Stream of Consciousness

Finally following up to a blog entry by John Beatty regarding a conversation he and I had back in June at Planetwork. I believe that John unintentionally mis-represented my comments when he wrote:

Fen also doesn’t really believe in the single, universal super-identifier that is being used in the e-names elevator pitch.

What I had said in our conversation was that I’m not a huge believer in the value of global e-names [sic] as the value of the network will be at the edges, and local i-names (the name we’re now using for these identifiers) will have as much or more value. E.g., I think it is more important that the people in my @idcommons*iname-hackers*bay-area*sunday-hikers community can know me as, simply, “fen” than someone I don’t know in some sub-community in China can reach me by typing in my global identifier “=fen“.

That said, I do think in the short term global i-names will be useful (as the infrastructure to handle searching and easy local community formation is not yet in place) and in the longer term, the vanity factor will be significant. Fact is, I plan to buy global i-names for my wife and son as I want the choice - and I know a good deal when I see it.

FOAF uses the mbox field as a primary key. Here’s a super-simple FOAF record:

<foaf:Person>
  <foaf:name>Fen Labalme</foaf:name>
  <foaf:mbox rdf:resource="mailto:fen@idcommons.net" />
  <foaf:nick >fen</foaf:nick>
  <foaf:workplacehomepage rdf:resource="http://fen.net/" />
  <foaf:depiction
    rdf:resource="http://www.fen.net/images/fen_200306_114x160.jpg" />
  <foaf:knows>
    <foaf:Person>
      <foaf:mbox rdf:resource="mailto:owen@idcommons.net" />
      <foaf:name>Owen Davis</foaf:name>
    </foaf:Person>
  </foaf:knows>
</foaf:Person>

Note that one thing being done to increase security is to us the SHA1 hash of the email address instead of the actual email address, so that connections can still be made without giving away a person’s actual email address. But this is only one level of indirection, as anyone who has a large address book (I have over 1000 mostly technology folk in my Solstice/Equinox list - I’m sure Marc Canter and Joi Ito have many more!) can easily map the SHA1 hashes to actual email addresses.

Other keys can be used by various aggregators and bots, but imagine if instead of putting all this data out publicly, the “mailto:” schema in the mbox field was replaced with “xri:” and pointed to an i-name, access to which was governed by a personal i-broker. This requires ZERO modification to the FOAF protocol while immediately offering the full capabilities of XRI/XDI, DataBrokers and Link Contracts (which, admittedly, doesn’t really exist except in theory, yet).

But it’s a compelling story!

Jaco Aizenman just wrote me via the Anonymity group of orkut asking for

any comments you may have on Virtual Rights and Virtual Identity.

Details on:
http://www.nephridium.org/virtualrights/

Virtual Rights:

1. To have a Virtual Identity
2. Not to have a Virtual Identity

The project looks fascinating, but I’m under such a deadline that I don’t have time to look at it much now, nor even read the paper. First thoughts: I think of one’s rights more like:

1. right to have access to profile data others keep e.g., bank, credit card, DMV, grocery club card, … (this step only needed until one gains control over their ID)
2. ability to assert control over usage of one’s profile (we’re building a mechanism to do this now using the new OASIS standards XRI and XDI
3. right to speak freely and without fear of retribution (via anonymous or pseudonymous nym)
4. ability to assert ownership (authenticated) over self-created pseudonymous data

There’s a lot more to say on this, but here are some links for further reading:

• http://www.planetwork.net/idcommons/ - good overview of what we’re up to
• http://xrixdi.idcommons.net/ - used by the OASIS technical committee. See especially the XdiGlossary and XdiUseCases
• http://wiki.idcommons.net/ - The ID Commons wiki. Check out the SSXDI project to see what we’re working on now
• http://www.openprivacy.org/ - old but still relevant

We’re trying out new ways of saying what we do. Here’s one I sent a friend this evening…

The gist of what we’re up to involves returning control over people’s identities to the rightful owners - the people themselves. Today, many corporations each own bits and pieces of one’s identity, and buy, sell and trade this information for their profit. A huge additional expense is incurred by each of these corps in trying to keep the data accurate and up-to-date, such as when people move, etc. If the person owned the data about themselves, they could (of course) keep it up to date and loan or rent out portions of it to corps when needed, such as for a financial transaction or when they’re in the market for some goods or services. Such an operation (in the Identity Commons) is governed by an electronic “link contract” that explicitly defines the terms of use (from the person to the company - not the other way around, as has become all too common). Actually, this becomes a win for all parties, as companies get better data at lower cost and people have control over who can do what with each piece of their personal profile.

