Time for OASIS XRI TC and W3C TAG to Sit Down Together

Posted on 6/2/2008 by Drummond Reed

It was stunning. 10 days ago, a few days after the voting period began on XRI Syntax 2.0 and XRI Resolution 2.0 becoming an OASIS Standard, the W3C TAG (Technical Architecture Group) came out with a statement recommending that members of OASIS (a completely separate and independent standards body) vote against it.

Despite 20 votes already being cast in favor of the specifications at that point, almost immediately a handful of negative votes were cast with comments referencing the W3C recommendation, starting with Sun Microsystems (especially ironic since Eduardo Gutentag of Sun is chair of the OASIS Board of Directors).

Although it’s not unusual for a proposed OASIS standard to have some opposition, what is strange is to have that opposition led by another standards body. What took the XRI TC even more by surprise, however, was the W3C’s sudden vocal opposition to XRI 2.0. When the W3C TAG submitted a comment on the last day of the first public review period of the XRI Resolution 2.0 specification in March, the XRI TC responded with a detailed 5-page answer to the three questions posed by the TAG. We never received any response.

In a subsequent final public review of XRI Resolution 2.0 held the following month, we didn’t hear anything more from the W3C TAG. Nor did the TAG minutes show any further discussion.

In any case, the XRI TC posted a response to the TAG’s position, and OASIS members responded by casting more positive votes, enough so that only a few days later the vote passed the minimum threshold of positive votes (15% of OASIS voting members) required for an OASIS Standard to pass.

That’s when it became apparent just how badly the W3C didn’t want that to happen. The second rule with an OASIS Standard vote is that no more than 25% of the votes cast can be negative. That’s never happened in OASIS history – in fact the highest percentage of negative votes ever cast against an OASIS standard was 9% (for the Management Using Web Services v1.0 specification in February 2005, for which a whopping 6 negative votes were cast).

But within hours of the XRI 2.0 ballots reaching the 15% positive threshold, suddenly more negative votes began appearing. Almost all of them referenced the W3C TAG recommendation. By Thursday of last week, with three days left, enough negative votes had been cast to reach the 25%-of-all-votes-cast negative threshold.

Naturally XRI supporters responded by contacting other OASIS members, informing them of this unprecedented situation, and asking for their support. In one case, a company’s OASIS voting rep had cast a negative vote apparently without knowing his company was planning to adopt XRI and XDI technology. After a hastily arranged meeting to explain the details, the company reversed its position and voted in favor.

Many more OASIS members responded likewise, and by Friday morning there were again enough positive votes to safely pass both specifications.

But it wasn’t over. More emails, phone calls, and even blog posts from W3C TAG members went out. More negative votes appeared. By Friday evening, the negative votes were again just above the 25% threshold.

Given that the final day of the vote was a Saturday (OASIS Standard votes always run the final two weeks of a calendar month), it took an extraordinary effort by XRI supporters to reach out once more to OASIS members for help. But once more they responded, and by noon on Saturday, 8 hours from the close of the vote, 72 positive votes had been cast, enough to pass both specifications.

But I had a sinking feeling as I left to work on a birthday project for my youngest son. Sure enough, when I came back for dinner that night, with only four hours left in the vote, two more negative votes appeared – just enough to cross the 25% negative threshold and defeat both ballots.

(You can see the final results here and here, however due to technical problems at OASIS, you can’t currently click through to read comments posted with a vote.)

—-

As I watched the voting period end on Saturday night, one thought kept echoing through the back of my mind: “What is the W3C so afraid of? Why do they care so deeply that OASIS members not approve XRI 2.0 as an OASIS Standard? Why on earth would they turn out such an extensive and unprecedented lobbying campaign for something they have so long ignored?”

In other words, if they thought XRI was such a bad idea (or in their precise words, “We are not satisfied that XRIs provide functionality not readily available from http: URIs.“), why don’t they just let it die a natural death in the marketplace?

