Few know more about conferences than Doc, who has attended more than one of them: 

Kaliya HamlinMy Internet Identity Workshop pictures are up.

The event, an unconference, was one of the best conferences, prefix or no, that I've ever been to, much less been part of.

Here's Phil Windley's wrap. He also has an earlier list of inbound kudos for the conf.

Kaliya (pictured above) Hamlin, who organized the event's “open space” approach, has these reflections. Kaliya and Phil did most of the hard work of putting the conf together. I'm listed as an “organizer”, but that's an extreme exaggeration.

Kim Cameron called it a “superevent”.

Dave had nice things to report too. (Here are some more birthday pix.)

Next up: Berkman‘s Identity Mashup conference at Harvard Law School, June 19-21. (Watch the Identity Gang wiki for pointers.)



Pete Rowley of RedHat has nailed something about the mood at IIW.  His blog contains a number of related pieces.

I just attended the Internet Identity Workshop at the Computer History Museum in Mountain View, CA. Many others have blogged the event so I shall not repeat what has already been said. Suffice to say that there was no synergistic paradigm disruption here, oh no. There was however a 3 day discourse on what digital identity for the internet is, how we can build it, how we can move it, how to make that all happen, and in some cases how to effectively fear it.

The format of the workshop consisted of an introductory afternoon, and then, well, then there was a 2 day coffee break. The coffee break started with some serious retro-geekery as people were asked to write down (with pens, on paper) topics that they wished to discuss and to place them in a time slot on the wall for one of the 7 meeting places. From a purely tech standpoint the wall was an elegant example of a fully interactive calendar, or meeting agenda, with advanced features like undo, redo, merge and insert but without the computer – genius. I can only wonder what features Kaliya Hamlin has in store for us when she releases the much anticipated harderware, Wall 2.0. The unconference format is an interesting live study in self organizing systems, and it works.

It struck me during the course of one particular meeting that the people around the table would probably be impossible to assemble in one place, and certainly one table, in any other way. In fact due to the nature of the workshop and the people attending, there was an excellent chance that any query you might have could be satisfied by the top banana on the subject, and who would be willing to talk. Though I confess I couldn’t find anyone to tell me what to do about coffee induced shaking. You know you are in trouble when the guy fixing the coffee asks if you want your usual at a 3 day event. In keeping with the theme of discussion and interaction the entire workshop happenings are described on the wiki.

Actually, come to think of it, there was quite a bit of synergistic paradigm disruption after all.


Here's some news guaranteed to brighten your day from Jeremy Reimer at  Ars Technica:

In the seemingly never-ending war against spyware and other intrusive and harmful software, the Federal Trade Commission has struck a blow against Sanford Wallace, known as the “Spam King,” for his habit of sending mass e-mails. A judge in the District Court of New Hampshire has ruled in favor of the FTC, forcing Wallace and his company, Smartbot.net, to give up over US$4 million.

The company was charged with deceptively installing spyware without users’ consent, changing their browser settings, and barraging them with pop-up ads. The spyware also caused users’ computers to slow down and in some cases even destroyed user data. Some web sites featuring the software were incredibly deceptive, using a simple system call to open the CD drive and then displaying a message saying “If your CD-ROM drive is open…You desperately need to rid your system of spyware pop-ups immediately.” Ironically, clicking on the link to “rid your system of spyware popups” installed the harmful software.

“We got what we believe is a judgment for the full amount of disgorgement—the amount of money we believe he took in through the unfair distribution of spyware,” Rick Quarefima, the assistant director in the FTC's division of advertising practices, said in an interview.”

The FTC also won a smaller judgement of US$277,000 against Optintrade, a company headed by Jared Lansky that placed advertisements for the Smartbot.net software.

Wallace had initially put up his own defense in this case, arguing that “there is nothing we're involved with that cannot be avoided by a consumer choosing to turn off downloads on their computers or by blocking pop-ups” but ultimately abandoned this argument in the face of withering criticism. The final judgement was passed in his absence, although the FTC believes they will be able to track him down and retrieve the money, which will go to the US Treasury.

