I-Names Get Real

Posted on 6/20/2006 by Drummond Reed

I should have suspected this — we finally get to the biggest inflection point in the evolution of i-names and I’m too busy to blog about it.

Oh well, that’s life. In less than two hours we finally flip the switch on the first user-centric digital address registry. See the news at http://biz.yahoo.com/prnews/060620/nytu091.html?.v=54

The ceremony itself is going to be the simultaneous popping of a dozen champagne bottles (some non-alcoholic) representing the first 7 i-brokers (see the list), 4 XRI registry infrastructure developers (XDI.org, Cordance, NeuStar, and AmSoft), and 1 for the users of the world to whom this is all dedicated (and whom we’re asking Doc Searls to represent. After all, as Paul Trevithick put it in a session this morning, all of us in user-centric identity ultimately “work for Doc”.)

My hope is that this is one more tangible step in the road to Doc’s vision of Internet identity infrastructure that truly empowers all of us as users.

Posted in Blogging, General, Practical I-Names, Social Web, XRI | Leave a comment

OpenID 2.0: Convergence Continues

Posted on 6/19/2006 by Drummond Reed

Internet infrastructure is always a story of convergence. Last fall the OpenID and LID URL-based authentication protocols came together around an interoperable lightweight discovery format called Yadis. Yadis used the XML-based XRDS document format developed by the OASIS XRI Technical Committee, which brought i-names (the human-friendly format of an XRI) closer to both of these distributed URL-based authentication protocols.

Now the next step is happening. OpenID 2.0 will be more than just an authentication protocol but a complete framework for distributed digital identity based on user-centric digital addresses. The highlights:

  • OpenID 2.0 will support both URLs and XRIs (i-names or i-numbers), so you can use either type of digital address.
  • OpenID 2.0 incorporates Yadis XRDS-based service discovery, so it can be used not just for authentication (via any protocol both the user and the site support), but for any identity-based service (“i-service”) such as profile exchange, attribute verification, reputation, etc.
  • OpenID 2.0 Authentication (the new name for the OpenID 2.0 authentication protocol itself) is adding more security features plus the ability to do “anonymous” login (logging in using your i-broker’s digital address instead of your own, for an extra layer of privacy).

And to show how serious this is, the OpenID 2.0 framework was submitted this morning by 16 architects and developers to the Apache Software Foundation as a new project called “Heraldry”. With the Heraldry project, user-centric identity officially moves out of the backwater and into the mainstream channel of the Web.

 

 

The timing is ideal with the opening of the XDI.org i-names global registry services at the Berkman Identity Mashup on June 20th. This is the first global digital addressing service in which users are a full peer with organizations, and in which users interests are represented by i-brokers whose job it is to protect the privacy and security of user data.

More about the global registry opening in a following post – I just wanted to get the word out about OpenID 2.0, because it’s one of the most tangible signs ever that user-centric identity is here to stay.

Posted in General, I-brokers, OpenID, XRI, Yadis | 1 Comment

XDI.org ready at last

Posted on 6/14/2006 by Drummond Reed

When I can’t do a post for a month you know something’s up (or down). But this one’s up: XDI.org has finally finished and approved the Global Services Specification (GSS) that governs the operation of XDI.org’s global XRI i-name and i-number registry services (GRS). The press release of the announcement went out today.

This paves the way for a formal opening of the GRS at 7PM ET next Tuesday evening in a live ceremony at the Berkman Identity Mashup. The participating i-brokers (from 3 continents) will be announced next week at the conference.

Better still, the GSS specifies that XDI.org-accredited i-brokers will support both OpenID and SAML. That means i-name owners will be able to authenticate and share data with any site that speaks either one of these protocols.

Convergence towards real operating identity infrastructure is going to be a major theme next week. I can hardly wait. It’s only been, what, 12 years…

Posted in General, I-brokers, Practical I-Names, XRI | 1 Comment

Awesome IIW2006

Posted on 5/7/2006 by Drummond Reed

I just got back from Internet Identity Workshop 2006A (the “A” because a second one is planned later this year). I want to echo the praises others (Phil Windley, Kim Cameron) have heaped on it. In particular, Kaliya was amazing. You want to do an unconference? She’s the one to call. The whole unconference format showed just how effective it can be to let a motivated audience self-organize.

