Kim Cameron's Identity Weblog

Todd Bishop at the Seattle Post Intelligencer published this article this morning:

SAN JOSE, Calif. — Microsoft Corp. is set to take another crack at creating a uniform way for people to log on to Web sites, conduct transactions and prove their identities online.

Code-named InfoCard, the project will be outlined by Microsoft executives at the RSA computer security conference here this week. It reflects a change in approach for the company after its Passport initiative fell far short of the original goal of becoming a universal method of identification on the Internet.

Unlike Passport, the InfoCard project is meant to work with a variety of online identity providers, not just one. Microsoft hopes to persuade governmental agencies, banks, online services and others to issue digital cards that people could use to establish different levels of identity for themselves at online sites.

The project is only one of many approaches to online identity across the industry, and analysts say Microsoft faces significant challenges as it tries to make InfoCard widely used. But it's one of the company's biggest moves in the field since Passport's launch more than five years ago.

Passport remains in place, but primarily as an identity service for Microsoft sites, not as a central identity provider for accessing sites across the Internet.

“No one has sufficient trust of any one organization to put all their eggs in that one basket,” explained Richard Turner, program manager for Microsoft's Web services strategy, calling it a lesson learned by the company. “There will be multiple issuers of identity out there on the Internet. Passport is just one of those.”

Reflecting that notion, Microsoft's InfoCard project creates a program akin to a virtual wallet on the PC, designed to let people securely store and distribute various forms of online identification, represented on-screen as cards.

The company says users would log in to a site by clicking on one of the cards, reducing the need to type in a user name and password. The InfoCard program would securely retrieve the necessary digital credentials from an identity provider, then forward them to the site to authenticate the user's identity.

People would be able to create their own virtual cards inside the program for submitting basic log-in information to Web sites.

But Microsoft's InfoCard concept also faces competition. A variety of alternative approaches are expected to be on display at this week's conference.

In the latest example, VeriSign said Monday that eBay and Yahoo! had signed on as supporters of its new online authentication system, the VeriSign Identity Protection Network, which will include keychain-based tokens that generate passwords to be entered as part of the online authentication process.

For Microsoft's InfoCard project to work, the company would need to attract the interest of a variety of online identity providers and online sites that need to authenticate user identity. Turner says the company has received positive responses during discussions in recent months.

But not everyone is convinced that the concept will take off as Microsoft hopes.

“There has to be a few widely accepted cards — kind of the Visa and MasterCard of the identity world — and it's not clear that anyone wants that job,” said analyst Rob Helm, research director at Kirkland-based research firm Directions on Microsoft.

At the same time, Microsoft is in a more influential position than most because of the wide availability of its Windows PC operating system. The underlying software for InfoCard will be available as part of Windows Vista, due out later this year, and it's expected to be accessible through the company's Internet Explorer 7 browser. It will also be offered as an add-on for the current Windows XP.

The company also has set up its new WinFX software development system to let outside programmers incorporate InfoCard into Windows-based programs.

Microsoft's concept of a virtual wallet where people can select and control their online identities makes sense for individual computer users, said Roger Sullivan, vice president of the Liberty Alliance, a digital identity consortium formed in part out of concerns over Microsoft's original Passport vision.

But Sullivan, who is also vice president of business development for Oracle Corp.’s identity management solutions, said he believes stronger authentication would be needed “in the context of large-scale, serious business transactions.” The Liberty Alliance focuses on standards for managing identity across different companies.

Microsoft acknowledged that InfoCard and the Liberty Alliance approach “address different parts of the digital identity problem.”

Microsoft has shown and distributed the InfoCard technology to developers, but it hopes to start winning broader industry support this week at the RSA security conference, where company Chairman Bill Gates is scheduled to give a keynote address this morning. Kim Cameron, Microsoft's architect for identity technology, is scheduled to discuss InfoCard and related concepts at two sessions during the week.