—-

In any case, we’re about to find out. A number of OASIS members who voted No at the TAG’s urging noted their reluctance in doing so in their comments. They explicitly asked the OASIS XRI TC and the W3C TAG to sit down together and iron out our differences. The most eloquent was Ray Denenberg of the Library of Congress, who said:

First we reference comments of Wells Fargo, who said:

“Although we support XRI’s objectives, we urge the XRI TC to consider W3C’s comments seriously and add a non-normative clause explaining key differences between XRIs and URIs, and detail how the former address specific deficiencies of the latter.”

And comments from Nokia, who said:

“Although the XRI TC and W3C TAG have exchanged some e-mail regarding the XRI spec, it appears the engagement has been mostly superficial. Consequently, we recommend these two groups engage in detailed technical discussions (including use cases and deployment scenarios) before OASIS formally adopt this spec.”

We further observe that the body of existing documents on XRI, though abundant, all seem either too high level or too detailed. It is very difficult to get the whole picture.

The Library of Congress urges OASIS to:

1. Consider W3C’s comments seriously, explain differences between XRIs and URIs and how XRIs address deficiencies of URIs, and respond with substantive explanations (rather than existing promotional text) to W3Cs concerns.

2. Prepare a paper (or non-normative clause), perhaps 5-10 pages, that includes the above, as well as a comprehensive description of XRI, including use cases, deployment scenarios, and real-life examples.

The Library of Congress supports the XRI objectives and we are prepared to change our vote if these steps are taken.

This is highly constructive feedback by Ray, and in my personal opinion, it lays out precisely the path the XRI TC and the W3C TAG should take together. Although I obviously would have preferred other ways to get here, those who know me know that I prefer to focus energy on how to solve problems, not how to create divisions.

The past is past. With this blog post I’m personally holding out an olive branch to the W3C TAG (and encouraging other XRI TC members to do the same) and asking to begin the dialog that will hopefully result in a mutual understanding about the role a layer of abstract structured identifiers will play in the Web.

Posted in General, XRI | Tagged , , | 8 Comments

Bob Blakley on The Relationship Layer

Posted on 5/15/2008 by Drummond Reed

I’m writing this from the audience of Bob Blakley’s Data Sharing Summit session (which he also gave yesterday at the Internet Identity Workshop) on The Relationship Layer. It’s based on a paper he and his colleagues Gerry Gebel and Lori Rowland written for the Burton Group (but not published yet – Bob says look for his upcoming “world’s longest blog post”). This will be followed by a session the Higgins Project that will demonstrate a new form of information card called a relationship card (r-card).

The driving point of Bob’s session is that the ultimate purpose of identity technologies is to enable relationships. Bob’s thesis is that when you look at it this way, the current paradigms of Internet identity infrastructure — both the “federated” paradigm and the “user-centric” paradigm — need to evolve into a relationship paradigm.

In this paradigm:

  • Relationships should be “nodes not edges” in the social graph, i.e., they should be first class objects in the graph rather than just arcs connecting the nodes representing people and organizations.
  • Identity should always be in a relationship context.

There are two reasons for constraining this use of identity to a relationship context:

  1. To set the rules for the relationship.
  2. To provide accountability.

Bob makes several other key points:

  • This approach shifts the privacy discussion from rights — which Bob says is “poorly supported by current law” (at least in the USA) — to contracts, which are voluntary obligations into which the parties to the relationship enter.
  • Relationship objects provide a new form of protection and accountability because they “wrap” identity data inside a container that makes it much clearer who is authorized to do what with that data.
  • This relationship container is a much easier way and more effective way to deal with data rights issues than DRM.

Bob goes as far as proposing the conceptual structure of a generic relationship object. The basic parts are:

  • Creator
  • Rules
  • Roles
  • Participants, who make Consents and Promises and share Claims

Each participant to the relationship chooses the role(s) they will play, the consents they give, the promises they make, and the claims they share. (Those of use drinking the XDI koolaid will immediately recognize this as the essential ingredients of XDI link contracts, but more clearly articulated at the social level.)