Following are a few highlights from the sessions which I was able to attend (my only complaint was that there were so many I couldn’t attend ’cause there just wasn’t enough time!)

  • The i-tags session, wonderfully blogged by Christine Herron, produced some excellent ideas and feedback about the third draft spec. Ben Laurie had some great suggestions too. It’s finally time to ramp up a mailing list, which we’ll be doing shortly.
  • The identity rights agreements session, which I’d been anticipating for several months now, was every bit as fascinating as I thought it would be. Again, see Christine’s post for a summary. The biggest frustration was that after an hour and fifteen minutes we were just really getting started – we needed a good half-day on the subject. But we agreed to begin moving the work forward on the Identity Rights wiki and mailing list. I’m also planning another blog post inspired by the final part of the discussion.
  • Dale Olds of Novell led an eye-opening session on all the open source projects related to digital identity. See this blog post by Phil for more info.
  • Phil did a great session on the reputation system he and his BYU students have created. It shows just how difficult reputation can be — and how valuable if we get it right.
  • The XRI and SAML Single Sign-On (ISSO) session given by Peter Davis produced excellent feedback on the draft spec (to be posted on the XDI.org wiki as soon as Peter can deal with some formatting issues) from such SAML experts as Bob Morgan, Eve Maler, Jeff Hodges, and Nick Ragouzis.
  • A testiment to just how densely packed the sessions were was the fact that I missed the session on Identity Commons 2.0! But reports from those who made it are that the ball moved further forward and the necessary organizational steps are already underway.
  • The final highlight — which we couldn’t even squeeze in until after the conference was over — was being able to get in front of a whiteboard with Paul Trevithick and Andy Dale and produce a picture of how Higgins and XDI fit together (captured by Phil when he and Doc and Kaliya joined us). The conclusions we reached were a real eye-opener, one for which I’m going to do a separate post to do it justice.

Net net: as Phil Becker summed up in the Digital ID World newsletter (as quoted by Kim):

“…it was, in my opinion, a tremendously significant moment in the evolution of the identity conversation, and one that will have many significant ramifications going forward – though these will likely take another year to become clear to those not paying close attention.”

Posted in Blogging, General, Identity Commons, Identity Rights Agreements, Other Links, Reputation, XDI, XRI | Leave a comment

I-Tags Getting Smarter

Posted on 4/30/2006 by Drummond Reed

It’s been six months since I’ve posted anything about i-tags but the spec has been steadily evolving. Working Draft 03 has been posted on the i-tag wiki and there are some great new features. Quick highlights:

  • The underlying RDF model has now been abstracted so it can be represented as either as microformat XHTML or as micro content XML (although only the former is defined in Working Draft 03 because the latter still lacks sufficient documentation).
  • The new microformat defintion uses the XHTML div tag and class attribute to structure the tag as a series of links. This pattern, which editor Andy Dale suggested several months ago, has become a widely-used microformat design pattern.
  • An i-tag is now divided into a header section and a body section. The header section consists of a set of links that use pre-defined classes (id, subject, author, publisher, verifier, date) to describe the i-tag itself (the RDF subject). The body section consists of a series of nested links that use globally-unique identifiers to identify the RDF predicate (the tag type) and RDF object (the tag value). This means i-tags can express an infinite variety of tag types all using the same simple format. See the spec for examples.
  • All the globally-unique identifiers used for subjects, predicates, and objects in i-tags can be either URIs, IRIs, or XRIs.
  • I-tag verification is now defined in detail, including both direct authentication using Yadis for authentication service discovery and third-party verification using an independent verification authority such as Opinity.

I-tags will be a topic at this week’s Internet Identity Workshop in Mountain View, CA. All the spec editors (Mary Hodder, Kaliya Hamlin, Andy Dale, and myself) will be there. Please join the session if you can, or send us feedback if you can’t attend in person.

Posted in Blogging, General, Other Links, XRI | Leave a comment

I-Brokers: the ISPs of Identity

Posted on 4/14/2006 by Drummond Reed

Phil Windley just posted a good assessment of what is becoming one of the key topics in the growth of interoperable Internet identity infrastructure — i-brokers and their business models. Phil makes the point:

There will be hundreds of identity providers and I’ll have accounts at dozens of them. Still, I don’t want to pick which identity provider I choose to use for a particular task according to what protocol they speak (that should be below the radar) but rather according to other “business” criteria. I may choose to use my Amazon account sometimes and my BYU account other times.

