – and not be compelled to accept any ol’ OP coming in off the street presenting an identity claim.

“My post might have given some the impression that I disagreed with Simon. For instance, I wrote

‘I disagree’

“Admittedly, this set a tone.

“But the rest of the post was meant to point out that, while I do think the user has the right to pressure RPs like HealthVault to accept assertions from particular OPs – the appropriate mechanism for this pressure, as for many other interactions between customers and service providers (e.g. buying an OS), is through market forces. If enough users choose an OP because it is secure and privacy-respecting, or because it offers 2-factor authentication, or because it has a snazzy flash UI, the RPs will find it (if they are interested in serving their customer base).

“When the RPs do find these candidate OPs (or IDPs, the issue is of course not unique to OpenID) they will themselves do their own checking and assessment before they start accepting assertions. And of course, each RP has to ask the question ‘Is this OP appropriate for the resources I protect/manage?’. If the resources are neither privacy sensitive nor valuable, the list of OPs that are appropriate will be longer than for medical or financial information.

“HealthVault (actually probably some other audit & risk management group in Microsoft) performed this assessment and, at least initially, came up with 2 OPs that they felt were right for them. More power to ’em. Partner selection is tough and fraught with risk – they are right to be careful.

“I smile (more a smirk really) when I hear some in the user-centric world place the sole right and responsibility of choosing an OP on the user's shoulders. User's can't even remember their passwords, and you want them to assess the security infrastructure of an OP?

Surgeon: So, are we ready for your operation tomorrow?
Patient: Hi Doc, yes. But I was just reading about this new surgical instrument for the procedure. I really want you to try it out on me.
Surgeon: Hmmm, I don't know much about it …
Patient: Oh, you'll work it out as you go

“So yes Kim, I agree. Resources, and gall bladders, do have rights. “

Now it becomes clear why his original piece was called Pressure. Meanwhile, everyone should know that the last thing I would ever want to do is cast a chill over Paul's satire pool. What a refreshing oasis it is! (No pun intended.)

Seven Laws of Identity Wordle

Axel Nennker of Ignisvulpis writes, “Wordling things seems to be á la mode. I could not resist to wordle Kim Cameron‘s Seven Laws of Identity….”

Thanks Axel. This pretty much sums it up.

Wide coverage of the Information Card Foundation

There has been a lot of coverage of the newly formed Information Card Foundation (ICF) in the last couple of days, including stories by mainstreet publications like the New York Times. This article by Richard Thurston from SC Magazine gives you a good idea of how accurately some quite technical concepts were interpreted and conveyed by our colleagues in the press.

Google and Microsoft are among an extensive set of technology vendors aiming to spur the adoption of digital identity cards.

The two internet giants have helped form the Information Card Foundation (ICF), which aims to develop technologies to secure digital identities on the internet and which was launched today.

Digital identity cards are the online equivalent of a physical identity card, such as a driver's license. The idea is that internet users will have a virtual wallet containing an array of digital identity cards, and they can choose what information is stored on each card. The aim is to replace usernames and passwords in an effort to improve security.

Alongside Google and Microsoft, large suppliers such as Novell, Oracle, PayPal and financial information company Equifax, have joined the ICF, as well as 18 smaller suppliers and industry associations.

“Our shared goal is to deliver a ubiquitous, interoperable, privacy-respecting federated identity layer as a means to seamless, secure online transactions over network infrastructure,” said Brett McDowell, executive director of Liberty Alliance, one of the founding members.

The idea of digital identities is far from new. But so far vendors’ efforts have been fragmented and largely not interoperable.

The ICF is proposing a system based on three parties: the user, the identity provider (such as a bank or credit card issuer) and also what it calls a reliant party (which could be a university network, financial website or e-commerce website, for example).

The ICF argues that, because all three parties must be synced in real-time for the transaction to proceed, it should be more secure.

“Rather than logging into websites with usernames and passwords, information cards let people ‘click-in’ using a secure digital identity that carries only the specific information needed to enable a transaction,” said Charles Andres, executive director of the ICF. “Businesses will enjoy lower fraud rates, higher affinity with customers, lower risk and more timely information about their customers and business partners.”

