Headlines
=Drummond
|
Identity Woman
|
The Tao of XDI
|
Identity for All
|
|
.Nat Zone
|
ID Commons
|
|
Technometria
|
InfoCard WebLog
|
|
Kim Cameron's Id Blog
|
@linksafe/+blog
|
|
inamers blog
|
itickr.com
|
|
itickr.com
|
Recent Headlines
| The Power of Pull | Technometria | |
This week on the Technometria podcast, Scott and I talk to David Siegel, the author of The Power of Pull. David talked to me one or two times quite a while back about identity as he was researching this book, but I didn't really know what the book was about or why he cared about identity. In appreciation, he sent me a copy of the book when it came out and I left it sitting on my desk for a number of weeks before I picked it up. When I did, I was blown away. I'm certain that the podcast won't do justice to the material in the book--you have to read it for the full impact--but maybe it will give you and idea of why this is such an important work. For years, we've heard about the semantic web and mostly it's been a bunch of talk about RDF, ontologies, and so on. David's talking about the semantic web, but he does it by telling us how our lives will change when data is portable and systems can manage it without constant interaction with us. These changes--and they're inevitable--will change everything from health to commerce to how we play golf. What struck me as I've read the book was the shear ubiquity of the impact. The title, Pull, comes from the central idea of the book that more and more people will pull things to them, rather than being at the receiving end of a push. I wrote about what that will mean to commerce in a blog post called Building Fourth Party Apps with Kynetx where I borrowed Doc Searls metaphor of the sewage pump as an apt descriptor for the current regime. When I think of the changes that the Internet has caused in the last 15 years, I'm amazed, but I also realize that we're just getting a good start. There are myriad changes yet to happen and David has done a great job in this book of laying out what the next set of changes are likely to be, why they'll happen, and what it will mean for individuals and businesses. The bottom line: this is the most interesting tech book I've read in a long time. I bought eight copies and spread them around the office because I wanted everyone at Kynetx to read it. You should read it too. |
||
| Amazon Products in KRL: A New Distribution Model | Technometria | |
The first Web service that Amazon put up, years ago, was the ECommerce API that allowed API access to Amazon's product information. That API has gone through several name changes and is now called the Product Advertising API. Thousands of people have used this API to add data about products--and the opportunity to buy them--to their Web sites. That's the problem, of course. You can use it on your Web site, but you can't conveniently use them in a browser extension to build client-side community apps because your Amazon developer keys would be exposed to the world. The most recent build of KRL changes that by making the Amazon Product Advertising API (PAA) available as a library. That means that it's possible to use Kynetx to build client-side applications that use the PAA without exposing your developer tokens. That opens up a whole host of possible uses for Amazon product information that were difficult to achieve before. Here's a video that shows this at work: Of course, to create client-side applications that people will install and use requires more than just pumping more product at them. The KRL integration of PAA includes the ability to access all the user-generated reviews, product information, photos, and other product data that would allow a developer to create a first-rate experience that adds real value for people who download and use their apps. KRL makes using PAA easy. To get started, you simple put your Amazon developer secrets and associate ID in the meta block of your application: meta { key amazon { "token" : "absjj99a9ad9ad8799", "secret_key" : "absjj99a9ad9ad8799abs79999a9ad9ad8799", "associate_id" : "windleyofente-20" } } These are stored securely in the cloud and not divulged to users of the application. The KRL Amazon library has two primary methods: ItemSearch and ItemLookup. With ItemSearch the search index is a parameter and additional parameters depend on the particular index. ItemLookup takes an Amazon product ID (ASIN) as it's primary parameter. Here's an example: amazon:item_lookup({"ItemId" : "B00008OE6I", "response_group" : "ItemIds" }) The response is returned as JSON so that you can use JSONPath to pick it apart and use it. Here's a piece of the response to the previous query: "Item" : { "OfferSummary" : { "LowestUsedPrice" : { "Amount" : "3999", "CurrencyCode" : "USD", "FormattedPrice" : "$39.99" }, "TotalRefurbished" : {}, "TotalUsed" : "8", "TotalCollectible" : {}, "TotalNew" : {} }, "ASIN" : "B00008OE6I" } Here's