Brad Feld on How to Deal with Email After a Long Vacation


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




brad-feldMy Newsle service spotted this post by Brad Feld about his recommended approach to dealing with missed email: ignore it and re-engage with your email stream afresh upon your return. I completely agree; that’s was the same conclusion I came to after my summer vacation in 2013. Brad ends his post by saying:
I’m always looking for other approaches to try on this, so totally game to hear if you have special magic ones.

This resonates with me because my focus right now is on how the XDI semantic data interchange protocol can give us a new form of messaging that we’ve never had before—something that gives us new and better ways of handling messages that either email or texting give us today. Stay tuned.

Standards, Monopolies, and the Quantified Self


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: As APIs proliferate, the opportunities for reuse don't multiply nearly as fast because their semantics don't neatly align. Standards could solve this problem, but they're too hard to be practical. We need another way. XDI is aiming to solve this problem in the long term. Rules are a practical answer to this problem today.

Yesterday Matt Asay had an article in ReadWriteWeb entitled Why The Quantified Self Needs A Monopoly. At least three different people brought it to my attention. Their reactions can be characterized as confusion and disbelief.

Matt identifies a problem: we have lots of ways of tracking our health and fitness data, but "no one is yet doing a great job of synthesizing them." Of course, this isn't just true of health and fitness data, it's true of nearly every connected device on the planet. They all feed data into their silo.

Matt's solution is what has people scratching their heads:

The first company to effectively bring together all this disparate data into one app is going to win. Yet it's an open question whether such a victory actually means defeat, given privacy concerns and the potential for abuse of such invasive intelligence about our health (or lack thereof).

It's a valid concern, but not one that I suspect many of us would heed as we throw our data willy-nilly into apps. We want health more than we want privacy. Some even make their health data public in order to goad themselves into hitting their goals:...

While most people don't tweet their weight, I suspect many, if not most of us will happily trade privacy in return for more powerful tools to improve our health. And if it works, ironically, we'll likely become even less inhibited about publicly sharing our health data, as we show off the weight we're losing, the times we're hitting on our rides, etc.

But first we need someone to win the race to aggregating the data behind our quantified selves. And we need it now.

From Why The Quantified Self Needs A Monopoly—ReadWrite
Referenced Tue Aug 06 2013 10:13:25 GMT-0600 (MDT)

Matt's taking a short cut to a solution, but he's spot on with respect to the way humans traditionally solve these problems. The right answer is a decentralized solution based on standards. The easy answer is a centralized solution based on a single powerful player—hence Matt's call for a monopoly.

The decentralized approach is fraught with effort and prone to missteps that can lead to failure. Solving a problem like the one Matt brings up in a distributed way is hard because it requires cooperation and non-market forces (in many cases). APIs alone can't do the job because no one is making them consistent. Each company is deciding on it's own. There are typically two solutions to this problem:

  1. De jure standards—go to OASIS, start a standard body, work like hell for years with no recognition and lots of slings and arrows, hope that someone adopts them.
  2. De facto standards—be so big that everyone must adhere to your standard or be first and so clever that everyone who comes along later adheres because doing anything else would be stupid.

Matt's ultimately arguing for the second of these options (assuming some benevolence on the part of the monopoly). And practically speaking, given these two choices, that's probably the only thing that will solve this problem. De jure standards are really hard.

This is the problem Tim Berners-Lee (TBL) was trying to solve when he proposed the semantic web. TBL was proposing a third way that didn't require de facto or de jure standards. Rather there would be a way to connect the APIs together after the fact—at run time rather than at compile time, as it were.

I'm on the Oasis XDI TC, which is working on the XDI standard. In a way XDI is a meta-standard since it's got semantic interchange at its heart. The goal, eventually, is to dynamically link disparate APIs together merely (ha!) by providing a semantic map between the concepts in the API and some common semantics.

In a world of semantic data interchange, you could bring the Endomondo, Fitbit, and Strava APIs together by mapping the concepts behind their syntax to a common health data dictionary. Do the mapping and then applications can take interact with any of them, at run time, through the mapping. This isn't a simple solution, but as far as I can tell, it's the only solution that doesn't require that we negotiate for years on every subject or give ourselves to monopoly players.

In the meantime, I'm working on using maps in the form of rulesets to translate semantic concepts. For example, I wrote earlier about my experiment to link together my Philips Hue lights and my Insteon-controlled lights. This provides a real, practical way of solving the problem of semantic data interchange now. Rules embody semantic translations that create opportunities for more dynamic, emergent, and loosely-coupled interactions.

