Skip to navigation

Saturday, October 18, 2003

Now That's A Mobile Phone

Ernie, who is providing some fascinating PopTech! coverage, writes of good news on the legal front for VoIP phone services:

A federal judge in Minnesota has ruled that Vonage's VoIP phone service (which uses broadband internet connections to handle phone calls) is an "information service" rather than a "telecommunications service." I'll bet the traditional phone companies won't like this. But consumers will.

Yeah, I'll say. The current Robert X. Cringely column in Inc. explains many of the reasons this technology is droolworthy, including the following, which gave me a big "Aha!"

But wait, there's more! I can unplug my Cisco box in California and take it to the little house we have in Charleston, S.C., where every year I try to perfect my heat rash. I plug it into the Charleston DSL line and my business line and fax line ring there instead of in California. I could do the same thing on a trip to Japan, too, and soon even that won't be necessary, because I'll be able to replace the Cisco box with software on my notebook computer—so my office line will ring at my hotel in Tokyo. I can use a computer headset to take the call or, even better, by next year I'll be able to plug a special phone into the USB port on my notebook. I completely bypass the hotel phone system. Not only am I saving on hotel charges, but my virtual phone doesn't know it's in Japan at all, so all my calls back to the U.S. are free.

If your business is bigger than mine is, an affiliate of Vonage called Vontek can route the Internet phone right into your phone switch. It can even set up a virtual PBX so people working at home can all have extensions on the office phone systems no matter where they are in the world as long as they have broadband Internet service. I might never get out of bed.

Add some well-considered digital identity to this scenario, and you're looking at the future of telecommunications.

As far as telecommunications present go, I'm happy to see that the new releases of iSync and iCal almost give full support to the Sony Ericsson P800. I can't get the calendar to sync for some reason, but the contacts are doing it nicely and that's a big step in the right direction. Web enabled phone-PDA combos are definitely the way to go if calling or emailing anyone you know without having to hunt for numbers and addresses is important to you, and the P800 1) syncs via Bluetooth with OS X, and 2) lets you wirelessly surf the Web from your Bluetooth/OS X enabled laptop in WiFi free zones. (Has a camera too, of course.)

[Update] Checking the Apple discussion boards, apparently there's a bug when it comes to recurring calendar events. After several tries, for no apparent reason (no configuration changes), mine finally synched. From the iSync team: "We are aware of the issue with recurring events syncing to the Symbian phones but we need to collect some more data to isolate and resolve the issue."

Today's New Blawg

Alex Wellen, co-creator, executive-producer, and co-host of TechTV's CyberCrime, and now touring author of a witty novel about the legal profession, Barman: "My God! What have I done? It's a blawg."

Friday, October 17, 2003

Digital ID World, On Film

There are several pages of snapshots from the conference at Carry-On Baggage. Here are Doc's pics, and Marc and Phil have a bunch. Back in California, I understand all construction hell is breaking loose at the house tomorrow, and the office servers will be down this weekend due to a planned power outage. Welcome home!

Digital ID World, Myidentity, Theiridentity, Ouridentity

Update, 5:00 p.m. Pacific: oops, partial post earlier, complete notes now here.

Doc Searls

Talks about the nTags. Even though you could anchor a boat with one, they make you feel like you're in a '50s sci-fi movie: "We greet each other and sometimes have sex with these."

None of us would be here if it weren't for Andre Durand. He turned the notion of identity management inside out, by putting the individual on the inside and everything else on the outside. Three tiers: 1) personal, me, myself and I, 2) assigned or corporate, 3) marketing. Tier 1 (T1) is central to the model. Popeye, I am what I am.

