DataTao

Andy Dale and the good folks at ooTao have been quietly driving the development of data sharing technologies based on XDI. This is one of the candidate Identity Commons technologies for permission-based sharing and synchronization of identity-related information.    (JSF)

What does this mean? Most of us have personal information stored all over the Internet, with no control over who can access it and what they are allowed to do with it. The privacy implications are obvious, but issues of control go beyond privacy. I may want 15 different organizations to have access to my email address, but I don’t want to have to contact each of those organizations separately every time my email address changes.    (JSG)

The knee-jerk reaction to the latter problem has been to create centralized repositories of identity data, and to persuade people to store all their data there. That approach has no long-term future.    (JSH)

We need a distributed system that gives individuals granular control over their digital identities. That’s the long-term vision of Identity Commons, and the technologies that will make this all possible are slowly coming into fruition.    (JSI)

Andy recently announced plans for DataTao, an “interoperable data hub for user controlled data.” As a service, I think DataTao will be tremendously compelling. A natural first application will be a distributed Plaxo-killer. You’ll be able to keep your contact information wherever it already is — even across multiple sites — and to grant permission to people to synchronize with that data. In other words, Andy or anyone else will be able to get my latest contact information without having to subscribe to some centralized repository, assuming I’ve given them permission. More importantly, I can take that permission away.    (JSJ)

On a technical level, what’s interesting about ooTao’s announcement is that the service is not wed to i-names. It will work with a variety of identity protocols, from OpenID to LID. On the other hand, the system will use XDI. I’ve expressed concerns, both privately and publically, over whether XDI is the best architecture for the kind of data sharing we need. The proof will be in the pudding; it will be great to see a real service built on top of XDI in action.    (JSK)

BAR Camp 2005 Redux

Thoughts on BAR Camp. Yeah, yeah, a little late, I know. Less late than the rest of my Wikimania notes, though.    (JQX)

Many Hats    (JQY)

The most bizarre experience for me at BAR Camp was the number of people I knew from different worlds. My brain was constantly context-switching. It made me painfully aware of the number of different hats I wear, all in the name of Blue Oxen Associates.    (JQZ)

  • Purple Numbers guy.    (JR0)
  • Wiki geek.    (JR1)
  • Identity Commons contributor.    (JR2)
  • Doug Engelbart translator.    (JR3)
  • Usability guy!!! Obviously because of the sprints I’ve organized, but awkward for me, since I have no actual background in usability.    (JR4)
  • Pattern Language hat. I’ve been doing the collaboration Pattern Language dog-and-pony show the past few months, and some folks who’ve heard me speak on the subject were there. I’ll be doing a lot more of it too, so stay tuned. Patterns are damn important, useful, and interesting.    (JR5)
  • Facilitation / event organizer hat.    (JR6)
  • Nonprofit hat. The lack of nonprofit contingent was disappointing, but I had a good conversation with Ho John Lee, who’s done some great work in that space. (We were also both wearing our Korean hats, along with Min Jung Kim, a rarity at events like these.) I also met Phil Klein, a nonprofit guy who also participated in our usability sprint the following week.    (JR7)
  • Ex-DDJ hat. Some fogies, young and old, remembered me from my magazine days.    (JR8)

All this was testament both to my ADD and to the job Chris Messina, Andy Smith, and the other organizers did in only one week. Three hundred people walked through the doors over the weekend. Amazing.    (JR9)

Talks    (JRA)

The best part of the event was strengthening familiar ties and building new ones. I met lots of great people, including folks I’d only known on the ‘net. I wasn’t blown away by the talks for the most part, but some stood out.    (JRB)

  • Ka-Ping Yee did two talks, one on voting methods and another on phishing. Sadly, I only caught the tail end of the latter, but the Wiki page is fairly complete. I’ve never seen Ping do anything that I didn’t find interesting or, in many cases, profound, and these talks were no exception. (I’ll have more to say on Ping’s latest work in a later blog post.)    (JRC)
  • Xiong Changnian presented some interesting quantitative analysis of the Wikipedia community. I didn’t have as much of an opportunity to talk with Xiong as I’d like, but for those of you who have interacted with him, try not to be turned off by his bluster. He’s doing some good work, and he seems to mean well.    (JRD)
  • Rashmi Sinha and I did a roundtable on Open Source usability on the first night. Afterwards, we both agreed that we didn’t learn much new, but simply having the conversation and especially listening to a new audience was valuable. One unintended outcome: A participant (who shall remain nameless, but not unlinked!) complained about Socialtext‘s usability, which I dutifully reported on the Wiki. Adina Levin and Ross Mayfield quickly responded, saying they’re looking to hire a usability person. If you’re in the market, let them know.    (JRE)

I was so busy chatting with people, I also ended up missing a bunch of good talks: Rashmi’s tagging session, Rowan Nairn on structured data for the masses, and Tom Conrad‘s Pandora talk, which seemed to generate the most buzz at the camp.    (JRF)