Tags:

Personal Data and CloudOS


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: People sometimes ask me about where and how personal data is stored in CloudOS. The "personal data service" or PDS is the foundational element in CloudOS that handles personal data. But it's not a data store so much as a consistent API to where ever the owner of the cloud wants to keep their data.

People sometimes ask me about where and how personal data is stored in CloudOS (the foundation of SquareTag). CloudOS provides as one of it's core services a personal data service. If you click the gear menu in myApps, you'll see a way to access your services. We keep them out of the way so people don't accidentally delete or disable them. Think of "services" like /usr/lib in Linux.

You'll notice the PDS service listed there with an icon that has a little database symbol.

The CloudOS PDS service isn't meant to be standalone data store although it can function that way. Our plan has always been to have the PDS service provide a consistent programmer interface (in the original meaning of API) to whatever data the user cares about where ever it might be stored.

You could imagine things like openPDS or personal.com serving as a foundational store for the CloudOS PDS without applications needing to understand or know their specific APIs. I recently demonstrated how Dropbox can be linked into CloudOS. The PDS could provide a consistent API for some or all of these.

We are currently exploring, together with Neustar and Respect Network, putting the XDI2 server inside the PDS, a project I call PDSx. Using an XDI-based platform as the basis for personal data stored has significant advantages for sharing and permissioning data interchange. There's also a strong interoperability play. PDSx is an experiment in using XDI in a production environment and one that I believe is worthy of our time and effort. Watch this space for updates.

Tags:

Book as API: A Perfect Job for XDI


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




alistair-croll-book-as-api-headshotsWhen we first started working on XDI at OASIS in 2004, the goal was a standard format and protocol for data sharing. We were thinking mostly about the data that was already in databases and other conventional data sources. But now that “everything is turning into data”, the problem space to which XDI applies keeps growing wider.

My latest favorite example is the Book as API post from Alistair Croll’s Solve for Interesting blog. It’s about a talk he and Hugh McGuire gave at O’Reilly’s Tools Of Change conference about the future of the book. It describes how havng an API can unlock the value of the intellectual energy in every book the same way a user interface unlocks the power of a software program.

Read it and you will never look at a book the same way again.

In my case, reading this post through my XDI lens, I saw something even deeper: the future format of books. It starts with the point Hugh makes on slide 97 of his and Alistair’s 100 slide presentation:

Books are made of stuff that can be named.

Hugh then goes on to say in slide 98:

If you name your stuff in HTML (while indexing!), then we can (easily) build new uses/interfaces for our books…

Of course he’s right. The “indexing” Hugh refers to is semantic HTML as explained earlier in his presentation (slides 59-73). But if you “name your stuff” in XDI, then it’s not just semantically understandable, the book and all its contents are globally addressable and composable and semantically reusable (subject to the relevant XDI link contracts) anywhere else it can provide value.

Alistair ends his post:

The killer feature of the book [of the future] is it’s API.

I would go a step further: the killer feature of the book of the future is that it’s an XDI graph.


Trillions – The Video


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




trillion-book-cover

(Update 2013-02-12: I’m halfway through the book now and it’s only getting better.)

Setting a new precedent here – blogging about a book even before I’ve finished reading the first chapter. But I’m reading Trillions at the recommendation of several close friends in the industry (Phil WindleyPeter Vander Auwera) who believe it’s highly relevant to where we are going with personal clouds and XDI. And just the introduction makes so much sense that I know I’m going to savor every chapter.

If you want to see why, just watch this brilliant 3-minute video from MAYA, the company behind the book.


Anil John’s Crystal Clear Thinking about Identities, Attributes, Tokens, and Credentials


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




After a decade in digital identity, one of my overwhelming takeaways is that the subjects at the very heart of the field — identities, attributes, tokens, credentials — are an order of magnitude (at least) more complex than they appear to the layman.

The closest analogy is the atom — what seems so simple at a conceptual level turns out to have oceans of complexity swirling beneath it when you ask the devil for the details.

So in this field I especially prize clear thinking and modeling (I would go so far as saying that XDI would be impossible without it.)

For a shining example, look no further than Anil John’s new blog entry, A Model for Separating Token and Attribute Manager Functions. I especially like how the model reveals key differences between four different real world identity systems, including the currently popular social login model.

[Update: for the ideas leading to his model, Anil credits Andrew Hughes, Ken Dagg, David Wasley and Colin Soutar from the Kantara Identity Assurance Working Group.]