Phil is spot on. With all the focus on digital identity protocols and technologies, it’s easy to miss the obvious: in most cases an i-broker is going to have strong business motivations to shield his/her customers from needing to care about the technical details at all. Just as I have no idea how my bank clears a check, settles my credit card, or handles a wire transfer, most i-broker customers are only going to care that:

  • their single sign-on service works everywhere they want it to (hmm, sound familiar?)
  • their contact page functions flawlessly and doesn’t let any spam through.
  • their forwarding service maintains persistent links to anything and everything that matters to them.
  • their calendar/photo/file/other data sharing service operates without a hitch with all their devices and all their contacts.

It’s not rocket science: ISPs maintain our physical pipes, i-brokers will maintain our “social pipes”. Yes, there many more security/privacy issues at this higher layer, but the protocol people (SAML, Liberty, WS-*, XRI, OpenID, LID, SXIP, DIX, XDI) will provide the basic plumbing to get the job done. The role of the i-broker is to be the water company: make sure the social data flows smoothly and doesn’t leak.

Funny, but I remember being at BBSCON (remember that) in 1991 when the term “ISP” was just starting to be used. Within three years it was almost ubiquitous. At Digital Identity World the past two years, there hasn’t been a single session on “Becoming an I-Broker”. How much do you want to bet that this is one of the most popular sessions at Digital Identity World 2007?

Posted in General, I-brokers, Social Web | Leave a comment

Registering with Opinity

Posted on 3/24/2006 by Drummond Reed

Time to start “claiming my blog” — this one for testing with Opinity’s third-party reputation aggregation service. The following is what I need to paste in to authenticate by blog there:

Click the link to check my Opinity reputation!

[More coming on all this once everything is working…]

Posted in Blogging, General, Reputation | Leave a comment

Yadis 1.0 and XRI Resolution 2.0

Posted on 3/24/2006 by Drummond Reed

When this blog is quiet for a long period, it’s usually because of specs, specs, specs. This winter has seemed like one long spec drive, and it’s not over yet.

But we have reached two major milestones:

  1. XRI Resolution 2.0 Working Draft 10 is the outcome of 9 months of work to build full proxy resolution into the XRI resolution framework. This was a result of feedback the XRI TC received from the W3C Technical Architecture Group (TAG) during the public review of XRI 2.0 last spring. Now we not only have fully-specified proxy resolution that can easily be deployed on any HTTP server, but also an HTTP URI format for all XRIs (called an HXRI). For example, here’s the HXRI for my contact page: http://xri.net/=drummond.reed.
  2. Yadis 1.0 is the outcome of 6 months of work dating back to last fall’s Internet Identity Workshop where Johannes Ernst, creator of LID, and Brad Fitzpatrick and David Recordon, creators of OpenID, proposed using a simple service discovery format so sites could deploy a single “intelligent” login box that could accept either LID and OpenID URLs.

The good news is that this simple service discovery format turned out to have the same requirements the XRDS (Extensible Resource Descriptors) format used by XRI resolution. So all three efforts were able to harmonize on use of XRDS. This provides a single interoperable service discovery format for both XRIs and URLs and which will work with LID and OpenID as well as SAML 2.0 or any other HTTP distributed authentication protocol.

This is a big step forward for convergence of interoperable Internet identity infrastructure (say that four times fast 😉

[Stay tuned for more spec news as we head for the next two big milestones. All this round of spec work should be wrapped up by the next Internet Identity Workshop May 1-3 in S.F. so it should be a regular interop orgy this year!]

Posted in General, XRI, Yadis | Leave a comment

Higgins vs. InfoCard is bunk

Posted on 2/28/2006 by Drummond Reed

Objectivity of the press? If you read this CNET article you’d think the Higgins project from Social Physics and Parity is a competitor to Microsoft’s InfoCard architecture. Nothing could be further from the truth. In fact the two have been collaborating closely for months now.