Throwing Great Events    (JRG)

I toyed with the idea of doing a techie session, but in the end, the talk I should have done was one on patterns and throwing great events. BAR Camp was great, and as with all great collaborative events, there were some common patterns:    (JRH)

  • Food. One of the most critical and, amazingly, most overlooked element in an event. Lots of credit goes to Kitt Hodsden, who made sure there were enough snacks to feed a small country, and the sponsors, who kept the beer flowing and underwrote the party on Saturday night.    (JRI)
  • Introduce Yourself. The organizers borrowed the FOO Camp tradition of saying your name and three words to describe yourself, and they did it each day.    (JRJ)
  • Shared Display and Report Out. Folks did a great job of documenting on the Wiki and on their blogs and Flickr. BAR Camp owned the foobar Flickr fight.    (JRK)
  • Backchannel. I’m not a big fan of IRC at face-to-face events, and there were definitely times when I thought it detracted from the face-to-face interactions. But, it was there, and it was useful. It wasn’t logged, though.    (JRL)
  • Permission To Participate. Lots of Open Space techniques were present — again, borrowed from FOO Camp — like the butcher paper for scheduling sessions. Lots of this was also cultural, though. I think this is the hardest thing for folks who do not live in the Silicon Valley to get — the spirit of sharing that comes so naturally to folks here.    (JRM)

I’d do two things differently at the next event:    (JRN)

  • Incorporate a ritual for new attendees to make them feel welcome and to avoid clique-formation.    (JRO)
  • Add slightly more structure. Now that the organizers have done it once, they can use it as a template for the next event — for example, publishing the time slots ahead of time, and actually enforcing them, at least as far as room usage is concerned. Also, I like scheduled Report Out sessions.    (JRP)

In the postmortem, we talked a bit about what BAR Camp is supposed to be, and I really liked how Chris positioned it: As a model for organizing grassroots, free (or very cheap) alternatives to more expensive gatherings. I’m toying with the idea of incorporating BAR Camp-style alternatives to complement some non-free events I’m organizing.    (JRQ)

Free Identity!

A suggestion for Jimmy Wales‘s list of things that need to be free: Free identity!    (JNG)

“Free” in this case has a different meaning than it does than it does with the other items on Jimbo’s list. We need to free our digital identities from the organizational silos that currently collect and control information about ourselves. I am not suggesting that all digital identities fall under an open content license; I’m saying that the individual should have the ability to decide who has access to his or her digital identity and what they’re allowed to do with it.    (JNH)

Why is this important? Privacy is the obvious and most important reason. A secondary reason is that free, or at least mobile identities are a prerequisite for Jimbo’s tenth item: Free communities! It’s not enough to be able to migrate content from one community to another if you can’t also migrate people’s identities as well.    (JNI)

How can we free identities? Technically, it’s not that’s hard, and there are already several proposed specs and implementations, all of which support some notion of Single Sign-On and profile sharing with individual control. Personally, I’m partial to the Identity Commons approach with i-names, where identifiers are globally resolvable, information is distributed, and the notion of contracts built into the data structure. In the end, it doesn’t matter. What matters is that we agree on an interoperable technical specification for identity. Fortunately, many of the folks in this space are already working on collaborating, thanks to the efforts of Owen Davis, Kim Cameron, Paul Trevithick, Doc Searls, and many others. These people have taken to calling themselves the “Identity Gang.”    (JNJ)

The social questions are the hard ones. What does it really mean to control our identities? What should the social and legal agreements between individuals and organizations look like? If I give my business card to someone, what’s the implicit contract associated with this action, and what would it mean to make that contract explicit?    (JNK)

These questions are hard, but they’re solvable. Unfortunately, we’re not devoting much energy towards these issues right now. Perhaps a more public exhortation for freeing identities will lead to an effort to address these social questions that equals the current effort to solve the technical ones.    (JNL)

WikiMania Hackfest Day 4

Bits and tids:    (JM7)

