Virtual Rights Institute

Posted on 9/3/2005 by Drummond Reed

Jaco Aizenman, an XDI.ORG trustee, has helped found the Virtual Rights Institute (VRI). As he writes me:

VRI is inviting everyone that wants a metasystem become a reality in a way that the individual is empowered. “Everyone” includes people from different protocols, technology providers, legislators, service providers, researchers, legal people, activist, media representatives, etc.

Jaco, who’s based in Costa Rica, is one of the visionaries plowing the ground to connect digital identity with real-world legal identity and governance. His work is even more fascinating because he also bridges a linguistic gap – he works extensively with Costa Rican legislative documents about digital identity in Spanish (his native language) and then translates the key concepts into English to help the Identity Gang, XDI.ORG, and others understand the key concepts (which, for an Internet-wide identity metasystem, must by definition be universal.)

For example, in Spanish the concept of “digital identity” most closely translates into the concept of having a “virtual personality”. So, as Jaco enumerates the VRI goals:

Virtual Rights Institute Goals:

  1. Research and promote technical and legal developments related to digital identity/virtual personality that give more power and control to the individual.
  2. Foster international cooperation on the new fundamental right of having a virtual personality, through high quality dialogue and deliberation between legislators, researchers and service and technology providers.
  3. Foster international cooperation on the development of the new virtual personality legal entity through high quality dialogue and deliberation between legislators, researchers, technology vendors, and service providers.

Of particular interest is the new Costa Rican constitutional amendment to have a new fundamental right of “having or not having a virtual personality”. Here’s a link to the full Spanish version, and (also in Spanish) details of the virtual personality legal entity.

The first VRI activity with be a symposium November 17 and 18 in Costa Rica. Jaco and other VRI founders are inviting legislators, digital identity specialists, researchers, and service providers from all over the world. I don’t know if I’ll be able to make it in person but I’m sure going to try (you can also participate virtually.)

Posted in Blogging, General, Identity Commons, Social Web | Leave a comment

Mary and Phil on I-Names

Posted on 9/1/2005 by Drummond Reed

My sparcity of posts in August equates directly to the intensity of work going on right now on the XRI 2.0 specifications at OASIS. After the XRI 2.0 Committee Draft 01 specifications were approved by the XRI Technical Committee (TC) in March, they underwent a public review period which drew a variety of excellent comments. This plus implementation feedback from a growing community of both commercial and open source implementers is now being folded into the Committee Draft 02 specifications which are scheduled for a TC vote by mid-October and an OASIS-wide vote in December.

When you’re this close to the open standards “sausage making” process, it’s nice to see growing recognition of how these standards can solve the problems they were designed for. A wonderful example is the article Mary Hodder (Napsterization) about the recent Yahoo/Flicker ID snafu. She does a great job of explaining how i-names (XRIs that functional as universal, privacy-protected addresses for people or organizations) could avoid this problem altogether.

And Phil Windley, who is co-hosting the Internet Identity Workshop in Berkeley in October, adds his perspective to Mary’s in his post at Between the Lines.

(And that’s before we even get to how XRIs can help with the Open Tagging problem, a subject about which I am very excited and only wish I had more time to work on. But first let’s get XRI 2.0 out the door!!!)

Posted in Blogging, General, Practical I-Names | Leave a comment

Opinity & Reputation

Posted on 8/12/2005 by Drummond Reed

Bill Washburn, a friend since he became involved with XDI.ORG in late 2000, has joined Opinity and is a primary driver of their new blog. If you haven’t seen Opinity, check them out – to the best of my knowledge they are the first context-independent, Internet-wide reputation service provider. They recently announced a partnership with Identity Commons to provide reputation services for i-names users and vice versa.

I haven’t been part of a digital identity conversation in several months now that didn’t include reputation — and in some of them it’s becoming the main topic. I look forward very much to working with Bill and Opinity on reputation services for XRI/XDI infrastructure.

Posted in Blogging, General, Reputation | Leave a comment

Keeping Up with Owen

Posted on 8/9/2005 by Drummond Reed

Owen Davis, co-founder and president of Identity Commons, has switched his blog from http://blog.whatbox.biz to the new Identity Commons community blog at http://news.idcommons.net.