Another consequence is how this shifts the role of identity providers in both the federated and user-centric models. For example, Bob asked a new identity provider in the latter space, “What are you selling?” The answer should NOT be “identity”. The answer should be, “relationships” – specifically high-quality relationships for low cost.

Eve Maler commented: “I’m really happy to see arrows pointing in both directions (i.e., to both parties in the relationship) so both parties participate in a relationship and both can ‘give and get’.” Bob gave a big high-five to this and it set him off on his “rant on user-centric identity”, which in a nutshell is that the “asset” that is a relationship is a joint property that benefits both parties. “Enterprise-centric” identity systems emphasize giving control to the enterprise. “User-centric” identity emphasizes giving control to the user. But both are, as Bob puts it, “forms of abuse”, i.e., neither one emphasize the relationship and therefore the mutual trust, which should really be the Sun at the center of an Internet identity system.

So instead of “Identity 2.0”, we should we call it “Relationship 2.0”.

Bob said is that there is a great instantion here of permission marketing. Comparing this to traditional email list marketing, he said: “What you want is not to have the world’s greatest collection of email addresses, but the world’s greatest collection of relationship contracts in which the users actually want to hear about whatever the vendor wants to communicate about.”

Another quote from Bob: “Sociability works much more from accountability than it does from authorization.” The example here was access control lists for social data on social networks. Bob argues that lengthy access control lists are not only a bother to users but don’t recognize the much more powerful “social contract” that is based on expectations and accountability, i.e., “a real friend of mine will not share my information in a way that might harm me, and if they did, they know how I will react”.

Net net: I think Bob’s thesis is the Copernican Revolution of the Internet identity industry. I’m sure it will a major theme of my posts in the months ahead.

But my very next post will be about the next session (once it’s over) that follows directly from Bob’s thesis: relationship cards.

Posted in General, Relationship cards | Tagged , , , , , | 12 Comments

Data Portability: An Idea Made to Stick

Posted on 5/12/2008 by Drummond Reed

Chris Messina has a post worth reading about the whole subject of Data Portability. Though it is a complex new topic that demands a longer and more thoughtful post, the one point he and Chris Saad agree on is that the meme is here to stay. As the wonderful book Made to Stick would characterize it, “data portability” is a highly sticky idea. It’s not going away anytime soon.

(On a side note, I’m desparately seeking time to do a longer post about Made to Stick, which every technology communicator should not just read but memorize. It was the inspiration for the presentation I gave at Internet Identity Workshop today which used no slides at all. Bill Coleman insisted Paul Trevithick read it. Paul insisted I read it. I insist you read it. ’nuff said.)

Posted in Data Portability, General | Tagged | 1 Comment

Back blogging in time for IIW

Posted on 5/11/2008 by Drummond Reed

The Magic Include Shell took my blog offline and finally compelled me to move it to new hosting quarters, upgrade to WP 2.5.1, install a new theme, and add OpenID and information card support – all thanks to the magic of Stas Zubalevich at Parity.

If your WordPress suddenly goes wonky, I highly recommend this article about the Magic Include Shell. Nasty stuff.

Glad to be back online for the Internet Identity Workshop starting tomorrow – it’s gonna be a dousy.

Posted in Blogging | Tagged , | 3 Comments

Doc Searls, VRM, and the Redemption of Tomorrow's Internet

Posted on 3/25/2008 by Drummond Reed

Ryan Janssen has posted another interview in his series on digital identity, and I daresay that if you’ve ever met Doc Searls, you can just feel his energy and passion about VRM coming through in this writeup. Highly recommended reading. Doc has been right about many things, and ultimately I think VRM is going to be one of the most important.