Kim Cameron calls T1 identity "the committee of the whole." Our wallets are Tier 2 habitats. CA driver's license, how many here have a DL with an old address? (Audience responds.) All of us! Each relationship is conducted on the supplier's terms, each is isolated unto itself. Tier 3 habitats are our mailboxes. Andre asked what happens when T1 and T2 have equal power: relationships become two way, they're real relationships, so guess what? T3 goes away. New opportunities open up, we're not sure how that will work because we're used to isolated, 1-sided relationships. This gets you to Cluetrain. All the individual and collective intelligence increases. But what happens beyond it, and how does identity do that?"

Lots of what has gone on here, here and last year, clearly is BuzzPhraser material. (Doc shows enormous spreadsheet of all the buzzphrases tossed around here. IdentoLatin, CollaboLatin, etc. We use the term "market" to mean many things: targets, groups, regions, categories, as an acronym for selling (verb). Sales touch the customer, marketing doesn't (why? 'cause it's "strategic"). Eric Raymond and Sayo Ajiboye say markets operate at 3 levels: at the bottom level, markets are places where exchange happens; above that, we have conversation. In a natural market, no one is really in charge, you have to determine the price in the course of the conversation and it develops from the relationship. An interesting point is we still talk in the language of exchange: delivering services, moving content, adding value. Mechanical language substitutes for relationship: "Honey, I'm going to deliver some love to you." When the 'Net's not there, it's hard to have much of a relationship, the relationships are narrow. This changes when you embrace the grassroots. Meanwhile, as farmers, we sound like paving contractors: "We got your federated identity, right here!" The Liberty Alliance About page is a little bit scary this way...

There are ways to get personal, and whoever pulls it off will get rich. What do we do with the networked customer? We embrace them for big, we enable them for small. What to do? (Shows still from Mel Gibson's "What Women Want.") Think about what customers want: any time, any place, any where, in the networked world, and enable that. Have to table privacy concerns every once in a while to think creatively about where we want to go.

Surprise! Doc lost his power cable at this conference. Wouldn't it be nice if he could register that need? That's $80 to someone. Discusses parallel to RSS. Doc says he's not that technical, the only code he knows is Morse. But doesn't think it would be that hard for an individual provider to know that he's coming down the road right now and needs "x." Thinks RFID could be really powerful in this. Maybe Doc has ideas about the way his supplier could do things. Wouldn't it be better if, rather than just having these thoughts expressed on a gripe site somewhere, a relationship existed for exchange on the point. The 'Net will help dismantle The Matrix. We're going to get the IM systems to work with one another eventually, because people want it and it will happen.

Marc Canter: if we're dismantling The Matrix, what are we "mantling?" Esther: it's like bees and pollen, cross-pollination. Chris: my daughter asked me about dinosaurs, "How did they know they were called dinosaurs? [Laughs] [DMH aside: to Cory, I'm a Pregosaur!]

Doc: I hear Federation and I see Darth Vader. Reaction (channeling David Weinberger) is get that away from me, don't even have that conversation.

Marc Canter: Why are you really wearing a suit? Doc: I just think it looks cool. Esther: Want to leave it in my cab?

How will T3 disappear? The spam that we call mass market advertising is very unwieldy and will fail. The costs are incredibly high. In the long run it will go away as demand gets more equipped to say what it wants. Google profits about $700-800 million per year. Google has explored new ways for buyers and sellers to connect with each other, explored the Holy Grail of advertising: messages you may want. They're going to blow up advertising in the next 2-3 years, and they need competition.

Interesting concluding discussion involving Chris and Esther about time and attention. Are the number of relationships we can have finite, do they devalue as they multiply? Eric mentions that Doc is a walking network (so true).

Audience question: "Are we in danger of moving from spam to meatloaf?" Doc thinks we're getting both at the moment.

Audience question: If we're dismantling The Matrix, who do you guys see as Keanu Reeves? Doc and Esther in unison: "Chris Locke!"

Digital ID World, The Identity Of Things

Just walked into the a.m. session, Cory is talking about use cases for RFID and the identity of things: "Is there transfat in this 'I Can't Believe It's Not Veal?'" Copyright implications of owning the database, owning the relationship. Discusses W3C model for Auto ID Center, representations that copyright won't be enforced. Esther clarifies that libel laws, non-ownership oriented laws should continue to apply.