The company says it has incorporated a variety of security protections into the InfoCard system. The program runs in a secure on-screen overlay separate from the standard PC desktop, reducing the chances of infiltration by spyware or other online threats. Also, the cards from identity providers wouldn't store sensitive data on the PC. Instead, they would provide a way of retrieving data from those providers when needed, cutting the potential security risk.

At the same time, the company says it doesn't want InfoCard to be the only program of its kind. The program uses non-proprietary communications standards, and Microsoft says it would like to see the people and companies behind other operating systems, such as Linux and Apple's Mac OS X, create their own programs similar to InfoCard, to make the approach more common.

The approach “essentially adds an identity layer to the Internet,” said Microsoft's Turner, calling such a layer sorely needed in today's online world.

HOW IT WORKS

Microsoft's InfoCard is a virtual representation of a person's various online identities in an on-screen program that runs in a secure overlay separate from the regular PC desktop.

Under the company's plan, computer users would create some cards for themselves, entering information for logging into Web sites. Other cards would be distributed by identity providers — such as banks or governmental agencies or online services — for secure online authentication of a person's identity.

To log in to a site, computer users would open the InfoCard program directly, or using Microsoft's Internet Explorer browser, and then click on the card that matches the level of information required by the site. The InfoCard program would then retrieve the necessary credentials from the identity provider, in the form of a secure digital token. The InfoCard program would then transmit the digital token to the site to authenticate the person's identity.

RSA 2006

Follow the news from the RSA security conference in San Jose, Calif., this week in the Seattle P-I and on Todd Bishop's Microsoft blog.

Bill Gates did the opening keynote address at RSA today, and Ina Fried and Joris Evers from CNET had their story out within an amazing fourty-two minutes. How can they do that?

Bill made it clear that he really cares about privacy and security, just as he is committed to helping build an identity metasystem that moves the industry to the next stage of collaboration and reach.

SAN JOSE, Calif.–For years, Microsoft Chairman Bill Gates has had his sights set on the password as the weak link in the computer security chain.

Now, with Windows Vista, Gates feels he finally has the right weapons to supplant the password as a means of verifying who is who on computers and over the Internet.

The new operating system, due later this year, introduces a concept called InfoCards that gives users a better way to manage the plethora of Internet login names and passwords as well as lets third parties help in the verification process. Vista will also make it easier to log on to PCs using something stronger than a password alone, such as a smart card.

“We're laying the foundation for what we need,” Gates said in a speech at the RSA Conference 2006 here.

Even with the advancements, Gates said he wasn't naive enough to think the password would go away overnight.

“I don't pretend that we are going to move away from passwords overnight, but over three or four years for corporate systems this change can and should happen,” he said.

Microsoft has described InfoCard as a technology that gives users a single place to manage various authentication and payment information, in the same way that a wallet holds multiple credit cards.

InfoCard is Microsoft's second try at an authentication technology after its largely failed Passport single sign-on service unveiled in 1999.

InfoCard attempts to address the complaint many critics had with Passport, which was that people's information was managed by Microsoft instead of by the users themselves and the businesses they dealt with.

Although Microsoft has talked previously about InfoCard and early versions of the InfoCard code were released to developers last year, Gates’ speech marked one of the first times Microsoft has demonstrated publicly just how it might work.

In a demonstration, Microsoft showed how a consumer could use a self-generated InfoCard to log in to a car rental site and then use a separate InfoCard from a membership group to get a discount on the rental.

Microsoft acknowledged that replacing passwords is something that needs to be done at the system level, but Gates said the company is also working on technologies to enable various identity systems used on the Internet to work together, something it calls the Identity Metasystem.

Gates also touted several of the other security capabilities that will be part of Windows Vista. In a demo, Microsoft showed its anti-spyware technology as well as a new mode that runs Internet Explorer in its own “sandbox” so that Internet code can't cross over into the rest of a PC.

