Identity Future

Marc Hedlund, in an essay at O’Reilly Network, asks:

Who owns your online identity? Do you? Most likely, you don’t — almost all Web sites that have a concept of identity do (and badly want to) maintain an identity profile for each of their users. At the end of the day, that identity belongs to them, not you.

Marc’s question stems from a message he received from Yahoo telling him he had to choose a new username for his My Yahoo account.

In the end, Marc closed his My Yahoo account rather than migrate, and offers this advice:

The lesson should be clear: you cannot entrust your online identity to a business if that identity is meaningful to you. If you want or need your online identity, you must maintain it yourself.

That isn’t to say he thinks there’s no room for a product or service that makes it easier:

There is an opportunity for software businesses that would put identity control directly where it belongs: in the hands of consumers. Some products, such as AdSubtract, already are succeeding by making the Web easier to use while returning control over personal information to users. There are, however, plenty of other uses for a user’s local hard drive, and the successful companies will find a way to combine privacy (which tends not to be a great selling point) with performance and features (each of which do sell).

online identity, idm, identity management, Marc Hedlund, ownership, My Yahoo, self control, self determination, user control

Dave Chiu and Didier Hilhorst explain the concept of reputation management in these slides presented at the conclusion of the Applied Dreams 2.2 project at Interaction Design Institute Ivrea in Milano.

The project brief begins:

Our identities are changing due to our constant exposure to enabling technologies.

Our old physical identities, fixed to a house, an address, a tax number, private, detached, individual, introvert, seem increasingly at odds with our new electronic identities, mobile, self-published, publicly exposed, extrovert, shared, accessible, communal.

Simultaneously, an interconnection between individuals, commercial and authority is leading to the increasing relevance of self-organising, temporary socio-spatial communities and to the creation of micro-economies.

applied dreams 2.2, Dave Chiu, Didier Hilhorst, identity, identity management, idm, presentation, RentAThing, reputation, reputation management, reputation, RentAThing

Josh Porter and Alex Barnett got Dick Hardt and Kim Cameron on the line to talk about Identity Management. The result is available as a podcast.

Josh and Alex are big on the attention economy and social software, so they’re asking questions about how IdM works in those contexts. Most people thinking about IdM today seem to be thinking about its uses in the enterprise or in education, but when I say identity management is the next big thing, I mean it in the social context that Josh and Alex are rooted in.

Alex’s notes:

• What are the biggest problems we need to solve for online identity?
   
• The paradox of silos and a single solution
   
• The Laws of Identity and the Sxip protocols
   
• Consistent user experience
   
• Read / Write identity and Attention Data
   
• Separating identity establishment & management and attention & transactional data management
   
• Trading attention data
   
• Attention data and reputational data
   
• Sxore and Blog comment spam and trackbacks are an identity problem
   
• Attention data maintenance
   
• Personally Identifying Information - PII data maintenance
   
• How would ecommerce sites make use of Attention data?
   
• Enterprise-level privacy
   
• Haven’t already we lost our privacy?
   

[cross posted from MaisonBisson.com]

alex barnett, attention economy, dick hardt, identity 2.0, identity management, identity20, idm, josh porter, kim cameron, social software

Being that good software — the social software that’s nearly synonymous with Web 2.0 — is stuff that gets you laid, where does that leave IdM?

Danah Boyd might not have been thinking about it in exactly those terms, but her approach is uniquely social-centered. She proposes “SecureId”

What is SecureId? SecureId is a program that helps you protect and control your digital identity by allowing you to determine who can access your private information. By allowing you to articulate your digital contexts based on facets of your identity, SecureId provides the framework for you to properly relate identity information and people with contexts, thereby giving you the ability to portray yourself properly. SecureId uses a knowledge-based security system to help you manage access to various facets of your identity. By presenting you with a portrait of your digital identity, SecureId also gives you a virtual mirror to your social performance.

Reading further, she implores us to “imagine that you are in control of your digital identity.”

The information you give out on a daily basis is quite context dependent. While you might give your medical history to your doctor, would you give it to a random stranger? Does your language differ between work, the pub and at home with your 3-year-old? What about your clothing? Not only do you make different decisions based on the level of trust you have, but also based on what is socially appropriate. Speaking to your boss like you speak to your child might be both inappropriate and offensive. Do you have different groups of friends, family and associations that may or may not interact with one another? What roles do you play in your life and how do aspects of your character change when you are in these different roles?