But the bigger news is that: this is one of the first i-name enabled blogs, i.e., it accepts an i-name for both site registration and comment authentication. Try it out – just click the comment link on any article.

Posted in Blogging, General, Identity Commons, Practical I-Names | Leave a comment

Clay Shirky & Open Tagging

Posted on 8/9/2005 by Drummond Reed

A conversation with Stowe Boyd reminded my of Clay Shirky’s recent piece called “Ontology is Overrated — Categories, Links, and Tags“.

I can’t recommend this highly enough to anyone interested in open tagging. Clay makes a great case why the del.icio.us-style approach to social tagging is inevitable (and smarter than any central authority could ever be).

Posted in Blogging, General, Other Links, XRI | Leave a comment

Adoption Hurdle for Open Tagging

Posted on 8/8/2005 by Drummond Reed

Stowe Boyd makes a good point about the key adoption hurdle for open tagging:

However, the assertion that we can start merrily open tagging (tra la) with XRIs fails one critical test: I would like to have taggregators like Technorati accept these tags as equivalent to the closed URL-based tags currently in use. Without that major shift in the tag ecology, XRIs have a long road before migrating into general use.

I couldn’t agree more – XRI can solve the technical part of the open tagging challenge, but not the social part. I would offer this thought: given that almost by definition any Open Tagging standard (de facto or official) must not require a single central dictionary authority, it presents the classic open systems challenge: which of the current taggregators is going to migrate to a truly open dictionary until they are forced to? And if so, what would that forcing function be?

Until that question is answered, Stowe’s right — we won’t have open tagging.

Posted in Blogging, General, Other Links, XRI | Leave a comment

GoingOn Network

Posted on 8/2/2005 by Drummond Reed

Whew! You go away for a few weeks and its amazing how much happens. I just got caught up with Marc Canter’s GoingOn Network announcement and the fact that he’ll be using XRI/XDI (along with SXIP, OpenID, and Microsoft’s proposed Identity Metasystem) for identity interoperability.

The vision of distributed service providers powering interoperable identity-centric services (“i-brokers” in XRI/XDI parlance) for individuals, businesses, and communities gets closer every day.

Posted in General, Identity Commons, Social Web, XDI, XRI | Leave a comment

URNs, XRIs, and Open Tagging

Posted on 8/2/2005 by Drummond Reed

In response to my post yesterday on using XRIs for “open tagging”, Darren Chamberlain had this comment:

I wonder why simply using urn: URIs is not sufficient to identify a tag. From your example, the Thai tag could be:

<a href="urn:tag:thai" rel="tag">Thai</a>

Tag-aware services such Technorati could simply extract these URIs and treat them like appropriately. (I haven’t seen anyone suggest using urns for tags, although I would be surprised if someone hasn’t already thought of it.)

Darren’s point is well taken, and indeed one of the most frequent questions about XRIs is “how do they differ from URNs?” The short answer is that although they don’t use the “urn:” scheme name or scheme format, XRIs are effectively a superset of URNs. To quote directly from the XRI Syntax 2.0 Committee Draft specification:

Although an XRI is not a Uniform Resource Name (URN) as defined in URN Syntax [RFC2141], an XRI consisting entirely of persistent segments is designed to meet the requirements set out in Functional Requirements for Uniform Resource Names [RFC1737].

I could go on at great length about the differences between XRIs and URNs, but the easiest way to sum it up is that URNs were designed to meet the requirements for a specific type of abstract identifier — one that is persistent for all time and will never change — while XRIs are designed to satisfy the requirements for all types of abstract identifiers, both persistent and reassignable.

That means XRIs offer several additional features that URNs don’t, such as:

  • Synonyms. The XRI resolution protocol has explicit support for identifying the other XRI synonyms (either persistent and reassignable) for a resource.
  • Global context symbols (GCS). XRIs support five standard symbols that extablish the global context of an identifier authority (for example, “+” is the GCS for generic concepts, i.e., the “dictionary” or “tag” space).
  • Cross-references. XRIs offer syntax that allows any XRI (or a URI) to be expressed in the context of another XRI. I gave an example of this in the previous post where I showed how an open tag could be expressed either in a global context (first example below) or in the context of a specific dictionary authority (second example below).