On to privacy considerations. Cory: EZ Pass logging as example, you need the ability to turn these things off. People use copper mesh bags to temporarily deactivate them. Would like to see the ability to kill the RFID or convert it to a private address base, so that basically you can't discover that it exists or what it corresponds to unless you're the purchaser or someone authorized by the purchaser.

Esther: problems won't be with RFID per se or the members of the Auto ID Center (MIT). It's with those developing products like this on the periphery and the potential misuses of the data.

RFID usage and registries need to control and protect access. You may want to know immediately if your child's car seat has been recalled, but don't want others to know about the adult videos you rent.

Audience question triggers response from Cory about the "race for the bottom:" What countries are most prone to using RFID for social control? Scandanavian countries, not good. Esther adds US and Burma.

Phil Becker asks about unintended consequences of the creation of this data. Can rights management technology assign policies at the collection point so that its usage going forward is constrained? Yes, this could work. There's no protocol yet from the Auto ID Center. All things could have rights associated with them, the question is what's a practical way to assert those policies and profiles, and the ability to make those rights flexible over time. Need to pay attention to rights transfers accompanying the transfer of an object. Cory: Wal-Mart, pay-on-scan, they have an enormous amount of market power that allows Wal-Mart to control all the data to the end point. Privacy is about power. I can't compel the IRS to take my data in my DRM wrapper. DRM doesn't stop the person on the other side from passing along your information verbally. Cory's sure there's a notation in the Apple database somewhere that he can do nothing about that says, "This guy's a giant, high-octane pain in the ass who breaks six PowerBooks a year." His tech support calls get answered, "Oh, it's you." Every draconian EULA contains language that specifies the licensor can "come on over, wear your underwear, clean out your fridge, and make long distance calls," and there's nothing you can do about it. Esther asks why Cory just doesn't toss his Mac and buy a PC; he's been tempted. There's a difference between the ability to throw something you own out and the ability to control it.

Cory, interesting use case is smart furniture. Would be great to be able to throw things under the bed, then ask the bed what's under it. Smart closets: "You are a sysadmin, today you will wear a black t-shirt. You are a sysadmin, tomorrow you will wear a black t-shirt." Esther: "I also leave clothes in cabs..." [Good laugh]

Esther, wrapping up. It's about power, who can instruct the technology to do what. For the user, there's this tradeoff between convenience and control. The default is something that seems to make sense as long as the user can change it as he becomes more familiar with the system and its implications. Transparency is key: people will be comfortable with risks as long as they know what they are. System must be both precise and understandable.

Today's New Blawg

Crawford Kilian writes Legal Technicalities in conjunction with the course on Communications for the Legal Secretary (CMNS 159) at Capilano College in Vancouver. [Via]

Top Level Digital IDs

Fritz Schranck elaborates visually on a recent legal development, offering an unusually robust example of Digital Identity. [Via Howard Bashman]

Thursday, October 16, 2003

Great Day, G'Night

Some quick hits to wrap up the day:

Dave Fishel notes that Digital ID World sounds like the co-anchor-tenant of a suburban shopping mall.

Ernie and Buzz are off to PopTech! Safe travels, have fun, looking forward to your thoughts from Camden.

