I wrote about Turn It In two years ago. It has an incredibly strong business model. They collect homework and match it against their database for plagerism.

Rumor reached me today that my local public high school is pressuring some segments of the student body to use the system.

TurnItIn is privately held. Go ahead, think about it. Who would be the most frightening owner.

“As we continue to develop our business, we might sell or buy businesses or assets, or Turnitin might be acquired by another company. In any of those circumstances, personal information in our databases may be included among the transferred assets.” Who would want to buy it?

“We reserve the right to make changes to this Privacy Pledge at any time.” Looks like they are keeping their options open.

If you want to see the interesting activity in the online identity and privacy industry the things to watch are the weak: prisoners, students, animals, products.

Stefan Brands put forward a Strong Principle:

FIRST DESIGN PRINCIPLE: The technical architecture of an identity system should minimize the changes it causes to the legacy trust landscape among all system participants.

This core design principle manifests itself in three rules of thumb:

• For pre-existing parties that are hooked up by a distributed identity management system, pre-existing trust relations should be preserved as much as possible.
• The introduction of new parties in the identity management architecture (such as transaction “facilitators”) should be avoided.
• To the extent that the introduction of new parties cannot be avoided, the shift of power towards them should be minimized.

It is rare to see people working in this design space tackle in a straight forward manner how the design is going to shape the resulting markets. In this case the outcomes will effect the very nature of the social world we live in. I’m very impressed and pleased.

He goes on to say something about Liberty’s “circle of trust” design. That the the identity provider acts as the hub or center of a circle of trust and is therefor likely to gain disproportionate amounts of power. I’m not entirely convinced is true. It doesn’t matter if I’m right. The example he gives is important. It helps the reader to think thru the dynamics of what the designs here must work to achieve. In this case his concern is that the designs must attempt to avoid encouraging power to concentrate.

In that spirit let me try and sketch out how I thinks Liberty works on this problem. The intent, on the one hand, is that a circle of trust defines a business/legal/social contract that the activities inside it can depend upon. The circle is the rules of the game in that circle. One circle might encourage casual sharing/authentication/etc. while another might have very severe rules about that stuff. There is a power game in that. Who writes the rules? Protocol design can go so far to temper that.

The Liberty protocols attempt to provide tools to temper the power of the identity provider. You can have many id providers in a circle, so they aren’t the center. Care was taken to assure that the id provider is a lightly involved in any introduction, directory service, session, or transaction as possible. For example the identity provider id not the provider of directories used to help a site find a source for this or that information about a user.

None of that says what will happen in real world systems. There are some very strong forces in play that lead toward identity providers becoming a powerful role in the resulting systems; but the design attempts to avoid that.

Why have an identity provider at all is an interesting subplot in the design space. Legitimacy claims demand ties to other actors. Presenting you drivers license, for example, ties your claim about who you are to a state licensing bureaucracy. The identity provider fills a similar role. How often he needs to be involved in the transaction stream and how he is entangled with the infrastructure are key questions. If you accept that the solution to the network identity problem must work on the existing installed base then you end up with HTTP redirects bouncing off an identity provider from time to time.

It appears that I’ve laid a bit of a trap here. That wasn’t my intention but let me point it out. You might not like the way the state becomes the foundation to legitimizing most authentication. (For example I can’t open a business banking account without a license from the townk, and the town won’t give me that license without reference to my drivers license, etc.) You might have numerous valid critiques you’d make about how the state goes about fulfilling that role. For example that my drivers license has a block of 3d barcoded data that I think ought to be treated with more respect but it gleaned casually by some bars to update their customer mailing lists.

So what does it mean to say “minimize the changes it causes to the legacy trust landscape” does that mean we aren’t trying to change the behavior of the installed base. Of course not. What it means is that you have to have a very high tolerance for working with the existing installed base. Presumably there is a complementary design principle that demands that the design encourages a search and enables the build out, of better systems thru out the installed base.

This acceptance and enabling are together what makes standardization in general and the identity problem in particular so fascinating. You must accept the role of the state (as authenticator of last resort), the bogus (from the point of view of authentication, security, and privacy) nature of the existing installed base. Failure to embrace that only means your not going to achieve adoption. Failure to appreciate it means you’ll wake up at some late point to discover that very powerful vested interests have squashed you.

You must enable a rich search for better solutions and their deployment when we find them. Because the legacy trust landscape wants to be moved.

Bruce Schneier writes about his desire to let go of the tarbaby.