a video showing a little more about how this is done and giving a working example. You can install the example that we used for the first video or just view the source code using the app detail page in the Apps Directory. Here's the documentation for the Amazon library. The Amazon integration with KRL allows Amazon developers to build client-side application that use Amazon product data without exposing the Amazon developer credentials--something that's been hard in the past. KRL is designed to make using online data like Amazon or Twitter easy and quick. We'll be annnouncing some other major data and service integrations over the next few weeks as we gear up for Kynetx Impact in April. Come join us. |
||
| Using the .tel TLD for Managing Contacts | Technometria | |
This week's Technometria podcast is with Henri Asseily, the CTO of Telnic. Telnic is the registry for the .tel top-level domain. The .tel domain is a little different than most domains you might run across. For one, you can't point it at a Web site (although you can get email through it using MX records). The registry controls the A records for the domain and they all point to a contact page. For example, here's my .tel domain: windley.tel. I, of course, control all this data using a Web page that they provide for that purpose. The nifty thing is how it's stored. There's no database behind this, rather the data is all stored in the DNS records for the domain. For example, the system uses NAPTR records (yeah, I didn't know what they were either before this) to store the pjw:Downloads pjw$ dig windley.tel -tNAPTR ;; ANSWER SECTION: windley.tel. 60 IN NAPTR 100 100 "u" "E2U+web:http" "!^.*$!http://www.windley.com!" . windley.tel. 60 IN NAPTR 100 101 "u" "E2U+web:http" "!^.*$!http://xri.net/=windley!" . windley.tel. 60 IN NAPTR 100 103 "u" "E2U+x-voice:skype" "!^.*$!skype:windley!" . windley.tel. 60 IN NAPTR 100 102 "u" "E2U+voice:tel+x-work" "!^.*$!tel:+18016494601!" . You can see that some of the data in the page is available in these records. The textual data is in the TXT records: pjw:Downloads pjw$ dig windley.tel -tTXT ;; ANSWER SECTION: windley.tel. 59 IN TXT ".tlb" "1" "100" "100" "Technometria windley.tel. 59 IN TXT ".tlb" "1" "100" "101" "Contact form" windley.tel. 59 IN TXT ".tlb" "1" "100" "102" "Phone number at Kynetx" windley.tel. 59 IN TXT ".tlb" "1" "100" "103" "My Skype address" Note that the numbers in the text records are being used to link this data to the data in the NAPTR records. This is pretty cool because it means that anything that can speak DNS (pretty much everything) could have programmatic access to this data. If you can make DNS queries, you can grab my contact data. The system allows for me to create profiles and then make different profiles available based on where I am and what I'm doing. I could update my telephone number, preferred method of contact, and so on just by choosing a different profile. Eventually this would be done automatically for you depending on various events in your life. This is where Kynetx comes in, but that's the subject of another post once. |
||
| Who Owns Data About You? | Technometria | |
On Saturday, I blogged about a bill before the Utah Senate that would allow law enforcement to use administrative subpoenas to get data about you from your ISP when they suspected you of crimes against children. This would be done without a warrant and without any real oversight (as currently drafted). This morning Rep. Brad Daw is testifying about his bill before the Senate Edcuation Committee (yeah, it's confusing). @sausagegrinder (a Daily Herald reporter) tweeted that Daw said: Daw: 4th amend doesn't apply to his bill. The subpoenas would be for information owned by a company, not property of suspect That's an interesting position. Forget the bill itself. Just consider the question of when information about you belongs to you, when it belongs to someone else, and when it belongs to multiple parties. If we take the position, as Daw apparently does, the data in the ISP records about you, your address, you billing information, and other transactional data (although by his admission in an unlinkable Facebook exchange not the content of the transactions themselves) belongs to the ISP and not to you, where do we draw the line on what data about you belongs to you...at least in part? What about your health data? Yeah, I know about HIPAA, but forget that--we're trying to suss out principles, not the law. Would you consider all the information about your doctor visits, the tests you took, the payments you made (or didn't) to be data in which you had no privacy interest? Even if the actual content of the tests and medical procedures was not included, there's a lot of private data to be had in the meta data about our activities. In fact, give me just your meta data and I can probably construct a pretty interesting picture about you. I submit that any data about me, held by another party is usually jointly owned and that I have an interest in what happens to it. And by extension, that interest means that it is data that is protected by the fourth amendment from unwarranted government prying and snooping. Daw is playing fast and loose with this for the convenience of his bill and ignoring the larger consequences to our freedoms if such a mentality is not resisted. |
