UMA is Cool

Posted on 10/6/2010 by Drummond Reed

People know I’m an XDI nut and Eve Maler is an UMA nut. And some people wonder if there isn’t a whole lot of overlap between UMA and XDI (and why Eve and I are not fighting a protocol jihad).

Well, the truth is, Eve and I are good friends (especially since I learned she lives just across Lake Washington from me). We even wrote an IEEE article on the Venn of Identity together. We share a passion for open standards that can really make a difference. And for the longest time the issue was simply that we couldn’t find the time to sit down and discuss the two.

But recently we’ve had a chance to start drilling into the synergies between UMA and XDI.

And they are legion. Enough so I don’t have the time to go into them in this post (but plan on more coming soon – ideally in a blogging duet with Eve). But what I do want to do right away is point readers to an excellent paper summarizing UMA that Eve prepared for the W3C Privacy and Data Usage Control Workshop. It does a great job of explaining the problem space and how UMA approaches it.

Posted in UMA, XDI | Leave a comment

Revision: "Personal Data Service" AND "Personal Data Store" Go Together

Posted on 10/6/2010 by Drummond Reed

On the Project VRM telecon today, we had an excellent discussion regarding “PDS” terms and my blog post last Sunday (Out with “Personal Data Store”, In with “Personal Data Service”). Iain Henderson of Mydex made the point that the key advantage of the term “personal data store” is that it describes a place where an individual can keep the data that does NOT exist anywhere else on the net, but which must exist someplace under the user’s control in order for them to be able to share it the same way they can control the sharing of data which does NOT reside in their personal data store.

So my previous blog post needs to be retitled. It’s not “out” with the term “personal data store” at all. Rather it is “in” (as in “integration”) with the terms “personal data service”, “personal data server”, and “personal data ecosystem”.

I took the action item to coordinate the efforts of volunteers on the call (Iain, Paul Trevithick of the Higgins Project, Doc Searls of ProjectVRM, and anyone else who wants to volunteer via the ProjectVRM mailing list) to formalize the terminology and turn it into Wikipedia entries. We’re going to start by writing up draft Wikipedia entries on the Project VRM wiki. To kick that off, I’m starting here with a first cut on the relationships between these terms:

  • A personal data service is an online service that enables individuals to store and share of data over which they personally have control. Note that this does not say anything about where this data is located, i.e., where it physically resides on the network. (It is intentially agnostic about this.)
  • A personal data server is the server responsible for providing personal data service (for a single individual, or a group, or a whole community). Once again, this term does not imply anything about who operates this server, or where the data resides. Like an email server, a PDS server could be operated by the individual his/herself, by a third-party service provider, by an community, by a government, etc. It also does not imply anything about the technology or language it uses, nor the protocols it speaks (though it does suggest there will be standardized protocols, just like email servers or web servers).
  • A personal data store is a physical repository for data over which an individual exerts access control. Again, the term itself does not imply where such a store lives on the network (i.e., in the cloud, on a local device, in a smart card, on a SIM, etc.). It also does not imply that the only way to access a personal data store is through a personal data service or a personal data server. However it does imply a natural relationship between them, i.e., an obvious interface for a personal data store (wherever it is located) is through a personal data service (wherever it is located), and one obvious location for a personal data store is at/behind/under/inside (choose your location metaphor) a personal data server.
  • The personal data ecosystem is the universe of personal data services, servers, and stores together with the applications, networks, and services that rely on them to deliver their value proposition. See the Personal Data Ecosystem Focus Area of Identity Commons for more about how this ecosystem might evolve.

What do you think? While you should feel free to comment here, even better would be to join the ProjectVRM mailing list and discuss these terms there, then help us refine the draft Wikipedia entries for which there are now placeholder pages on the ProjectVRM wiki.

Posted in Personal Data Ecosystem, Personal Data Server, Personal Data Service, Personal Data Store, Social Web, VRM | 1 Comment

Taking Off Another Hat

Posted on 10/3/2010 by Drummond Reed

After piling on too many hats on for the longest time, I’m now peeling some off. First I took off the Open Identity Exchange (OIX) Executive Director hat in August, and now I’m stepping down as Information Card Foundation (ICF) Executive Director and handing the reins to the very able Mary Ruddy.

The reason: I’m narrowing my focus to concentrate on personal data services and the personal data ecosystem. I call this the “second shoe dropping” for user-centric identity: if OpenID and Information Cards addressed the issue of cross-context identity, protocols like UMA and XDI address the issues of cross-context data sharing. When brought together, these can finally bring about the next layer of the Internet that we’ve been talking about for the last decade.