For my part, I'm overwhelmed by the brilliance, wit, fun, intensity, and diversity of perspective offered by the group here at Digital ID World. (Not to mention the gorgeous Colorado weather. TextAmerica emailed that last night's sunset picture got posted to its Look Outside! blog, and tonight's wasn't too shabby either.) Just try spending a few days in the company of Bryan Field-Elliot, Phil Windley, Elliot Noss, Marc Canter, Andre Durand, Esther Dyson, Jon Udell, Cory Doctorow (who somehow found time to blog about tampon angels shortly after our panel wrapped up), Nat Torkington, Jeremy Allaire, Simon Phipps—and old friends AKMA, Doc, Eric, and Chris—and coming away uninspired. Then there are the people I can't as readily link because they haven't (yet) started a weblog, or I'm clueless if they have. Particular personal highlights include:

Peter Biddle's Baby Naming Rules

  • Before settling on a name, be sure you're comfortable shouting the whole thing at full volume in front of the neighbors and other crowds. (I take it this involves live testing.)
  • First name, last name, different syllables. (E.g. Co'-ry Doc'-to-row; yes, Peter's parents broke the rule.)
  • If it can be shortened, just go with the shortened version.

Given Peter's proven prognostical powers, I'm not inclined to deviate from these principles...

Straight From The Cow's Mouth

Tucows is, among other things, an enormous domain name registrar. And what does its CEO Elliot Noss emphasize and preach, preach, preach to his resellers (including Scott Galvin, who went above and beyond as my personal DNS doctor)? The importance of the user experience, straightforward language and interfaces. Long story short, all my formerly parked and elsewhere registered B&B domains now work:,, With or without www. No need to update links, the Blog*Spot URI continues to work just fine. (I'm guessing Jerry Lawson will approve as better late than never?) Look for intelligently user-focused services from Tucows, they GET that this stuff is not as straightforward as it ought to be.

(Psst: if you blogged the DRM panel today, let me know; a coveted link from the B&B About page is just yours for the taking.)

Today's New Blawg

Wilde news! Ernie Miller of LawMeme and Yale's Information Society Project is editor -in- chief of a brand new blawg. [Via Donna Wentworth]

Client Eye For The Law Guy

(Ok, I'll stop recycling permutations of that title soon, but for now I'm still enamored of it as a metaphor for setting someone "straight.")

Elliot Noss, CEO of Tucows, doesn't want his babies to grow up to be lawyers: "Lawyers are trained to find problems where none existed before ie to create systems that support more lawyers." Elliot grants this effect may not be intentional, but an example of "the invisible hand at its best." When we chatted last night, I told Elliot I thought what he was describing was a function of the kind of society we have established, where people don't always go for the automatic weapons when they've had enough of each another. Lawyers aren't completely irrelevant to the creative process either. But as Elliot also points out, we're pretty good at rationalizing our existence. The real point of my mentioning it here is to share Elliot's valuable client-side perspective and critique with my fellow parasites.

In somewhat similar vein, Jack Cliente adds his two cents to David Giacalone's farewell post: "Don't send e-flowers to honor ethicalEsq?, but actively work for the consumer of legal services both out in the real world, and through the power of weblogs ... "

Wednesday, October 15, 2003

Law Is Free

The Metropolitan News-Enterprise: "All appellate opinions published in California since it became a state in 1850 are now available online without charge at the state courts' website, the state Supreme Court announced yesterday."

Digital ID World, Grassroots Identity, Does It Have A Chance?

AKMA, Simon Grice, Doc Searls, Marc Canter, Simon Phipps

Simon Grice, CEO, Midentity: examples of grassroots nondigital identities include t-shirts, haircuts, tattoos ("Be Yourself" barcode), vanity plates. Examples of grassroots digital identities include personal email domains, mobile phone ring tones (staggering amounts spent on this). Examples of issued identities: passwords, drivers licenses, credit cards. Grassroots identity is created by the person whose identity it is. Why should enterprise be interested in grassroots identity?

Simon Phipps: privacy is a negative thing from a business standpoint, describes what you can't do. "No digital ID is an island; do not ask for whom the legislation tolls, it tolls for you." More and more, people are considering their identities a personal issue.

Marc Canter: there's a personalization feature that only 3% of AOL users use, because it sucks. Enterprise tech is now making its way to the home. Employees of an enterprise go home, have a life at home, and bring their WiFi, etc. with them.