KRL and XDI: Digital Chocolate and Peanut Butter


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




reesesI’ve been working with Phil Windley on key issues in digital identity and trust networks for a long time now, and particularly closely in the past year since Kynetx became one of the first Founding Partners of the Respect Network.

But rarely have I seen technologies that work so well together as KRL and XDI. Besides their uncanny synergy in personal cloud architecture, recently Phil has done two blog posts about PDOs (“persistent data objects”):

As I read each of these points, every place I see the term “PDO” I read “XDI graph”. XDI is a way to have universal interoperability and portability of PDOs. (This doesn’t mean that every PDO must use XDI, just that XDI is a way to have widely interoperable PDOs.)

That immediately explains the synergy between XDI and KRL: as a rules language and CloudOS, KRL provides a way to write programs to work with PDOs anywhere in the cloud, and XDI is a way to address, serialize, and exchange those PDOs.

If you start from a conventional object-oriented perspective (hmmm, I remember back when object orientation was the radical new perspective ;-) ), here’s another way to think about it: if XDI provides interoperable data abstraction, KRL provides interoperable method abstraction.

In other words, KRL provides a rules-based mechanism that enables a developer to apply a method (“action”) to any PDO that satisfies the necessary conditions (“event”) to fire that method.

No wonder KRL and XDI are digital chocolate and peanut butter.


Markus Sabadello’s XDI Personal Cloud Demo


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




I sure wish I had more time to blog, but with about 110% of my time is going into building the Respect Network these days, most of my posts are on the Respect Network and Connect.Me blogs.

But if you’ve been using this blog to keep track of progress on the XDI standard, then I owe it to you to point out this wonderful demo that Markus Sabadello, leader of the XDI2 open source project, created for the Internet Identity Workshop #15 week before last. It explains so much about XDI and how it works — and particularly its relevance to the emergence of personal clouds — that many of us there urged Markus to turn it into a screencast.

And now he has. It runs about 20 minutes, but that’s how much good content it covers. And it still only touches the tip of the iceburg of what’s going on with XDI. Hopefully as we enter the holidays I’ll have time to do some more posts about that.


My Five Key Takeaways from the Best IIW Yet


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




I’ve done very few blog posts this year due to the speed at which I’ve been running with Connect.Me and Respect Network (more about that at the end of this post). But three weeks after it ended, I’m doing a writeup on the last Internet Identity Workshop because, out of all 14 IIWs to date, this one gave the strongest signals the industry is breaking out.

Here were my five key takeaways:

#1: Personal Clouds Have Arrived

Once a decade comes on of those moments when you know that a corner has been turned and a new market is going to happen. For example, when I first saw a personal computer in 1976 and realized I could use it for writing, I knew I had to have one. And so did millions of other people.

Another was the first time I tried a mouse-driven graphical user interface.

A third was the first time I held an iPhone in my hand. As I played with the touch screen and launched apps. I knew right then and there that it was going to be a monster. All the power of a computer in your pocket and always on the network to boot.

Now it’s happened again—but this time with a product you can’t see or touch. Phil Windley’s white paper From Personal Computers to Personal Clouds summarizes the premise in one sentence: the next major advance in personal computing and communications is the personal computer in the cloud. There were at least four personal cloud sessions at IIW, including one led by Johannes Ernst in which a set of architects debated the precise meaning of the term like a set of lions sparring over a pride.

There’s no doubt in my mind: personal clouds are coming like a giant gathering storm, together with personal channels (more on those soon). They will be the central organizing construct of the personal data revolution just like PCs were the central organizing construct of the personal computing revolution.

#2: The VRM Wave is Breaking

Although it started a good five or six years offshore, the VRM wave led by Doc Searls is starting to strike the coastline. It isn’t just the publication of Doc’s book, The Intention Economy—although like tsunami warning siren, it does provide a very loud wakeup call to the residents of the sleepy coastal villages of e-commerceland.

And it’s not just because this was the first time there was a continuous string of VRM sessions playing throughout IIW like a Labor Day Weekend marathon of Grateful Dead songs.

