Utah Open Source Planet

Bob Blakely is speaking about building a relationship layer for the Internet. A relationship is the context within which we observe one another. Past history and even attitudes are not directly observable. This is imperfect--distant relationships are the basis for inaccuracies. More observations at a closer distance make for a more useful and feature rich relationship.

Bob puts forward the emergence of the credit card industry as an example. Rather than requiring shoppers to create intimate relationships with every merchant, you create a single intimate relationship with your bank and the merchant has an intimate relationship with their bank and then the banks form a relationship (contract) that connects those.

Generalizing this thought to identity, in situations where you don't have one good relationships can two relationships provide the answer? Intermediaries need to have a trust relationship with the user. Phone companies, utilities, even shipping companies have a great advantage here. They can out compete banks.

Relationships are the type information about edges in the social graph. Bob presents a schema for relationships. Relationships have a creator. Relationships have a type (FacebookFriend). Creators establish rules and roles. Rules might be "can't copy." Roles are descriptions of individuals who can participate in the relationship.

There are other elements in the schema. Consents are what you agree to (i.e. enter into a relationship, you can send email, etc.). Promises are things you're held to (i.e. abide by terms of service). You also have claims (i.e. this is my name, this is my email address, etc.) There might be blocks to list other participants. The schema is a contract sorts. In privacy, for example, this shifts the discussion from one of rights to one of contract law.

Employees present an expensive relationship. Contractors are a less expensive way of having an employee relationship. This is relationship federation. The contracting company provides context about the relationship and there are rules, etc. that govern the relationship.

Identity providers present a similar scenario. The IdP can, in theory, create the expensive relationship with the user and with the RP. The difference is that IdPs can't make money from the expensive user relationship. You're not selling identity. If you sell identity, like Equifax, people hate you. You're selling relationships. They should compete on the basis of cost and quality.

"X-centric" is dysfunctional nomenclature no matter what the value of "X." Functional relationships happen when both parties gain value and agree to treat each other with respect.

Tags: iiw2008a iiw identity vrm

One of the topics that came up in today's free range small groups discussions are IIW2008A was the idea that architectures have agendas. Brad Templeton voiced the idea that all designs have defaults and those defaults represent an encoding of some kind of agenda.

For example, let's say that you collect click streams from your web site visitors in order to give them recommendations, optimize banners, or whatever. What is the default for how long that data is stored? One week? A month? A year? Forever? You might not think of that default as an agenda, but it is in the sense that it enables or disables certain behaviors in the future.

"But wait!" you say. "I didn't even think of that! My site stores it forever because I haven't written a purge function--yet." Even implicit acts create defaults and those defaults represent an agenda. For example, if your agenda were different with respect to storing private data, you'd have prioritized your development differently.

I've been using privacy as an example, but it's larger than that, of course. Designs are full of defaults--some explicit and most of the implicit. Programmers don't pay enough attention to defaults. Rail's "convention over configuration" is a great example of a system that carefully thought through defaults. 37 Signals calls this concept opinionated software.

The best software has a vision. The best software takes sides. When someone uses software, they're not just looking for features, they're looking for an approach. They're looking for a vision. Decide what your vision is and run with it.

From Getting Real: Make Opinionated Software (by 37signals)
Referenced Mon May 12 2008 17:14:47 GMT-0700 (PDT)

I like that idea.

Tags: iiw2008a iiw identity arcitecture software+design

If you are wondering what the Internet Identity Workshop is all about we have a new articulation posted on the main wiki page for our upcoming conference. It goes into the range of topics covered along with the technology and social issues. This is our 6th event and I think it will be a great one.

MONDAY IS FREE (beginning at 1PM)

We have Monday’s program figured out and Monday afternoon is FREE to anyone who wants to come and check out the emerging field. We will open at 1pm.

We will open with a ‘newbie’ perspective from Ryan Janssen who has been an amazing active reader of the community blogs and writing about it as Dr. Star Cat

Everyone will get a hand out of all the community project one pagers.

Presentations will then follow about five centers of gravity in the community that we see:

The VENN OF IDENTITY

1. OpenID - David Recordon
2. SAML/Liberty Alliance - Paul Madsen
3. i-cards - Pamela Dingle
4. Data sharing/linking - Drummond Reed
5. Vendor Relationship Management Project - Chris Carfi

Between 3:30 and 4:00 we will be all together - considering “what useful things can we do” along with other questions please be there for this if you feel all up to speed on “everything”. We think that the presentations will be informative for those already familiar with the landscape it has moved forward since we last were together - so we encourage you all to get there at 1PM.

We are working on a blog push on Thursday May 1st - blog about it that day- (if you miss that day - blog about it anyways over the weekend)

Tags: iiw iiw2008a identity events

The announcement and registration pages for IIW 2008 are now live. Please take minute and do three things:

1. Register so we know you're coming. Having a good count early makes the whole thing go smoother.
2. Help us spread the word by blogging about it.
3. Put a badge for IIW on your Web site if you can. Here's the code for the badge you see on the right hand side of my blog:

   <a href="http://www.windley.com/events/iiw2008a/register.shtml"> <img src="http://www.windley.com/events/iiw2008a/images/iiw2008_badge.png" border="0" hspace="3" vspace="3" title="IIW2008 Registration banner" alt="IIW2008 Registration banner" /></a>

We expect that IIW2008 will be every bit as productive and fun as past IIWs have been I hope you can make it.