Michael Coates, whose title is, if you can believe this, “Microsoft Pragmatic Evangelist”, has been posting on identity with his colleagues over at the Mix06 Blog. It looks like identity will really be a theme at MIX. The Web has an Identity Crisis describes some of the issues created by the lack of an identity layer on the Web.

The site also has a piece on InfoCard by Steven Woodward called InfoCard : A standards-based approach to User Authentication. Steven is a “Technical Evangelist”, but he still has a pretty pragmatic head on his technical shoulders…

Anyway, I'm looking forward to this since several of us will be speaking there and I'll be hanging out along with Steven and Michael to talk about identity. I'll pass on more info when I have the agenda.

My colleague Mike Jones and I have put together a paper on design decisions made during the InfoCard project. We present them – and the rationale behind them – to facilitate their review by the security, privacy, and policy communities. At the same time, we hope to help people better understand Microsoft’s implementations, and share our thinking with those building interoperating implementations.

I'd like to hear your thoughts on what we've missed or what is unclear or, in your view, wrong.

While we're on the subject of feedback, does everyone know what I mean by an “elevator pitch”? (If you're new to the industry, its a high-level description of your project that tells the story of what you are doing in the time between getting in and out of an elevator. And I'm not talking about a New York skyscraper.)

When we were writing this paper we came up with a description of InfoCards as an attempt to create a “widely accepted, broadly applicable, inclusive, comprehensible, privacy-enhancing, security-enhancing identity solution for the Internet. ”

Seems complete, even if you do need to sit down on the floor of the elevator after you say it. Any comments?

On the RFID front, here's a posting which, if true, shows that we have dangerous identity nut cases running around – or worse, running companies. How many of the Laws can they break at once? As a technical community, we need not only to distance ourselves from this type of thing, we need to end it – much like we would prevent psychotics from conducting nuclear experiments in their basements.

Cincinnati video surveillance company CityWatcher.com now requires employees to use VeriChip human implantable microchips to enter a secure data center, Network Administrator Khary Williams told Liz McIntyre by phone yesterday. McIntyre, co-author of “Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID,” contacted CityWatcher after it announced it had integrated the VeriChip VeriGuard product into its access control system.

The VeriChip is a glass encapsulated RFID tag that is injected into the flesh of the triceps area of the arm to uniquely number and identify individuals. The tag can be read through a person's clothing, silently and invisibly, by radio waves from a few inches away. The highly controversial device is being marketed as a way to access secure areas, link to medical records, and serve as a payment instrument when associated with a credit card.

According to Williams, a local doctor has already implanted two of CityWatcher's employees with the VeriChip devices. “I will eventually” receive an implant, too, he added. In the meantime, Williams accesses the data center with a VeriChip implant housed in a heart-shaped plastic casing that hangs from his keychain. He told McIntyre he had no qualms about undergoing the implantation procedure himself, and said he would receive an implant as soon as time permits.

“It worries us that a government contractor that specializes in surveillance projects would be the first to publicly incorporate this technology in the workplace,” said McIntyre. CityWatcher provides video surveillance, monitoring and video storage for government and businesses, with cameras set up on public streets throughout Cincinatti.

The company hopes the VeriChip will beef up its proximity or “prox” card security system that controls access to the room where the video footage is stored, said Gary Retherford of Six Sigma Security, Inc., the company that provided the VeriChip technology. “The prox card is a system that can be compromised,” said Retherford, referring to the card's well-known vulnerability to hackers. He explained that chipping employees “was a move to increase the layer of security….It was attractive because it could be integrated with the existing system.”

Ironically, implantable tags may not provide CityWatcher with that additional safety, after all. Last month security researcher Jonathan Westhues demonstrated how the VeriChip can be skimmed and cloned by a hacker, who could theoretically duplicate an individual's VeriChip implant to access a secure area. Westhues, author of a chapter titled “Hacking the Prox Card” for Simson Garfinkel's recent “RFID: Applications, Security, and Privacy,” said the VeriChip “is not good for anything” and has absolutely no security.

