Category: Identity

Clairvoyance?

Gabe Wachob claims a certain clairvoyance in this post. But I don't want anyone to underestimate the drama even for me.  Friendly discussion is slightly different from everyone actually landing on the same page.

For those of us who've been helping to promote OpenID, today's announcement that Microsoft will work to get OpenID and Cardspace working well together is absolutely no surprise. Kim Cameron, Mike Jones and the rest of the crew have been saying both very rosy things, as well as giving some well-appreciated constructive criticism.

Today, there was an announcement (see Scott Kveton, Dick Hardt, Michael Graves, David Recordon, Johannes Ernst, or Kim Cameron for details) that Janrain, SXIP, Verisign and Microsoft  ” will collaborate on interoperability between OpenID and Windows CardSpaceâ„¢ to make the Internet safer and easier to use.” Let me assure you that from personal experience I know the parties involved all want to make OpenID and Cardspace succeed – the agendas here are amazingly open and transparent.

This is a big deal folks – i encourage you to read those blog entries, rather than have me summarize it here. Apparently Bill G even spoke about openid at the RSA keynote this morning! 

Gabe was also part of an IPR podcast that sounds interesting and is described here.

There's a nice piece on the announcement in O'Reilly Radar here.

Really great news coming on Ping Identity.

 

 

Notes on Bill Gates’ Identity Keynote

Many of you know my colleague Mike Jones. He had enough wits about him to take notes on what actually transpired during the keynote earlier today. So I'll share them with you:

The flow of the identity part of the talk went something like this:

  • Slide: Evolution of Identity: Making the Vision Real (with picture of two cards in hands)
  • People are used to choosing what credential to use where for what purpose (talking about cards in our wallets)
  • We use a variety of physical tokens to represent these things
  • CardSpace creates a vehicle to allow people to have a GUI for credentials that represent their identities or personas in particular situations
  • Each thing in the physical world conveys a particular set of information and discloses just enough information
  • CardSpace provides a drag & drop interface for identity
  • People will have to acclimate to it
  • People can create their own credentials and others can give you credentials
  • The system reasons about what the right credential is for you to simplify things for users
  • WS-* hints about what credentials that are being looked for
  • CardSpace shows candidates for credentials

Then they segued to the OpenID collaboration announcement:

  • Issues of reputation and trust are foundational on the Internet
  • Different levels of trust are needed in different contexts, such as blogs and access to enterprise resources
  • People have been thinking about issues of trust
  • OpenID 2.0 is doing this in the blog / Web 2.0 world, others are coming at this from the enterprise space
  • We see these approaches as being complementary
  • “Today we are announcing that we are supporting OpenID 2.0 and that they’re extending what they’ve done to enable the use of strong credentials”
  • They're doing this because they see that it solves problems and attacks that a pure password approach has
  • We're excited about this marriage of CardSpace and Web 2.0
  • This will help eliminate the possibility of man-in-the-middle attacks
  • CardSpace is built on our work on the WS-* specifications
  • OpenID will be endorsing the CardSpace marriage later today
  • We see this as a very smooth continuum with a common GUI metaphor

Numerous enthusiastic comments followed in Mikes rendition…

Bill Gates and Craig Mundie on identity and privacy

Here are some of the top level messages from the Microsoft RSA Conference Keynote press release.  I thought Bill Gates and Craig Mundie spoke extremely well about identity this morning.  In the speech, Bill announced the industry initiative to converge the capabilities of CardSpace and OpenID that we've been discussing here.  This includes support for OpenID in future Microsoft identity products.   

“Security is the fundamental challenge that will determine whether we can successfully create a new generation of connected experiences that enable people to have anywhere access to communications, content and information,” Gates said. “The answer for the industry lies in our ability to design systems and processes that give people and organizations a high degree of confidence that the technology they use will protect their identity, their privacy and their information.”

“To create the level of seamless, pervasive connectivity that will make secure anywhere access a reality, continued collaboration and cooperation across this industry is essential,” Mundie added. “If we can work together to enhance trust, it will open the door to a transformation in the way people share experiences, explore ideas and create opportunities.”

Gates and Mundie said that to further advance trust and enable anywhere access, there are three key technological areas for industry focus and momentum:

    Evolution of networks. As businesses and the industry move forward on redefining network boundaries, policy will become the driving force for managing access — not the physical topology of the network. The goal is for the network and the Internet to appear and work as if the boundaries between them are seamless, so access for users is easier and faster.
    Evolution of protection. To achieve this anywhere access vision, customers need comprehensive security products and services that integrate seamlessly with each other and existing infrastructure and that are easy to use and manage. There is a necessity for the industry to enable greater protection, not only when information is in transit but also when it is created and where it resides, whether on the server, the desktop or a mobile device.
    Evolution of identity. Today, individuals and businesses struggle with an increasing number of digital identities to manage and the increased level of complexity and risk that goes with them. The industry’s collaborative efforts around the development of an identity metasystem are the right direction, and customers need this system to be based on standard protocols that address heterogeneous infrastructures in order to reduce the complexity of managing identities across networks and the Web.