Tags: iiw identity iiw2008a travel events

OpenID 2.0 was finally release yesterday. I've put a piece up at Between the Lines on what's new in OpenID 2.0. There's some important capabilities that will move this forward in a big way.

Tags: openid identity iiw iiw2007 iiw2007b

Here's a screencast that Dan Lullich sent me showing how OpenID works using a whiteboard cartoon. Very clever!

Dan was also my guest on the Technometria podcast this week. We talked about reputation--go figure.

Tags: openid identity iiw2007b iiw iiw2007 screencasts

Doc juggles (click to enlarge)

I just posted a summary piece from Tuesday at IIW2007B at Between the Lines: Reputation taking center stage. I also have pictures. Look for more IIW coverage with the iiw2007b tag.

Tags: iiw identity iiw2007 iiw2007b reputation

Coincidentally, a feature I did for InfoWorld on user-centric identity appeared today. Here's what I contributed:

• Federating identity for the Web
  User-centric innovations CardSpace and OpenID may finally bring the promise of federation within reach
• Understanding OpenID and CardSpace
  OpenID and CardSpace are at the forefront of user-centric identity. Here's how they work
• Podcast: An identity layer for the Web
  Microsoft's Kim Cameron speaks to the advantages of placing the user at the center of enterprise identity systems
• Podcast: User-centric identity in the enterprise
  Burton Group's Mike Neuenschwander discusses the state of federated identity, delving deep into the business proposition user-centric identity presents

Tags: iiw identity infoworld iiw2007b

IIW2007B is underway. I flew to San Jose with two of my grad students, Bryant Cutler and Devlin Daley this morning. We went to Costco to buy food for snacks and showed up at the Computer History Museum about noon.

The first day of IIW continues to evolve. Kaliya and her design team set out an agenda this time that included a set of parallel tracks to start off. The parallel tracks allowed us to run a real "intro" track for new comers alongside some working groups sessions.

I was in charge of the intro track. Paul Madsen started off with a talk introducing the major protocols and their relationship to each other. I think it hit the nail on the head in terms of what I wanted from that portion of the program. I'll post a link to his files in this spot when they're available.

I gave a talk that attempted to categorize the various protocols, software projects, working groups, interop projects and industry consortia. My slides are available (PDF).

The session ended with two talks on topics I think will be emerging themes at this IIW: VRM and Trust/Reputation. Doc Searls gave a nice impromptu talk on vendor relationship management. At Defrag, Dick Hardt gave a great talk, in his inimitable style on trust and reputation. I asked him to repeat it at IIW.

We'll be having a general session at 4pm and then dinner later tonight. Tomorrow we will jump into open space and let every one define their own topics.

Tags: iiw iiw2007b identity

I got an email from PayPal today:

We have reason to believe that your account was accessed by a third party. We have limited access to sensitive PayPal account features in case your account has been accessed by an unauthorized third party. We understand that having limited access can be an inconvenience, but protecting your account is our primary concern.

Well, it wasn't a third person, it was me. I used PayPal to collect registration fees for IIW (happening next week). All the money we have to pay vendors, etc. is in that account and I can't get to it now. Of course, PayPal has already taken their cut, so what do they care?

To get the account back online I have to do four things:

1. Submit a bank statement for the account I'm transfering to.
2. Change my password
3. Change my security questions
4. Confirm my location

I was good on the first three. The last one required that I tied a credit card to the account and then they wanted to call me and have me enter a security code. They called the number I had listed long ago that isn't one I have access to on the weekend. They gave me no notice that they were going to call the number--they just did it. Since I didn't answer the phone they said this:

We mailed a letter with your Location Confirmation code to the following address. When you receive the letter, please follow the instructions on how to enter the code on the PayPal website. Please allow 7 to 9 days for your letter to arrive in the mail.

Huh???? Seven to nine days!?! Meanwhile I've got bills to pay and I'm not sure what I'm going to do.

I appreciate that PayPal is taking security seriously, but this is way overboard, as far as I can tell. They've made thousands of dollars from the money I collect there. The least they could do is provide a human for me to talk to and work this out. I'm willing to pay PayPal's high fees for the convenience, but this is very inconvenient.. I think I'll look somewhere else for the next IIW. I need to know that when the event rolls around I collected money for, I'll be able to get it.

Update: This morning (Dec 3) I logged into my PayPal account hoping I could download new attendees and got a message that my account at been restored. I don't know if it was my attempted intervention or whether some of the steps I completed (like sending a copy of my bank statement) was sufficient. In any event, it looks like IIW will be able to pay it's bills on time. Yeah!

Tags: customer+service iiw paypal iiw2007 iiw2007b