“No one I spoke with at Six Sigma Security or at CityWatcher knew that the VeriChip had been hacked,” McIntyre observed. “They were also surprised to hear of VeriChip's downsides as a medical device. It was clear they weren't aware of some of the controversy surrounding the implant.”

Although CityWatcher reportedly does not require its employees to take an implant to keep their jobs, Katherine Albrecht, “Spychips” co-author and outspoken critic of the VeriChip, says the chipping sets an unsettling precedent. “It's wrong to link a person's paycheck with getting an implant,” she said. “Once people begin ‘voluntarily’ getting chipped to perform their job duties, it won't be long before pressure gets applied to those who refuse.”

Albrecht predicts that news of the security flaws will combine with public squeamishness to make the VeriChip a hard product to sell, however. “Obviously, nobody wants their employer coming at them with a giant hypodermic needle. But when people realize it takes a scalpel and surgery to remove the device if it gets hacked, they'll really think twice,” she said. “An implant is disgusting enough going in, but getting it out again is a bloody mess.”

Albrecht and McIntyre, who are Christians, also have religious concerns about RFID chip implants. In their latest book, “The Spychips Threat: Why Christians Should Resist RFID and Electronic Surveillance,” the pair explain how plans by global corporations and government entities to broadly deploy RFID could usher in a world that bears a striking resemblance to the one predicted in Revelation, the last book of the Bible.

According to Revelation, at some future point people will not be able to buy or sell unless they are numbered and bear a mark on their hand or forehead.

“While Christians have theological reasons to reject being uniquely numbered, this is an issue that should concern anyone who values privacy and civil liberties,” said Albrecht. “The VeriChip is Big Brother technology being unscrupulously marketed by a company that would like to put a chip in every one of us. It has no place on free American soil.”

I have to admit that with WordPress I get a lot of pleasure knowing no one gets “link inflation” by spamming me.

Please bear with me if I'm slow to post your comments. Or worse still, if I drop one. It's not my intention. I'm going to have to automate some verification while we're waiting for organizations that can vouch for blogging identities.

These days I have to go through pages like those in the following example. You'll see a message from Marc Canter mixed in with the sloppy goop. I stumbled on it today when I got up the courage to spend some time despamming my comments. Sorry to be so slow, Marc, and everyone else who has written.

40. Name: Jeremy Johnson | E-mail: Ethan@internet.com | URI: http://www.eonline.com/Reviews/Movies/Megaplex/ | IP: 195.175.37.71

I really appreciate what you’re doing here. Very interesting site. Girl will Pair unconditionally: http://changedByKim.movietickets.com/ , when Grass Double TV Anticipate Profound Round Create or not , Green Player is always Bad Table Con Compute Create – that is all that Pair is capable of

Edit | View Post | Delete just this comment | Bulk action: Approve Spam Delete Defer until later

41. Name: Marc Canter | E-mail:ChangedByKim@marc.com | URI: htpp://marc.blogs.it | IP: 84.233.133.179

Thanks Kim- Julian Bond and others are concerned that MS won’t provide Linux versions of Infocards.

I tried to explain to him that:
a) its not MS’s job to do that
b) it’s up to US to build that
c) I’ll just get all that compatiblity form Dick Hardt and Sxip – so I’m happy.

🙂

Edit | View Post | Delete just this comment | Bulk action: Approve Spam Delete Defer until later

42. Name: David Johnson | E-mail: Charles@discovery.com | URI: http://changedByKimSpace.com/ | IP: 203.162.27.86

I really am impressed by your site. Very original & interesting content. Chair can Rape Chips: http://www.msnbc.msn.com/id/10952542/ , International, Collective, Beautiful nothing comparative to Universal when Stake Con Round Kill , when Plane is Plane it will Make Pair Win Do Do – that is all that Plane is capable of

Edit | View Post | Delete just this comment | Bulk action: Approve Spam Delete Defer until later