For me, the strongest evidence was packed house the final morning of IIW in the “VRM: How Will It Break Through?” session led by Mydex chairman William Heath. In this session there were three major insights:

  1. First, William talked about the midata initiative in the UK and Jennifer Cobb talked about the SmartDisclosure initiative in the US. In both cases, the government is taking the first step in spurring industry to “do the right thing” in giving back personal data to the citizens so they can reuse it to their and everyone’s benefit. I pointed out that the trend is not just with the government; in France the Mes Infos project is doing the same thing in the private sector. As I heard from the leaders of Mes Infos directly during a meeting last month in London, they want to beat the government to the punch.
  2. Secondly, David Blumberg, Managing Partner of Blumberg Capital (and an investor in one of the companies in the space, Trulioo) articulated a core VRM value proposition for vendors: “Companies who really care about the lifetime value of the customer will be the biggest beneficiaries of VRM.” As Doc has said for years, those companies will embrace VRM as the next major step for CRM. CRM vendors: are you listening?
  3. Lastly, at the conclusion of the session, William shared his own analysis. He drew a simple four square matrix on the board in which the two columns were People and Organizations and the two rows were Money and Do the Right Thing. He then asked the question: in which quadrant is the VRM breakthrough likely to come? Will it be people doing it for money? Organizations doing it for money? People asking for it because it is the right thing? Or organizations doing it because it is the right thing? After sharing a story about the BBC deciding a major new web product should have all its visitors store their media preferences in a Mydex PDS, William concluded that it will be Door #4. The breakthrough will be organizations who share personal data back with individuals—who start storing data in the individual’s personal cloud rather than their silo—simply because it is the right thing. Because it will ultimately produce the greatest benefit for everyone.

By the end everyone in this session was positively vibrating with excitement. Ironically, I don’t know how many who attended it knew that William was the founder and CEO of Cable, the leading government IT analyst company in the UK, which he subsequently sold to The Guardian several years ago before taking on the job of building Mydex as a Community Interest Company. So this was the insight of a highly experience professional analyst who has been living and breathing this space for the last four years.

Personally, I think William nailed it, and I told him so afterwards. Companies choosing to do the right thing because they know it is in their customer’s best interests—and thus ultimately in their own best interests—will be where the dam breaks.

And when the water starts pouring through, watch out.

#3: OpenID Connect Is Connecting

As one of the founding board members of the OpenID Foundation—and subsequently of the Information Card Foundation—and then helping birth their lovechild the Open Identity Exchange, I have been close to the OpenID drama since it started in 2005. And frankly I was one of those who all but left it for dead two years ago when even the OpenID board admitted that Facebook Connect—at the time being installed on more than 10,000 websites a day—was kicking OpenID’s butt.

I had become convinced that social logins—as the precursor to trust frameworks (see below)—were unstoppable. So I was as skeptical as anyone about the proposed metamorphosis of OpenID  into OpenID Connect (which Kuppinger Cole analyst Dave Kearns has accurately characterized as being so different than the original OpenID  that it is “OpenID in name only”).

I was wrong. By going back to the drawing board and putting together the best of OpenID, SAML, Information Cards (and even a touch of XDI—see below), OpenID Connect is out-Facebooking Facebook. And because it is now built on top of the industry standard OAuth, which as Kuppinger Cole analyst Craig Burton says is becoming the key to the API Economy, OpenID Connect suddenly looks like it could become the open, multi-provider, interoperable version of social login that can work Web-wide.

A special shout out to John Bradley, Mike Jones, and OpenID Foundation Chair Nat Sakimura for their persistence in making this happen.

#4: XDI is Coming in from the Cold

OpenID Connect is only the first step. While it could finally standardize and democratize social logins, it doesn’t tackle the harder problem of semantic data management, including portable data, portable permissions, and interoperable data dictionaries.

That would be a job for XDI. It has long been the dark horse in this race. 8 years in gestation at OASIS, it barely survived losing the ardor of two waves of early proponents. But its slavish adherence to developing a simple, globally-addressable graph model for data is finally starting to pay off.

At the same time the market has “grown into” the XDI problem space, particularly the very hard problems of creating an interoperable personal data ecosystem where app developers can gain permissioned access to personal data without needing to know its specific location or native format, and individuals can switch accounts between personal cloud providers the same way they can switch banks or switch mobile carriers today.

This explains why there were more XDI sessions at this last IIW than ever before, and they went deeper into the real problems XDI can solve.

Make no mistake, as co-chair of the OASIS  XDI Technical Committee, I can assure you there’s still an enormous amount of work to be done—a complete set of XDI 1.0 specifications are still at least six months away. But we’ve turned a corner and momentum is increasing. I predict that within a year there will be the same non-stop track of XDI sessions at IIW that there was for VRM this time around.