    • <a href="xri://+thai" rel="tag">Thai</a>
    <a href="xri://technorati.com/(+thai)" rel="tag">Thai</a>

  • Generic, extensible HTTP-based resolution protocol. While some URNs do not need to be resolvable (such as ISBN numbers, in many cases), others do. But there is no generic URN resolution protocol — only specialized resolution protocols for specific URN namespaces. Thus if we wanted to create a “urn:tag” namespace and it needed resolution (and there are many good reasons you may want to resolve a tag), then it would mean defining yet another URN resolution protocol. XRI infrastructure solves that by providing a generic HTTP-based resolution protocol that is extensible to the many different types of metadata and services that one might want to associate with an abstract identifier, and which will work for all XRIs, not just URNs.

So, while Darren is absolutely right that URN syntax could be used for open tagging, XRIs are (in my highly biased opinion) even better suited for the job.

Posted in Blogging, General, Other Links, XRI | Leave a comment

Mea culpa – Gabe was there first!

Posted on 8/2/2005 by Drummond Reed

In my previous post I summarized a way to use XRIs for “open tagging” of blog entries and other content due to numerous pings from other bloggers about this subject — only to find out that my XRI TC co-chair Gabe Wachob had already blogged the exact same answer lastJanuary!

As usual, Gabe’s two steps ahead of me. That’s why he makes such a great co-chair.

Incidentially, for those who might be wondering, the XRI TC is currently incorporating feedback from several very interested parties on the XRI 2.0 Committee Drafts published in March. One of the main subjects being expanded on in the revision is backwards-compatability of XRIs with HTTP infrastructure using HTTP proxy resolvers. Since this has everything to do with making XRI adoption easy and painless (including adoption of XRIs for open tagging), it makes sense to do it thoroughly. But we expect to be done soon and into a full OASIS vote this fall.

Posted in Blogging, General, Other Links, XRI | Leave a comment

Open Tagging

Posted on 8/1/2005 by Drummond Reed

I just added a new category called “Open Tagging” because I’ve been having so many discussions with XRI-savvy bloggers (starting with Kaliya Hamlin and Mary Hodder) about how XRIs might be a solution for an open, distributed way of tagging content that does not rely on a single centralized “dictionary” provider (e.g., Technorati, PubSub, etc.) The open tag concept is well described in two recent posts by Stowe Boyd of Corante – the first one describing the basic Open Tag concept, and the second one going into greater detail about the requirements.

To quickly illustrate, Stowe provides this example of current tag link structure:

<a href="http://technorati.com/tags/thai" rel="tag">Thai</a>

The issue, as Stowe puts it, is:

What I really want is a way to define the tags that should be associated with the post — such as “Thai”, “Cohiba Churchill”, “Restaurant”, “Gruet Blanc de Noirs”, and “Reston” — but to defer the identity of the service or services that are supposed to support the tags. (Note for programmers: this is a classic ‘late-binding’ issue as dealt with in many programming languages approaches to type-binding.)

My vision of open tags are designed to avoid the identity of Technorati-style services I might want to index my posts. For example, the Technorati tag “http://technorati.com/tags/thai&#8221; denotes Technorati as the service to handle the tag, as well as pointing to a specific page on the Internet generated by the Technorati system either on demand or in advance of an attempt to access it. Instead, my idea of an open tag relies on a relative address, like “/tags/thai”.

Stowe then provides an example of the type of what such an “open tag” might look like using existing HTTP URI (commonly called “URL”) syntax:

<a href="/tags/thai" rel="tag">Thai</a>

However a reader of Stowe’s quickly pointed out the obvious problem with this approach. Because it is a relative URL…

…the browser resolves the relative address in the URL to be a hypothetical address at the Corante server — “http://www.corante.com/getreal/tags/thai&#8221; — which doesn’t exist. Hence, a 404 message: file not found.