Doc: I get the feeling sometimes at this conference that we're talking about farming at a convention for paving contractors. Do the pavers recognize the need for farming?

Audience member comments that it's a question of markets. Thinks there's room for farming if the farming is profitable. eBay.

Simon Phipps: eBay is a silo. Ringtones are another example, and they're about to do some nasty things to us. They're not designed to protect the user, but to suck the user in for other purposes.

Esther Dyson: I think we shouldn't confuse an identity with a social network. There's a great power to social networks if your goal is sales. But trust may be inversely proportional to linkage. You may be a great eBay seller, but a lousy babysitter. You may be a great date, but ... [laughs]. It would be a useful social indicator to compare, on a Friendster or other social network, the people who say they're your friends rather than the people YOU think are your friends.

Simon Phipps: Agrees, you can federate identity but you can't federate trust.

Cory Doctorow: Cory is skeptical that individuals can ever have the market power to get entities to except their data in a DRM wrapper that they control. It's much more likely to work the other way.

Doc switches metaphors: we have a lot of dormant seeds out there. People won't care about having a grassroots digital identity until they find they can do something really cool with it.

Simon Grice, Marc Canter, Doc: Notion of selling your personal attributes to the highest bidder, we learned this didn't work. Instead, the models where you don't compromise the data that's yours will succeed. Doc thinks we have to sell relationships, or, as Esther puts it, attention. Right now, because relationships are isolated and structured, they don't work together. Coming up with one or two systems that allows that to happen will be the beginning of grassroots digital identity.

One of the things we're missing is a way to extend our identity in a contextual way into the digital environment. Marc Canter, yes, the essence of ID is context.

Doc, proxying for Andre Durand: there is something inherently sovereign about our own identities. What we're talking about is having more power to enter into market relationships and bring our own value to them.

Simon Phipps: online, we have secrets and public information. There's nothing in between. We're lacking a way to specify what you can do with semi-public information. We need a way to specify contexts and permissions for all information that is public or potentially public.

Doc, now proxying for David Sifry: email is a start to this. There are a series of social conventions around email.

Marc Canter can be bought. Objected in principle to supermarket reward cards, but a couple of $1 Thanksgiving turkeys put a quick end to that. He now guesses he's saved a couple of thousand dollars, and if they think they're getting value from his shopping habits, God bless them.

Doc: the whole concept of grassroots is relationships that begin somewhere and go somewhere. You lose this when all kinds of technical rules are imposed from the top.

Simon Phipps: the speed camera gives you a ticket when you're speeding your wife to the delivery room; the motorcycle cop gives you an escort.

Marc Canter: the things that a human values very often have nothing to do with lining anyone's pockets. I want to keep track of my music, manage my RSS feeds, interact with my friends, etc. I'm building my meme. If along the way someone can make a buck, I don't mind.

Simon Phipps: Unfortunately that view is unpopular with my CEO. [Laughs] Disclosure of the action, respecting and involving the person in the transaction, not engaging in subterfuge about what you're doing with your database, is key.

Simon Grice: whatever these applications are, they need to be incredibly simple. If I start having to use a number of different systems, I won't.

AKMA: if you think of digital ID as just a wallet, you're going to hit resistance. Must put the people first.

Doc: the consumers-as-plankton mindset, who just absorb whatever is cast to them, is done. Networked customers are much smarter than the typically envisioned "consumer." In a transaction based economy, the customer gets screwed. In a relationship based economy, this doesn't happen.

Marc Canter: some proof of this is how SMS routes around the Hollywood marketing machine for movies that stink. The message gets out from the opening screenings in a very rapid way

Digital ID World, Trusted Computing, Foundation of Identity

Eric Norlin, Peter Biddle, Steven Sprague (and guest appearance by Cory Doctorow)

Peter Biddle: Perimeter security no longer works. Enterprises are porous. Laptops disappear. CEOs use phones to do transactions with no proxy security, no WEP. Full access to email, databases, decisionmaking processes can be picked up on the table at Starbucks. Microsoft's response (Trusted Computing, NGSCB) is contextual: a user with specific needs when using a specific device.