  • I didn’t plan my Hacking Days schedule very well. I missed most of the first day, when the Mediawiki developers apparently made progress on a new metadata design. Days 2 and 3, from which I based most of my criticism, focused on servers and reliability, an area to which I really couldn’t contribute, not because I’m ignorant, but because I’m powerless. This morning, they discussed Single Sign-On and usability, two areas that I do know something about. Sadly, I missed these sessions, because I was too busy spouting on and on about how we really can save the world. Owen Davis, Fen Labalme, Kaliya Hamlin, and the rest of the gang will undoubtedly kick my butt when they read this. In my defense, I managed to talk a bit about Identity Commons later in the day. I also plugged the FLOSS Usability Sprint, and met Zeno Gantner, who’s done some usability studies on Mediawiki.    (JM8)
  • I was one of the featured participants for the afternoon “Wiki developers informal discussion,” along with Ward Cunningham, Sven Dowideit, Christophe Ducamp, and Brion Vibber. Domas Mituzas, Wikimedia Foundation‘s head of operations, asked Ward, “Why Camel Case?” I won’t go into the explanation here — I have a long interview with Ward, to be published eventually, that explains this in detail — but you should know that hating Camel Case is a running joke among this community. I laughed along with everyone else, but when Sven mentioned his desire to remove Camel Case from TWiki, I felt compelled to pipe up. I gave a balanced defense, describing Camel Case’s advantages over free links, but also acknowledging the appropriateness of free links in Wikipedia. Then I got a very amusing introduction to Erik Moeller, one of Mediawiki‘s core contributors and the Wikimedia Foundation‘s chief research officer. Erik had a strongly worded response. It got a bit heated, but never overly so, and I closed by saying that we were in violent agreement. We laughed about it over dinner, but then we got serious again. We also talked about Purple Numbers. I’ve explained many times why I may seem like a poor evangelist, but I think Erik was one of the few people who appreciated my perspective. He was clearly not a big fan of Purple Numbers — as it turns out, he was somewhat familiar with my work — but after hearing my explanation, he responded, “Only intelligent people are going to understand what you just said.” Fair enough. Fortunately, regular folks don’t need to get Granular Addressability for Granular Addressability to become ubiquitous.    (JM9)
  • A group of us broke out into a small group to discuss a Wiki Interchange Format, knowing full well that this is an issue that’s been discussed many times before (Wiki:WikiInterchangeFormat, MeatBall:WikiInterchangeFormat). Nevertheless, I think our discussion was not only constructive, it has a high chance of succeeding. See my summary.    (JMA)
  • Magnus Manske, the original creator of Mediawiki, participated in our Wiki Interchange Format discussion. He also mentioned a clever idea: a “shopping cart” where people could aggregate and possibly export Wiki pages they were interested in.    (JMB)
  • Sven Dowideit demonstrated the prototype WYSIWYG editor for TWiki, based on Kupu. He also showed a WikiText editor with real-time preview, which was pretty slick. Also, Ross Mayfield showed me a prototype editor for KWiki in response to my previous post. Very good to see these things.    (JMC)
  • So many people have come to this gathering to learn from others with different experiences. Granted, all of these experiences center around Wikipedia, but I’m still envious. My neverending quest is for folks interested in collaboration to look beyond their own narrow domains for deeper insights.    (JMD)

yet another distributed identity system (yadis)

Spotted on the blosxom mailing list: yadis stands for “yet another distributed identity system” and is the brainchild of Brad Fitzpatrick, lead developer of Live Journal. It’s simple and clever, and at minimum, it’s going to force others to state clearly why their more complicated systems are better. Here’s my first take.    (IPO)

Not surprisingly, the yadis spec is very similar to the Identity Commons single sign-on protocol (which will eventually be replaced by a SAML profile), except instead of XRIs and XDI, yadis uses URIs and FOAF. With Identity Commons, you log in with an i-name, which is a valid XRI. That XRI gets resolved, then points to your identity broker (what folks in the SAML world call an “identity provider”). With yadis, you log in with a URI (likely your blog URI, sans the protocol prefix). The application queries the URI for a FOAF file that contains the URI to your identity provider. The backchannel authentication is almost identical for both systems.    (IPP)

yadis is compelling because it’s simple and highly bootstrapped. You need very little additional infrastructure to get it working. Identity Commons relies on a global XRI infrastructure that is barely in its infancy, and it uses XDI for data sharing, which doesn’t even exist as a draft spec yet. (It’s far from vaporware, though, as some docs and code do exist.)    (IPQ)

Why the complexity? Is it just that =eekim seems more aesthetically pleasing as a username than eekim.com/blog/? Absolutely not.    (IPR)

The yadis doc says:    (IPS)

This is not a trust system. Trust requires identity first.    (IPT)

The i-name infrastructure addresses both the identity problem and the trust problem.    (IPU)

First, i-names are designed to be long-lived, whereas URIs are not. What happens when you get married, you change your name, and you decide to get a new domain name to reflect that? Will the new URI work with all your old accounts, or will you have to change them manually? Or, what do all the folks without a personal web site or blog (and no desire for either) use?    (IPV)

Second, XDI is designed with data contracts in mind. You can attach contracts to any piece of your profile data, and you can have different contracts for every entity with whom you deal. This is the biggest problem with FOAF.    (IPW)

That said, I think yadis is a very important development for two reasons. First, it may be an excellent intermediate step to i-name adoption. In other words, it solves an immediate problem easily, then has a natural evolution path to i-names once (or if) its inadequacies become a problem. Second, it’s a great reality check for the techies in the Identity Commons community. We still don’t have clear explanations of i-names or XDI, and the adoption path is still too high. I don’t think there are easy answers to these problems, but it’s important that we remain focused on these issues.    (IPX)

Finally, there’s a very good technical observation in the docs that is worth noting: SAML is not Ajax-friendly.    (IPY)