Posted in Blogging, General, VRM | Leave a comment

Understanding Windows CardSpace

Posted on 3/11/2008 by Drummond Reed

You know you’re seriously an identity geek when your spare-time reading is Understanding Windows Cardspace. But for this rapidly rising new branch of the digital identity space, a book with this much good information about Microsoft’s CardSpace technology is definitely worth the investment.

About half the book is background on the entire problem space that information cards are a solution for; it’s long but worth the read. The rest is technical meat that there are few other places to get.

Recommended especially if you want to move into this new space quickly.

Posted in CardSpace, General, Higgins, I-Cards | 2 Comments

Internet Identity Workshop Coming in May

Posted on 3/9/2008 by Drummond Reed

Nowadays I find myself orienting my entire year around IIW (the Internet Identity Workshop). DO NOT miss it if you want to seriously intersect with the user-centric identity community. This year it will include a follow-on Data Sharing Summit on May 15, illustrating how the focus is slowly moving to the most important capability enabled by UCI.

IIW2008 Registration banner

See ya there.

Posted in Blogging, General, Identity Commons | Leave a comment

Congratulations, Stefan

Posted on 3/6/2008 by Drummond Reed

And congratulations Kim. The news just become official that Microsoft has acquired Stefan Brand’s Credentica and all its intellectual property. This pairs up Stefan with Kim Cameron and Microsoft’s Identity and Access team to bring Credentica’s groundbreaking U-Prove zero-knowledge-proof technology to market.

This is a very exciting development, particularly because it means that between Microsoft’s work on CardSpace and Higgins work on new forms of i-cards, some real breakthrough functionality is coming to the i-card paradigm. It won’t happen overnight, just as it’s taken Stefan 15 years of work to bring U-Prove this far. But once you’ve pushed a boulder that big up a hill that long, a landslide can start much more easily.

(Not that those of us working on XRI and XDI would know anything about that picture. 😉 )

Posted in CardSpace, General, I-Cards, Privacy | Leave a comment

Ryan Janssen Takes Me Back

Posted on 3/2/2008 by Drummond Reed

Ryan Janssen pinged me via my contact page last week to ask if I had time to share the story of how I came to be working on XRI, XDI, OpenID, i-cards, Higgins, and Identity Commons. He reached me this afternoon and we talked for almost two hours. Boy, did it bring back memories. I’m so focused on building out working identity infrastructure and applications based on all these standards and projects that I rarely have a moment to reflect on how many twists and turns (and dollars) its taken to get here. So this was a full-out stroll in the park.

He’s posted an overview and will be writing more as he talks to others who have been pounding away forging this Internet identity layer. Ryan’s really done his homework too — he even included a link at the end to the original XDI white paper that co-chair Geoffrey Strongin and I contributed at the start of the OASIS XDI Technical Committee in early 2004. Wow, did that trip off the old synapses. Most fascinating is seeing the original proposed XDI schema which had just four elements. Four years later, after numerous twists and turns (and by my count 23 intermediate proposals), the XDI RDF model has…four elements (plus the XDI wrapper element). It’s not the same schema (now it’s based on the RDF graph model) — and in fact the preferred serialization is no longer even XML (it’s X3). But it’s uncannily close.

Deju vu all over again…

Posted in Blogging, General, Higgins, I-Cards, Identity Commons, OpenID, XDI, XRI | Leave a comment

An Inconvenient Truth – Truer Than Ever

Posted on 2/19/2008 by Drummond Reed

Although I saw snippets when it first came out, I sat down tonight to watch An Inconvenient Truth end-to-end with my wife and two boys, and I was blown away by how powerful a message it still delivers. In fact Al Gore has done an update that brings it current within about a year.

It’s simple: SEE THIS MOVIE. Then vote with your conscience, and your feet, and your wallet. Nothing is more important to the life of this planet and especially our kids.

Posted in Blogging, General | Leave a comment

Growing the OpenID Community

Posted on 2/7/2008 by Drummond Reed

When people talk about Internet innovations coming from the “grassroots”, they are going to use OpenID as the textbook case. From Brad Fitzpatrick’s original protocol in 2005 to today’s announcement that Yahoo, Google, Microsoft, IBM, and Verisign were joining the OpenID Foundation — that’s a remarkable evolution.