Steven Sprague, Wave: Works on how to manage and deploy strong authentication in a simple manner. This is very powerful, inexpensive technology for anyone involved in enterprise security (and there are some widespread misperceptions about it). Right person walks up to the door, door opens, preferably automatically. Wrong person, preferably he's electrocuted.

Cory took the mike to describe the EFF's mixed feelings about Trusted Computing. You'll never find a better friend of crypto than the EFF. The EFF's problem with Trusted Computing is to secure the computer against its owner. When you take away the ability to control your own computer, you open the door to anticompetitive activity that harms not only individuals but enterprises. We see things like forced downgrades (iTunes, reduction of features), IP litigation issues (NGSCB under fire for patent violation). EFF's solution is Owner Override (telling beneficial lies, in the tradition of Samba), but it loses us certain things like DRM.

Question to Peter: is the charge correct? In the gains v. losses calculus, the gains of Trusted Computing from an overall policy basis win out. The EFF's paper is fair, but it's wrong. On a system that has owner override, you have the ability to lie in a way that makes it impossible to detect the difference between lies and truth. So why would you trust an attestation if you know there's no guaranty of reliability?

Steven: Preexisting trusted relationships (your mom) vs. anonymity. If you wanted to reinforce the strength of software attestations, you could. Today, the ability to ensure purely virtual relationships that are not 100% fraudulent does not exist. There is a strong societal demand for better and context specific control over what and who goes where.

Peter: points out that we engage in cultural imperialism when we think we can build technology that takes into account globally applicable copynorms.

Cory: but you also shouldn't build software that takes away the public's copyrights, fair use rights, first sale rights, by default.

Steven: the consumer has done an excellent job of voting with his or her feet on this sort of thing.


Digital ID World, Digital Identity Primer

Phil Windley

Phil's useful talk focused on explaining the emerging standards for identity infrastructure, using examples like booking a flight and concurrently renting a car online, or setting up an ecommerce site online that also has a credit card processing facility. The identity standards that will enable these kinds of arms length transactions involving customers and one or more companies are XML signatures, XML encryption, SAML and SPML.

The final standard Phil discussed is XACML, which is more suited for internal use, and really more of a programming language. Phil discussed how organizational policies are communicated from top down, usually beginning with a Word document that can either get discarded or not translated to code and operations that are uniformly deployed to a company's servers. "Policies are a nice exercise that keep CIOs fully employed." XACML strives to solve this problem. The translation need only be done once, and enables uniform updates in a streamlined manner.

"Federation" involves single sign-on between/across organizations (e.g., book a flight, rent a car), and encompasses issues beyond just the technological standards: policies, legal issues, etc. Sun was right: "The network is the computer." Some examples of the different kinds of efforts in this area include Liberty Alliance and Microsoft Passport (now built into .NET, and, in Phil's estimation, Microsoft's effort to dominate this area the way it has dominated the OS and business apps).

At this point, Cory Doctorow raised what may be the question of the conference: are these emerging standards all latent SCOs? Nobody is making representations about not suing over incorporation and re-use of the intellectual property involved in these standards. It makes sense to deal with these issues on the front end, rather than building infrastructure out of ideas that might be proprietary, or in any event claimed as proprietary further down the road. Cory: "We didn't build infrastructure out of GIFs [referring to the Unisys flap]; we're talking about building infrastructures out of XACML."


Phil's concluding thought: Security is something that happens when you have a good digital identity management strategy, but is not the focus.

The Hottest Spot North Of Havana

Adam at the SCOTUSBlog runs down today's grants of certiorari by the Supreme Court, and advises the Court will take on COPA:

Ashcroft v. ACLU, No. 03-218, reviews the constitutionality of the Child Online Protection Act ("COPA"). COPA proscribes the commercial use on the Internet of "any material that is harmful to minors." The case was remanded by Supreme Court in 2002 with instructions to consider the District Court's findings on issues other than the use of community standards to identify potentially harmful content. Upon rehearing, the Third Circuit reaffirmed its ruling that the Act is overbroad in violation of the First Amendment.