Which makes me very excited about the next one…

Posted in Information cards, OpenID, Personal Data Ecosystem, Personal Data Service, XDI | Leave a comment

Out with "Personal Data Store", In with "Personal Data Service"

Posted on 10/3/2010 by Drummond Reed

UPDATE: Please also see the revision to this post that harmonizes the terms “personal data store” and “personal data service”.

I’ve been blogging about “personal data stores” for two years now, but as of last Thursday I’m done with it. The term, that is. Effective immediately I’m moving to “personal data service” and it’s companion term “personal data server” and not looking back.

Here’s why. Last Thursday was the second World Economic Forum workshop on “Rethinking Personal Information” in NYC. The first one was in June, and there the concept of a “personal data store” was relatively new to some of the attendees (though very well received). I’m happy to say that by last week’s meeting, the concept was no longer new to the majority of attendees. Rather discussion was much more focused on how these “control panels for personal data sharing” would actually work in practice — both technically, socially, and legally.

But what I saw happen at least a half-dozen times during the workshop was attendees tripping up over the word “store” because it clearly implies that a “personal data store” actually stores all your personal data. Each time those of us working in the space would have to explain, “No no — it’s actually a ‘virtual’ store — it doesn’t need to centrally store all your data at all, just provide you with a locus of control — a dashboard — for managing it”.

As soon as that misconception was cleared up, discussion and analysis of the possibilities for this new personal data ecosystem moved swiftly forward — and in fact at breakneck speed because this audience was so well prepared to understand how significant a sea change the PDS represents.

Afterwards I was talking with Paul Trevithick of the Higgins Project — which is now focused on delivering an open source personal data server — and he agreed that the PDS community is just shooting ourselves in the foot to keep using so misleading a term. So I’m moving immediately to “personal data service” and “personal data server” — the latter following the lead of Joe Johnston at SocialNori, the new open source project building social applications on top of the Project Nori personal data server. (Note: a key kernel of the Project Nori code is Markus Sabadello’s XDI4J (XDI for Java) libraries. If you haven’t seen Markus’ Three Visions video yet, don’t miss it — he draws a wonderful picture of how personal data servers, the federated social web, and personal apps are coming together).

This shift in terminology is particularly ironic given that Mydex has just published a seminal paper on the entire topic: The Case for Personal Empowerment: The Rise of the Personal Data Store. The lead author, Alan Mitchell, is one of the most articulate people on the planet about the potential for PDS. He was ably assisted by the rest of the Mydex team, including Iain Henderson, William Heath, and David Alexander (who have more mountain-moving news about Mydex and PDS coming later this month).

However the terminology shift doesn’t take one iota away from the paper, which explains (among many other things) why a PDS does not actually have to store the data. Also, just to be clear, a PDS can in fact store the data when a user needs it to, the same way web servers can and do store some of the content they serve. But nowdays that’s the exception, not the rule. Most web servers access the content stored in a database, whether local or remote, and often assemble content from many different databases.

A personal data server is no different: it will dynamically assemble (“pull” to use David Siegel’s term) your personal data as needed, from where ever it is best stored, and no matter whether it is operated directly by you or by an independent service provider. Either way it let you control and share your personal data where ever it may exist locally or on the Web.

Thankfully, ALL of these terms still fit nicely under the acronym “PDS”, so that’s the constant I’ll keep using.

Posted in Personal Data Server, Personal Data Service, Personal Data Store | 3 Comments

Kaliya's Vision and Principles for a Personal Data Ecosystem

Posted on 9/13/2010 by Drummond Reed

The irony is that the two hosts of IIW — and two of the people I work most closely with in the industry — both decided on the heels of the IIW East that just took place last Thursday and Friday in Washington D.C. to post their Principles for a ecosystem of personal data stores.

Phil Windley, co-founder and CTO of Kynetx (among many other hats), posted his PDX Principles last Friday. I blogged about them here.

Kaliya Hamlin (aka IdentityWoman), chief evangelist for Identity Commons (among other hats), posted her Vision and Principles for a Personal Data Ecosystem this weekend.

A huge +1 to both. At IIW East I described the evolution of a network of personal data stores as “the second shoe dropping” in user-centric identity. The first shoe – basic user-centric authentication and attribute exchange — is a big step forward, but its power is magnified greatly when that capability is connected to the ability of a personal data store to provide the features an individual needs in ongoing relationship management. Now we’re finally talking about a Web that can be fully social without requiring a centralized social hub.