Hopefully this judgement will help curb the nefarious activities of companies like Smartbot.net. However, lawsuits against spyware companies are just one prong of the attack against malicious software. The problem can also be attacked with software, such as Microsoft's free Windows AntiSpyware program and anti-phishing technology integrated into most new web browsers, and by user education, which teaches people how to practice skeptical computing.

I brought you the arstechnica logo because my right-brain really liked the connection between their tagline and what they do.

The bit about reaching into your house and opening your CD drive is particularly creepy.  But it's also a signpost with respect to what is to come.

As our environment becomes intelligent and wired, the connection between physical and digital intrusion will become increasingly closer.  Today Wallace takes over our CD drives; his progeny will go for our windows and doors.  All, to me, more proof that a strong identity metasystem is not just a nice-to-have, but an inevitability.  Through its ubiquity and commoditization it can bring secure wireless devices to the price-point where intelligent enviroments can become reality. 




Sorry folks, I just can't take any more BLOGSPAM.  Uncle!  I've closed down comments to those who have not registered.  It's not hard to register if you use InfoCards (wink! wink!) but passwords work too, so please don't stop connecting with me.  It is a major source of energy for me.

I've done a little screen capture to show why I've been driven to this.  I'll post it on the weekend.  Until then, please post by registering or by writing to me at my I-name, and I hope you'll be able to relate to what I've been going through.



Everyone in attendance was awe-struck by the IIW 2006 that just took place in Mountainview.  It was incredible.

With Doc Searls and Phil Windely navigating at the macro-level, the amazing Identity Woman Kaliya orchestrated an “unconference” that was one of the most effective events I've ever attended.  It's clear that creating synergy out of chaos is an art that these three have mastered, and participants floated in and out of sessions that self-organized around an ongoing three-day hallway conversation – the hallway actually being the main conference room and event!  So we got to engage in all kinds of one-on-one (and few) conversations, meet new people, work out concerns and above all work on convergence.  Many people told me they felt history was being made, and I did too.

People showed amazing new demos of identity metasystem software from many different approaches and on many platforms.  People, we are achieving orbit.

Here is some of Phil Windely's report on day one, a kind of level-set for newcomers.  I'll link to more reports when I get home. 

We moved upstairs to accommodate the crowd and ended up with a lot more elbow room. Dick Hardt was the first speaker after the break. he gave a new version of his famous Identity 2.0 talk.

Dick mentions BCeID, a government identity service that forms a basis for digital identity in BC. I’ve long argued that governments have abdicated the responsibility for provide commerce supporting infrastructure online. (By “infrastructure” I mean legal frameworks more than hardware and software.) BCeID looks to be mostly about government online services, but Dick points out that he’s interested in seeing how it can be used by other places, like BC Hydro (power company).

Dick quotes Larry Wall’s dictum about Perl, “Easy things are easy and hard things are possible,” as a good basis for evaluating identity schemes. He lists a number of ideas that fall into the “hard things” category: agency, compartmentalization, notification, and granularity.

Mike Jones and the demo
Mike Jones and the demo
(click to enlarge)

Mike Jones from Microsoft was given the task of introducing the Laws of Identity and InfoCard. As a way of introducing InfoCard, Mike talks about claims and credentials in the physical world and how we use them. Mike spent a good deal of time talking about the laws. I think that was time well spent—they form a good basis for many of the conversations we want to have at IIW.

The identity metasystem concept is aimed at not inventing a new identity system, but inventing a system that can unify different identity systems. InfoCard confuses people because it seems like an identity system and has to be, in some sense, but it’s open because of the standards involved, so other identity systems can be adapted to work with it. The fact that there will be at least one open source and one commercial InfoCard system up before Microsoft releases it is testament to this.

InfoCard is an attempt to provide a simple user abstraction for digital identities that’s grounded in a physical world metaphor of credentials. The success of InfoCard is dependent on others implementing InfoCard.

Eve Maler from Sun was charged with discussing the Liberty Alliance Project. She quotes H.H. Monroe as “a little inaccuracy sometimes saves lots of explanation” by way of saying that in 20 minutes, she’s going to have to wave her hands a bit to get it all in.

