I recently attended the Internet Identity Workshop. An event organised by members of the Identity Commons, which bring together decentralised identity evangelists hence their creation of these sessions in a number of locations around the world. My knowledge of this subject is limited at best but I am very interested in learning more because I agree wholeheartedly with the principles and desires of this group. It is worth noting I was a little apprehensive about attending this conference due to my previously mentioned lack of knowledge, which lead to a bit of late night revision prior to attendance.
The day began with me trying to find my way to the venue (Macmillan Hall in the University of London) from my hotel (the Radisson Grafton). Even though it was only a mile from the hotel and I was equipped with a GPS enabled iPhone it still took a lot of wandering around the University College of London (the college bit makes a big difference as it is the wrong location) before I found where I as meant to be. Once I finally found the University of London and Macmillan Hall I registered, gathered my credentials and headed in to the venue. The room for the event was marble clad with high ceilings. The room was dotted with carpeted panels to try and dampen sound reflections (they failed). The chairs were laid out in two concentric circles. I shuffled in, grabbed a drink, found a seat in the outer ring and opened my laptop. It is also worth noting I am awful at networking. I find it very difficult for some reason, to wander up to strangers, at an event that you have both paid money to attend so clearly have common ground to talk about, and introduce myself. Also the early arrivals at the conference were all middle aged males who looked like they spent a lot of time in front of computers. I realised I needn’t have worried about fitting in.
Things finally kicked off at 9.30 with organisers and facilitators for the day, Kaliya Hamlin (also known aptly as Identity Woman) and Heidi Nobantu Saul. Kaliya explained the reasons behind this meeting of minds (essentially make online identity better) and the format of the day, unconference. Heidi ran through the logistics of the day including the rules and expectations of the day e.g. If you are not learning or contributing feel free to fly between sessions like a butterfly and if someone mentions a TLA (three letter acronym) or something you don’t understand pause and ask them to explain.
There was then a series of intros where everyone in the room stood up and said a few sentences about themselves (always nerve wracking). Then came the session creation. A4 paper, coloured pens and anyone who wanted to create a session got writing. Upon completion we had 31 sessions covering all manner of ID related geekiness. Tech protocols/concepts such as WebID & DNSSSEC, privacy levels, tiered ID providers, European equivalents to NSTIC and finally ending up with digital death. Session slots were chosen, similar topics were merged and my own personal agenda became pretty evident.
Session 1 – Mydex Personal Datastore Announcement. One of the recurring themes of the day was around personal data stores. These are, in the words of Mydex.
‘Personal Data Stores are designed to restore to individuals control over the management and sharing of their personal data online.’
A key piece in the move to Vendor Relationship Management (VRM), Personal Datastores (PDS) provide a framework for users to store, manage and utilise their data rather than the multitude of companies that do so today. Mydex announced their pilot PDS. They have signed up a number of relying parties including councils (Croydon and Brent were mentioned), the DWP, Yougov etc. For a much richer description then why not listen to William Heath from Mydex tell you more about it. Very interesting looking service and I managed to have a few chats with the creators of it and they happened to mention that they had interest from a few banks. I wonder if Sheffield Council will be interested?
Session 2 – WEBID & DNSSEC. Thankfully two of the five sessions for this time slot got merged into one. Even more thankfully they were the ones I wanted to attend (in hindsight I may have been wrong). First up was Henry Story to talk about WebID (formerly known as the less snappy FOAF & SSL). Henry whizzed through a set of slides, that at normal pace I might have understood a bit more clearly. The basic principles (I think) behind WEBID are the concept of you have a specific URI for your ID which can be checked as part of the logon to services. The logon process is dealt with during the actual web page request using existing protocols HTTP and TLS. The other element involves the authorising site to request a WEBID certificate from the user. This very manual step in the demo kind of killed things for me and until we have active agents in browsers it will be unusable for most users. I really can see the potential in this tech (discoverability, federated nature of the ID) and I really liked the mention of using this built into crypto USB sticks for physical device logons. But work is required to make idiots like me understand and therefore use it.
I had struggled a bit with the first half of the session the second half just killed me. DNSSEC is, according to the idle mans research source ‘It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.’ I can see how this could help with some of the request steps of WEBID. Unfortunately the topic was presented with no slides or pretty pictures and such a complex and dry subject left me reaching for my laptop to see what else was going on.