Links to the opinion under review and Washington Post coverage are there as well.

Greetings From Digital ID World

Great turnout, there are several hundred people here, in addition to this conference's hallmark ubiquitous WiFi and aggregator of real time coverage.

Phil Becker: greetings, housekeeping, conference overview

Some discussion by George Eberstadt, nTag: the conference is using these tags to help bring attendees together. By making the badge dynamic, you can start the conversation at a point more relevant than "How's the weather?" The tags will swap business card information; attendees who customized their tag information will get a personalized Web page with all the contact information they've been sent, in several downloadable formats.

The tags use a form of collaborative filtering/referral methodology as well. If you're talking to someone who has already talked to someone whose interests you share, your tag lets you know.

Phil Becker [FYI, I've decided Phil's linkable identity is a search that lists his Digital ID World articles]: Digital ID World is the Identity Conversation. The goal of the conference is to provide context, perspective, and background, bring together those from different backgrounds who don't normally share ideas.

Phil thinks identity is next organizing paradigm for computing of all kinds, that digital identity is extremely central to the story of what's happening right now. [Rolls clip from Sandra Bullock identity theft movie, The Net.] That movie was a decade ago now, people began to realize that the network becomes inherently hostile when you begin to connect everything. The network was built with a naively presumed trust that is not its natural state. The language that has developed speaks of quarantine: firewalls. Creating an island, safe from the hostile nature of the network. The last several years of doing this is what has focused the need for digital identity, so you don't lose the benefits of the network by walling everything off. Identity management = organizing data about identity so that it is where it should be, is not where it shouldn't. Today, identity management is concerned with infrastructure and administration, but ultimately, it's about the data. Management by identity = using identity to organize, manage, and secure computing processes. Will allow for networking of business and other human-related processes. Technology has now reached the point where networking across boundaries is possible, and soon that will become a requirement. Will promote and release productivity, because humans are networking animals, and build and use computers to solve the problems in front of them. People control things bigger than themselves through human networks: family, tribal, school—any long-term human relationship. Management by identity is coming into being because people want their tools to work the way they work. It doesn't, because it lacks the dynamic organization that humans do naturally.

Networks require trust to fully release their power, this is why networks result from long-term human relationships. Trust is not instantaneous, cannot be bought or created, can only be granted. Transparency is one of the surest past to trust. Secrecy at any point makes trust more difficult to achieve. This is part of what makes computing in general intimidating. The current way we've built computing infrastructure is a limitation on where we need to go to make the tools work like we do in managing identity and trust. Reorganizing computing around identity is the solution. Security is one obvious benefit, but is just the beginning. The real key is the collaboration this also will enable. The Web browser taught people about the discovery and networking of documents in real time. This was the revelation that drove the first Internet boom (there will be many more). Web services are being designed to deliver the same kind of dynamic discovery and networking at the application and data levels. There's no way to do this except to manage by identity.

Federated identity is the first step. Integrates "silos" of identity into "networks" of identity. Seeks to allow integration of identity usage without requiring the integration of identity management, administration, or the identities themselves. This is a big part of what people at this conference are trying to accomplished. Focused on the user, who just wants everything to work and be organized in the unique way they want. It's impossible to pre-define all the ways users will want data and applications to be integrated. Businesses need the ability to integrate on demand, once applications become building blocks. Identity-centric techniques are the only ones that can possibly accomplish this.

In the enterprise, the portal actually has no natural boundaries. Ideally, it presents information dynamically. The user's identity and needs, coupled with the policies of the owner of the applications and data are the only organizing factors. Portability and rights management go hand in hand.