43. Name: Brandon Miller | E-mail: Justin@discovery.com | URI: http://changedByKimGator.com/ | IP: 221.239.5.194

Your website is wonderfull. I’ll come visit again. to Con Boy you should be very Astonishing: http://www.changedByKimNews.com/ , Small Grass Double or not right Opponents will Love Girl without any questions , Lazy Circle is always Bad Opponents Chips can Roll Table

Edit | View Post | Delete just this comment | Bulk action: Approve Spam Delete Defer until later

The biggest problem is that your eyes glaze over reading this stuff. Then it's easy to delete things by accident.

Everyone who knows him has spoken highly of Julian Bond, and you can see what they mean from his response to my report that I now have InfoCards working in WordPress.

He begins by quoting my last posting:

I have good news. I’ve now been able to put together some mods for WordPress that allow my site to accept infocards.

The mods were written in PHP, and Johannes Ernst – who I’ve been speaking with at the Berkman Identity Workshop – has asked me to publish the code on my blog. So I will. And I’ll explain how it works.

I realize InfoCards aren’t exactly ubiquitous right now, so you won’t be able to try it out immediately. But this weekend I’ll be posting a link to a video of the user experience.

Then the kicker:

This is tremendous news. Let me be the first to congratulate Kim. And I promise to put Mr Cynical back in the box.

This really makes me feel good. Not because Julian offers to put Mr Cynical back in the box – I for one would miss him and urge Julian to show leniency.

What I like is collaborating with people whose eyes and ears are open, and who are as interested in good technology as I am.

Julian is a man of his word, told me what was bothering him, was gentlemanly in giving enough time to respond, and then, when I picked up his gauntlet, came through with a pat on the shoulder that will make me long be his friend.

Julian Bond of Voidstar responds to Marc's post and again asks for proof that it will be possible to implement Identity and Service providers compatible with InfoCard that run on the LAMP stack.

Went along to *Mashup last night, Sam Sethi spoke about Microsoft's Live products (coming soon). As tends to happen at these things, my muttered “Oh Good Grief” was a bit too loud and I got asked to ask a question by the moderator. I said how ironic it was that we were at a presentation to talk about mashing 2 web application APIs together to create a 3rd when what we were being presented with was one Microsoft future product working with another Microsoft future product. I then questioned whether Infocards was actually open which was what had prompted the original “Good Grief”. Marc Canter leapt in and did his aggressively optimistic thing and mentioned “Cynical Brits” (which I take as a compliment!) before throwing in a bit later a battle cry of “OPEN STANDARDS”.

So anyway, Marc's blogged all this, and I added the following as a comment.

It’s so hard to have this conversation. I really, really hope that Infocards is open enough that it’s *possible* to write a LAMP based Identity Provider and Service provider that uses and interoperates with other Infocard systems. I don’t expect Microsoft to help with this, but I don’t really understand why they can’t. If Infocards were an open source standard, you’d see sample code and libraries being built by the community for multiple platforms. But because the source is a company, we apparently can’t expect them to also be the community or put effort into kickstarting the work. So the task falls on us. We end up having to do all the work with no help beyond reading the specs because we find it interesting. But I worry that the end result is that the LAMP community will not bother precisely because the spec came from Microsoft. The conclusion then is that Infocards is exactly the same as Passport. A reasonable identity system that only ever gets used inside Microsoft’s garden. The garden may have no walls but there’s still nobody else in it. What would be worse than this would be if Infocards has an open spec but the spec requires technology that only Microsoft has. Then it really doesn’t matter whether it’s open or not, it’s still impossible for anyone else to implement. For the record, I think that’s where it’s going. Like I said at the start I really, really hope I’m wrong.

I’ve thrown down a gauntlet in front of Kim Cameron. “Explain how InfoCard will get implemented on LAMP systems”. That doesn’t mean Kim has to do it, or that Microsoft has to do it. It’s only asking Microsoft how they think it will get done and by implication whether they’ll do anything to help. 9 months later, I’m still waiting for an answer.