There are a lot more details about many different initiatives here.

 

OpenID Editor David Recordon

Here's what Editor David Recordon has to say:

So with the recent OpenID news, I have to say that I'm quite excited! Convergence isn't new for OpenID, rather continues to show how it is a great technology to innovate around. This isn't about one technology swallowing another, it is about true cooperation, collaboration, and ultimately convergence.At the first Internet Identity Workshop in 2005, Brad Fitzpatrick, Johannes Ernst, and I collaborated with the XRI guys and jointly developed Yadis. Suffice it to say, the technology developed by the community in Yadis is so powerful that it is now being built into the standard XRI Resolution spec at OASIS. Over this last summer there was further convergence with the XRI community, now allowing the OpenID Authentication 2.0 spec to support both URLs and XRIs as identifier formats. In August Sxip joined forces, which has caused the OpenID technology to continue to improve and has built the community to be even stronger.

Now today, we get to announce that Microsoft too has decided to collaborate with the OpenID community. I've known Kim Cameron and Mike Jones for about two years now and despite anything you may say about Microsoft, these guys continue to push for the best and engage the wider user-centric identity community in a very positive light. I'm personally really excited to be working with them, and others, in further developing the Assertion Quality Extension so that OpenID can be used within a wider range of products (including those from Microsoft). So welcome Kim and Mike, I hope to see you on the mailing lists shortly!

Johannes sends “marriage” greetings

Here's more support from another legendary member of the OpenID community, Johannes Ernst of Netmesh.  He's the inventor of LID, and one of the strongest champions for the “URL-based” identity used in OpenID.  He brought ideas his together with Brad Fitzpatrick's quite a while ago now, creating one of the first synergy-lurches for the community.

I should also point out that Johannes has also been one of the first, and most tireless, advocates of the synergy between OpenID and Information Cards.  He has given many cycles to OSIS, the group that has co-ordinated open source work around identity selectors and information card technology.  The beautiful thing here is that convergence with CardSpace MEANS convergence with Information Cards in general, including the Higgins project and work by many others in the community.  I've been concentrating on CardSpace for obvious reasons, but to me it is very important that this goes far beyond CardSpace into another whole community.

Wow! After two years of hard work, we are finally getting real convergence in identity land! Today, Bill Gates is announcing has announced in his keynote at the RSA conference that Microsoft will support OpenID. Here are some posts covering the news:

At NetMesh, we've held for a long time that URL-based identity (OpenID, with its roots LID, i-names and Sxip), and other technologies such as CardSpace have to come together so we can really get to an interoperable, multi-vendor, user-centric identity layer for the open internet. That's why we helped put together OSIS, and lots of activities of that nature.

Now even Bill Gates supports the same vision! Yippie!! (apologies for being too excited, but this is exciting!)

Just pointed out to my wife — who wrote the first line of code, ever, about three years ago, implementing URL-based identity — that in some way, she should now be famous!

So, congratulations Tammy!

Feature – not a bug!

As he says, Brad Fitzpatrick “made” the orginal OpenID to solve problems he was facing at Six Apart.  Of course it grew over time, if anyone's opinion counts, it's his.  And here it is:

So Bill Gates just announced earlier this morning (while I was sleeping in / recovering) that Microsoft is supporting OpenID.

When I made OpenID, I intentionally left the method of authentication undefined. (feature, not a bug!)

Now people ask me what I think about Microsoft supporting it, using their InfoCards as the method of authentication…. I think it's great! So far I've seen Kerberos integration for OpenID, voiceprint biometric auth (call a number and read some words), Jabber JID-Ping auth, etc…. all have different trade-offs between convenience and security. But as more people have CardSpace on their machines, users should get both convenience and security. (sorry, I'm not totally up on all the details… just seen demos….)

Anyway, I and others at Six Apart are thrilled to see Microsoft supporting OpenID. Kudos!

Thanks Brad.  For us, its clear that OpenID is a really great technology for doing public identities – the simplicity is stunning.  I really like your work.  OpenID is clearly an important part of the identity metasystem.  We really hope to see the synergy keep expanding.