I am increasingly focusing my efforts now on this second shoe, about which I’ll be blogging more later this month. I’m already anticipating that this fall’s IIW — which just moved to Nov 2-4 at the usual location (the Computer History Museum in Mountain View, CA) — will have a very strong focus on personal data stores (PDS) and personal data exchange (PDX).

Posted in Personal Data Store, Social Web | Leave a comment

Phil Windley's PDX Principles

Posted on 9/10/2010 by Drummond Reed

IIW (Internet Identity Workshop) continues to amaze me. I just returned from the first IIW East in Washington D.C. and I spent much of the plane ride back thinking about and acting on the conversations I had there over the past two days. It just goes to show the power of Open Space conferences, especially as put on by a master like Kaliya.

For his part, co-host Phil Windley noted that there were so many sessions on the topic of personal data stores that it practically seemed like the theme of the conference (the actual theme was “Open Identity for Open Government”). So Phil wrote a post about PDX Principles: his list of what will be required for a successful ecosystem. I very much agree with everything he posted and want to elaborate on several of these principles, but need sleep first. With luck I’ll do a followup this weekend — this is a topic I plan to do much more writing about.

Posted in Personal Data Store | Leave a comment

Finally Taking Off a Hat

Posted on 8/24/2010 by Drummond Reed

When the Information Card Foundation (ICF) and OpenID Foundation (OIDF) launched the Open Identity Exchange (OIX) at RSA on March 2, I temporarily added the hat of OIX Executive Director. ICF agreed to loan me half time to OIX to work through the startup stages of establishing the industry’s first open trust framework platform provider. For its part, OIDF contributed the time of OIDF Executive Director Don Thibeau to serve as OIX President and board chair, and it has been a tremendous pleasure working with Don, OIX counsel Scott David, and Global Inventures program manager John Ehrig to lay the foundation for OIX.

Now, with the announcement at last month’s Burton Catalyst conference that AT&T has joined OIX, that several new OIX Working Groups are starting up, and that OIX and Kantara have begun collaborating on trust framework infrastructure, the startup phase of OIX is over, and I can finally take off the OIX ED hat.

This does not mean I will be any less involved with OIX, however. On the contrary, as I have been blogging throughout this year, the need for a particular trust framework—one governing data exchange with personal data stores (PDX)—is becoming acute. That need also intersects directly with the work I’ve been doing on the XDI data sharing protocol at OASIS since 2004.

So as fast as I’m taking off the OIX ED hat, I’m preparing to take on another one spearheading the development of a PDX trust framework at OIX. This will be one of the key topics both at the VRM+CRM conference in Boston this coming Thursday and Friday, and also at the Internet Identity Workshop East on September 9 and 10 in D.C. following Gov 2.0.

If you are attending either event and want to know more about PDX and the PDX trust framework, please come to the open space sessions we’ll be holding.

Posted in Open Identity Exchange, Personal Data Store, VRM | 2 Comments

IIW East Coming in Washington D.C. Sept 9/10

Posted on 8/5/2010 by Drummond Reed

Given all the intersections between open identity and governments (in particular the US government, but several others are not far behind), it’s about time we had an Internet Identity Workshop in D.C.

Now we do — immediately following Gov 2.0.

See the invitation. Register. Run a session (or two or three). I’ll look for you there.

Posted in Identity Commons | Leave a comment

Phil Windley on XDI

Posted on 8/5/2010 by Drummond Reed

Phil Windley, co-founder and CTO of Kynetx (among the many hats he wears), wrote his own rules language, KRL, to “program the Web”. So when Phil writes the following about XDI after he and his team did a two-day deep dive on XDI with XDI4J project founder Markus Sabadello and I, it means a lot.

I haven’t been posting much about XDI because the OASIS XDI Technical Committee (which I co-chair) is still working on the XDI 1.0 technical specs. But since our philosophy has been to code everything in at least one implementation first before committing it to a spec, and since the core XDI graph model and metagraph model are now very solid, by the time the specs come out there will already be multiple operational XDI services.

I hope to finally get time to do many more posts about XDI this fall. In the meantime if you want to learn more, ping me about different ways to get involved.

Posted in Data Portability, Dataweb, XDI | Leave a comment

Doc on the Data Bubble and how VRM Will Pop It

Posted on 8/3/2010 by Drummond Reed

I’m biased but I think this post is one of Doc Searl’s best about VRM and what’s going to compel it forwards. It’s about the July 31 Wall Street Journal article about behavioral tracking on the net.