The maze of regulatory compliance. New laws are focusing on creating accountability or assurance about who did what with which data when? Privacy obviously is key. Privacy is a negative attribute, it's about what you agree not to do with data you have gathered. Today, privacy largely is enforced by policy. It needs to be created structurally and architecturally to be trustworthy. Authentication = an enabling portion of the identity infrastructure, making it easy for the right person to get through the door, and impossible for the wrong person to do so.

Identity thus is the central thread that will enable security, control, manageability, and accountability in a fully distributed network. Who is sitting at the computer makes all the difference. It will be a long time before it's natural, flows, is easy. But the way to get there is through identity. This conference is about that conversation.

Today's New Blawg

Death by Committee is "a bunch of law students (and wannabes) speculating, pondering on, dissecting, and debating stuff [they] think is interesting." [Via Howard Bashman] The fall interview season for the last couple of years has seen lots of blawgy advice for law students; Committee member Barbara refreshingly turns the tables.

Tuesday, October 14, 2003

Smile, You're On Candid Court

While I'm running around with my camera phone here at Digital ID World (check the Carry-On over the next few days; so far, everyone's clothed), the Metropolitan News-Enterprise has this: "Presiding Judge Backtracks on New Camera Cell Phone Policy." The Los Angeles County Superior Court is concerned about phones being used to "surreptitiously photograph witnesses or jurors."

Monday, October 13, 2003

All Together Now

The Digital ID World conference aggregator appears to be up and running, and wouldn't you know it, things are getting metaphysical already: this collection of RSS feeds has an RSS feed.

Here's how you can submit your site.

Today's New Blawg

Sunday, October 12, 2003

It be too late to alter course, mateys...

High on the list of interesting folks I'm looking forward to meeting at Digital ID World 2003 next week is Cory Doctorow—not just because it will be great to panelize about digital rights management with him on Thursday, but because I'm determined to talk him into giving me his personalized tour of Disneyland the next time he's near Anaheim. I started Down and Out last week, and one thing is clear: Cory knows his Disney theme parks.

The book is a great read, slamming together with SLAC-like force a kitschy past and uncomfortably familiar future. It's particularly eerie to soak up the story's economic model (wherein personal capital, known as "whuffie," replaces legal tender as a basis for wealth and status), since it so clearly derives from developments prevalent on the present day Web. For further reading and fun, check out:

  • The Whuffie blog, co-authored with contributions by TPB, Esq. and friends.
  • Down and Out in the Magic Kingdom as reviewed by Kevin Marks.
  • Dave Green, "The currency of respect" (The Guardian, February 6, 2003).
  • The Guardian's Survival Guide 2003 (January 2, 2003): "Why do so many people do so much for free? What do people get out of it? Whuffie - that's what." (Accuracy-checking these predictions as we head into autumn is irresistible; many are right on.)
  • Space Fontain: An Incomplete Listing Of Typefaces Seen at Walt Disney World, Etc.
  • Slipping a Mickey: Hidden Mickeys of Disney. "In designing, constructing or adding the final touches to an attraction, Imagineers subtly 'hide' Mickey Mouse silhouettes in plain sight. Soon, it became a tradition, and as the word spread, Disney fans everywhere went on the search for Hidden Mickeys in Disney movies and theme parks."

Nesting Happens

And you know it has set in when on a sun-kissed southern California Sunday afternoon, thwarted by construction from doing anything about the baby's room, all you can focus on at a stretch is taking a toothbrush to every conceivably reachable bathroom surface.

Today's New Blawg

The Serious Law Student is a 1L at Columbia, and, reminiscent of Mutual of Omaha's Wild Kingdom, provides a front row seat to current Lexis and Westlaw mating rituals (among other things).

Creative Commons LicenseUnless otherwise expressly stated, all original material of whatever nature created by Denise M. Howell and included in the Bag and Baggage weblog and any related pages, including the weblog's archives, is licensed under a Creative Commons License.