And the evolution of the OpenID community and the development of the OpenID Foundation to support this effort is going to be another chapter in the textbook. If you want to see OpenID flourish, please do join us.
There’s still a long row to hoe yet — I don’t think we’ve seen but the tip of the iceburg of what’s going to happen with Internet identity by the end of the decade. But it’s too late tonight to speculate on that — must get some sleep and get back to building it. (How I do wish some days for some more blogging time…)

Posted in General, OpenID | Leave a comment

Identity Commons Quarterly Report

Posted on 2/6/2008 by Drummond Reed

Identity Commons is a fascinating story — to my knowledge there has never been an “upside-down umbrella” quite like it. Without going into that here (it needs its own post), I encourage anyone interested in IC to check out the quarterly report just published by Chief Evangelist Kaliya Hamlin (aka IdentityWoman).

And that’s just the beginning. Seven new working groups are being voted on right now, and it looks like there is another wave coming right on the heals of that. Clearly the Identity Commons upside-down-umbrella model is filling a real need, and I have high hopes for what this new form of Internet community collaboration can accomplish.

Posted in General, Identity Commons | Leave a comment

XDI Link Contracts

Posted on 11/25/2007 by Drummond Reed

Identity Woman (Kaliya Hamlin) posts about why current “friend formats” like FOAF and XFN don’t satisfy the need for privacy and personal control of data that she – and many other women – want before they are comfortable sharing personal information online.

She mentions that XRI and XDI provide this capability. Chris Messina comments that:

As it is now, there are few applications that actually support what
you’re talking about in terms of giving you fine grained control over
your relationship lists… It’s something that I hope is coming down
the pipe but is not something that has to do with the format; instead
it’s all about consistent citizen-centric access controls over their
data.

Let me explain why I believe it does indeed have “something to do with the format”, and thus why XRI and XDI are so relevant to this problem.

The core idea is that to provide the control Kaliya wants — over who has access to what parts of her profile — you can’t tie the access control format down to a specific blog, domain, application, or i-broker that you are using. You need the access control format to be as portable as the data it is controlling, or else we’ll never get to real portable data – data (and relationships) you can “take with you” across different communities and applications as your life and work evolves.

XRI and XDI provide a open standard way to do this. They break the problem of portable access control into two parts. The first part is a portable addressing format — a way to address the data being controlled that is domain- and application- independent. That’s the job of XRI (Extensible Resource Identifier). It enables a layer of abstract addressing on top of any network-addressable resource that enables portability of data across domains and applications.

The second part is a portable format for expressing the controls an individual (or other data authority) wants to assert over access and sharing of their information. That’s the job of XDI (XRI Data Interchange), a very simple XML format in wich every node of a data graph is XRI-addressable. Within this graph, certain nodes are used to store the access control metadata. In XDI these are called link contracts.

Link contracts are are the portable access control format Kaliya is asking for. As she mentions in her blog, XDI link contracts have already been implemented by Andy Dale, Steve Churchill, Barry Beechinor, and the team at ooTao in a large scale data sharing project for La Leche League International. ooTao used the original XDI data graph model, called the Authority/Type/Instance (ATI) model, For more about this implementation, see Andy’s blog, The Tao of XDI.

An even simpler XDI data graph model, XDI RDF, has since been developed based on the RDF graph model. To see examples of what link contracts look like in the XDI RDF model, see the current XDI RDF Model writeup.

With the XRI Resolution 2.0 spec going final (public review will begin next week – I’ll blog more about this shortly), I look forward very much to diving much deeper into XDI RDF and link contracts at the Internet Identity Workshop, coming up December 3-5 at the Computer History Museum in Mountain View.

