Category: Identity Management

There’s a hole in the web
The web has a hole in it. That hole is shaped just like me. Anyone, with sufficient time and desire, could find the scattered bits that make up my composite identity and pour them into the hole. Between Google, Zabasearch, Technorati, del.icio.us and others you could fill the me shaped hole in the web.

But then again, I can do the same with the you shaped hole in the web.

And if we can do this with free or nearly free tools, just imagine what you can get with a little cash and some research. (Maybe this thought ought to be titled, “How I learned to stop fearing Eschelon.”)

So how can I prevent you from filling the me shaped hole in the web? I could attempt to change the shape of the hole. The problem is that in order to do that I have to change myself. Since this isn’t a self-help blog and we really don’t have time to delve into the vast array of my quirks, let’s move on to another approach. What if I could somehow generate more scattered bits about me than could fit in the hole? More me than is really me? If I could flood the usual channels with bogus identity information that was close enough to me to fool systems that you use to triangulate me and fill the me shaped hole, then I could make it impossible to tell the bogus bits from the real ones. You couldn’t be sure that you really filled the me shaped hole with real me bits. (By the way, I am in no way endorsing some sort of strange identity-based breakfast cereal… Me Bits, Now with more self-asserted claims!) The best place to hide something is in plain sight.

In order to mask myself from the web, instead of trying to remove all my bits from the web, I flood it with more me than is me. (This is starting to sound a bit like Smith from the second Matrix.) What I am rambling about here is a pink noise generator for identity. On an individual basis this is a little impractical. I’d have to spend a bunch of time and effort trying to create the systems to generate a me-flood. That isn’t going to happen any time soon.

But what about communities I belong to? Would the hosts of my various communities create the technology to mass produce its members on web as a value-add? Would you join a group which offered the ability to mask you or your membership from the web by making a you-flood?

I have to thank Jan Hauser for impetus for this one.

I don’t get it
Why are the identity problems of the enterprise so different from the individual? It became immediately obvious to me that my past experience in enterprise identity management was not going to be directly applicable to the issues and use cases that IIW2005 was addressing. The identity needs of the individual are clearly different than those of an enterprise comprised of individuals. Fair enough. But why is there such a gap?

If you examine an employee in an enterprise do they have similar identity problems to private citizens? An employee and a citizen (I am using citizen here to represent a regular user like my grandfather) clearly operate in different contexts. I think the SocialPhysics gang would say that this difference in context is the root of the difference in identity needs.

It just strikes me as odd that all good work of Sxip, NetMesh, OpenID, and their kin don’t seem to merge with the hard work of Sun, IBM, Novell and their kin. This inside versus outside of the enterprise context really eats at me. This division between the two seems artificial.

Make identity issues meaningful
It’s great that there are groups like the Identity Gang. They care about real meaningful issues.

But those issues that are meaningful to those familiar with them are often hard to explain to outsiders. (And let’s not forget that the outsiders here at 99.999% of web users.) Sometimes you have to turn to outside sources to help explain issues that mean a lot to you. I think that Dick’s presentation is great for doing just that. I also think that this video from Red Versus Blue (sorry for the wmv file) does much the same… with the added bonus of guns, herbal Viagra, and Halo goodness. Enjoy.

Technorati Tags: iiw2005 identity

Overall, I am really enjoying this workshop. It serves as a great high speed primer for a variety of identity issues and technologies.

Some highlights from the presentations so far:

Doc Searls – Identity in the marketplace: The Rise of Fully Empowered Customer
It’s always good to hear Doc give a talk. His belief that the web is a marketplace, a place for business and culture definitely has a Diamond Age feel to it. His example of customer freedom from vendor CRM shackles is an interesting one. Though his example of renting car is certainly valid and demonstrates the reverse nature of our world today, I’d love to get the vendors’ perspective on this. There are a few people from Yahoo in the audience and I am sure that they have some strong opinions about the freeing of identity.

Brad Fitzpatrick – OpenID

Brad put on the best show of the day, by far. It was a very Dada affair full of self-criticism. It was a simple talk about how OpenID works and why it does what it does. A simple tool for a specific problem… frickin’ brilliant. OpenID is a way to prove you own a URL using an identity provider you trust. Fairly simple. I sat there wondering why, when we see a simple solution, we say, “That’s all it does?” Why is it that we seem to always want some grandiose solution to a massive problem. What happened to elegant, simple solutions to problem? For that matter, what happened to problems that can be expressed in a few words and not an onslaught of slides?

Paul Trevithick – Social Physics and The Higgins Trust Framework

Paul and co’s work has lead them to the conclusion there is no identity independent of context. Context is the real king here. Not individual demographic attributes. Not roles. Not protocols. It the the context of interaction between users, trusted parties, vendors, etc that is the real domain of identity.

I applaud the group’s work around creating the Framework. It is an abstraction layer that helps tie the vast array of user information to contexts appropriately. Paul’s honesty on the subject of implementation are hard was definitely a welcome admission.

After hearing his presentation, I was a little annoyed that I hadn’t heard of this before. You’d think if you have read my Shadows of Identity piece that I would have already been an versed in Higgins. Nothing could be further from the truth. Strange how things happen sometimes.

Other thoughts:
Although these presentations today do not represent the entirety of the identity world, they are a sketch of the problems and solutions out there. It seems to me that there is so much attention to possible solutions, technologies, protocols, and the like that we are losing sight of the problems we have set out to solve. To me, there are two general classes of problems. First, there are the problems of an individual. How do I manage my identities out there? How do I describe what data about me I will allow to be disclosed? Who can get that data? The second class of problems are relationship-based where the relations involve more than two parties. How do I share my perferences and needs with an entire market? One question I keep coming back to is, if we figure out a way to solve both classes of problems, who is going to pay for it?

Technorati Tags: iiw2005 identity