About half the audience was familiar with SAML. Eve went through some high-level use cases as a way of introducing concepts and then moved into SAML and Liberty specific use cases.

(click to enlarge)

Drummond Reed spoke about XRIs. XRIs are a way of using a URL-like syntax, that is backwards compatible with the Web, to represent identifier authorities. On the IRC backchannel (#identity on freenode.net), someone said “isn’t an email address a URI?” when Johannes was talking and URL-based identity. XRI, as a Yadis compatible identity syntax, makes it clear that email addresses are part of URI-based identity.

So why a new addressing scheme? There are many different devices and different addressing schemes for each one. Even though each (like phone numbers and email) are controlled by a single entity, they each have a different syntax and controlling authority. A unified identifier can make managing these various addresses more convenient and add new services.

Drummond yielded some of his time to Andy Dale to speak a little about XDI. I wrote extensively about this last December when I was at the XDI workshop that Andy put on.

(click to enlarge)

Doc Searls got here right before the break and I asked him to redo his talk to set some things up for tomorrow. Doc brings up the Cluetrain Manifesto and how he realized over time that identity was critical to that vision. He recounts the history of “how we got here” (see Kaliya’s Map).

Moving from history, Doc starts talking about attention, intention, and marketplaces. These all get down to relationships. Doc has blogged about this at the IT Garage under the banner Starring in Your Own Constellation: Independent Identity in Networked Markets.


Despite being reconciled to many annoying things, I still harbor palpable resentment against the abominable GE “puffer” machine in which I was assaulted last October.

So it was gratifying to have Cory Doctorow broadcast my description of the sordid experience in yesterday's BoingBoing

I really hope this vile contraption goes the way of the dodo bird, and that those who conceived it are reassigned to some task with zero human interface – soldering circuit boards for example.

I have not bought a single GE lightbulb, toaster, or refrigerator, since my experience with this abusive industrial waste.  The sight of their logo makes me change stores. 

Is there a “Worst User Interface of All Time” award for which I can nominate this thing?  Or an “Industrial Designer Least Likely to Succeed” dinner for its inventors?  Please convey my nomination – and that I've seen some bad design before, and know of what I speak.

Seeing the BoingBoing article, Carrick Mundell of mundell.org provided a corroborating report.

From Boing Boing, it seems Kim Cameron didn’t appreciate being subjected to the GE EntryScan3 at the San Francisco airport security checkpoint.

‘What’s it like? People, I really hated the GE product. It is tiny, and closes around you. I felt seriously claustrophobic. Then it shot bursts of air at me so hard it actually hurt. I had been told there would be “puffs of air”, but these were not, by any definition, puffs. “Puffs” make me think of cigar smoke. Or “Puff the magic dragon”. Puffs of wind. But these were hurricane strength blasts. Meanwhile the machine barks orders like a concentration camp commandant. Where did they get the voice? It speaks in a chilling metallic imperative borrowed from a really bad science fiction movie. In fact it was barely believable that adults would unleash this contraption on anyone.’

I have to agree. I got “puffed” on a return trip to Seattle last November and had a similar reaction to Cameron’s. The woman in the security line behind me also got puffed and we chatted a bit afterward comparing our experiences. We both thought it extremely weird. Neither one of us had the dreaded “SSSS” on our boarding passes indicating to security personel that we were suspects. Both of us had purchased our tickets well in advance. Both of us were traveling round-trip. In fact, we both looked exactly like the 30-something knowledge-worker wage-slaves that we were. Weird.

Cameron does a good job of explaining the feeling of being inside one of these things. It’s like a sci-fi gas chamber. Your thoughts trend toward, “What happens if the machine detects something? Will robotic arms shoot out and immobilize me? Will a tranquilizer gas be released? Will a trapdoor open sending me sliding down to some underground holding cell?” It’s creepy.

A lot could be done to improve the experience. But in addition to making it more “people friendly” how about adding features that might get people to want to be puffed? How about turning it into an “air shower” that blows dust, germs and microbes off your body? Maybe it could use ionization to clean your skin? This would help make air travel be less of a burden on the immune system. If we’re going to have sci-fi security systems, why shouldn’t we have sci-fi personal care systems, too?