But rather than rail against the tendency of the press to look for controversy (which could leave us here all day), I’d rather make the point that Higgins and InfoCard are in fact very complementary. InfoCard as an authentication mechanism can fit nicely into the Higgins framework for relationship management and vice versa. I encourage anyone looking at Internet identity and relationship management technologies to check out both.

Posted in General, Social Web | Leave a comment

More on Identity Rights Agreements

Posted on 2/4/2006 by Drummond Reed

Paul Madsen makes another very good point about identity rights agreements (hmm, the acronym is going to end up “IRA”):

This work would be really interesting & valuable. Identity agreements and their identifiers could be common across particular identity systems (e.g. Liberty, Shib, OpenID, LID, SXIP, WS-*, etc) and so serve as a key piece of any metasystem that underlies or unites such systems.

Paul also points out (as has Peter Davis to me in an email) that…

Liberty ID-WSF has a container in our protocols for carrying such identifiers (an empty container because, as yet, we have not ourselves defined any policy syntax or identifiers – despite some early work along this route).

I believe it would be ideal for Identity Commons to work with Liberty Alliance and all the Identity Gang participants to define this vital new piece of the identity metasystem. I continue to have the feeling it may just be the fuse on Kim Cameron’s “identity big bang“.

Posted in General, Identity Commons, Identity Rights Agreements, Social Web | Leave a comment

Identity Rights Agreements

Posted on 1/20/2006 by Drummond Reed

The term “identity rights agreements” was coined by Phil Windley, Doc Searls, and friends in a discussion about identity after OSCON last summer. The full story is in a blog post with that title by Phil.

At the Internet Identity Workshop last October, we held an open space session by that name because a number of Identity Gang folks have been talking about the general concept for several years now. In particular, from an XRI/XDI perspective, identity rights agreements fit perfectly with the concept of data sharing controls embodied in link contracts.

Now the idea is moving from concept to reality. Identity rights agreements are becoming one of the galvanizing forces for a revitalized Identity Commons. One of the reasons is the oft-used analogy that “Identity Commons should be to identity rights what Creative Commons is to copyright”.

I want to take a moment to explain why I believe this analogy may be so profound — and thus why identity rights agreements may become one of the hottest topics in digital identity.

The trigger for these thoughts was Bob Blakely’s post On the Absurdity of Owning One’s Identity, in which he makes an argument why Kim Cameron’s First Law of Identity is, to use another legal term, “unenforceable”. While I think Bob makes a number of strong points in his post (and illustrates them with fascinating, richly researched examples — who says the art of the essay is dead?), I ultimately disagree with his conclusion only because I think he misinterprets the importance of the first word of the First Law:

Technical identity systems must only reveal information identifying a user with the user’s consent.

In other words, although much of what Bob says is true, only it applies to the people and businesses that operate identity systems and collect/disseminate identity data, not to the technical systems themselves, which is what I believe Kim meant the First Law to apply to.

But that’s a different subject. What really struck me about Bob’s essay was the knock-down-brilliant points he makes about the fundamental privacy concept of “consent”. To quote his introduction to this topic:

Consent

Negotiating the terms on which you will disclose self-image information is what Consent is all about.
In many cases there are laws and regulations constraining what an organization can do with information it collects about you in situations like this, but you don’t control the content of those laws and regulations – so you’re not making the rules (and in fact the interests of society and the interests of corporations influence the content of laws and regulations at least as strongly as the interests of individuals).

If you want to control your identity based on consent, you have to decide between two approaches:

  1. Build one set of terms which covers all uses of your information, and let an automated system take care of negotiating your terms and enforcing your rules. In this case, you need to figure out in advance what all the possible scenarios for use of your identity are, and write a policy which covers each scenario.

  2. Negotiate terms manually each time someone asks for your information. In this case, you need to get notified each time someone tries to use your identity, and make a decision about whether or not to grant consent.

Case 1 clearly isn’t going to work all the time; you can’t know in advance what benefits are going to be offered in exchange for identity information, and you can’t know in advance what risks are going to be created by giving that information out – so no matter what your policy is, there will always be cases it doesn’t handle correctly. This means there will be lots of exceptions to your policy, and when these exceptions arise you’ll have to fall back on case 2.

Case 2 doesn’t really work either. We know because we’ve tried it. Look here, or here, or here, or here for examples of what you’re already being asked to consent to. How well do you understand these terms? How likely are you to take the time to clear up the things you’re not sure about? How likely are you to say “no”?