And of course, all our software is free and open source.

At the Identity Commons we’re building a persistent global and/or local identity infrastructure using the OASIS standard for Extensible Resource Identifiers (XRI). Coupled with XRI Data Interchange (XDI) and the powerful link contract mechanism, we are building a system for personal profile control and interchange that rivals FOAF (though once again I have to make the disclaimer that I am no FOAF expert).

Given the tremendous popularity of FOAF, we’ll have to “embrace and extend” FOAF with XDI. The biggest problem with FOAF is that profile sharing is done on a FOAF-file level of granularity, so I’d actually have to have multiple FOAF files if I wanted to share different information with different entities. Storing all the FOAF info in a database and dynamically creating a specialized (WRT the requester) FOAF file is one way to get around this limitation. But even then, the requester now has a copy of the file unencumbered by (e.g.) XDI link contracts that could prevent him/her from passing it on or otherwise using it in manners originally unintended.

As I continue to work with Identity Commons, a colleague just pointed me to SharedId which is

… an authentication service that allows web users to share their personal information in a controlled manner with their favorite websites. SharedID is built on the open standards RSS, RDF and FOAF. [sharedid.com]

While this sounds promising, unfortunately SharedId is exactly the wrong thing. First off, it’s centralized (ug) - all authentications go through the SharedId site (another hideout for Big Brother?). Further, and this is a problem with FOAF in general, profile sharing is at FOAF-file granularity, which means all my info, friends, etc. in my FOAF file will get shared once the cantralized authentication happens. I’ve heard some of the FOAFsters talking about how one might have several FOAF files, but then you’ve got data replication problems.

But this points to an important issue: since FOAF has such a large and growing user base, it will be essential that we have a FOAF-to-XDI translation service with default sharing contracts placed on fields that can, of course, be manually tweaked via a GUI.

(XDI, or XRI Data Interchange, and XRI, or Extensible Resource Identifiers are new OASIS standards. You can find out more at oasis-open.org or at the public wiki at xrixdi.idcommons.net)

Finally signed on to Henri Poole’s excellent Affero service - check it out (and if you’re glad I sent you, let me know).

Lots going on, and there’s always so much more to do. I’ve been considering Kerberos using public key crypto for initial authorization for top-level ID brokers and SDSI/SPKI for managing local realms, but I’m still far from being an expert in these areas, and I feel I need to know so much more.

In between my research I’ve been getting out to play with Steven - we just took him to a baseball game (Giants won!) and he had a great time.

Just came back from a great three-day Identity Commons workshop in Sebastopol. Lots of great people, and five main projects were defined as essential to getting things rolling:

1. Marketing/Outreach
2. Open Source Technology
3. Fund raising/Revenue
4. Greenhouse/Project Interface
5. Legal/Org./Constitution

I’m heading up the technology project - gotta set the single sign-on distributed authentication / XRI-lite / profile access management all set up in three months. Sounds crazy, but for some reason I think it can be done.

Much more came together than I had expected, and now it’s up to Owen & Company to see if the big players are going to pony up the big $$.

Too wasted to write much more now - more soon!

In a recent blog posting, Joi Ito wrote:

You don’t care if my real name is Joi Ito or where I live exactly. As a blog reader, you probably care if it is the same blogger that has posted all of the other blog entries on this blog.

Precisely - for reputation to accrue and be trustable, all you need to know is that it is the same identity/actor as the last time. The ability to make and test such an assertion becomes increasingly important as reputations grow and become themselves a mechanism for choosing what to read, who to trust, etc. I continue to be amazed that the blogging community doesn’t seem to care about it enough to add a field to a newly proposed standard (e.g. Echo) to enable a signature on a post (more on this) though I hope I am wrong.