He’s been preaching that a paradigm change is coming and he’s dead right (hint: see PDS). That’s why I’m travelling all the way to Boston for the VRM+CRM conference Aug 26/27 in Boston. This despite my standing rule of NO CONFERENCES IN AUGUST. (Damn fool Americans need to learn from the Europeans about how to enjoy life, especially summer, especially in Seattle.)

But I’m making an exception this year (and also for the Privacy Identity Innovation 2010 conference, which is easy because it’s in Seattle) because this paradigm shift is so important.

And because it’s one of the key breakthroughs that user-centric identity has been developed to enable.

Posted in Personal Data Store, Privacy, Social Web, VRM | Leave a comment

Inception

Posted on 8/1/2010 by Drummond Reed

About half-way through this movie, I found myself wondering how Christopher Nolan every got it made. No Hollywood exec would ever believe a movie with a plot this complex and layered could find a wide audience.

Wrong.

It is to three-dimensional stories what Avatar is to 3D effects.

See it. It will play 3D chess not just with your mind, but your heart.

Posted in Movies | Leave a comment

Portability Policies and Personal Data Stores

Posted on 6/29/2010 by Drummond Reed

My primary involvement as a member of the board of the Data Portability Project has been input about XDI as an open standard for portable data. But I’ve always been very enthusiastic about DP’s work on Portability Policies. The DP Project just announced their first Portability Policy deliverable via this blog post on TechCrunch.

On the DP Project board call this morning I shared the view that Portability Policies are an inevitable first step — and a highly welcome one — towards widespread adoption of personal data stores (see my posts earlier this year about PDS here and here). When PDS finally arrive, the irony is that the policy will turn in the other direction, i.e., the individual will have their own data sharing terms and the vendor will be agreeing to those. That’s the essence of VRM.

Iain Henderson of VRM pioneer Mydex is already working on the terms for such an agreement at the Information Sharing Working Group at Kantara.

Bit by bit, the age of personal data stores and personally-controlled data sharing is dawning.

Posted in Data Portability, Personal Data Store, Social Web, VRM, XDI | Leave a comment

The PDX is Coming

Posted on 4/29/2010 by Drummond Reed

Remember that year-end blog post about how personal data stores (PDS) are closer than they may appear? Now read Phil Windley’s wonderful summary of why it makes so much sense to create a PDX (not really an acronym for “personal data exchange” so much as just a moniker for a global internetwork of PDS).

It’s happening. Look for more news about it by Internet Identity Workshop (May 17-19 in Mountain View, CA). As if you didn’t have enough great reasons to go already.

Posted in Data Portability, Personal Data Store, XDI | Leave a comment

kd lang: Hallelujah

Posted on 3/18/2010 by Drummond Reed

I’ve been meaning to say this on my blog ever since the opening ceremonies in Vancouver. But since I just had the chance to recreate the experience on the Web, let me say it loud and clear for the record:

kd lang: Hallelujah.

Posted in General | 1 Comment

Comments on the Google account problem

Posted on 2/13/2010 by Drummond Reed

First, my apologies to everyone who commented on Fixing the Google Account Problem. For some reason WordPress stopped notifying me about comment approval (I’m using Akismet but I still find the majority of comments that get through it are spam, so I moderate comments). So I just logged in and found a bunch of great comments, including several that I replied to.

Three clear themes emerge from these:

  1. The problem is even worse if Google Apps is involved. Apparently there isn’t a solution to merging a Google account and a Google Apps account yet (which frightens me because I’m about to need to set up my first Google Apps account).
  2. Using email addresses as primary account identifiers is problematic, period.
  3. Internet identity managment, especially at scale, is hard. A lot harder than it looks.

I’m told the good folks at Google have been discussing this. Please feel free to add more suggestions about exactly what you think they should do.

Posted in Accounts, General | 1 Comment

The Incredible Internet Answer Machine #2

Posted on 2/10/2010 by Drummond Reed

I receive an email from a friend:

Drummond,
As my Word expert, how do I turn off the “balloon” captioning of redline changes?

I think, “Good question. I have no idea. I’ve often wondered that myself.” I’m about to start typing that answer to his email when I remember The Incredible Internet Answer Machine

I open a browser tab and type into the Google Search Bar “Microsoft Word bal…”

Google’s AutoSuggest completes it to “Microsoft Word balloons”.

I click Search.

In .25 seconds the answer is back and the second entry on the list is:

How to turn off balloons for comments and tracking changes in Word

.25 seconds. My brain doesn’t even think that fast.