Bob then goes on to explain that there are three forces behind his assessment of the problems with consent:

The forces at work here are obscurity, coercion, and burdens.

I encourage anyone who’s interested in this topic to read Bob’s arguments in great detail. But the one I want to highlight here is:

Because Identity Allocates Risk, society makes rules to make sure Identity is used fairly. Two typical rules are (1) someone who wants to use your information has to tell you what it will be used for (“notice”), and (2) someone who wants to use your information in a way that might create risks for you has to get your permission (“consent”). You have to pay close attention here: the rules don’t say that businesses and other parties can’t create risks for you – all the rules say is that other parties have to tell you when they create risks for you, and they have to get you to agree to the creation of the risks.

These rules create obscurity, because in business, the language of risk is law. The bank makes lots of loans, and therefore it is exposed to lots of risk. Because it’s exposed to lots of risk, the bank is willing to spend some money to protect itself against that risk. It spends that money on people who speak the language of risk – lawyers – and those lawyers write consent agreements that let the business do what it needs to do profitably (in this case, it needs to create risks for you by using your identity information) without breaking the rules.

You probably aren’t a lawyer, so the language in which consent agreements are written is foreign, and confusing, to you. On the other hand, you don’t value your privacy enough to hire your own lawyer each time you encounter a consent disclosure – so you end up doing something (reading a complicated legal agreement which allocates risks between you and the corporation) which you’re not really qualified to do, and it’s confusing and frustrating (Don Davis calls this kind of situation a “compliance defect“).

Bingo! Now, if you haven’t done so already, go here right now and read Phil’s very simple and intuitive description of the purpose of an identity rights agreement.

The two fit together like hand and glove. What identity rights agreements could solve — possibly in a very short period of time — is the problem Bob has labelled obscurity. By establishing a small number of very well-known identity rights agreements — and giving them very simple and highly recognizable visual icons that don’t require a user to read A SINGLE WORD — the use of “obscurity” as a tool to all-but-eliminate the value of consent disappears.

Why could identity rights agreements catch on so quickly? For the simple reason that sites who want to give users the real power of consent will start to advertise that fact by posting identity rights agreement icons right on the Web form where they collect personal data. Just as millions of Internet users were first exposed to Creative Commons licenses by seeing the icon for a CC license posted on a blog or Web page they were reading, they will be exposed to Identity Commons identity rights agreements icons on Web forms. One click through to see what they mean and I predict the reaction will be, “Wonderful! I hated those indecipherable legal agreements anyway. I’m going to support sites that use these icons to let me know they are being straight with me about the use of my personal data.”

And suddenly sites become motivated to choose this simpler and more user-friendly form of consent — possibly leading to one of those rare but real “virtuous cycles” (to use a term I first learned from Bill Washburn) that can infect an entire ecosystem.

That’s why — despite my current 150%-of-my-time focus on establishing fully operational XRI infrastructure — I plan to invest time in supporting the creation of the first operational set of identity rights agreements at the revitalized Identity Commons. I’m challenging the rest of the current and new Identity Commons supporters to do the same — I want us to present the first draft set at the next Internet Identity Workshop in May.

Posted in General, Identity Commons, Identity Rights Agreements, Privacy, Social Web, XDI | Leave a comment

Great essay on the impact of the net

Posted on 12/23/2005 by Drummond Reed

Every so often you read a blog post that’s so good you just have to blog about it right away. Here’s one from Grant McCracken titled: “Internet 2.0: The Economic, Social and Cultural Consequences of the New Internet.”

It’s not long, and not dense, yet it suggests the reasons why the net may be having a far greater impact on global society and culture than we realize. It triggers a tornado of ideas I could blog all day about, but that will have to wait until the post-holiday lull (if there is such a thing in XRI-land this year…)

Posted in Blogging, General, Social Web | Leave a comment

XRIs and Privacy: Anonymous Single Sign On

Posted on 12/11/2005 by Drummond Reed

Radovan Semančík recently wrote about the privacy concerns with global unique identifiers in his blog post called Global Troubles. He points out that the same issues arises whether those global unique identifiers are URLs (OpenID, LID, and now SXIP) or XRIs (i-names, i-numbers).

