After a decade in digital identity, one of my overwhelming takeaways is that the subjects at the very heart of the field — identities, attributes, tokens, credentials — are an order of magnitude (at least) more complex than they appear to the layman.
The closest analogy is the atom — what seems so simple at a conceptual level turns out to have oceans of complexity swirling beneath it when you ask the devil for the details.
So in this field I especially prize clear thinking and modeling (I would go so far as saying that XDI would be impossible without it.)
For a shining example, look no further than Anil John’s new blog entry, A Model for Separating Token and Attribute Manager Functions. I especially like how the model reveals key differences between four different real world identity systems, including the currently popular social login model.
[Update: for the ideas leading to his model, Anil credits Andrew Hughes, Ken Dagg, David Wasley and Colin Soutar from the Kantara Identity Assurance Working Group.]
I’ve been working with Phil Windley on key issues in digital identity and trust networks for a long time now, and particularly closely in the past year since Kynetx became one of the first Founding Partners of the Respect Network.
But rarely have I seen technologies that work so well together as KRL and XDI. Besides their uncanny synergy in personal cloud architecture, recently Phil has done two blog posts about PDOs (“persistent data objects”):
As I read each of these points, every place I see the term “PDO” I read “XDI graph”. XDI is a way to have universal interoperability and portability of PDOs. (This doesn’t mean that every PDO must use XDI, just that XDI is a way to have widely interoperable PDOs.)
That immediately explains the synergy between XDI and KRL: as a rules language and CloudOS, KRL provides a way to write programs to work with PDOs anywhere in the cloud, and XDI is a way to address, serialize, and exchange those PDOs.
If you start from a conventional object-oriented perspective (hmmm, I remember back when object orientation was the radical new perspective ), here’s another way to think about it: if XDI provides interoperable data abstraction, KRL provides interoperable method abstraction.
In other words, KRL provides a rules-based mechanism that enables a developer to apply a method (“action”) to any PDO that satisfies the necessary conditions (“event”) to fire that method.
No wonder KRL and XDI are digital chocolate and peanut butter.
In August I did a short post sharing an insight about what cleanly distinguishes a personal cloud from what the VRM (Vendor Relationship Management) community has long called a personal data store or PDS. A few years ago it appeared the popular name for a PDS might end out being a personal data locker. However recent press coverage, including a New York Times article this weekend, has used a different term: personal data vault.
So I’m updating the diagram I posted in August just to make sure it’s still clear: a personal cloud is to a personal data vault what a personal computer is to a file system.
In other words, while logical aggregation and secure sharing of your personal data is important — just as file management is important to a personal computer operating system — it is vastly more useful if you can run trusted applications to create, manage, and use that data. That’s what a personal cloud does. It’s an operating system for a virtual computer in the cloud, and the apps it runs communicate cloud-to-cloud to do tasks that are not feasible with either personal computers or smart phones — most importantly, to manage communications via personal channels (a whole ‘nother topic — read the paper for the full scoop).
To repeat one other key point from the earlier post, the other concern I have about either the term “personal data vault” or “personal data store” is that it gives the perception that all the personal data you may aggregate and store lives in one location. That’s neither practical nor desirable. What you really want is a single point of control — a secure dashboard — for your personal data no matter where it may be stored, either on your local devices or on the Web (your bank, your doctor, your insurance company, your car dealer, your school). Yes, in some cases you will want your personal cloud to store a backup of data that lives elsewhere, but that doesn’t need to apply to all data you touch.
You know a meme’s time has come when it starts appearing independently across multiple points in the industry. Such is the case with personal clouds. Just last week, while attending a Respect Network planning meeting at Kynetx in Utah, Jeff Kramer published a blog post entitled The Personal Cloud Computer which shares his vision for personal clouds — and he’d never heard of the Respect Network or read our paper on personal clouds.
Meanwhile Trendwatching.com has this article about “datamyning”, a new term to describe “data back to the people” that might just catch on (in the UK it goes by the name midata and in France it’s mes infos, but a meme by any other name is still a meme).
When you have a cast bringing together Bradley Cooper, Jennifer Lawrence, Robert De Niro, and Jacki Weaver, you can’t help but start out skeptical that they can reach the full potential of what all that enormous talent is capable of delivering.
I am ecstatically happy to report (having just returned and still drying my eyes) that on this occasion, in the finely skilled hands of David O. Russell, the result is so good that I haven’t been as crazy about a film since Crazy Stupid Love.
This is why I go to the movies (especially with my wife that I’m equally crazy about because she loves them just as much and cries right beside me).
Movies may be just a spice in the drink of life, but the very best ones can make it taste so sweet that your thirst for everything is redoubled. Silver Linings Playbook is that kind of film. Grace your holiday with it.
I sure wish I had more time to blog, but with about 110% of my time is going into building the Respect Network these days, most of my posts are on the Respect Network and Connect.Me blogs.
But if you’ve been using this blog to keep track of progress on the XDI standard, then I owe it to you to point out this wonderful demo that Markus Sabadello, leader of the XDI2 open source project, created for the Internet Identity Workshop #15 week before last. It explains so much about XDI and how it works — and particularly its relevance to the emergence of personal clouds — that many of us there urged Markus to turn it into a screencast.
And now he has. It runs about 20 minutes, but that’s how much good content it covers. And it still only touches the tip of the iceburg of what’s going on with XDI. Hopefully as we enter the holidays I’ll have time to do some more posts about that.