I’ve done very few blog posts this year due to the speed at which I’ve been running with Connect.Me and Respect Network (more about that at the end of this post). But three weeks after it ended, I’m doing a writeup on the last Internet Identity Workshop because, out of all 14 IIWs to date, this one gave the strongest signals the industry is breaking out.
Here were my five key takeaways:
#1: Personal Clouds Have Arrived
Once a decade comes on of those moments when you know that a corner has been turned and a new market is going to happen. For example, when I first saw a personal computer in 1976 and realized I could use it for writing, I knew I had to have one. And so did millions of other people.
Another was the first time I tried a mouse-driven graphical user interface.
A third was the first time I held an iPhone in my hand. As I played with the touch screen and launched apps. I knew right then and there that it was going to be a monster. All the power of a computer in your pocket and always on the network to boot.
Now it’s happened again—but this time with a product you can’t see or touch. Phil Windley’s white paper From Personal Computers to Personal Clouds summarizes the premise in one sentence: the next major advance in personal computing and communications is the personal computer in the cloud. There were at least four personal cloud sessions at IIW, including one led by Johannes Ernst in which a set of architects debated the precise meaning of the term like a set of lions sparring over a pride.
There’s no doubt in my mind: personal clouds are coming like a giant gathering storm, together with personal channels (more on those soon). They will be the central organizing construct of the personal data revolution just like PCs were the central organizing construct of the personal computing revolution.
#2: The VRM Wave is Breaking
Although it started a good five or six years offshore, the VRM wave led by Doc Searls is starting to strike the coastline. It isn’t just the publication of Doc’s book, The Intention Economy—although like tsunami warning siren, it does provide a very loud wakeup call to the residents of the sleepy coastal villages of e-commerceland.
And it’s not just because this was the first time there was a continuous string of VRM sessions playing throughout IIW like a Labor Day Weekend marathon of Grateful Dead songs.
For me, the strongest evidence was packed house the final morning of IIW in the “VRM: How Will It Break Through?” session led by Mydex chairman William Heath. In this session there were three major insights:
- First, William talked about the midata initiative in the UK and Jennifer Cobb talked about the SmartDisclosure initiative in the US. In both cases, the government is taking the first step in spurring industry to “do the right thing” in giving back personal data to the citizens so they can reuse it to their and everyone’s benefit. I pointed out that the trend is not just with the government; in France the Mes Infos project is doing the same thing in the private sector. As I heard from the leaders of Mes Infos directly during a meeting last month in London, they want to beat the government to the punch.
- Secondly, David Blumberg, Managing Partner of Blumberg Capital (and an investor in one of the companies in the space, Trulioo) articulated a core VRM value proposition for vendors: “Companies who really care about the lifetime value of the customer will be the biggest beneficiaries of VRM.” As Doc has said for years, those companies will embrace VRM as the next major step for CRM. CRM vendors: are you listening?
- Lastly, at the conclusion of the session, William shared his own analysis. He drew a simple four square matrix on the board in which the two columns were People and Organizations and the two rows were Money and Do the Right Thing. He then asked the question: in which quadrant is the VRM breakthrough likely to come? Will it be people doing it for money? Organizations doing it for money? People asking for it because it is the right thing? Or organizations doing it because it is the right thing? After sharing a story about the BBC deciding a major new web product should have all its visitors store their media preferences in a Mydex PDS, William concluded that it will be Door #4. The breakthrough will be organizations who share personal data back with individuals—who start storing data in the individual’s personal cloud rather than their silo—simply because it is the right thing. Because it will ultimately produce the greatest benefit for everyone.
By the end everyone in this session was positively vibrating with excitement. Ironically, I don’t know how many who attended it knew that William was the founder and CEO of Kable, the leading government IT analyst company in the UK, which he subsequently sold to The Guardian several years ago before taking on the job of building Mydex as a Community Interest Company. So this was the insight of a highly experience professional analyst who has been living and breathing this space for the last four years.
Personally, I think William nailed it, and I told him so afterwards. Companies choosing to do the right thing because they know it is in their customer’s best interests—and thus ultimately in their own best interests—will be where the dam breaks.