Since my work on XRI has been grounded deeply in privacy since the mid-1990’s, I wanted to point out two things:

  1. Radovan is absolutely right — it is very important that techologies that use globally unique identifiers pay supreme attention to the privacy implications.
  2. When the privacy architecture is done right, the use of abstract globally unique identifiers can increase privacy, not decrease it.

For example, a major selling point for i-names when they go into general release in early 2006 will be that they offer a higher level of privacy and personal control than any other global addressing system. The reason is that an i-name does not by itself need to reveal any information about its owner. It is not an email address or an IM address or a phone number. It is nothing more than a human-friendly global unique identifier which may be deferenced (resolved) into a set of services for interacting with its owner, all of which are controlled by its owner.

Radovan’s point, however, is that no matter what the nature of a globally-unique-identifier, even just a plain old URL, it can be used for triangulation or correlation by third parties that do not want to respect your privacy. As he says:

The global identifiers…are on-line equivalents of SSN, with most of the SSN drawbacks. The attribute protection mechanisms implemented by “identity” systems does not help here, as the data are already out at service provider’s systems and are not in control of “identity” system anymore. Yes, you may create several “personalities” by using several global identifiers, but the management of these different accounts may soon become very difficult. And even that does not help much. Imagine, that you make a mistake and login to the “adult” site with your “civil” account. That alone leaks some information, that you might not want to be leaked. And if you logout and login with the other account, it may be easy to correlate these two accounts (cookies, IP addresses). And great part your privacy is lost …

He goes on to say:

The use of randomly generated identifiers that are shared only between Authentiation/Identity Provider and one Service Provider (as it is in Liberty case) may help a bit. It limits collusion an such way, that the Identity Provider must be one of colluding parties. That may be more acceptable is some cases (but not everywhere).

But neither of these approaches is ideal. There must be something else to look at, some better solution. Or maybe we are chasing ghosts and people does not really want privacy, after all …

He then adds one final disclaimer:

Disclaimer:
Don’t get me wrong about XRI. I don’t see anyting bad about XRI (as I don’t see anything bad about URI either). I must admit that the more I know about XRI the more I like it. But I don’t like i-names. That use of XRI somehow does not feel right …

Radovan is not unique in this respect. I find the more Internet architects and developers understand about XRI, the more they like it because, as an open standard for structured identifiers (“XML for identifiers”), it can solve a number of problems around intelligent, persistent, privacy-protected identification of resources. And it’s also true that i-names and i-numbers (as the new form of fully-abstract globally-unique resolvable identifiers that XRI architecture makes possible) are only one small fraction of overall XRI architecture.

I find that the discomfort about i-names (whether global or delegated) as identifiers for individuals generally revolves around precisely Radovan’s concern that they may somehow be used to compromise privacy, because even though they can be used to shield personal data (as explaine above), once that data is shared, the i-name provides a global correlation handle.

I have two answers to this, one social/legal, and the other technical.

The social/legal answer is that techologies like i-names, when coupled with the right technical underpinnings like XDI link contracts, provide strong, machine-auditable mechanisms for enforcing privacy restrictions. My personal belief is that the legal and social penalities for not maintaining privacy of customer/partner data will only increase, and the more technology is available to support this, the stronger these protections will become.

However there will always be companies/governments/groups that operate “outside the law” and for this technical solutions are necessary. Again, I believe carefully designed privacy architecture can accomplish the goal. With XRI architecture, for instance, we can address a specific concern of Radovan’s…

Yes, you may create several “personalities” by using several global identifiers, but the management of these different accounts may soon become very difficult. And even that does not help much. Imagine, that you make a mistake and login to the “adult” site with your “civil” account. That alone leaks some information, that you might not want to be leaked. And if you logout and login with the other account, it may be easy to correlate these two accounts (cookies, IP addresses). And great part your privacy is lost …

I-SSO (the i-name-based single sign-on protocol under development at XDI.org), can be designed to offer an anonymous login option, where the user does not login with their i-name, but the i-name of their i-broker or of another third-party service provider that provides anonymous SSO service. That party then generates a unique XRI for the relationship just like the Liberty scenarios that Radovan refers to.

Is it perfect? No — users could still make the mistakes Radovan mentions. Or the i-broker or third-party anonymous SSO service provider could slip over to the dark side. Just like your bank could go out of business and steal all your money tomorrow.