||
| Vittorio Bertocci brings it all together for us | Kim Cameron's Id Blog | |
| Vittorio lays out all the videos people can watch to come up to speed with U-Prove | ||
| U-Prove Minimal Disclosure availability | Kim Cameron's Id Blog | |
| Today we made the U-Prove crypto specification freely available under the OSP, released open source U-Prove reference implementations in C# and Java, and delivered modules that U-Prove enable our federated identity products... | ||
| Building Fourth Party Apps with Kynetx | Technometria | |
Doc Searls uses the term "sewage pump" (I'm paraphrasing) to describe the modern advertising-based economy. Modern society has created the most efficient machine imaginable to push stuff at people whether they want it or not. I gave an example in this blog post about Novatel: they're treating Twitter as a way to push stuff at me instead of as a place to relate to me. A pump pushing sewage at you is a good metaphor for what's wrong with the marketplace we've constructed in the late 20th century. Doc has built the VRM project as a means of exploring better ways of building markets for the 21st century. Something I hadn't considered until I was going through David Siegel's book Pull is that "pull" is the right metaphor for this new marketplace and it's precisely why Doc's metaphor of a sewage pump rings so true. David's book is about the Semantic Web and the use of data standards to enable you to "pull" the information, services, and products to you. An example from the book that really hit home for me is this: in 2010 if you order a package from Amazon, you have to give an address where it will be delivered. Wouldn't it be better if instead, you just gave Amazon an identifier and then the package would find you at the place you wanted it to go--even if that's the hotel you're currently staying at? In essence, you pull the package to you with online data. This isn't a pipe dream, but a perfectly reasonable way to think about how the world ought to work--and one that's doable now from a technical standpoint. Doc uses different language to describe this same idea when he talks demand leading supply. The pump is all about supply leading demand. The key idea that both Doc and David would agree on here is that "If demand leads supply..., customers need to be the points of integration for their own data." More on that later. The Four Party System In an effort to further define VRM, Doc has introduced the notion of "fourth-party services." He says: Among numbered parties the best-known one today is the third party. Wikipedia currently defines a third party this way (at least for the computer industry): Third-party developer, hardware or software developer not directly tied to the primary product that a consumer is using Third-party software component, reusable software component developed to be either freely distributed or sold by an entity other than the original vendor of the development platform In general, a third party works on the vendor's side of the marketplace. However, the vendor is not generally called the "first party" (except in the game business, as Wikipedia says here). In fact, the most common use of the term "first party" in business is with insurance, where the term refers to the insured. (The insurer is the second party.) From » VRM and the Four Party System ProjectVRMReferenced Fri Feb 26 2010 11:04:37 GMT-0700 (MST) So, if third-party services are merchant driven, it stands to reason that the customer-drive services that represent them would be the fourth party. Here's a picture of these four parties: The little horseshoe magnet looking things are called rel buttons are meant to represent customers or merchants (left and right in the above diagram) who want to relate to each other. Fourth-party services, be theysimple or sophisticated will act as brokers that work on the user's behalf to manage their interaction with vendors of various products and services. Without such automated agents, no one would want to take on the work that would be necessary otherwise to manage the dozens of relationships each of us has with vendors. But with them magic happens. Building 