And when the water starts pouring through, watch out.
#3: OpenID Connect Is Connecting
As one of the founding board members of the OpenID Foundation—and subsequently of the Information Card Foundation—and then helping birth their lovechild the Open Identity Exchange, I have been close to the OpenID drama since it started in 2005. And frankly I was one of those who all but left it for dead two years ago when even the OpenID board admitted that Facebook Connect—at the time being installed on more than 10,000 websites a day—was kicking OpenID’s butt.
I had become convinced that social logins—as the precursor to trust frameworks (see below)—were unstoppable. So I was as skeptical as anyone about the proposed metamorphosis of OpenID into OpenID Connect (which Kuppinger Cole analyst Dave Kearns has accurately characterized as being so different than the original OpenID that it is “OpenID in name only”).
I was wrong. By going back to the drawing board and putting together the best of OpenID, SAML, Information Cards (and even a touch of XDI—see below), OpenID Connect is out-Facebooking Facebook. And because it is now built on top of the industry standard OAuth, which as Kuppinger Cole analyst Craig Burton says is becoming the key to the API Economy, OpenID Connect suddenly looks like it could become the open, multi-provider, interoperable version of social login that can work Web-wide.
A special shout out to John Bradley, Mike Jones, and OpenID Foundation Chair Nat Sakimura for their persistence in making this happen.
#4: XDI is Coming in from the Cold
OpenID Connect is only the first step. While it could finally standardize and democratize social logins, it doesn’t tackle the harder problem of semantic data management, including portable data, portable permissions, and interoperable data dictionaries.
That would be a job for XDI. It has long been the dark horse in this race. 8 years in gestation at OASIS, it barely survived losing the ardor of two waves of early proponents. But its slavish adherence to developing a simple, globally-addressable graph model for data is finally starting to pay off.
At the same time the market has “grown into” the XDI problem space, particularly the very hard problems of creating an interoperable personal data ecosystem where app developers can gain permissioned access to personal data without needing to know its specific location or native format, and individuals can switch accounts between personal cloud providers the same way they can switch banks or switch mobile carriers today.
This explains why there were more XDI sessions at this last IIW than ever before, and they went deeper into the real problems XDI can solve.
Make no mistake, as co-chair of the OASIS XDI Technical Committee, I can assure you there’s still an enormous amount of work to be done—a complete set of XDI 1.0 specifications are still at least six months away. But we’ve turned a corner and momentum is increasing. I predict that within a year there will be the same non-stop track of XDI sessions at IIW that there was for VRM this time around.
#5: Trust Frameworks are the New Network
Two years after the establishment of Open Identity Exchange, the first international non-profit home for open identity trust frameworks, there are still only two operational trust frameworks listed (the U.S. FICAM trust framework and the Respect Trust Framework).
What happened? Where are all these promised trust frameworks? Did someone miss the train?
In fact, “train” is an appropriate analogy. A trust framework is a lot like a large locomotive. It takes a good long time not just to build one, but to get it on the tracks, load the train, and get up a head of steam.
And yet, just like it was obvious that it would take railroads to civilize the American Wild West, it was taken as a given at this IIW that trust frameworks would be necessary to civilize the Internet Wild West. Nearly every IIW session I attended presumed the use of a trust framework.
Why? Trust frameworks are the new network. That was the assumption underlying my co-founding Respect Network Corporation with Joe Johnston and Marc Coluccio in late 2010. We felt a trust framework for personal data and relationships—in which the trust model was based on p2p reputation—was the key to unlocking decentralized data sharing on an open standard relationship network. Connect.Me is that reputation system and Respect Network is that relationship network.
Only time will tell if we were right. But if the current focus on giant centralized social networks continues on the natural Internet progression towards standardization and decentralization—as brilliantly articulated in two blog posts from Phil Windley (Facebook Domination Isn’t Essential—It’s Not Even Likely and Moving Toward a Relationship Network), then indeed trust frameworks will be the new network.
All I can say is: don’t miss the next IIW.