 

Scott Kveton on CardSpace and OpenID

Many of the people adding OpenID support to their blogs and services are using JanRain's libraries.  Scott, the company's CEO, addresses the worry some members of his community may have about a big, powerful company getting involved with the bottoms-up technology they have worked on so hard.  I actually have  a lot of sympathy for this concern, and for peoples’ feelings about the technology they have developed.  If we were coming to “take over”, it would really be bad news for everyone.  But Scott Kveton, Dick Hardt, Michael Graves and myself aren't the kind of people who would let this happen.

What I really like about Scott's comments is the way he focusses, without any bias, on what is good about the component technologies and their synergy.  This is what real engineering is about, in my humble opinion.  It's one of the things that will really drive us towards the Identity Big Bang.  And the whole world will benefit.

OpenID has always been about convergence. When Brad, David and Johannes talked about how OpenID and Yadis could work together over a year ago. When the XRI folks brought their amazing people and technology to be integrated into OpenID 2.0 last Spring. This past Summer when Sxip Identity joined the OpenID party by joining in on developing the specification and offering up their attribute exchange specification to the OpenID community. And now today, we have a commitment from Microsoft to take part in the OpenID community as well as enable the technology for their future identity products.

There are a couple of points I’d like to make outside of the above announcement to hopefully address any concerns that the OpenID community might have:

  • JanRain will never require users of our libraries or services to use Windows CardSpace â„¢. We offer support for this technology as another option for users much like using our Safe SignIn and Personal Icon technologies on MyOpenID.com. We’ll also continue to support the OpenID efforts going on with Mozilla and Firefox.
  • Windows CardSpace â„¢ is shipping with Vista today and is a well thought-out technology that helps address many of the privacy and security concerns that people have had with OpenID. OpenID helps users describe their identity across many sites in a public fashion. The two together are very complimentary products and each has its strength.
  • Microsoft did not cave in to the OpenID community and the OpenID community is giving nothing up to Microsoft. This is a collaboration on bringing the best technology to the marketplace as quickly as possible to help secure users and solve the single sign-on solution once and for all.
  • Please reserve judgment on what this all means until you see it all work together. The technology is really quite simple and the ramifications for end-users is huge. It also goes a very long way to completely addressing the phishing concerns we’ve heard so much about.

Dick Hardt on CardSpace and OpenID

Here is Dick Hardt, CEO of SXIP, explaining our joint announcement on OpenID and CardSpace to people in the community who may worry that Starship Microsoft is about to land on OpenID and squish it. 

This morning Microsoft announced they would support OpenID in future identity server products. Although this is a huge endorsement for OpenID, there will likely be many people that are fearful of what Microsoft’s involvement may do to OpenID.

At ActiveState I worked with Microsoft to bring Perl and Python technology to the Windows platform. This was a win for Perl and Python programmers that wanted to use their tools on the Windows platform. It was also a win for the community at large, as a fair amount of the threading and Unicode support that is in Perl today was funded by Microsoft. Just as I bridged the Microsoft and Open Source worlds back in the 90s,

I look forward to bridging the Microsoft and OpenID worlds today. The team at Microsoft get what we are doing in OpenID, and want to enable their technology to take advantage of the reach of OpenID, as well as enable the OpenID community to take advantage of CardSpace technology. This looks like a win-win for everybody.

Dick's previous Perl work really is a good example of what came about when we “defactionalized” our industry and got momentum going.  The “identity gang” phenomenon has been a good example of the same thing since day one, and this concrete announcement takes things in an even more positive direction.

Let me say something about potential squishing. It just won't happen.  One of the best things about OpenID is its organic quality, and the last thing we want to do is interfere with that.  

My big ask was to add a way to request credentials based on phishing-resistant authentication.  The main idea was to ensure the system is built to handle the dangers that would come with its own success.  As it is more widely adopted, and used for more purposes, OpenID credentials will inevitably become a “honeypot”.  But through the collaboration going on here, and other similar initiatives, we can make sure we'll have the means in place to protect our users even before they are in danger. This in turn is key to preventing a loss of confidence in identity systems and the internet in general.

In the early 1980’s, James Martin said, “Every successful system will attract usage to the point that it becomes unsuccessful”.  He was referring to systems that gobbled up mainframe resources by attracting users until they became bogged down and unusable, but over the years I've thought of his maxim in many contexts.  I think one outcome of today's announcement will be to provide an exception, and that's worth celebrating.