4th Party Apps Doc and David are both thinking about very general solutions to this problem as well they should. My job, as the CTO for Kynetx, however, is slightly different. I'm trying to build things for our customers and make them work now. The Kynetx platform has always been aimed at creating client-side Web applications that help users achieve a purpose. That's a pretty good working definition of "fourth-party" in my book. The platform is designed to allow developers to use data in context to create interesting Web applications. Moreover, our corporate philosophy has been consistently in favor of respecting user rights to control data. With that backdrop, I've thought long and hard about how Kynetx could be used in service of VRM and--by David's definition--the semantic web. I'll use this schematic to help explain my latest thinking: To keep this simple, I'm going to avoid going down every "or they could do..." fork in the tree. There are lots of them. Here's the flow: The user visits a merchant. This could be online or in person (imagine the app running on their phone and using location in context). At the same time any fourth party apps that they've installed (denoted by the fourth-party rel-button) are invoked as long as they are relevant to the current activity. KNS (the Kynetx Network Service) executes the rules associated with the presented apps. We're going to presume for sake of this example that those apps need personal data to work on the user's behalf and such access has not been previously granted. KNS requests the required user information from the personal data store (PDS). The user is asked to authorized such access and grants it. The PDS requests the data from various sources as necessary and returns it to KNS. Note that as envisioned here, the PDS acts more like a virtual directory than an actual repository, although that's not a strict requirement. KNS executes any relevant merchant rules (determined by the app, current context, and the data retrieved in step 6) to determine how they want to relate. Merchant rules are denoted by the third-party rel-button in the diagram. This may be specific offers, discounts, special service levels, etc. I'm calling this "the deal" for lack of a better word. Finally the results are presented to the user's client. A key feature of the scenario shown in the figure is the privacy wall (in red). That's there to reinforce the fact that in this model the user's data is never given to the merchant. The merchant's rules act against it, but they never see it. For fourth-party apps to work, users will need assurance that their data is being treated in a way that respects privacy. They will also need to trust the agents working on their behalf. A few other points to note: Kynetx has no access to user data except as authorized by the user. The user is entirely in control of the experience and what data is used. The merchant rules could exists in a standard rule format like RuleML and be stored in any repository so long as they were discoverable. The same holds for user data. There's no need for it to be in a single place as long as it's in standard formats, is discoverable, and has a clear, unambiguous meaning. David calls this same concept the personal data locker and it is central to the whole idea of the semantic web, pull, and VRM. As envisioned the merchant rules, users data, and user apps are all orthogonal to each other. This isn't a single application, but a platform where fourth-party apps can be built using whatever user data and merchant rules are available. Successful fourth-party apps won't just be ways to get offers to customers but manage the relationship between merchants and users in sophisticated ways. They could, for example store receipts, initiate and mediate support issues, manage returns, and so on. In this demo, we're using OAuth to enable user control of the data in the PDS but that's really a stand-in for other more versatile standards that are forthcoming like UMA and R-Cards. The scenario above focuses on one interaction where the app and the merchant rules could conduct a complete, complex negotiation on the user and merchant's behalf. Keep in mind, however, that the key is the relationship and that is bigger than a singleton deal or negotiation and might include support and service functions, ratings, and so on. Successful fourth-party apps will be seen by users as trusted agents, not merely a way to get a good deal on a single transaction. A key difference between this model and a traditional ad network is the idea of "pull." Ads are not being pushed (note that successful pushing requires "tracking" and "targeting" users--niether is being done here). Rather more holistic information about what I'm calling "deals" is being pulled to the user based