So what’s the XRI solution? Switch from an HTTP URI to an identifier syntax specifically developed for abstract identifiers (including generic concepts like “Thai” that don’t exist as definitive HTTP URI resources). For example, the XRI-based open tag would look like this:

<a href="xri://+thai" rel="tag">Thai</a>

What’s the “+” stand for? It’s the XRI global context symbol for generic identifiers – identifiers that represent generic subjects, topics, or concepts for which there is no central authority, any more than there is any one authoritative dictionary for the meaning of the word “Thai” in the English language.

So how would an XRI-aware browser (or search engine) deal with this tag? Exactly the way Stowe intends. Because the author of the tag did not put “+Thai” in the context of any specific dictionary service, the instruction to all service providers is: “interpret this tag as the generic meaning of the concept ‘Thai’.” Each service provider can then consult their own dictionary service to provide further understanding/mapping/linking of this term. Or they can use a shared community dictionary service from organizations like Wikipedia or XDI.ORG.

Better still, XRI syntax allows an author to declare a explicit dictionary authority for a +word if they choose to. For example…

<a href="xri://technorati.com/(+thai)" rel="tag">Thai</a>

…would tell interpreters of this tag that the author is referring to the generic concept of “Thai” in the specific context of the dictionary provided by the authority “technorati.com”. The author can cite any authority they want, including themselves. For example, the following two examples would be two different ways of citing myself as the dictionary authority (the first using a DNS domain name address and the second an XRI i-name address):

<a href="xri://equalsdrummond.name/(+thai)" rel="tag">Thai</a>
<a href="xri://=drummond/(+thai)" rel="tag">Thai</a>

Finally, to provide backwards-compatability with existing HTTP URI infrastructure (i.e., until the XRI scheme is understood natively by browsers), any XRI can be transformed into an HTTP URI using an XRI proxy resolver such as the one publicly available at XDI.ORG. For example, the second XRI above could be turned into a “clickable” link today using this proxy resolver by expressing it as:

<a href="http://public.xdi.org/=drummond/(+thai)" rel="tag">Thai</a>

There are even more features that XRI brings to the complex problems of tags, ontologies, and shared meaning (especially the concept of synonyms, for establishing equivalence of concepts across communities and even across human languages), but that’s enough for one post. The best part is that XRI syntax is quite mature. The OASIS XRI TC is preparing the second Committee Draft of the XRI 2.0 specs right now for a full OASIS vote this fall. Identity Commons has already started to i-name enable WordPress. Since no registration authority is required for the XRI + space, open tagging with XRIs could start happening organically as fast as taggers decide to start using it.

To discuss open tagging with XRIs, contact me via my i-name contact page at =drummond.

Posted in Blogging, General, Other Links, XRI | Leave a comment

Internet Identity Workshop

Posted on 8/1/2005 by Drummond Reed

Just back from the longest vacation of my modern working life, and just in time for good news: Phil Windley has announced an Internet Identity Workshop organized by himself, Doc Searls, Kaliya Hamlin, and myself. It grew out of the “Identity Gang” conversations about grassroots identity that started at Digital ID World 2004 and have evolved rapidly because, as Phil puts it:

Providing identity services between people, websites, and organizations that may or may not have any kind of formalized relationship is a different problem than providing authentication and authorization services within a single organization. Many have argued that the lack of a credible identity infrastructure will eventually result in the Internet being so overrun with fraud as to make it useless for many interesting uses.

As Phil points out in the workshop proposal, the goal is to advance the many threads of the Identity Gang conversations towards consensus about both architecture and governance that will work at Internet scale. The first day will be papers/proposals and the second will be focused discussions on the outstanding issues.

Since a large part of my work with the OASIS XRI and XDI technical committees revolves around helping understand where these fit into both Internet and enterprise identity infrastructure, I look forward to these conversations immensely.

Posted in Blogging, General, Identity Commons, XDI, XRI | Leave a comment

Another Call to Action

Posted on 7/13/2005 by Drummond Reed

Kim Cameron published a great synopsis of a WSJ summary of a recent Gartner Group study that shows quantitatively how much the explosing of phishing, pharming, and spamming is affecting everyday user behaviour.