SecureId offers you an interactive visual landscape for articulating your identity facets and associating appropriate data with them. Through this mechanism, you can quickly see who has access to what aspects of your self. By presenting you with a portrait of your digital identity, SecureId also gives you a virtual mirror to your social performance, an awareness that is taken for granted in the physical world.

danah boyd, context dependent identity, identity management, idm, social, social aspects, social identity, social idm, social interaction, social networks, social software

From the website:

MicroID is a new Identity layer to the web and Microformats that allows anyone to simply claim verifiable ownership over their own pages and content hosted anywhere. The technology is radically simple and capable of empowering new and unique meta services with only minor effort.

In a sense, MicroID is a simple technique to wrap any existing communication identifier in a generic way and enable it to be uniquely and safely published in association with some content. The technique works while protecting privacy and remaining fully decentralized. This applies to owners of sites and pages, and just as importantly, for services that host content generated by users (blog posts, blog comments, forums, videos, account profiles, url lists, friend lists, and so on). These services can add a MicroID to the user’s content (and microformats!) and enable that user to verify to anyone that it is theirs.

There is no new or deep technology involved, simply take a current communication id such as an email address and hash it with the name of the site it will be published on…

A sample hash generator is available, as well as examples of how it can be used to to verify a user’s ownership of web content, user’s membership in a third party site, or to validate a user’s feedback or reputation on a moderated system.

identity, identity architecture, identity assertion, identity management, identity verification, idm, microformats, microid

Beta Systems Launches New Webcast

Beta Systems launches a new webcast titled “Identity Management: Addressing the Growing Pressures of Regulatory Compliance and How Business Imperatives Influence Identity Management Deployments”. The webcast covers many vital areas of identity management, but regulatory compliance is central to the overall message.

The webcast features the following presentations:

• “Identity and Access Management” by Ant Allan, Research VP, Gartner
• “SAM Jupiter: Full Compliance and Fast ROI” by Keith Girt, UK Country Manager, Beta Systems.
• “How is Accenture addressing the Identity Management (IDM) Market?” by Andreas Multari, Manager, Accenture Security Services.

identity, identity management, gartner, beta systems, accenture, identity and access management, compliance, regulatory compliance, idm, webcast

Educause is hosting CAMP Shibboleth: Enabling Campus and Federated Single Sign-On on June 26–28, 2006 in at the Wyndham Burlington, in Burlington, Vermont.

Unsure about what the Shibboleth System is about and how it can be used in production on your campus? Looking for a Web single sign-on package that can be used both for local applications and in federated environments?

Internet2’s Shibboleth is being deployed nationally and internationally to solve real-world problems associated with intra- and interinstitutional authentication and authorization. For Web-based access control, it leverages campus identity and access management infrastructures to authenticate individuals and then sends information about them to the resource site, enabling the resource provider to make an informed authorization decision.

Many consider the Shibboleth System to be federating software, which it is; however, more and more campuses are asking what value they get, if any, from deploying separate intra- and intercampus single sign-on systems. Increasingly, these campuses are deploying Shibboleth for both purposes. It’s a tool that enables Web authentication and provides authorization information for applications and services, independent of who’s offering them.

This CAMP will offer concrete practice and real-world experience from institutions running Shibboleth in production for controlling access to both on and off-campus services. Featured in this workshop will be an Application Showcase where campuses and vendors will demonstrate the Shibboleth System in action.

Both IT management and technical staff will find sessions of interest on the program and guidance for running Shibboleth in production. Participants will:

CAMP Shibboleth: Enabling Campus and Federated Single Sign-On, June 26-28 in Burlington, Vermont, will give you the opportunity to:

• Learn strategies for managing identity and privilege information used by the Shibboleth System
• Understand the management issues involved in running a Shibboleth-enabled learning management system
• Discover Shibboleth’s value as a campus Web sign-on package
• Learn about SAML 2.0, the mechanism that carries the identity information
• Find out the questions you should ask your information/library vendors about SAML and Shibboleth System support
• Hear practical advice for running the Shibboleth System on server clusters

Participants are encouraged to have a sound knowledge of IdM to learn the most from the sessions. Those interested in knowing more about IdM can review the Enterprise Directory and Authentication Implementation roadmaps.

camp, educause, identity, identity management, idm, middleware, nmi-edit, saml, shibboleth, single-sign on, sso