Lunch = Chicken Massaman curry and a chat with some nice people from Vodafone R&D project, One Social Web. More on that in Session 4…
Session 3 – Project Nori Demonstration. Project Nori is an open source, open standards compliant personal data store. This gives users the ability to create their own datastores on their own servers. This hands control of your data back to you….assuming you are smart enough to set up your own datastore. Markus Sabadello, one of the creators of Nori, gave two demos of the technology. The first showing its potential as a datastore and how you would interact with services online. He used the example of ordering a Pizza. No need to fill out your address details when ordering online you click a button it goes to your PDS and returns the requested fields. I asked if this should be two way i.e. should I store my order history with the company on my PDS. In future when I interact with them I can show them what I have bought in the past and they could market to me accordingly (free garlic bread for you as you eat here every week). The current implementation does not deal with two way data passing but will do in the future. This conversation thread lead to a long discussion on data schemas required to store all the potential data (Mmm Pizza Data Schema) which it was widely agreed would require some standard schemas to be created.
The second demo showed Nori operating as a node in a federated social network. The example showed how it could be set up to send, receive and store messages as part of a Status.net (open source microblogging platform) federated install. Very cool geeky stuff. You can see both demos in action on the Project Nori site
Session 4 – One Social Web & W3C Social Web Proposal. Another 2 for 1 session comprising a demo of the Vodafone One Social Web (OSW) project and a discussion around the W3C proposals for the federated social web. The One Social Web project is looking to build a truly federated social network built on open standards (XMPP, Activitystreams, vCard etc.) and aiming to destroy the walled gardens of existing social networks. Daniel Applequist demonstrated the system by sending messages between multiple users who have their own OSW instances but on completely different servers. The demo while impressive to a geek like me also showed some of the flaws in this decentralised method in that one of the users Daniel tried to talk with could not receive a message because his server was down. Having said that, if it was a centralised system then had the one server been down no one could use the system. What all this means is that if you have friends on one social network they are no different to friends on another social network. You can talk to them in the same way, share things with them in the same way. The analogy given was the telephone lets you call anyone. Facebook users can’t share a tagged photo with Myspace users. The code is available now on Github if you care to run up your own instance of OSW.
‘…the Social Web should allow people to create networks of relationships across the entire Web, while giving people the ability to control their own privacy and data.’
Harry Halpin (the editor of the report and spit double of Jason Lee, see photo below) made a passionate plea for these open and federated technologies to shape the way existing social networks operate. As well as the report they have also created the first Social Web Acid Test (SWAT0). The test has just six seemingly simple steps:
1. With his phone, Dave takes a photo of Tantek and uploads it using a service
2. Dave tags the photo with Tantek
3. Tantek gets a notification on another service that he’s been tagged in a photo
4. Evan, who is subscribed to Dave, sees the photo on yet another service
5. Evan comments on the photo
6. David and Tantek receive notifications that Evan has commented on the photo
By about step 3 or 4 you would kill any of the main social services in play today. Elements of the technologies mentioned in the report are in play for some social networks e.g. Facebook utilise Activitystreams but true interoperability is a long way off. The purpose of the report is to try and get the W3C to standardise these building blocks in the same way that they have with things like Cascading Style Sheets (CSS). Harry mentioned that previous attempts by the W3C to build standards for this had been poor e.g. POWDER but he hoped protocols that had been built by others could prove more successful. For anyone interested in the future of the social web I highly recommend reading the report.
Session 5 – Personal Data Ecosystem. The last session of the day and it was back to a topic I knew little about before today, Personal DataStores, but by the end of it I knew a little bit more. Lead by conference organiser, Kaliya, it was more discussion based than the previous sessions I had attended which were more presentation based. The discussion revolved around the concept of the PDS and whether they can become a viable and well used device coupled with sustainable business models. Kaliya picked on me first asking how could banks use this type of technology? My personal opinion is that while banks will certainly be a major contributor to these data stores in the future today the regulatory issues around holding and transferring banking data would make early involvement very complex. David Alexander of Mydex explained some of the business models and benefits they are using to sell their system. Primarily the transfer of data storage and retrieval costs to the customer (or 3rd party data store handler) represented major savings costs for organisations. For banks I am pretty sure they would never be able to simply hand over all data to their customers and not store any for themselves so the savings would not be there. But I can certainly see lots of uses from a customer point of view.
I think the only way these datastores will take off is if major retailers such as Amazon get behind them. They must deliver new value to the users and they must present a more usable experience that what exists today i.e. remove incessant registration form filling. Please read Kaliya’s thoughts on Personal Data Stores and also keep an eye on the Personal Data Ecosystem site for more developments in this interesting space.
In conclusion, the day really exceeded my expectations, my initial trepidation at being completely out of my depth was misplaced as it turns out I know just enough about this subject to wing it. It was also not an issue because everyone there was very friendly and always willing to explain in more detail anything that was not clear. Only downside would be the room, as the marble walls (even with tasteful carpeted panels) and high ceilings meant that it was very noisy and sometimes difficult to follow conversations in your own session. I enjoyed the day and learnt a hell of a lot that I will have to spend quite some time trying to shuffle round in my head into something I can take forward. You could say I need a personal Internet identity workshop knowledge data store….Identity based humour is clearly the future.