Posted in General | Leave a comment

The Incredible Internet Answer Machine

Posted on 2/6/2010 by Drummond Reed

I know reams have been written about “are we all getting dumber because the Internet is getting smarter?”

But still, it does take my breath away, almost every day.

In another one for the “new heights of irony” file: I was using Gmail this morning and once again wondered about the little orange dot that appears next to the names of some email senders.

I’d wondered at least a half dozen times before what this meant, because when you hover over it, there’s no balloon (there should be, Google).

So this morning I finally asked The Incredible Internet Answer Machine.

I just opened another tab and typed “Orange dot in Gmail” into my Google search bar.

The #1 hit (in .29 seconds) was the exact answer to my question

…in Yahoo Answers!

(We’re going to have to rename it The Incredible Internet Irony Machine 😉 )

BTW, the answer is: Orange means the sender is using Gmail but is in “idle” status because they haven’t looked at their Gmail page in awhile – they are busy using some other browser tab or application. Green = active on Gmail now, Red = busy, Grey = offline.

Posted in General | 1 Comment

Avatar – Ahhhhhhhh

Posted on 2/6/2010 by Drummond Reed

This may be the only blog post I ever write with no link in it. But, reading today that Avatar has finally knocked off Titanic as the #1 grossing movie of all time, one hardly needs to provide a link to either.

Given my passion for film, I just want to say: hats off to James Cameron. He may not be the most likeable character in the world. But twice now this man has taken me and countless others (a signficant percentage of the human population, in fact) to a place in film an ocean beyond (or a planet beyond) what we have ever experienced before.

Which really is a new place in consciousness, when you think about it.

I thank him for that, and everyone who helped him realize his vision.

Two pieces of advice:

  1. See it in 3D. It doesn’t matter how long you wait to do it. Just see it in 3D.
  2. Sit as close to the axis of the center of the screen as you can, i.e., both in the middle of the theatre and at the height of the center of the screen. It really helps with the 3D experience. Ironically in most 3D theaters this is usually the back row or very near it. In other words, the vast majority of the seats are way too close. Go figure.
Posted in Movies | 2 Comments

Fixing the Google Account problem

Posted on 1/24/2010 by Drummond Reed

Every so often you experience a technical problem you can’t find any information about and which takes you forever to solve. Then, after you finally solve it, you are left scratching your head saying, “I don’t get it­—there must be millions of people with this problem—why is there so little information about it?”

Once before, back in 1991, I ran into such a problem with Windows 3.0. After finally solving it, I shared my solution with my friend Seattle Times tech columnist Paul Andrews. He published it in his column, and it turned out that thousands of people had the same problem but nobody understood quite what was happening. So that’s why there was so little information about it.

Now 20 years later, even though we’ve got the Internet and Google and all, I’ve just been through the same experience. And the irony? The problem is with none other than Google accounts—the very accounts that we need from this search giant to access many of the services it offers.

Over the holidays I finally bore down, worked the problem all the way through, and solved it. And throughout the process I was consistently stunned to find so little information available about it, either from Google or anywhere else.

So this time around I’m being proactive about it and publishing the solution right here so it will be easy for anyone to reference. (And, of course, for Google’s own search engine to find — the Internet brings new heights to irony.)

Warning: read this all the way through. The easy fixes are also the ones you may live to regret.

The Problem

  1. A friend shares a Google doc with you.
  2. You receive an email containing a link to this Google doc.
  3. When you click on the link, you are prompted to log into your Google account, but once you do, you can’t get access to the doc because the email address that the friend used is not the same email address you used to originally create your Google account.

Arrggh! (That’s an exact quote from an email I just received from a friend for whom I’m solving this problem by writing this blog post!)

The Simple Solution That Will Get You In Trouble

There is a simple solution for which I thank George Fletcher of AOL, who first explained it to me and others on the OpenID mailing list who were having this problem a few years ago.

The solution is: register a new Google account under the email address that your friend used to share the Google doc with you.

It’s very easy…BUT…read the warning afterwards as to why it’s a red herring.

  1. Go to http://google.com.
  2. If you are signed in, sign out (top right corner).
  3. On the next screen (the plain jane Google home screen), click the Sign in link in the top right corner.
  4. On that screen, underneath the login box on the right, click the link “Don’t have a Google account? Create an account now”.
  5. Even though you may already have a Google account, enter the email address you want to register for another Google account (the one your friend sent the Google doc too).
  6. Confirm the email address via the standard process.
  7. When you are done, log in using to this new Google account (using the email address you just registered, not the one for your other Google account).
  8. Go to Google Docs (http://docs.google.com).
  9. The Google Doc your friend shared with you will be on the list.