Posted in Blogging, General, Privacy, XDI, XRI | 1 Comment

Paul Madsen on the i-card taxonomy

Posted on 11/21/2007 by Drummond Reed

Paul Madsen has done a nicely illustrated post on the taxonomy of i-cards supported by the Higgins project. He makes a great point about how SAML cards (“s-cards”) could fit in, both in terms of third-party cards and self-issued cards. As I posted previously, I’m excited about seeing SAML integrated into the Higgins framework.

My only quibble with Paul’s diagram is that it shows r-cards (relationship cards) as a subset of m-cards (managed cards). If anything, it’s the other way around — an m-card would be a specialization of an r-card. But actually they are disjoint, the same way Paul shows the r-card and p-card circles in the self-issued set.

UPDATE: Paul has fixed this, and the diagrams are fine now.

The subject is actually very deep, as there are some interesting ways in which r-cards can emulate both m-cards and p-cards. But that’s a deeper subject than I have time for in this post — hopefully I’ll get some time over the holidays to go into it more.

Posted in Blogging, General, Higgins, I-Cards, SAML | Leave a comment

It's that time again — Internet Identity Workshop 2007B

Posted on 11/12/2007 by Drummond Reed

I’ve never been part of a self-organizing community as large or as effective as the Internet Identity Workshop. If you care about the emerging user-centric identity layer for the Internet – or even if you only only care about the applications that are possible on top of that layer (which frankly are a whole lot sexier than the infrastructure), then don’t miss this next one, Dec. 3-5 at the Computer History Museum. I know of more groups pre-planning sessions for this IIW than ever before, including sessions on Higgins 1.0 (due out at the end of the year), new Identity Commons Working Groups, the new XRI Resolution 2.0 specification (note that the final-final link will be available before IIW), and XDI-RDF.

Posted in General, Identity Commons, XDI, XRI | Leave a comment

Higgins speaks SAML

Posted on 10/30/2007 by Drummond Reed

Paul Trevithick just posted about a significant new step for the Higgins Project – the first contributions adding support for SAML 2.0. At first blush that may not seem surprising – SAML is the granddaddy of modern Internet identity protocols – but it speaks volumes precisely because Higgins established its early reputation as an alternative implementation of CardSpace and WS-Trust.

What this reinforces is that Higgins is really protocol-independent. As Paul puts it:

Higgins is about a consistent card-based experience over whatever protocols have traction in the marketplace.

I’m spending a lot of time with Paul and the Higgins team now working on integration of XRI and XDI for the same reason. Both are open protocols being developed at OASIS for digital addressing and data sharing. Both “plug in” to the Higgins framework and its abstract data model. By serving as a “interchange hub” for data and tokens from different protocols, Higgins has the potential to do for identity interactions what TCP/IP routers did for the net itself – finally get us all speaking to each other.

Posted in CardSpace, General, Higgins, I-Cards, OpenID, SAML, XDI, XRI | Leave a comment

Recommending the Recommender

Posted on 10/8/2007 by Drummond Reed

I just noticed that Paul Madsen made a post about my recommendation that folks check out Joe Andrieu’s comments on the MS HealthVault announcement. Paul got my attention by titling his post, “Drummond, it’s Hailstorm“.
Just to clarify: I wasn’t recommending HealthVault. I was recommending Joe’s blog post about it, and most notably the large open issues regarding data portability — what Paul Trevithick calls “zero lock-in”.

Paul, thanks for helping clarify my intent.

Posted in Blogging, General | Leave a comment

Securing Very Important Data: Your Own

Posted on 10/8/2007 by Drummond Reed

Denise Caruso published a wonderful article in Sunday’s New York Times on a subject very close to my heart: how to best go about protecting personal identity, profile, and preference data as new technologies like OpenID, Higgins, and XDI make it possible for individuals to aggregate and share this information much more easily. Call it the “new power of personality” – digital personality.

