Friday, September 30, 2005


Well, it happened. I started getting comment spam. I'm going to turn off the comments and just use my i-name and contact page. That's life.

Do you know Dick?

So, I finally got around to watching the movie that Dick Hardt made of his OSCON presentation. It’s very cool. I agree with almost every word he says. Of course, the devil is in the details. My opinion of the relative merits of the various protocols and standards that he mentions, I will save for another day, but I do want to disabuse you, the reader of this post, of one incorrect statement that Dick makes in his presentation;

XDI and XRI, have a very simple and open (OASIS based) APIs that include no specific transport binding specification. However, the current implementations (Java, .net and I believe, python) are all SOAP bound for a matter of convenience (and as a matter of practicality for the uses for which these efforts have been implemented). So, to state that they don’t “do web services’ is just plain wrong. (Other implementations that are bound to http and tcp will be coming soon for your personal identity service, but that’s for another post)

So, if you do know Dick….. please let him know. ( of course, I may have misunderstood what he was saying, in which case let me know).

Thursday, September 29, 2005

Digital Birth Control

It is an oft asked question; “how do we keep the bad guys out?” Out of our pristine identity meta-system that is.

One of the answers that concern me is that the ‘point of friction’ should be when acquiring a name. Before a community gives you a name, they should check if you are a good guy. If you prove to be a bad guy then it’s the provider of the name that must take action to fix the situation. I think this is a bad solution. I think that the same friction that will keep the bad guys out will also keep the good guys out, I think there would be privacy issues and I think that this would put an undue and unreasonable burden on the providers of names. Name providers can’t be running background checks and arbitration boards to adjudicate accusations of malfeasance.

So, how do we ‘keep them out’? We don’t. We just don’t transact with them, neither socially or financially. It’s all about reputation.

I have never stated a law before, and I’m sure someone has stated this before, but here we go, =andy’s first law:

The value of a transaction between 2 parties should never be greater than the reputational collateral exposed by either party.

I expect people that I interact with to have, and to expose, some history. That exposure only need be as great as the value of the transaction that they want to engage in with me. If they want to send me a message, show me that you have a good messaging reputation. If you want to sell me something, I don’t care if you spam or not, show me that you have delivered goods, in good condition, in the past. If you haven’t sold anything in the past, show me that you have a good messaging reputation and a good blog comment reputation and show me a third party asserted mailing address and… good enough, I’ll buy it.

So the bad guy comes along and he’s going to stand out like a sore thumb because he can’t show any history. I am obviously going transact with him with suspicion and care.

But, I hear you cry, how does a newbie gain respect in this virtual society? Well, there is special services setup for just that eventuality. Places, like Opinity, that will validate your email address with a human test, or enable you to expose your Ebay reputation to another context ( and trust that it is really your Ebay reputation). These trusted purveyors of reputation will give you, not only the ability to bootstrap your reputation, but a place to build it and manage it’s exposure.

And finally, it doesn’t all have to be good. I would accept a message from someone that has interacted with 50 people but had bad reports from 2 of them long before I would accept a message from someone that presents no history. Real people have good days and bad days, they make mistakes, they go out on a limb. Real people should have rich complex histories and reputations. The bad guys will not, they will either have no reputation or it will be flat and weird because they found a way to hack some part of the system to boost one aspect of their reputation.

It is vital that we have a rich, distributed, network of reputation that works in many different ways because, coming back to =andy’s first law, the investment in gaming ALL of the systems would be so great that it wouldn’t be worth blowing it on a any single transaction that is worth less than the initial investment anyway.

Friday, September 09, 2005

New DataWeb Service

This is not exactly an XDI post but it touches on XDI and is all about identity and data sharing so I don’t feel too bad. One of the reasons I have been so quiet over the last couple of months is because I have been building business plans and strategies rather than thinking about core XDI architecture. The result of all this planning is DataTao.

DataTao (a working name) is going to be an interoperable data hub for user controlled data. DataTao is primarily about programmatic access to an individual’s data and only has as much UI as is needed to richly support its base functionality. I often use an analogy of Windows Explorer or Mac Finder; Apps that run on your computer depend on an underlying persistence layer (the file system) to work. The new generation of ICA (Identity Centric Architecture) based web apps will be dependant on the DataWeb for their underlying data persistence. DataTao will be the first DataWeb Explorer.

So why do I call it an ‘interoperable’ data hub? That’s because DataTao is designed to act as a bridge between many of the current identity protocols. While DataTao will provide storage for people that don’t have their data stored and available from elsewhere, its main purpose is to consume and forward data from its authoritative source(s). DataTao publishes your information, based on your permission settings, to all of the supported protocols. If you have a dataTao account you will be able to go to an XDI enabled site and have it establish a link contract for transparent data sharing. You will be able to go to a SXIP Network enabled Membersite and dataTao will act as your Homesite. You can visit a LID or OpenID enabled site and DataTao will provide the relevant interfaces for authentication.

If you have a LID, a SXIP Homesite, a public LDAP server or an XDI data service and you get a DataTao account you will be able to get the advantages of having all of them while still maintaining your data only at the one place that you already did. If you already have multiple places that your identity is published you can use DataTao to consolidate your identity into one virtual profile and manage who sees what from a single point.

It is my opinion that DataTao is a necessary and required next step in the evolution of the DataWeb. While DataTao by itself is NOT a compelling application it is a needed piece of infrastructure. It will hopefully encourage and enable people to build internet 2.0 applications and maximize the leverage of those already built. SXIP membersites will suddenly have a market not just of people with SXIP homesites but anyone with a LID or an i-name or an open LDAP service.

In order to drive adoption DataTao will provide some Apps that use the DataWeb for persistence in conjunction with the DataTao launch. These apps have not been finalized yet but will likely include Exchange and Mac Mail integration (Self updating address books) as well as a rich interface for person to person profile information sharing (i-share).

Despite the fact that the true value of DataTao is in the infrastructure piece that it puts in place, it is likely that all of the marketing that you see will be about the apps or the widgets that we deploy. But you, the tech savvy reader will know what it’s really about.

DataTao will be a free service that will have its public launch early in 2006.