#5: Trust Frameworks are the New Network

Two years after the establishment of Open Identity Exchange, the first international non-profit home for open identity trust frameworks, there are still only two operational trust frameworks listed (the U.S. FICAM trust framework and the Respect Trust Framework).

What happened? Where are all these promised trust frameworks? Did someone miss the train?

In fact, “train” is an appropriate analogy. A trust framework is a lot like a large locomotive. It takes a good long time not just to build one, but to get it on the tracks, load the train, and get up a head of steam.

And yet, just like it was obvious that it would take railroads to civilize the American Wild West, it was taken as a given at this IIW that trust frameworks would be necessary to civilize the Internet Wild West. Nearly every IIW session I attended presumed the use of a trust framework.

Why? Trust frameworks are the new network. That was the assumption underlying my co-founding Respect Network Corporation with Joe Johnston and Marc Coluccio in late 2010. We felt a trust framework for personal data and relationships—in which the trust model was based on p2p reputation—was the key to unlocking decentralized data sharing on an open standard relationship network. Connect.Me is that reputation system and Respect Network is that relationship network.

Only time will tell if we were right. But if the current focus on giant centralized social networks continues on the natural Internet progression towards standardization and decentralization—as brilliantly articulated in two blog posts from Phil Windley (Facebook Domination Isn’t Essential—It’s Not Even Likely and Moving Toward a Relationship Network), then indeed trust frameworks will be the new network.

All I can say is: don’t miss the next IIW.


My Five Key Takeaways from the Best IIW Yet


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




I’ve done very few blog posts this year due to the speed at which I’ve been running with Connect.Me and Respect Network (more about that at the end of this post). But three weeks after it ended, I’m doing a writeup on the last Internet Identity Workshop because, out of all 14 IIWs to date, this one gave the strongest signals the industry is breaking out.

Here were my five key takeaways:

#1: Personal Clouds Have Arrived

Once a decade comes on of those moments when you know that a corner has been turned and a new market is going to happen. For example, when I first saw a personal computer in 1976 and realized I could use it for writing, I knew I had to have one. And so did millions of other people.

Another was the first time I tried a mouse-driven graphical user interface.

A third was the first time I held an iPhone in my hand. As I played with the touch screen and launched apps. I knew right then and there that it was going to be a monster. All the power of a computer in your pocket and always on the network to boot.

Now it’s happened again—but this time with a product you can’t see or touch. Phil Windley’s white paper From Personal Computers to Personal Clouds summarizes the premise in one sentence: the next major advance in personal computing and communications is the personal computer in the cloud. There were at least four personal cloud sessions at IIW, including one led by Johannes Ernst in which a set of architects debated the precise meaning of the term like a set of lions sparring over a pride.

There’s no doubt in my mind: personal clouds are coming like a giant gathering storm, together with personal channels (more on those soon). They will be the central organizing construct of the personal data revolution just like PCs were the central organizing construct of the personal computing revolution.

#2: The VRM Wave is Breaking

Although it started a good five or six years offshore, the VRM wave led by Doc Searls is starting to strike the coastline. It isn’t just the publication of Doc’s book, The Intention Economy—although like tsunami warning siren, it does provide a very loud wakeup call to the residents of the sleepy coastal villages of e-commerceland.

And it’s not just because this was the first time there was a continuous string of VRM sessions playing throughout IIW like a Labor Day Weekend marathon of Grateful Dead songs.

For me, the strongest evidence was packed house the final morning of IIW in the “VRM: How Will It Break Through?” session led by Mydex chairman William Heath. In this session there were three major insights:

  1. First, William talked about the midata initiative in the UK and Jennifer Cobb talked about the SmartDisclosure initiative in the US. In both cases, the government is taking the first step in spurring industry to “do the right thing” in giving back personal data to the citizens so they can reuse it to their and everyone’s benefit. I pointed out that the trend is not just with the government; in France the Mes Infos project is doing the same thing in the private sector. As I heard from the leaders of Mes Infos directly during a meeting last month in London, they want to beat the government to the punch.
  2. Secondly, David Blumberg, Managing Partner of Blumberg Capital (and an investor in one of the companies in the space, Trulioo) articulated a core VRM value proposition for vendors: “Companies who really care about the lifetime value of the customer will be the biggest beneficiaries of VRM.” As Doc has said for years, those companies will embrace VRM as the next major step for CRM. CRM vendors: are you listening?
  3. Lastly, at the conclusion of the session, William shared his own analysis. He drew a simple four square matrix on the board in which the two columns were People and Organizations and the two rows were Money and Do the Right Thing. He then asked the question: in which quadrant is the VRM breakthrough likely to come? Will it be people doing it for money? Organizations doing it for money? People asking for it because it is the right thing? Or organizations doing it because it is the right thing? After sharing a story about the BBC deciding a major new web product should have all its visitors store their media preferences in a Mydex PDS, William concluded that it will be Door #4. The breakthrough will be organizations who share personal data back with individuals—who start storing data in the individual’s personal cloud rather than their silo—simply because it is the right thing. Because it will ultimately produce the greatest benefit for everyone.