Yes, it’s that simple. BUT…

The New Problem This Creates

The reason NOT to solve the problem this way, to which I can attest by long and painful experience, is that while you will now have access to all the Google docs shared with you…you will also have to log in and log back out of each of your different Google accounts in order to access the different sets of Google docs shared with you under your different email addresses.

This might seem like a small pain at first, but believe me, after the 500th time you will be wishing there was a better way.

There is.

The Better Solution…That Still Isn’t the Right Answer

The “better way” is a standard feature of almost any identity or directory system: aliases. (Disclaimer: I’m in the Internet identity business, so this is the kind of stuff I deal with all the time.) In an identity or directory context, an “alias” is just an alternate name for the same account. And in fact Google accounts supports aliases. What’s interesting, though, is that: a) they don’t call them “aliases”, and b) aliases for Google accounts are completely different than aliases for Gmail accounts.

Gmail accounts, you ask? What’s the difference between a Google account and a Gmail account?

Therein lies a whole ‘nother can of worms (and possibly the reason there is so little information about the Google account problem).

Let me start by explaining the difference (as best I understand it – this WHOLE BLOG POST is an open invitation for the good folks at Google to correct any of my misunderstandings and provide better explanations).

First, a Google account and a Gmail account are not exactly the same thing. The first rule is: every Gmail account is a Google account, but NOT every Google account is a Gmail account.

In other words, if you have a Google account that is NOT a Gmail address, then you have a Google account that is NOT a Gmail account.

The second rule is: BOTH a Google account AND a Gmail address can have an alias. BUT THEY ARE NOT THE SAME THING, AND NEITHER CALLS THEM ALIASES.

I am not making this up. An alias on a Google account (and remember, every Gmail account IS also a Google account) is another name for the entire Google account. But for Gmail, an alias is ONLY an alternate email address that you can send or receive email from using your Gmail account. A GMAIL ALIAS IS NOT A GOOGLE ACCOUNT ALIAS. A GOOGLE ACCOUNT ALIAS IS NOT A GMAIL ALIAS.

Is that clear as mud?

Now, adding an alias to a Gmail account is quite easy, remarkably powerful (most people have no idea how much flexibility Gmail offers to manage your email for any number of email accounts), and surprisingly poorly documented. I just spent 10 minutes searching Gmail for help on this just to see if there was a Gmail help page I could just link to.

Nope.

So here’s how.

Instructions for Adding an Alias to Your Gmail Account (but NOT for your Google Account Even If It Is a Gmail Account!)

  1. Login to your Gmail account.
  2. Click the Settings link in the top right.
  3. Click the Accounts and Import tab.
  4. In the second section, Send mail as, click the button labelled, Send mail from another address.
  5. Enter the email address as instructed.
  6. Google will send you an email with a link you must click to verify you own the address.
  7. Go to that mail account, find the mail, click the link (it all takes about 30 seconds).

You’re done. Go back to your Gmail Settings page, click the Accounts and Import tab, and the new email address will be listed in the Send mail as section. You can now send email from this email address by choosing it in the “From” drop down box in Gmail. (See the help link for more info about the different ways you can send mail from a Gmail alias.)

You can add as many email adddresses as aliases to your Gmail account as you want (at least I couldn’t find documentation about a limit). But keep in mind that all of these will ONLY be Gmail account aliases, not Google account aliases — and having them as Gmail aliases does nothing to solve the Google account problem.

So you have to go through a different process — even with the same set of email addresses — to make them Google account aliases. (For example, I have the same four email addresses as BOTH Gmail aliases and Google account aliases.)

The following instructions apply for adding an alias to ANY Google account (whether or not it is a Gmail account), BUT—and this is a big BUT—if your Google account is NOT a Gmail account, keep reading afterwards about why this can come back to bite you.

