Stream of Consciousness

I have fought software patents for years, and am equally appalled at the creeping (creepy?) unlimited enforcement of copyright. Staford law professor Lawrence Lessig recently had this to say:

Tuesday sharpened the definition of the ongoing legal struggle to satisfy both proprietary and open source advocates through equitable intellectual property regulations. “Contrary to what many people see as a cultural war between conservative business types and liberal independents, this is not a ‘commerce versus anything’ conflict. It’s about powerful (business) interests and if they can stop new innovators,” Lessig said. [NewsForge | Lessig: IP protection a business, not cultural, battleground]

We’re trying out new ways of saying what we do. Here’s one I sent a friend this evening…

The gist of what we’re up to involves returning control over people’s identities to the rightful owners - the people themselves. Today, many corporations each own bits and pieces of one’s identity, and buy, sell and trade this information for their profit. A huge additional expense is incurred by each of these corps in trying to keep the data accurate and up-to-date, such as when people move, etc. If the person owned the data about themselves, they could (of course) keep it up to date and loan or rent out portions of it to corps when needed, such as for a financial transaction or when they’re in the market for some goods or services. Such an operation (in the Identity Commons) is governed by an electronic “link contract” that explicitly defines the terms of use (from the person to the company - not the other way around, as has become all too common). Actually, this becomes a win for all parties, as companies get better data at lower cost and people have control over who can do what with each piece of their personal profile.

And of course, all our software is free and open source.

At the Identity Commons we’re building a persistent global and/or local identity infrastructure using the OASIS standard for Extensible Resource Identifiers (XRI). Coupled with XRI Data Interchange (XDI) and the powerful link contract mechanism, we are building a system for personal profile control and interchange that rivals FOAF (though once again I have to make the disclaimer that I am no FOAF expert).

Given the tremendous popularity of FOAF, we’ll have to “embrace and extend” FOAF with XDI. The biggest problem with FOAF is that profile sharing is done on a FOAF-file level of granularity, so I’d actually have to have multiple FOAF files if I wanted to share different information with different entities. Storing all the FOAF info in a database and dynamically creating a specialized (WRT the requester) FOAF file is one way to get around this limitation. But even then, the requester now has a copy of the file unencumbered by (e.g.) XDI link contracts that could prevent him/her from passing it on or otherwise using it in manners originally unintended.

As I continue to work with Identity Commons, a colleague just pointed me to SharedId which is

… an authentication service that allows web users to share their personal information in a controlled manner with their favorite websites. SharedID is built on the open standards RSS, RDF and FOAF. [sharedid.com]

While this sounds promising, unfortunately SharedId is exactly the wrong thing. First off, it’s centralized (ug) - all authentications go through the SharedId site (another hideout for Big Brother?). Further, and this is a problem with FOAF in general, profile sharing is at FOAF-file granularity, which means all my info, friends, etc. in my FOAF file will get shared once the cantralized authentication happens. I’ve heard some of the FOAFsters talking about how one might have several FOAF files, but then you’ve got data replication problems.

But this points to an important issue: since FOAF has such a large and growing user base, it will be essential that we have a FOAF-to-XDI translation service with default sharing contracts placed on fields that can, of course, be manually tweaked via a GUI.

(XDI, or XRI Data Interchange, and XRI, or Extensible Resource Identifiers are new OASIS standards. You can find out more at oasis-open.org or at the public wiki at xrixdi.idcommons.net)