on their purpose and intent. I have a working demo of all of this right now that uses a PDS that has access to a user's Amazon wish lists as an example of intent data and Acxiom-held data as an example of personal data--all under user control. Getting from demo to production is more a legal and business matter, not a technical one. We're working on that too. I plan to share this demo and the ideas and techniques behind it at the Kynetx Impact conference in April and at IIW X in May. The inclusion of intent data in the demo is important because data that signals user intent or purpose is much more useful in creating compelling fourth-party apps than mere facts like gender or household size that leave the app to infer intent. Guessing will become less necessary because users will have convenient, private means of sharing intent. In this model, attention gives way to intention just as purpose gives way to location. Some might complain that there's too much dependence on KNS or that KNS is closed. That's not technically true: Kynetx is proprietary, not closed. Still, if that bothers you, give me the standards and we'll use them. We're all about building support for standard data sources and formats into the system. As I mentioned above, I'm open to supporting rules expressed in RuleML or some other standard format. And, of course, no one is imagining that KNS would be the only system doing this. This is just our contribution to making the idea of VRM and fourth-party services real. We invite your participation. Signup for a free developer account. Register for Impact where you can listen to Jon Udell's keynote and discuss these ideas with us. We're happy to listen, resolve issues, and make this work. |
||
| ID Community Dinner @RSA Tuesday | ID Commons | |
| Everyone is welcome to our community dinner on Tuesday at 7pm at Sultan across from the Hilton. You can RSVP here. It is informal and no-host with a cash bar. It will be a great opportunity to connect with the people who go to the Internet Identity Workshop coming up May 17-19 in Mountain View. |
||
| Internet Identity Workshop 10 | ID Commons | |
| May 17-19 in Mountain View will be our 10th IIW. The workshop attracts industry leaders for 3 full days of intense interactive discussions. We will have 5 working sessions per-day. The agenda is created live the day of the event. On our home page you can find the notes from the last three IIW’s along with [...] |
||
| Cloud computing: an unsatisfied customer? | Kim Cameron's Id Blog | |
| What is the cloud architecture that can stand up to Gunnar's wit? | ||
| HB150 Gives Too Great a Power to State | Technometria | |
| Not Invented Here | Kim Cameron's Id Blog | |
| Using Social Media Badly: Novatel as a Case Study | Technometria | |
| KRL Supports International Characters | Technometria | |
| Beyond Aesthetics | Technometria | |
| Jon Udell to Speak at Spring Kynetx Impact Conference | Technometria | |
| Enterprise lockdown versus consumer applications | Kim Cameron's Id Blog | |
| SpyPhone for iPhone | Kim Cameron's Id Blog | |
| Sorry Tomek, but I ?win? | Kim Cameron's Id Blog | |
| OASIS Open: Submission of requests for Reviews etc. | .Nat Zone | |
| Comments on the Google account problem | =Drummond | |
| The Incredible Internet Answer Machine #2 | =Drummond | |
| OAuth Wrap Mobile Web App Profile? | .Nat Zone | |
| The Incredible Internet Answer Machine | =Drummond | |
| Avatar ? Ahhhhhhhh | =Drummond | |
| More unintended consequences of browser leakage | Kim Cameron's Id Blog | |
| CX on OAuth WRAP | .Nat Zone | |
| Why is the Artifact 400 bytes? | .Nat Zone | |
| Minimal disclosure for browsers | Kim Cameron's Id Blog | |
| New EFF Research on Web Browser Tracking | Kim Cameron's Id Blog | |
| Fixing the Google Account problem | =Drummond | |
| Joe Andrieu Cuts the Gordian Data Ownership Knot | =Drummond | |
| Attribute Type URI and Script Type | .Nat Zone | |
| Essence of Contract Exchange | .Nat Zone | |
| Your Own Personal Piece of the Cloud | =Drummond | |
| The Age of Privacy is Over? | =Drummond | |
| OAuth Wrap Web App Profile Summary | .Nat Zone | |
| VRM Rising | =Drummond | |
| Will Norris on Identity and (Non-Recyclable) Identifiers | =Drummond | |
| Venn of Identity ? community understanding | ID Commons | |
| User-Centric Identity Evolution up to Nov 2008 | ID Commons | |
| Rethinking Identity on the Evolving Web | ID Commons | |
| Community Cannon: Identity Lexicon | ID Commons | |
| Identity Commons Logo | ID Commons | |
| The First Internet Identity Workshop | ID Commons | |
| The original identity gang | ID Commons | |
| OpenID Security Discussion | itickr.com | |
| OpenID Provider Selection Protocol? | .Nat Zone | |
| Sequence Diagram for Artifact Binding | .Nat Zone | |
| OpenID Process Change | .Nat Zone | |