By the end everyone in this session was positively vibrating with excitement. Ironically, I don’t know how many who attended it knew that William was the founder and CEO of Kable, the leading government IT analyst company in the UK, which he subsequently sold to The Guardian several years ago before taking on the job of building Mydex as a Community Interest Company. So this was the insight of a highly experience professional analyst who has been living and breathing this space for the last four years.

Personally, I think William nailed it, and I told him so afterwards. Companies choosing to do the right thing because they know it is in their customer’s best interests—and thus ultimately in their own best interests—will be where the dam breaks.

And when the water starts pouring through, watch out.

#3: OpenID Connect Is Connecting

As one of the founding board members of the OpenID Foundation—and subsequently of the Information Card Foundation—and then helping birth their lovechild the Open Identity Exchange, I have been close to the OpenID drama since it started in 2005. And frankly I was one of those who all but left it for dead two years ago when even the OpenID board admitted that Facebook Connect—at the time being installed on more than 10,000 websites a day—was kicking OpenID’s butt.

I had become convinced that social logins—as the precursor to trust frameworks (see below)—were unstoppable. So I was as skeptical as anyone about the proposed metamorphosis of OpenID  into OpenID Connect (which Kuppinger Cole analyst Dave Kearns has accurately characterized as being so different than the original OpenID  that it is “OpenID in name only”).

I was wrong. By going back to the drawing board and putting together the best of OpenID, SAML, Information Cards (and even a touch of XDI—see below), OpenID Connect is out-Facebooking Facebook. And because it is now built on top of the industry standard OAuth, which as Kuppinger Cole analyst Craig Burton says is becoming the key to the API Economy, OpenID Connect suddenly looks like it could become the open, multi-provider, interoperable version of social login that can work Web-wide.

A special shout out to John Bradley, Mike Jones, and OpenID Foundation Chair Nat Sakimura for their persistence in making this happen.

#4: XDI is Coming in from the Cold

OpenID Connect is only the first step. While it could finally standardize and democratize social logins, it doesn’t tackle the harder problem of semantic data management, including portable data, portable permissions, and interoperable data dictionaries.

That would be a job for XDI. It has long been the dark horse in this race. 8 years in gestation at OASIS, it barely survived losing the ardor of two waves of early proponents. But its slavish adherence to developing a simple, globally-addressable graph model for data is finally starting to pay off.

At the same time the market has “grown into” the XDI problem space, particularly the very hard problems of creating an interoperable personal data ecosystem where app developers can gain permissioned access to personal data without needing to know its specific location or native format, and individuals can switch accounts between personal cloud providers the same way they can switch banks or switch mobile carriers today.

This explains why there were more XDI sessions at this last IIW than ever before, and they went deeper into the real problems XDI can solve.

Make no mistake, as co-chair of the OASIS  XDI Technical Committee, I can assure you there’s still an enormous amount of work to be done—a complete set of XDI 1.0 specifications are still at least six months away. But we’ve turned a corner and momentum is increasing. I predict that within a year there will be the same non-stop track of XDI sessions at IIW that there was for VRM this time around.

#5: Trust Frameworks are the New Network

Two years after the establishment of Open Identity Exchange, the first international non-profit home for open identity trust frameworks, there are still only two operational trust frameworks listed (the U.S. FICAM trust framework and the Respect Trust Framework).

What happened? Where are all these promised trust frameworks? Did someone miss the train?

In fact, “train” is an appropriate analogy. A trust framework is a lot like a large locomotive. It takes a good long time not just to build one, but to get it on the tracks, load the train, and get up a head of steam.

And yet, just like it was obvious that it would take railroads to civilize the American Wild West, it was taken as a given at this IIW that trust frameworks would be necessary to civilize the Internet Wild West. Nearly every IIW session I attended presumed the use of a trust framework.