One of the most intriguing ideas Denise covers in the article is one from Mike Neuenschwander, Lori Rowland, Bob Blakely, Jamie Lewis, and their colleagues at the Burton Group. They propose the idea of a new legal entity explicitly for protection of personal identity data: the Limited Liability Persona (LLP, a nice play on the Limited Liability Partnership). Given the amount of time I’ve spent at the intersection of law and technology and personal data, I’m increasingly believing that the Burton Group is right – digital personas will be granted their own status as a legal construct, just as corporations, patnerships, and sole proprietorships have been in many jurisdictions. I blogged about the LLP when I first heard Jamie Lewis speak about it at Digital ID World 2006, and I think it’s time may be coming. I’m adding it as a category on this blog, and I’ll make it a point to keep reporting on it as it develops.

Posted in General, Identity Rights Agreements, Limited Liability Persona, Privacy, Social Web, XDI | Leave a comment

Joe Andrieu on Microsoft's Health Care Record Initiative

Posted on 10/5/2007 by Drummond Reed

Joe Andrieu, one of the leaders of the VRM (Vendor Relationship Management) community, has posted a good initial assessment of Microsoft’s first foray (post-Passport) of storing personal data for consumers via their Health Care Record initiative. It’s well worth reading his assessment of how this really legitimizes the market for “personal data stores”.

Since that’s one of the primary use cases for which XDI is being developed as a protocol and Higgins is being developed as an open source projects, there will be much more to say about this in the coming months.

Posted in Blogging, General, Higgins, I-brokers, VRM, XDI | Leave a comment

Social Web User's Bill of Rights

Posted on 9/12/2007 by Drummond Reed

Last week I mentioned the Social Web User’s Bill of Rights that was drafted for the Data Sharing Summit last Friday and Saturday. When it was first posted, it included the phrase, “ownership”, as in “user’s should own their personal data”.

Mary Hodder, the entrepreneur behind Dabble.com, Paul Trevithick, and I were initially wary of using this term for two reasons:

  • “Ownership” is very tricky legal territory, not just in the U.S. but all over the world. Personally I believe the term “identity rights” and “identity rights agreements” is actually more appropriate (see more below).
  • Mary made the point that it’s really “co-ownership”, i.e., when users share data with sites, it’s for the benefit of both, and sites need to know they can use the data to provide the services they are giving the user.

However in a blog post today, Mary said that after conversations at the Data Sharing Summit, and then with others in the industry and Dabble advisors, she became convinced that the spirit of “ownership” is correct, and so she’s endorsing the Bill of Rights and adjusting the Dabble TOS (Terms of Service) to reflect this concept of user ownership of their data.

Good for her. I fully agree that the spirit is right, and so, with the caveats I expressed above, I’m on board too. So is Doc Searls in a post he just made.

Interestingly, the very last session at the Data Sharing Summit (in fact, after the closing circle – that’s how dedicated the attendees were) was on Identity Rights Agreements (IRAs), a Working Group formed at Identity Commons in the spring of 2006. The whole idea of IRAs is that users actually license their data to sites, and that if the IRA Working Group could come up with a small set of easily understood user data licensing provisions, similar (but not identical to) the Creative Commons license suite for digital works, it could usher in a whole new era of increased trust between users and sites.

Victor Grey called the IRAs session because he’s doing XRI-based data sharing projects where he needs IRAs today, and he wants the IRAs Working Group to start publishing even very simple ones just to get the learning started (Creative Commons licenses all went through several revisions too).

The outcome of the session was to jumpstart the work of the IRAs Working Group. Victor has already set up the mailing list. Please do join us if you support this work and want to help.

I believe IRAs have the potential to remove the last social hurdle to standardized user-controlled personal data sharing (XDI removes the last technical hurdles). I intend to be very active on the IRAs Working Group (as badly time-sliced as I am these days) so that we can make user ownership of personal data not just laudable but actionable.

Posted in General, Identity Commons, Identity Rights Agreements, Privacy, Social Web, XDI | Leave a comment