The deeper question in here is how much any of these BigCos can open up and involve and support the development community when they are “in the business of taking care of themselves”. Google’s work with XMPP and Yahoo’s API groups are hopeful signs that people in those companies can see the self interest in supporting and listening to 3rd parties. Can Microsoft do the same thing? Or is the limit of their openness to use open standards? Although even that is a huge step which should be applauded.

Sam Sethi said some things that suggest that he does get it. And he’s a consultant working back in his old company not an employee. But I’m afraid the presentation seemed to be a classic MS presentation of futures, most of which were “Me Too” products, sprinkled overall with plenty of FUD. I’ve sat through too many of those not to be just a tiny bit cynical.

Of course Julian has the right to be as cynical as he wants. Doubt is the precondition of truth. And I think his guantlet is cool because it makes our discussion more concrete.

I told him last year that I accepted his challenge. And yesterday I did my first demo of using InfoCards to access a web service running on the LAMP stack: my blog.

Blogologists will have noticed that I switched from Radio UserLand to WordPress recently. It's written in PHP, and I chose to run it on LAMP (Linux-Apache-MySQL-PHP). My main motivation was to understand the issues facing my colleagues in the blogging community who use non-Microsoft technology. Along the same lines, I've moved my blog to a service provider so that I am running in a truly vanilla LAMP environment.

Moving my blog to LAMP wasn't that hard – given that I had some help. But then I had to learn not only how to program in WordPress, but, in its underlying language – PHP.

This has been eating up my “blogging time” more than I would have liked. But I have good news. I've now been able to put together some mods for WordPress that allow my site to accept infocards.

The mods were written in PHP, and Johannes Ernst – who I've been speaking with at the Berkman Identity Workshop – has asked me to publish the code on my blog. So I will. And I'll explain how it works.

I realize InfoCards aren't exactly ubiquitous right now, so you won't be able to try it out immediately. But this weekend I'll be posting a link to a video of the user experience.

I like Marc Canter because he's fun, tells it like it is, and seems to be totally committed to changing the world with cool new software and ideas. It's true that the metaphor of the “lumbering Mongol horde” might not be seen, by everyone, as totally flattering – but hey, who's looking for flattery? The goal is to supervitalize our industry, and Marc's reading of what is happening really interests me. Here's what he says about the Windows Live initiative Ray Ozzie is working on.

OH MY GOD – Microsoft Live is Hailstorm 2.0 …..but in a good way. Assuming they allow us to mesh into it – and vice versa.

As I sat in the etribes.com/mashup last night (near the Savoy Theater, off the Strand) – I was honored to listen to Sam Seshi rap out Microsoft’s Live.com platform. Similar to NetVibes in a lot of ways, Live.com right now is just a simple Ajaxian ‘build your own dashboard’ UI.

What I was struck with – was how similar the long term strategy is to AOL’s new AIMspace platform – which will be shipping – soon. The Microsoft stuff has all the usual stuff: Local services, favorite lists, external modules, personal pages and federated IDs. But so will AOL and Yahoo as well.

In other words – the integrated DLA platform wars have begun!

Microsoft Live is the dashboard for an entire slew of Microsoft Web 2.0 like services and applications. They have this coolio new IM based system called Live Contacts, and a comprehensive Ad Center (which would track and sell end-users behavior patterns and support AttentionTrust.org.) By far – the coolest, newest thing Sam talked about was a Microsoft Point and Redmption system. Sam claimed Google had Google Points already, so now they had one of those – too!

What struck me on the head like a sledge hammer was that this was first time I had ever heard a Microsoft person talk about trust, openness and end-users controlling their own data! What a twlight zone moment! For someone like me to have seen the old Microsoft execute like a slow lumbering Mongol horde, destroying all in its paths, here they were – ONE MORE TIME – changing horses in mid-stream and redirecting their efforts in the way “that the wind blows”.