The ICF now wants to expand its membership to include businesses, such as retailers and financial institutions, as well as government organizations.

It also wants to become a working group of Identity Commons, a community-driven organization which promotes the creation of an open identity layer for the internet.

You can find thousands of similar links to the Foundation here and here. Amazing.

Information Card Foundation Formed

It's a great day for Information Cards, Internet security and privacy. I can't put it better than this:

June 24, 2008 – Australia, Canada, France, Germany, India, Sri Lanka, United Kingdom, United States – An array of prominent names in the high-technology community today announced the formation of a non-profit foundation, The Information Card Foundation, to advance a simpler, more secure and more open digital identity on the Internet, increasing user control over their personal information while enabling mutually beneficial digital relationships between people and businesses.

Led by Equifax, Google, Microsoft, Novell, Oracle, and PayPal, plus nine leaders in the technology community, the group established the Information Card Foundation (ICF) to promote the rapid build-out and adoption of Internet-enabled digital identities using Information Cards.

Information Cards take a familiar off-line consumer behavior – using a card to prove identity and provide information – and bring it to the online world. Information Cards are a visual representation of a personal digital identity which can be shared with online entities. Consumers are able to manage the information in their cards, have multiple cards with different levels of detail, and easily select the card they want to use for any given interaction.

“Rather than logging into web sites with usernames and passwords, Information Cards let people ‘click-in’ using a secure digital identity that carries only the specific information needed to enable a transaction,” said Charles Andres, executive director for the Information Card Foundation. “Additionally, businesses will enjoy lower fraud rates, higher affinity with customers, lower risk, and more timely information about their customers and business partners.”

The founding members of the Information Card Foundation represent a wide range of technology, data, and consumer companies. Equifax, Google, Microsoft, Novell, Oracle, and PayPal, are founding members of the Information Card Foundation Board of Directors. Individuals also serving on the board include ICF Chairman Paul Trevithick of Parity, Patrick Harding of Ping Identity, Mary Ruddy of Meristic, Ben Laurie, Andrew Hodgkinson of Novell, Drummond Reed, Pamela Dingle of the Pamela Project, Axel Nennker, and Kim Cameron of Microsoft.

“The creation of the ICF is a welcome development,” said Jamie Lewis, CEO and research chair of Burton Group. “As a third party, the ICF can drive the development of Information Card specifications that are independent of vendor implementations. It can also drive vendor-independent branding that advertises compliance with the specifications, and the behind-the-scenes work that real interoperability requires.”

The Information Card Foundation will support and guide industry efforts to enable the development of an open, trusted and interoperable identity layer for the Internet that maximizes control over personal information by individuals. To do so, the Information Card infrastructure will use existing and emerging data exchange and security protocols, standards and software components.

Businesses and organizations that supply or consume personal information will benefit from joining the Information Card Foundation to improve their trusted relationships with their users. This includes financial institutions, retailers, educational and government institutions, healthcare providers, retail providers, travel, entertainment, and social networks.

The Information Card Foundation will hold interoperability events to improve consistency on the web for people using and managing their Information Cards. The ICF will also promote consistent industry branding that represents interoperability of Information Cards and related components, and will promote identity policies that protect user information. This branding and policy development is designed to give all Internet users confidence that they can exert greater control over personal information released to specific trusted providers through the use of Information Cards.

“Liberty Alliance salutes the open industry oversight of Information Card interoperability that the formation of ICF signifies,” said Brett McDowell, executive director, Liberty Alliance. “Our shared goal is to deliver a ubiquitous, interoperable, privacy-respecting federated identity layer as a means to seamless, secure online transactions over network infrastructure. We look forward to exploring with ICF the expansion of the Liberty Alliance Interoperable(tm) testing program to include Information Card interoperability as well as utilization of the Identity Assurance Framework across Information Card deployments.”