In short, the problem of steadily degrading electronic trust is forcing us to solve it just as we had to solve the problems of pirates in the open seas or outlaws in the Wild West.

As Phil Windley puts it in citing Kim’s post:

In short, the lack of a credible identity infrastructure for the Internet, threatens to arrest progress in electronic transactions and could very well ruin the net for anything of any sophistication. Even blogging is under attack. I’ve been getting hammered today with comment and trackback spam. Ugh!

Ugh, indeed. Time for this infrastructure we’ve been building to see the light of day.

Posted in Blogging, General, Identity Commons, Social Web | Leave a comment

The Sixth Corollary of Identifiers

Posted on 7/1/2005 by Drummond Reed

[This is the sixth of seven proposed “Corollaries of Identifiers” to Kim Cameron’s Laws of Identity.]

Kim’s Sixth Law is one of the most interesting, particularly from an HMI (human-machine interaction) standpoint:

6. The Law of Human Integration

A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.

Here’s the corollary for identifiers:

6a. The Corollary of Human-Friendly Identifiers

A unifying identifier metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.

This is certainly no surprise; the evolution of the Internet itself illustrates this corollary nicely. What made the net possible was on a new identifier, the IP address, used to route packets between every host on the net. And for roughly first 20 years of its existence, that’s all there was. To reach another Internet machine, you needed to know its IP address, period.

As Internet usage grew among universities and government agencies, however, the need for a more human-friendly solution was obvious. At first it was a text file, HOSTS.TXT, updated periodically and shared among Internet operators like an electronic phone book. When it became clear this wouldn’t scale, DNS was developed to distribute management and updating of this “IP telephone book”. That gave us the two-layer network addressing system we have today – a logical layer of domain names that made “the human user an integrated component” on top of a physical layer of IP addresses designed for machines. Add the Web’s URI syntax that lets you address any local resource in the context of its IP address or domain name and you have the most successful identifier system in history.

However as the other Corollaries of Identifiers suggest, the current URI layer of network identity falls short of the requirements for a unified identifier system that can fully support Kim’s unified identity metasystem. Besides the fundamental issue of persistence (the ability to maintain an identity when a semantic identifier changes, discussed in Corollary #2), there are also privacy issues (corollaries #1, #2, #3, and #4), interoperability issues (corollary #5), and context-management issues (corollary #7, not yet posted).

One solution for these issues is to take the same approach as DNS and create a new layer over the existing URI layer. This layer of abstract “logical” identifiers can resolve to concrete “physical” URIs the same way logical DNS names resolve to physical IP addresses. That’s the approach taken by the OASIS XRI Technical Committee with Extensible Resource Identifiers (XRIs).

Given the lessons of IP and DNS – and Corollary #6 – it’s no surprise the XRI layer ends out having two “sublayers”. The first one – the persistent XRI or “i-number” layer – closely resembles IP addressing, with the key difference being that i-numbers are intended to be assigned once to a resource and never reassigned.

While i-numbers can solve the problem of maintaining persistent identity independent on a semantic name, they fail the test of “making the human user an integrated component” just as badly as IP addresses did. So XRI architecture solves the problem by supporting a second type of abstract identifier: human-friendly, reassignable XRIs, commonly called “i-names”.

(Technical aside: i-names are not actually a separate layer “on top” of i-numbers – they are peers or “synonyms”. In other words, because i-names and i-numbers both use the same resolution protocol, an i-name can be resolved at the same time to one or more i-numbers as well as one or more one or more URIs. The same is true of an i-number. This adds both efficiency and flexibility in resolution.)

To the best of the knowledge of those of us on the OASIS XRI Technical Committee, XRI is the only abstract identifier architecture that supports both persistent, machine-friendly identifiers and reassignable, human-friendly identifiers with one unified syntax and resolution protocol. What Corollary #6 posits is that both types of identifiers are required if both humans and machines are to integral components of the system.

Special Security Note

The Fifth Law and the Fifth Corollary both end with the requirement that humans must be “integrated through protected and unambiguous human-machine communications” (emphasis mine). When this caveat is applied to identifiers, it goes to the heart of one of the fastest growing problems on the net today: phishing and pharming attacks that are based on either on misleading URLs (whose text says one thing and href goes somewhere else) or “homographic attacks” (domain names that are visual lookalikes, especially using Unicode characters – see The Homographic Attack for an excellent summary.)