Instructions for Adding an Alias to Any Google Account (Even If It Is a Gmail Account)

  1. Go to www.google.com/accounts. That is the home page for configuring any Google account. If you’re currently logged into Google, Google figures out which Google account you are using via a cookie in your browser. If you’re not logged in, they’ll prompt you to login, and the Google account you will be configuring is based on the email address you use to login.
  2. Once you are logged in, confirm it is the correct Google account by checking the email address in black text at the very top of the page (on the left side of the block of links in the top right corner). If this is the right account, proceed. If this is not the right account, meaning you want to add an alias to a different Google account, then sign out (upper right corner), then sign back in under the email address for that different Google account.
  3. Under Personal Settings in the top center of the page, the entry at the bottom of the column will be Email addresses. If you have not yet added any aliases to this Google account, you will see only one email address—the same email address as at the top of the page. It will have the grey words (Primary email) next to it. This is the “primary key” for this Google account. You can’t change it! See the warning below.
  4. To add an alias (do you see the word “alias” anywhere near here? Or anywhere on this screen? Does Google give you any clue that this is where you should go to access such a feature??), click the Edit link below this email address.
  5. On the next screen (https://www.google.com/accounts/EditUserInfo), you will see two blocks: Edit personal information and Add an alternate email address to your account. You want this second block.
  6. At the bottom of this second block is a text box labeled: Add an additional email address. Enter the email address you want to add as an alias (the one to which your friend shared the Google doc you can’t access) and click Save.
  7. The next screen will tell you that you’ve been sent an email to verify that address.
  8. When you receive the email, click the link in the email.

Congratulations, you have just set up that email address to be an alias for your existing Google account.

The benefits?

  1. It no longer matters which of your two email addresses your friends share a Google doc with. Either way, the Google doc they shared will show up in your Google docs dashboard at http://docs.google.com. As far as I know, this is true for all the email addresses you add as an alias (again, I don’t know if there is a limit).
  2. You no longer have to log in and out of two different Google accounts. All your Google docs will be there in your one master account. Hooray!

Now for the final gotcha. You can do all the above and still end out with a royal headache one day because of the following rule Google explains when you register an alias as described above:

You can use alternate email addresses to sign in to your Google Account, recover your password, and more. Alternate email addresses can only be associated with one Google Account at a time.

In other words, for good security reasons, you can only add an email address as an alias to one Google account at a time. On the surface that doesn’t appear to be an issue…until you circle back to what I explained above…that every Gmail address is also a Google account. By simple deductive logic, you arrive at this conclusion:

You cannot add a Gmail address as an alias to ANY Google account!

In other words, at Google, all email addresses can all serve as primary keys for Google accounts BUT only only non-Gmail accounts can serve as an alias (a secondary key).

So it boils down to this: if have a Gmail account, or ever plan to get one, then you are forcing yourself into the multiple-Google account problem for life UNLESS…

you make your Gmail account your primary Google account.

Yup, that’s the secret. As long as you make your primary Google account a Gmail account, you’ll never have the problem of wanting to use Gmail but finding yourself forced into the multiple-Google account problem.

What To Do If You Already Have the Multiple Google Account Problem

Okay, say you’ve already fallen into this trap. You did what I did several years ago: created your own non-Gmail Google account using a non-Gmail email address so you could access Google docs under that email address. Then later you started using Gmail, and so now you have at least two Google accounts (and maybe more). And people are constantly sharing Google docs with you under one or the other of the two (or more) email addresses, and you are driving yourself nuts logging in and out of Google trying to remember which email address was used to share which Google doc.

But you CAN’T take your non-Gmail email address and make it an alias to your Gmail Google account (as I advise) because your non-Gmail address is already a Google account.

How do you fix it?

The answer is: a) completely undocumented (at least I couldn’t find it), and b) scary as hell.

That’s why I’m writing this blog post. There’s no reason Google needs to make this so hard. Why they haven’t written it up in one of their generally decent Help articles I have no clue. I even wrote one of my identity friends at Google to ask him. His answer was essentially, “This is just too hard for most users to understand.”

Well, that may be true, but IMHO it’s not a reason to withhold the documentation. The users who are experiencing the problem are highly motivated to understand it, and in fact the solution is pretty easy once you know what it is.

It’s just scary.

In brief, the way to make a non-Gmail Google account an alias for your Gmail account is to first delete the non-Gmail Google account.

Completely. Kaput. Gone. Which, as you might suspect, would ordinarily mean YOU LOSE EVERYTHING ASSOCIATED WITH THAT ACCOUNT.

How’s that for a scary thought? Honestly, that’s why I held off fixing this for so long. Who wants to bother with working around that?

Luckily, the workaround is not that hard once you know what it is and you are sure it is going to work. That’s the other reason I’m writing this blog post: I could not find anything posted anywhere – or even get it confirmed by those I knew at Google – that this procedure would work and everything would be okay in the end.

But I finally got so tired of the problem that I just did it, and I’m happy to say it works just fine.

So: please read and follow the instructions below carefully. I don’t want anyone coming back and telling me that they lost precious data because of my advice that they delete their Google account.