As part of its affiliations with other organizations, The Information Card Foundation has applied to be a working group of Identity Commons, a community-driven organization promoting the creation of an open identity layer for the Internet while encouraging the development of healthy, interoperable communities.

Additional founding members are Arcot Systems,Aristotle, A.T.E. Software, BackgroundChecks.com, CORISECIO, FuGen Solutions, the Fraunhofer Institute, Fun Communications, the Liberty Alliance, Gemalto, IDology, IPcommerce, ooTao, Parity, Ping Identity, Privo, Wave Systems, and WSO2

Further information about the Information Card Foundation can be found at www.informationcard.net.

I enjoy having been invited to join the foundation board as one of the representatives of the identity community, rather than as a corporate representative (Mike Jones will play that role for Microsoft). Beyond the important forces involved, this is a terrific group of people with deep experience, and I look forward to what we can achieve together.

One thing for sure: the Identity Big Bang is closer than ever. Given the deep synergy between OpenID and Information Cards, we have great opportunities all across the identity spectrum.

Trends in what is known about us

We know how the web feeds itself in a chain reaction powered by the assembly and location of information. We love it. Bringing information together that was previously compartmentalized has made it far easier to find out what is happening and avoid thinking narrowly. In some cases it has even changed the fundamentals of how we work and interact. The blogosphere identity conversation is an example of this. We are able to learn from each other across the industry and adjust to evolving trends in a fluid way, rather than “projecting” what other peoples’ thinking and motivations might be. In this sense the content of what we are doing is related to the medium through which we do it.

Information accumulates power by being put into proximity and aggregated. This even appears to be an inherent property of information itself. Of course information can't effect its own aggregation, but easily finds hosts who are motivated to do so: businesses, governments, researchers, industries, libraries, data centers – and the indefatigable search engine.

Some forms of aggregation involve breaking down the separation between domains of facts. Facts are initially discerned within a context. But as contexts flow together and merge , the facts are visible from new perspectives. We can think of them as “views”.

Information trends and digital identity

How does this fundamental tendency of information to reorganize itself relate to digital identity?

This is clearly a complicated question. But it is perhaps one of the most important questions of our time – one that needs to come to the attention of students, academics, policy makers, legislators, and through them, the general public. The answer will affect everyone.

It is hard to clearly explain and discuss trends that are so infrastructural. Those of us working on these issues have concepts that apply, but the concepts don't really have satisfactory names, and just aren't crisp enough. We aren't ready for a wider conversation about the things we have seen.

Recently I've been trying to organize my own thinking about this through a grid expressing, on one axis, the tendency of context to merge; and, on the other, the spectrum of data visibility:

Tendency of data to join and become visible

The spectrum of visibility extends from a single individual on the left to everyone in the society on the right [if reading a text feed please check the graphic – Kim].

The spectrum of contextual separation extends from complete separation of information by context at the top, to complete joining of data across contexts at the bottom.

I've represented the tendency of information to aggregate as the arrow leading from separation to full join, and this should be considered a dynamic tendency of the system.

Where do we fit in this picture?

Now lets set up a few markers from which we can calibrate this field. For example, let's take what I've labelled “Today's public personas”. I'm talking about what we reveal about ourselves in the public realm. Because it's public, it's on the “Visible to all” part of the spectrum. Yet for most of us, it is a relatively narrow set of information that is revealed – our names, property we own, aspects of our professional lives. Thus our public personas remain relatively contextual.

You can imagine variants on this – for example a show-business personality who might be situated further to the right than the “public persona”, being known by more people. Further, additional aspects of such a person's life might be known, which would be represented by moving down towards the bottom of the quadrant (or even further).

I've also included a marker that represents the kind of commercial relationships encountered in today's western society. Now we're on the “Visible to some” part of the visibility spectrum. In some cases (e.g. our dealings with lawyers), this marker would hopefully be located further to the left, indicating fewer parties to the information. The current location implies some overlapping of context and sharing across parties – for example, transactions visible to credit card companies, merchants, and third parties in their employ.

Going forward, I'll look at what happens as the dynamic towards data joining asserts itself in this model.