Any unified, internationalized identifier system that is open to public registration will always need to contend with this issue, however wise registration policies can prevent many of these problems. XDI.ORG is doing this with its Global Services Specifications, specifically the i-name restriction policy that requires i-name to be in a single Unicode script family, with a small number of exceptions.

If you don’t already have my email address, please send me comments via my i-name contact page at =Drummond.

Posted in General, XRI | Leave a comment

Doc frames the key questions

Posted on 6/6/2005 by Drummond Reed

Doc Searls has nicely framed the key questions involved with Microsoft’s proposed identity metasystem architecture. He closes with:

So, here’s the first big question: Does the metasystem require adoption of SOAP and the whole WS-* suite of protocols (or whatever those are) — that whole bulleted list above — or something much less than that? I’ve gathered from Kim that WS-Trust is an essential component. But what about the rest of the list? Seems to me that Kim conceives the Identity Metasystem as a wide-open and inclusive architecture in which all kinds of current (LID, Sxip, XRI-XDI) and future identity systems can participate. Is this possible if the required protocols aren’t really open or usable in a practical sense, as Julian contend? And, for that matter, is the WS-* suite a done deal, either? What, if anything, needs to be done there to make it (or parts of it) acceptable to those who inclined to dismiss it?

The second big question (especially for my constituency) is, What will it take to get open source developers, and the rest of the non-Microsoft world, to adopt and deploy stuff that works within the metasystem? Licensing is clearly an issue. What else?

These questions reflect the gut feeling I noted after Digital ID World, the questions are all turning from “what” (what will an interoperable identity metasystem look like?) to “how” (how can it be simple and open enough to be implemented everywhere like TCP/IP, DNS, SMTP, and HTTP?)

My 5+ years worth of work on what’s now XRI and XDI has made me hypersensitive to these latter questions. Time over time I have been hit over the head by developers with “Make it simpler! It has to be simpler! Wed won’t implement anything that isn’t simple!” It has taught me the wisdom Marshall Rose expressed twelve years ago in RFC 1425:

SMTP’s strength comes primarily from its simplicity. Experience with many protocols has shown that: protocols with few options tend towards ubiquity, whilst protocols with many options tend towards obscurity.

So that’s become our driving mantra in XRI and XDI: find the magic means to make it, as Einstein said, “As simple as possible but no simpler.” Because I do believe those developers are right: whatever becomes the interoperable identity protocol of the net, it’s going to have to follow in the mold of TCP/IP, DNS, SMTP, and HTTP.

I look forward to Kim’s insights about how he sees this simplicity being achieved with WS-Trust.

Posted in General, Identity Commons, XDI, XRI | Leave a comment

XDI and Homeland Security

Posted on 5/19/2005 by Drummond Reed

I haven’t blogged much about XDI yet, in part because it’s not as far along in the standardization process at OASIS as XRI. This will start changing as the first early XDI data sharing applications start surfacing (hint hint). In the meantime, U.S. homeland security blogger W. David Stepheson has recognized its relevance to that topic. In an email he asks:

I thought you might be interested in my “smart mobs for homeland security” concept, and I’d be very interested in your thoughts on how XDI might help make it a reality.

Since one of the prime directives of DHS is information sharing and collaboration, the most obvious relevance of XDI is as a open standard protocol for implementing trusted data sharing at the massive scale DHS requires (linking all security agencies/personel at the international, federal, state, and local levels.) Frankly I don’t know anything other than Dataweb architecture that can accomplish this (but that may just be my XRI/XDI blinders on.)

However as David points out in “smart mobs for homeland security”, to leave the public out of this information sharing loop would be as shortsighted as leaving citizens out of local law enforcement. So the simple answer to David’s question is that XDI can help create a flow of authenticated information back and forth between citizens and government agencies that enables the defense mechanisms of the “whole organism”.

I won’t dive into technical details here, referring folks instead to The Social Web paper that made David aware of XDI. But I very much agree with his point that technologies like XDI can build on other networking/communications tools to make us all much more effective participants in our own security.