My point is, properly employed, these services and the globally unique resolvable identifiers they use can and will build steadily stronger and more reliable user privacy, not the opposite.

Posted in General, Privacy, Social Web, XRI | Leave a comment

Identity Informational Morning

Posted on 12/6/2005 by Drummond Reed

See the Internet Identity Workshop wiki for info about a morning meeting for developers to be held at Cafe Won Ton in the Fulsom neighborhood of S.F. next Monday, 2005/12/12, before the Syndicate conference. It’ll be a great chance to see how new identity technologies — XRI/i-names, OpenID, LID, SXIP, YADIS, Yoke — fit together to start offering real, interoperable user-centric identity solutions to requirements Web developers face every time they have to build a new site.

Posted in General, Identity Commons, Practical I-Names, XRI | Leave a comment

YADIS Going Strong

Posted on 12/5/2005 by Drummond Reed

Johannes Ernst posts a summary of the YADIS meeting held in San Fransisco last week (which I couldn’t attend in person but dialed in for). It was one of those classic situations where the common need to interoperate overcame the individual need for any one particular feature/flow. I am very hopeful for the outcome, which should be manifested in the form of a new YADIS draft from editor Joaqun Miller within the next week.

With this draft, YADIS will become the common capability discovery protocol for i-names, LID, and OpenID. That’s exciting.

Posted in General, Identity Commons, XRI | Leave a comment

John Udell on the Dataweb

Posted on 12/2/2005 by Drummond Reed

Doc Searls gave me a ping that Jon Udell was starting to write about the Dataweb. His article in Infoworld is titled, “The two way data web” and it talks about how folks like Bill Gates and Adam Bosworth are hinting about using RSS/Atom in both the publish and subscribe direction.

None of this is with XRI or XDI yet (at least that I can see). But the concept of XML linking to XML everywhere forming a structured Web where the links can be active, self-describing, and self-governing is starting to catch. And as developers begin to move into that web-of-data mindset, they are going to find XRI (as an identifier syntax and resolution protocol) and XDI (as a dataweb document format and interchange protocol) to be the cat’s meow.

Posted in Dataweb, General, XDI, XRI | Leave a comment

XRI 2.0: The Vote is On

Posted on 12/1/2005 by Drummond Reed

(One funny thing I’ve wondered about the blogosphere: is it like a real neighborhood, where your presence or absence is noticed? I suppose on the busier blogs it is; maybe less so if you don’t blog as often…)

Anyway, I’ve been noticeably absent for almost two months now (and noticeably low on sleep for a commensurate period) due to a monster deadline: sheparding the XRI Syntax 2.0 specification to a vote as an OASIS Standard. Together with my co-chair Gabe Wachob and the rest of the TC, we’ve burnt the candle crisp getting the foundational XRI specification, XRI Syntax, to a fine polish. Even then it still takes several months to move it through the three standardization stages at OASIS (Committee Draft, Committee Specification, and finally OASIS Standard.)

The OASIS Standard vote on XRI Syntax 2.0 finally went out today. It runs the calendar month of December (15 review period, 15 voting period), so come January 1, it will be a fascinating New Year indeed.

At the same time the TC has also published a new comprehensive FAQ (HTML format, PDF format) on the XRI 2.0 specification suite. I highly recommend it for anyone who wants to learn more about XRI.

Posted in General, XRI | Leave a comment

He Crys Ubiquity

Posted on 10/5/2005 by Drummond Reed

Craig Burton makes a highly cogent point about widespread adoption of Internet identity infrastructure. So cogent that I’m going to repeat the whole thing here:

(To a Marley regaee beat) I, I ,I cry ubiquity…

Ubiquity rules.

Identity 2.0 is a tough problem. This is because it not only requires a new architecture, but because it requires that the user rethinks how identity works.

It’s a shift from

Identity 1.0–server-based user name and password

to

Identity 2.0–network-based user verified credentials.

This is no small shift. It changes everything.

However,

It will only change everything when Identity 2.0 infrastucture becomes ubiquitous. Free. A given. Like air and sunshine.