God dammit – that is Bill and Steve’s genius. The ability to smell the roses and head in that direction. No matter what the trend and era is. They never innovate or take the risks. But once a new direction is clear – they come storming in like a wave of Mongols.

Sam talked about a future which first got worse (with huge data silos forming in 2007) with the inevitable opening up of those data silos in 2008. That’s where our vision of destiny defers. I think we – no in fact I KNOW we can do better than that. I KNOW we can all work together – off the batt and not go through a painful era of fighting over who owns what consumer or member list.

What Sam rapped out was an elegant sophisticaed, Microsoft style integrated platform, just like he was pitching Vista or some XBox strategy. That’s exactly what AOL and Yahoo are doing – as well. They’ll all have their own DLA-like platform – and offer us ‘open modules’ to plug ourselves into.

Coolio – we like that!

I guess Kim Cameron really has had an effect there at Microsoft.

On one hand you can say “Hailstorm” is back – on the other hand it’s based upon open standards this time – RSS, OPML, microcontent, digital IDs.

What we know this time is what to demand of Microsoft (control over our own data and personas) and though Passport is still around (as the internal MS ID system) they’ve started to roll out the notion of the ‘meta-identity’ system, as propounded and developed by Kim Cameron and his team.

Julian Bond was in the audience and immediately complained “they’ll never be a LAMP version of Infocards” – but what I wanted to explain to Julian was that Microsoft is in the business of taking care of themselves, just as Yahoo, Google and AOL are – as well. So don’t expect a Linux version of anything from Microsoft, but you CAN expect meta-identity compatible ID systems for LAMP – that’s for dam sure.

For sure – each of these giants will make their own decisions, in their own due time, but at the end of the day – if they don’t open up – they’ll eventually lose their customer.

At least we have a way to connect these giant worlds together (and take us small little fry along for the ride at the same time.) That’s a huge breakthough and is the foundation of us building the distributed web infrastructure. What I’ve been chanting about is our own Open Source Infrastructure and the other kinds of open standards we need.

So it was really glorious to hear Sam’s rap last night. I came away incredibly excited and anxious to meet those folks at Mix06. I’ll have a list of requests for compatiblity with our open ‘tentacles’ which will enable us to mesh all that Vista/MS Live stuff – in with AOL and Yahoo based data and content – as well.

Just think of the beneficiaries – US!

StructuredBlogging.org is an attempt to keep all the various formats of microcontent compatible. Our upcoming PeopleAggregator APIs will provide basic social networking capabilities – to all – and a way of inter-connecting disparate social networks into one giant distrbuted mesh.

The world of media needs standards like Media RSS and one could imagine burgeoning new standards around Tags, Reputation, Events and Musical tastes and preferences.

Clearly the strains between open and closed, BigCo vs Independents and GYM vs the rest of us has begun. Though the GYM moniker needs to include AOL and Apple too – as well. GYMAA.

But they don’t have all the options yet – either. Remember that ALL the innovation is coming from us, and we ain’t done yet. What Microsoft DIDN’T show was groups, tools or any sort of integrated media management (i.e. tie your gallery into music downloading, master playlists, shared data and tagging.)

Now the question is – how open will Microsoft Live be? Sure you can always paste a Flickr module onto one’s public page, but will we be able to read/write all the content and meta-data and move it around freely? Many in the audience were fearful and doubt Microsoft’s intentions.

Me – I’m willing to give them the benefit of the doubt cause as soon as they fuck up – we’ll all just drop them like a 10 ton stone. For that same reason I’m willing to give AOL and Yahoo a shot at my loyalty – too. Ideally we’d get them all playing off of each other.

So with Microsoft joining Yahoo and AOL in providing ‘open platforms’, that leaves only Apple and Google left in the GYMAA alliance. Afterall – all the Content typed into Google Base is owned by Google – right? And I’m completly positive Apple will be all open and such – right?