The identity framework I’m currently working on may not have any strong authentication (beyond names and passwords) in the initial release. However, the system will support the ability to sign and even encrypt messages, authenticate sources (e.g., assert “same as last time”), make secure introductions, and spawn anonymous child nyms that can, if desired, be later authenticated or left to build their own reputations as independent identities with the privacy-protected parent pulling the invisible strings.

BTW: I’ve always talked about an orthogonal set of identities to those very practical ones posited by Eric Hughes, namely: my family ID, my work ID, and the ID that I don’t tell the others about.

PS: this is my first attempt at at trackback…

In talking to colleagues about how one can market their data successfully and still remain in complete control of it, I see that there are areas that could use some clarification, or at least some use cases. Here are a couple of example areas designed to show how money can be made in an customer-centric Identity Commons profile economy.

Safeway

It’s a little known fact that when Safeway installed point-of-sale card readers in the 1980s that this move was funded by Nielsen (of TV ratings fame) who collected the purchasing information and sold reports and services back to Safeway based on this information - a brilliant win-win marketing move. Ditto the “Safeway Club Card.” Suffice to say, Safeway has collected scads of valuable purchasing information on its customers.

Now let’s say that I have a Safeway Club Card with no connected identity - all it carries with it is a unique number that is attached to all the purchases I have made. Let’s pretend that I use cash as payment so there is no connection to my credit card information either. Still, Safeway can now offer several new services:

Personalized Special Offers

Since Safeway knows the aggregate buying habits of its customers, it can work with suppliers to create special offers to people who match a particular consumption profile. For example, an offer for a special price on a new soft drink could be made to all people who buy a six-pack or more of soda a week. This offer could be presented on a personalized Safeway Web Page where the customer types in the number on their Club Card and transacted by swiping the card at the check-out stand. No coupons - great deals.

Purchase Authentication

Back in 1999, RJ Reynolds paid a marketing company the equivalent of $20 per head to reach smokers in New York City who smoked more than 2 packs a day. Rather than sending junk mail to all NYC residents, a smart e-broker could be used instead. An ad appears on my personal e-broker home page that says it will pay me $10 if I can prove that I buy two packs a day or more. If I bought two cartons a week from Safeway, I could enter their authorization page, and have it cryptographically sign a note authenticating that fact (which again, can be done without revealing my true identity, or even my Club Card number). Note that Safeway may charge me $1 for this service - a new revenue stream - but that’s OK, as I still clear $9. I supply this authentication to the e-broker which sends me the ad. It collects $12 per head from the marketing company (a 40% savings) of which $10 goes to me, and it’s a win-win-win-win.

Book Buying Agent

While Amazon can (and does!) deduce a lot from what I have bought and/or browsed on their site, they still do not know what books I buy from e.g. Barnes and Noble or other book stores, what magazines I subscribe to, what movies I watch, and other criteria that could be used to make better, more accurate book suggestions.

Imagine a book buying agent that accumulates the reading habits of its customers. Similar to the Safeway model described above, one can use a pseudonymous ID, and if one desires better security, onion-routed anonymous remailers can be used to protect the customer’s identity. When in use, such mechanisms promote good behavior on the part of the agent, as if it misuses the customer’s data in any way, she can simply stop receiving email from that particular pseudonymous ID, leaving the agent with data with no connection to a user.

Now the agent, with millions of customers can present aggregated anonymous data to book sellers and cut deals that are beneficial for all. Another win-win-win situation.

Lexus

Back in the latter years of the last millennium, I heard that it was worth $1200 to Lexus to have a qualified buyer step onto their showroom floor. Using blinded signature technology, one could present credentials that my net worth is over $100K, that I generally buy a new car every 2-3 years, and that it’s been 30 months since my last car purchase. Upon presenting such a credential, the Lexus dealership might pay me $500 cash to take a test drive - everyone wins!

For more on this form of “anonymous digital bearer instruments”, see e.g., Lucrative’s Perspective. More links with theory, etc. are here.

(These ideas are condensed from the Broadcatch CDML and Lumeria SuperProfile concepts.)

Thought for the day: The value of customer data is immense, and actually increases when in the hands of the customer.