Why? Trust frameworks are the new network. That was the assumption underlying my co-founding Respect Network Corporation with Joe Johnston and Marc Coluccio in late 2010. We felt a trust framework for personal data and relationships—in which the trust model was based on p2p reputation—was the key to unlocking decentralized data sharing on an open standard relationship network. Connect.Me is that reputation system and Respect Network is that relationship network.

Only time will tell if we were right. But if the current focus on giant centralized social networks continues on the natural Internet progression towards standardization and decentralization—as brilliantly articulated in two blog posts from Phil Windley (Facebook Domination Isn’t Essential—It’s Not Even Likely and Moving Toward a Relationship Network), then indeed trust frameworks will be the new network.

All I can say is: don’t miss the next IIW.


Update on Personal Event Networks: The Evented API Spec


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




As a follow-on to my post about Personal Event Networks last week, Phil Windley and Sam Curren have published the Evented API Specification. Phil’s blog post about it gives a good summary, but if you’re a developer just go straight to the spec — it’s short and very easy to read.

I expect this will be a major topic at Internet Identity Workshop next week – I plan to be all over it.


Phil Windley on Personal Event Networks


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




Phil Windley has a new post called Personal Event Networks: Building the Internet of Things. The idea is simple but highly compelling: what if the range of products and services you used could actually talk to each other, over the net, on your behalf? Technically this talking is known as “raising events”, i.e., being able to notify each other that something important has happened.

A simple example is your car telling your calendar that you are due for an oil change. Or your calendar being able to tell your home thermostat that you are going to be away for the weekend — thus saving you from having to manually tell it to save the heat (when was the last time you remembered to do that?)

Many things become possible if your personal network of devices, products, and services can safely talk to each other in ways they can all understand. That’s what Phil is promoting through a simple event interface. It dovetails wonderfully with the two main thrusts of my work over the past several years:

  1. Connect.Me and the Respect Trust Framework is about building a strong, socially-verified web of trust so the different devices, products, and services in your personal event network can trust each other — and even more importantly trust the personal event networks of your family, friends, and co-workers. (The total value of a personal event network goes up exponentially with the number of other personal event networks it can be safely connected to.)
  2. XDI is developing the semantic data sharing protocol that will give all the devices, products, and services on your personal event network a common language in which to speak to each other. XDI is perfect for eventing because, although it works fine for request-response interactions, it does not require them. Instead, XDI messages can also use the publish/subscribe model needed by an event network– and in fact XDI link contracts are ideal for dynamically defining subscriptions and sharing rights.

Phil is writing a book called The Live Web, and I’m hoping that personal event networks will play a key role in explaining the power the Live Web will bring.


True Data Portability


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




I’ve been on the board of Dataportability.org since its founding three years ago. The concept made quite a splash when it was first announced, but I knew that after the hype wore off would come all the hard work of making it real. And that’s where XDI would be needed.

Ever since then, I’ve watched the concept of Data Portability become somewhat of a buzzword with different companies and communities. As is often the case with buzzwords, actual understanding runs a mile wide and an inch deep.

Which is why this article from DP Communications Chair Alisa Leonard caught my eye: it goes right to the heart of defining what data portability really means. I especially like this quote:

It is important to first understand that true data portability puts the ultimate power of data control in the hands of the user, not the web application using that data.

She goes on to explain precisely why this means Facebook does not yet provide data portability:

Facebook has long fallen under scrutiny for having immense control over end user data. The development of Facebook Connect and the Open Graph API have been steps in the direction of data portability, but ultimately, Facebook continues to maintain, under their TOS, the last word on your data usage through an all-encompassing license to do what they wish with your data (including sub-license it to other entities).

What matters is that while they now allow more access to your data through the download feature, the Facebook TOS has not changed— meaning your data is still on their server and while you can download, you cannot remove your data entirely (if you wished to do so). This is data accessibility, not data portability.

I’d go one step further: companies and sites that provide true data portability will provide 100% programmatic access to the data that you store there. Which means you can do more than just remove/delete it. You can read it, write it, or move it somewhere else — all under your control, using the tool, program, or service of your choice.

That’s how email works today: I can read, write, delete, and move my email from my email provider completely under my control, not theirs. (The “moving” part is not actually something that most email provider’s support directly, i.e., you have to copy it from one provider and write it to another, which is anywhere from difficult to almost impossible.) But if you can do all these things, and you can do them easily without barriers — that’s true data portability.