Most would-be identity systems–OpenID, Ping, Sxip, Liberty to name a few–are not well designed to become ubiquitous. They each require that you buy into their architecture to work. You must adopt their protocols and system intrinsics. Open and Simple by itself just doesn’t cut it.

What is needed is an architecture that is independent of mandated adoption.

This is part of the bueaty of Kim Cameron’s Identity Metasystem. I can’t emphasize the importance of such a design towards the objective of ubiquity.

I, I, I cry ubiquity.

I think about it this way: for ubiquitious adoption, a common layer of Internet identity infrastructure will need to meet the same requirements as IP infrastructure and Web infrastructure. Open standards, open source and commercial implementations, and open, non-mandated adoption. It works because the community self-organizes to use it and maintain it.

From a strictly identifier standpoint, that’s how IP addressing and DNS naming evolved. They solved a shared problem with rough consensus and running code. For XRI adoption to achieve ubiquity as a uniform abstract identifier layer, the same thing has to happen. Rough consensus we’ve achieved at OASIS (almost – the second committee draft of the XRI Syntax spec goes to a vote next week, with the full OASIS vote scheduled for December.) Running code is next. (More posts on that coming soon.) Rev it fast enough and the XRI rubber can finally meet the road.

Posted in General, XRI | Leave a comment

XRI, XDI, and Web Services

Posted on 10/2/2005 by Drummond Reed

I just returned from an inspiring meeting with a number of Identity Gang folks about the legal, social, and policy foundations of an identity metasystem. One of the most eye-catching presentations was Dick Hardt’s video of his OSCON talk on Identity 2.0. I think he does the best job yet of explaining what user-centric identity is really about: letting users, not systems/directories, control how they want they want to identify themselves and share data.

In his presentation, however, Dick hits one false note about XRI/XDI– he says “it’s not web services”. As Andy Dale notes in his Tao of XDI blog, XRI (as a syntax and resolution protocol for abstract identifiers) and XDI (as an XRI-based data sharing protocol) are both binding independent—they can be bound to any transport protocol. Both are starting with HTTP bindings only as a simple matter of expedience – HTTP is ubiquitous and lightweight, so there’s no reason not to use it.

But given the roots of XRI and XDI in XML, a SOAP binding makes just as much sense (and is in fact what some implementors are already using). And, as Kim Cameron keeps reminding me, this is also what’s needed for XRI and XDI to fully integrate with the world of web services. In fact, in the modular WS-* architecture, XRI and XDI should fit well, because they offer nicely compartmentalized functionality: XML-based abstract resource identification and data sharing, respectively.

Net net: XRI and XDI are neither POX- nor SOAP-centric. They are resource-centric (that’s “resource” as used in in Uniform Resource Identifier — anything that can be identified). (I could go on at great length about how “user-centric” is really “resource-centric”, but that’s another post.) And as resource-centric services, they are ideal for service-oriented architectures (SOAs) of any kind, including web services.

Posted in Dataweb, General, XDI, XRI | Leave a comment

DataTao is coming

Posted on 9/10/2005 by Drummond Reed

Andy Dale has started to blog about where all this XDI stuff is going at ooTao: DataTao. DataTao is (to my knowledge) the first pure data sharing service. In other words, any individual or organization with an i-name will be able to open a free account at DataTao and establish it as the “home base” for their personal or business data. DataTao will then enable the account owner to publish the data to any subscribing party (individual or organization) in any supported format (XDI, LID, SXIP, etc.)

The DataTao data brokering model does not require that DataTao be the authoritative source for the data, any more than a bank requires that it be the only place you can store your money. If you already have another authoritative source for some data — for example, if your Books We Like account is already authoritative for your book-buying preferences — then you just tell DataTao to subscribe to that data source. Now you’re empowered to share that data with anyone you like, under the terms you set as the data authority (which will be even easier the subscriber is a member of Identity Commons, because a key goal of IC is to help standardize common data sharing agreements.)

How excited am I about the DataTao model? After more than a decade of working on the underlying technologies that make it possible, I can’t wait to be the first one beating down their door to finally have one place to manage and control all my personal data sharing. I’m hoping that DataTao will become the model for data brokering that 2idi has been for i-brokering.

Go Andy! (And Steve, and Barry, and Justine, and all the other members of the DataTao team!)

Posted in General, Practical I-Names, XDI | Leave a comment