 

CardSpace / OpenID Collaboration Announcement

As an outcome of the discussions that have been taking place here in the Blogosphere – and in-person meetings – it is exciting to convey the following joint announcement by JanRain, SXIP Identity, VeriSign and Microsoft:

JanRain, Microsoft, Sxip, and VeriSign will collaborate on interoperability between OpenID and Windows CardSpaceâ„¢ to make the Internet safer and easier to use. Specifically:

  • As part of OpenID’s security architecture, OpenID will be extended to allow relying parties to explicitly request and be informed of the use of phishing-resistant credentials.
  • Microsoft recognizes the growth of the OpenID community and believes OpenID plays a significant role in the Internet identity infrastructure.  Kim Cameron, Chief Architect of Identity at Microsoft, will work with the OpenID community on authentication and anti-phishing.
  • JanRain, Sxip, and VeriSign recognize that Information Cards provide significant anti-phishing, privacy, and convenience benefits to users.  Information Cards, based on the open WS-Trust standard, are available though Windows CardSpaceâ„¢.
  • JanRain and Sxip, leading providers of open source code libraries for blogging and web sites, are announcing they will add support for the Information Cards to their OpenID code bases.
  • JanRain, Sxip and VeriSign plan to add Information Card support to future identity solutions.
  • Microsoft plans to support OpenID in future Identity server products
  • The four companies have agreed to work together on a “Using Information Cards with OpenID” profile that will make it possible for other developers and service providers to take advantage of these technology advancements.

Dick Hardt, Sxip Identity
Kim Cameron, Microsoft
Michael Graves, VeriSign
Scott Kveton, JanRain
 

 

Doc Searls on Creator Relationship Management

Here is Doc Searls, Editor of Linux Journal, rapping about the role of identity in a whole new creator-consumer model:   

If incoming mail contains the word “identity” it goes to a mailbox I started in late 2004. It has over 7000 emails in it now. The majority of those are from the Identity Gang list.

The Identity Gang got its name when it first met informally on the December 31, 2004 edition of Gillmor Gang. I've lost track of how many workshops and meetings and other exercizes in convergence we've had, but the progress continues to be amazing.

I just looked at what Eric Norlin of IDG wrote here, then at what Scott Kveton of JanRain wrote here then at what Kim Cameron of Microsoft wrote here — to pick just three out of countless posts, all connected somehow. You can see the progress in just one month.

This observation comes in the midst of thinking about a form of
Vendor Relationship Management that has the same initials as CRM, but a different meaning: Creator Relationship Management.

I would like to relate to creators in a better, less intermediated way. On the supply side, Creative Commons has done a great job of clarifying how artists and their representatives would like to relate in the marketplace. Think of CC as a form of CRM — of customer relationship management. A way of relating to customers. It's a great start. But it still only comes from the supply side.

Now I want to come back at creators from the other direction: from the demand side. From my end, not just theirs. I want to give them something more to relate to than an entry I put in a form on a website. I want to create a mechanism of engagement that is independent of any one supplier: that is silo-free.

I want them to be in my database, not just be one entry in their database.

I want to relate as a customer in the marketplace, and to be able to expand on that relationship in ways that allow both sides to create and expand value.

That means if I like a play, or a piece of music, or a podcast, or a video, or any creative production, and I want to pay the creators (and the producers) for that, I want a way to do that directly, on my own terms, with minimum intermediation.

I want to reward the intermediators too — the producers and distributors, for example. Anybody who contributes value.

Beyond cash for goods or services, I would like the option of having some range in relating. Maybe I want nothing more than give an artist some cash and a high-five. Or I may want a subscription to notices of new work, or to performances near where I live.

The thing is, this mechanism needs to live on my side: to be mine. It must be able to relate to a first source or to an intermediary, but it can't belong to the intermediary. The responsibilities for relating need to be shared. To do that, I need to control my end, free and clear. I can't just be enrolled in a system controlled by the supply side, or by somebody in the middle.

The absence of the power to relate from the demand side — except with cash or mechanisms controled by the supply side or its intermediaries — is a problem as old as the Industrial Age, and it's time to solve it.

So: my role on the demand side needs to be better equipped. How do we do that?

First we start with identity. That's why everything going on in the Identity Space is important. (And why I need to catch up with it.)

Second, we need to pick a problem to solve, not an ocean to boil. Here's one I like: make it easier for public broadcasting listeners and viewers to pay for the goods they receive. Right now public broadcasting continues to raise money in extremely old-fashioned ways. The one I hate most is the fund drive where they turn off programming for two weeks, plead poverty, and then give you a cup or a CD if you send some money. There has to be a better way.

So that's what I want to work on as my first VRM project, which I'll detail in Wednesday's SuitWatch Newsletter, and then here on Thursday. Stay tuned.

The concepts are great.  I wish we had a better word than ‘management’.  It seems like we have to “manage” everything, from time to relationships, when we used to just enjoy them.