The real de(tai)l


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




Techcrunch had a link to this simply excellent blog post about the details behind the readability of Google Maps. It’s like a mini-Malcolm Gladwell essay devoted just to showing why it really is the details that make the difference when it comes to information architecture.

I’ve become a zealous convert to that point-of-view with my work on the XDI graph model. Here’s an example of just how much detail, nuance, and semantic power can be packed into the smallest of graph fragments. It’s taught me a world of lessons about why the semantic web is so complex (if you want a mind-boggling view of the world of description logic models — of which the entire W3C Semantic Web is just one branch — take a look at this page).

I’m a sucker for authors who have a talent for distilling out that complexity into explanations the average mortal can appreciate, and this blog post is a wonderful example.

UMA is Cool


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




People know I’m an XDI nut and Eve Maler is an UMA nut. And some people wonder if there isn’t a whole lot of overlap between UMA and XDI (and why Eve and I are not fighting a protocol jihad).

Well, the truth is, Eve and I are good friends (especially since I learned she lives just across Lake Washington from me). We even wrote an IEEE article on the Venn of Identity together. We share a passion for open standards that can really make a difference. And for the longest time the issue was simply that we couldn’t find the time to sit down and discuss the two.

But recently we’ve had a chance to start drilling into the synergies between UMA and XDI.

And they are legion. Enough so I don’t have the time to go into them in this post (but plan on more coming soon – ideally in a blogging duet with Eve). But what I do want to do right away is point readers to an excellent paper summarizing UMA that Eve prepared for the W3C Privacy and Data Usage Control Workshop. It does a great job of explaining the problem space and how UMA approaches it.

Taking Off Another Hat


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




After piling on too many hats on for the longest time, I’m now peeling some off. First I took off the Open Identity Exchange (OIX) Executive Director hat in August, and now I’m stepping down as Information Card Foundation (ICF) Executive Director and handing the reins to the very able Mary Ruddy.

PDELogo2The reason: I’m narrowing my focus to concentrate on personal data services and the personal data ecosystem. I call this the “second shoe dropping” for user-centric identity: if OpenID and Information Cards addressed the issue of cross-context identity, protocols like UMA and XDI address the issues of cross-context data sharing. When brought together, these can finally bring about the next layer of the Internet that we’ve been talking about for the last decade.

Which makes me very excited about the next one…

Phil Windley on XDI


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




Phil Windley, co-founder and CTO of Kynetx (among the many hats he wears), wrote his own rules language, KRL, to “program the Web”. So when Phil writes the following about XDI after he and his team did a two-day deep dive on XDI with XDI4J project founder Markus Sabadello and I, it means a lot.

I haven’t been posting much about XDI because the OASIS XDI Technical Committee (which I co-chair) is still working on the XDI 1.0 technical specs. But since our philosophy has been to code everything in at least one implementation first before committing it to a spec, and since the core XDI graph model and metagraph model are now very solid, by the time the specs come out there will already be multiple operational XDI services.

I hope to finally get time to do many more posts about XDI this fall. In the meantime if you want to learn more, ping me about different ways to get involved.

Portability Policies and Personal Data Stores


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




My primary involvement as a member of the board of the Data Portability Project has been input about XDI as an open standard for portable data. But I’ve always been very enthusiastic about DP’s work on Portability Policies. The DP Project just announced their first Portability Policy deliverable via this blog post on TechCrunch.

On the DP Project board call this morning I shared the view that Portability Policies are an inevitable first step — and a highly welcome one — towards widespread adoption of personal data stores (see my posts earlier this year about PDS here and here). When PDS finally arrive, the irony is that the policy will turn in the other direction, i.e., the individual will have their own data sharing terms and the vendor will be agreeing to those. That’s the essence of VRM.

Iain Henderson of VRM pioneer Mydex is already working on the terms for such an agreement at the Information Sharing Working Group at Kantara.

Bit by bit, the age of personal data stores and personally-controlled data sharing is dawning.

The PDX is Coming


This post is by Drummond Reed from Equals Drummond


Click here to view on the original site: Original Post




Remember that year-end blog post about how personal data stores (PDS) are closer than they may appear? Now read Phil Windley’s wonderful summary of why it makes so much sense to create a PDX (not really an acronym for “personal data exchange” so much as just a moniker for a global internetwork of PDS).

It’s happening. Look for more news about it by Internet Identity Workshop (May 17-19 in Mountain View, CA). As if you didn’t have enough great reasons to go already.