Part One: Share (or Otherwise Backup) All the Data in the Google Account

  1. First, make sure you have at least one other Google account (preferably a Gmail account—see above—however this procedure should work with any other Google account. In these instructions I’ll assume this other account is a Gmail account.)
  2. Go to the home page of the Google Account you want to delete at  https://www.google.com/accounts/ManageAccount.
  3. Make sure this is the account you want to delete by checking the correct email address in black text at left end of the links at the very top of the page.
  4. Under Personal Settings, click on the Dashboard link (second one down) called “View data stored with this account”.
  5. This helpful utility (created for personal privacy management) will show you all the data you have at Google associated with this account. Now comes the hard part. You need to go through every Google service on this list, then go through any associated documents or data files for each of those services, and share them with your Gmail account. Even more importantly, if you are the owner any document/file, then transfer ownership to your Gmail account. If you don’t own a document/file (someone else shared it with you), don’t worry, you can’t lose it when you delete this Google account. But, as long as you have Edit privileges on the document/file, share it with your Gmail account just so you don’t have to go back to the original owner and ask them to reshare it later. If whomever shared it with you DIDN’T give you Edit privileges, just contact them and have them share it again with your Gmail account.
  6. Did I say do this for EVERY document/file in EVERY Google service you use? Go back to your Personal Dashboard and check it again.
  7. IMPORTANT: as a final check, log into your Gmail account and VERIFY that all the docs are shared. If you own the document/file, VERIFY that your Gmail account is the new owner.
  8. Check everything one more time. If you are unsure than anything has been shared and will not go “poof” when you delete this Google account, just download a copy to your local hard drive (or email it to your Gmail account). Like I said, never come back to me and say you lost any Google data because of this blog post.

Part Two: Delete the Google Account

  1. Go back to the home page for the Google account you want to delete: https://www.google.com/accounts/ManageAccount.
  2. MAKE SURE this is the right Google account by confirming the email address in black at left end of the links at the very top of the page.
  3. Next to the My products header (the second horizontal section down the page), click the Edit link. This should take you to https://www.google.com/accounts/EditServices.
  4. The second option on the page is to Delete Account. Choose that option and follow the instructions to confirm you want to permanently delete this account (and wipe that sweat off your brow). Seriously, if you’ve shared or backed up all the files associated with this account, you’ve nothing to fear. It’s just like reformatting a hard drive <ouch>.

Once you’re done, take a deep breath. Wait 15 minutes. (I don’t know if you actually have to wait this long, but I figured it’s long enough to wait for Google’s servers to go through all their account deletion machinations.)

Part Three: Add The Alias to Your Primary Google Account

  1. Log back in to your Gmail account (or whichever Google account you want to make your primary).
  2. Follow the instructions earlier in this blog post to add the email address (for the Google account you just deleted) as an alias to this Google account.
  3. Once Google confirms it as an alias, you’re done.

Problem solved.

Why It’s Still Not Perfect: A Final Warning

It’s worth pointing out that privacy, not just security, can be an issue with account aliases. Sometimes you don’t want someone to know you are using Gmail address to do all this cool stuff. But if your Gmail account is your primary Google account (as I advise), then take note of the following warning:

Note: In some Google services, if you share your alternate email address with your contacts, they might be able to learn your primary email address.

In short, Google hasn’t fully figured out yet how to provide you with completely separate personas on the Web. In my personal opinion, they would be well-advised to do so. It’s not easy — acheiving this level of privacy can be as hard as acheiving corresponding levels of security. But Google has the talent and, I believe, the motivation to attain this goal. I hope they consider it soon.

Posted in Accounts, General, Privacy | 116 Comments

Joe Andrieu Cuts the Gordian Data Ownership Knot

Posted on 1/21/2010 by Drummond Reed

Joe Andrieu has a wonderful way of cutting the Gordian knot on complex socio-technical topics, with clear prose, compelling arguments, and clever illustrations that explain why you should look at something decidedly differently.

Now he wields that knife on the very knotty “problem” of data ownership.

I passionately agree with Joe (and his Kantara Working Group co-chair Iain Henderson) on this subject; I suspect it’s because my perspective on it was long ago warped by the lens of XDI, which itself is a new way of thinking about data.

Turn the telescope to look at personal data from the standpoint of who controls its  sharing with whom, and many pieces finally come into focus.

Keep that in mind as we move into an XDI-enabled world.

Posted in Data Portability, Dataweb, Identity Rights Agreements, Personal Data Store, Social Web, XDI | Leave a comment