Posted in Blogging, Dataweb, General, XDI | Leave a comment

I-Names: Some Practical Answers

Posted on 5/16/2005 by Drummond Reed

Attendees at DIDW 2005 last week received a free 50-year global personal i-name (an “=name”) courtesy of Identity Commons. This is part of the early i-name registration program also sponsored by XDI.ORG, 2idi (i-broker for the program), Cordance (my employer), and NeuStar (operator of global i-name registry services).

Those who were new to i-names had many practical questions, summed up by =dizzyd who blogged:

The immediate problem, of course, is that if I give my i-name to someone outside of the digitial identity space, they’re not going to know what to do with it. Socially, there is no context for this identifier, and even worse, there aren’t any obvious tools available to the average user which would allow them “use” my i-name to contact me. Now, I’m willing to concede that this may just be due to the fact that i-names are not yet popular, and like any new identifier, will just require some time to get fixed in the social awareness. However, that’s not going to happen if the i-name people (XRI/XDI, as I understand it) don’t come up with some useful, or at least well publicized tools. If they exist, I would gladly accept pointers.

Great point, and one being worked assiduously by the XRI/XDI community. So here’s a summary of the first three services being developed for i-names (note that only the first is full available today – the next two are planned for general introduction once full global i-name registry services are operational this fall.)

  1. Privacy-protected address service. This allows you to use the http form of your i-name as a link to a contact page hosted by your i-broker (such as 2idi). Contact pages are searchable Web pages that accept incoming contact requests which are verified by the i-broker to prevent spam. Bloggers like Kim Cameron use this service today as a way to accept comments without comment spam (see his i-name contact link on the right frame of his blog.) Or visit my own =Drummond contact page.
  2. I-name single sign-on (ISSO) service. This allows you to use your i-name and i-broker password to log on at any ISSO enabled website. Although a non-SAML form of ISSO is already in use by 2idi and some of its partner sites, fully SAML 2.0 compliant ISSO is under development and should be in testing shortly. See the ISSO spec page at XDI.ORG for more details.
  3. I-share data sharing service. I-share is essentially “IM for data sharing” — a simple, universal way to share and permanently synchronize common types of data (business cards, files, links, agendas, itineraries) using using i-names and i-numbers. I-share will be the first general use of the XDI data sharing protocol under development by the OASIS XDI Technical Committee.

=dizzyd goes on to ask a second question that comes up often:

On a less practical note, it bugs me that i-names are essentially attempting to create a global address space for the whole Internet. What I mean by this, is that by default i-names are global, so there can only be one “=dizzyd” for the whole Internet. From an identifier standpoint, i-names are regressing us back to the days of “bob394″ and “alice2zz”. Imagine how life would be if we only had first names — how would we distinguish between this Bob and that Bob? The reality is that the Internet is a big place and it needs an addressing scheme that reflects at least some understanding of the scale involved. Email addresses may not be the perfect answer, but at least they add an intermediate partioning of the address space that more closely reflects how big the ‘Net is.

Unfortunately this is a misconception that shows the XRI/XDI community has a lot of market education to do about XRIs. In reality, XRI syntax and resolution infrastructure is designed to be at least as partionable as URIs, DNS names, and IP addresses (principally because XRIs layer over these as abstract identifiers.)

In particular, what might not be clear to a new =name registrant is that they have registered the XRI equivalent of a first-level domain. In other words, if their i-broker supports it, they can now delegate second-level i-names the same way domain name registrants can delegate DNS names under their domain name (i.e., “example.com” can delegate “www.example.com”, “mail.example.com”, “ftp.example.com”, etc.) The only difference is that with i-names: a) delegation always works from left-to-right, and b) the delegation character is * instead of dot (dots are legal characters in i-names.) Examples:

=dizzyd*john
=dizzyd*jerry.johnson
=dizzyd*jerry.johnson*mary.johnson

In other words, every registrant of a global =name can serve as their own registry of delegated *names (and each of their delegates can delegate third-level *names, and so on.) Unlike typical DNS delegation, i-brokers can make this very easy and consumer-friendly, so it will be easy, for example, for a family member to delegate *names to other family members. Organizational i-names (@names) can do the same thing, delegating *names to other organizations or individuals, again to any depth. For example:

@Example.Corp
@Example.Corp*East.Coast
@Example.Corp*West.Coast
@Example.Corp*West.Coast*Portland
@Example.Corp*West.Coast*Seattle
@Example.Corp*Jerry.Johnson

Note this last example (Example Corp delegating to Jerry Johnson) is essentially the XRI equivalent of an email address (i.e., an organizational authority delegating to an individual.) This demonstrates that XRI syntax provides partitioning at least as flexible and scalable as URI syntax (i.e., DNS names and IP address), while at the same time providing a richer human-friendly naming syntax (dots and colons in addition to dashes, plus support for the full Unicode character set).

(Note: To keep this short, I’m leaving out some other key XRI features – persistent i-numbers and cross-references – that we’ll cover in other Practical I-Names columns.)

Got more “Practical I-Names” questions? If you don’t already have my email address, feel free to send them to me via my i-name contact page at =Drummond.

Posted in Blogging, General, Identity Commons, Practical I-Names | Leave a comment

Key talks at DIDW 2005

Posted on 5/15/2005 by Drummond Reed

A quick note before it fades from memory: three of the best talks at DIDW 2005 were Kim Cameron’s summary of the Seven Laws of Identity; Jamie Lewis’s annual state-of-the-industry appraisal; and Scott Cantor’s overview of the Shibboleth effort. Kim and Scott also both received DIDW Pioneer awards of which they are richly deserving.

I also had a chance to get to know Johannes Ernst, who blogged a good writeup of the tech details of Microsoft’s InfoCard initiative (as good as we’re likely to get until the dev docs start coming out.)

Now, back to the job of actually building the interoperable identity infrastructure we all so badly want.

Posted in Blogging, General, Identity Commons | Leave a comment

Foxtrot on Wikipedia

Posted on 5/15/2005 by Drummond Reed

Leave to Eugene Kim (of PurpleWiki fame) to spot this Foxtrot about Wikipedia.

You know it’s becoming mainstream when Foxtrot starts mentioning it…

Posted in Blogging, General, Identity Commons | Leave a comment

I-Name/LID Interop Demo

Posted on 5/11/2005 by Drummond Reed

Another Digital ID World news item from Owen Davis, Identity Commons president:

The folks at ooTao have built a demo version of i-names interoperating with the LID protocol. Ff you go to the ooTao demo page you can:
1) create a “fake” i-name;
2) login and enter some profile data;
3) choose what data you want to be public;
4) go to the LID demo and see your info published through the LID vCard service.

Having i-names work with LID is a great example of the principle of interoperation that is fundamental to the Identity Commons mission.

A joint press release is also available.

Posted in General, Identity Commons, XDI, XRI | Leave a comment

Constitutional Amendment Recognizing Digital Identity

Posted on 5/11/2005 by Drummond Reed

I just received the following in email from Jaco Aizenman, XDI.ORG trustee:

On May 9, ten Costa Rican Congresswomen/men presented a Constitutional amendment to add a new human right to the Bill of Rights (derechos fundamentales): the right of having or not having a Digital Identity (Personalidad Virtual.)

Human Rights specialists commented today at the Forum that virtual rights (the right of not having or having a Digital Identity) are a fifth generation of human rights (see http://en.wikipedia.org/wiki/Three_generations_of_human_rights).

This also means the creation an additional legal fiction, called Virtual Personality/Digital Identity, that people can use to manage/maximize the advantages that a Digital Identity offers.

Today, May 10, Congresswomen Martha Zamora organized in the Congress a Forum about Digital Identity (Personalidad Virtual) , specifically concerning legal, social, political, economic, democratic, and historical contexts. The forum was recorded and is available using the internal Costa Rican Congress number 15890.

This is a very significant legal milestone in the evolution of digital identity, one perfectly timed for this week’s Digital ID World conference. I look forward very much to seeing how this new legal construct evolves.

Posted in General, Identity Commons, Social Web | Leave a comment