Months have passed, and I no longer want an ongoing relationship with the e-commerce site. I don’t want a username and password. I don’t want them to have my credit-card number on file. I’ve received my purchase, I’m happy, and I’m done. — …more

This is one of the design problems in the identity space I find most puzzling. The business forces are reasonably straight forward; the commercial firm’s valuation is dependent on the # of relationships it “owns.” That creates a powerful incentive for the firm to create sticky relationships and then a powerful incentive for it to work those relationships over time.

The relationships are a problem because they create risks. For example after a few years, when it becomes obvious your never coming back to do more business, the firm is sorely tempted to try some spamming action to garner some value out of the relationship. I had AT&T credit card, for example, that I stopped using. As each year would pass they would try more and more obnoxious ways of capturing some value out of the relationship. Finally they started calling me and trying to sell me life insurance! They had sold my name to some telemarketing life insurance company along with permission for that company to calm they were “AT&T”.

Bruce talks about the risk that something bad will happen with the account.

Near as I can tell, the username and password I typed into that e-commerce site puts my credit card at risk until it expires. If the e-commerce site uses a system that debits amounts from my checking account whenever I place an order, I could be at risk forever. (The US has legal liability limits, but they’re not that useful. According to Regulation E, the electronic transfers regulation, a fraudulent transaction must be reported within two days to cap liability at US$50; within 60 days, it’s capped at $500. Beyond that, you’re out of luck.)

I don’t think that’s exactly right. I believe that the credit card consumer protections (at least currently in the US) are somewhat stronger than the electronic transfer ones. On the other hand the debit card rules aren’t.

But, consumer protection is the right stick to hit this problem with. I can not see any way the market forces are going to resolve this problem.

The problem is that a relationship creates some rights to hold data and do stuff with that data. For example the right to send me email announcing that something I ordered has been shipped. The right to retain my shipping address so they can expedite future sales. These rights of data retention and action need to decay. Traditionally mother nature saw to it that they would decay, but no more. Technology tends to do the inverse. The data doesn’t tend to decay, it tends to spread. These organizations don’t forget, they gossip.

Large relationship aggregators need to be brought to heel. It is not in their localized best interest for that to happen. The only player in the game with the power to do that are governments.

Oh wait! I forgot I’m supposed to make this a law: “Let go, damn it!”

The spidering robots hired a middleman! Compare Technorati’s robots.txt v.s. robots.txt at del.icious. But at this point much of del.icio.us is revealed at Technorati.

Interesting example of privacy policy v.s. API.

Martin Geddes in a posting full of good old fashion whinging mentions an idea I found fascinating.

For an example of what presence in 2015 might look like, I’m sure there’s a ton of money in enabling people to feel the “presence” of a celebrity. How much would some people pay to see a real-time feed of Britney’s wristwatch heart-rate monitor? You don’t think this would happen? Just wait! You’ll pay to see a fuzzed-up image and scrambled sound of your idol’s kitchen, just to know they’re there and reachable. Privacy is a fungible commodity for sale.

It reminded me of the told me by the industrial designer about how trivial it was to recruit volunteers who’d allow them to place video cameras in their bathrooms in support of a study on how people shower. What with a half dozen IM systems, and RSS/Atom feeds from delicious, flickr, pubsub, and possibly a blog or two my celebrity monitoring I got past the fuzzed-up image of the kitchen a while ago.

Kim Cameron’s Laws of identity reminded me to two things. First it reminded by of the This American Life episode on superpowers. One of the segments in that episode involves asking people which superpower they would pick: invisibility or flying. That implodes into a discussion of what the choice tells you about the person. My frivolous brain then meandered into thinking what superpower would I pick if I wanted to solve the identity problem; since Kim took “maker of laws”; I think I might pick “shaper of markets.”

The reason the Passport stumbled was that Microsoft hadn’t admitted that the shape of market power in their industry had changed. Prior to the Passport experience nobody in their “ecology” had aggregated enough market share (and in this case we are speaking of share of the identity market) to both care and decline to their leadership. Prior to that time frame Microsoft, on their bad days, could keep the puppies living in their ecology “chasing tail lights”.

Three things, at least, changed in the shape of their market. First the scope of the market blew wide open. For example, the Internet market included all the telephone companies. In the ecology metaphore Microsoft wasn’t king the forest anymore. Second the internet had already created a huge bloom of new players. Some of those were already really large; e.g. Yahoo, AOL, Amazon, eBay, etc. etc. Of those only eBay chose to follow Microsoft’s leadership. The third: Identity is critical to the business models of some of the players.

Notice we don’t even need to mention that the anti-trust case had revealed publiclly that Microsoft was capable of being a vicious monopolist when it’s market position was threatened.

Kim recently said that Passport failed because it broke one of his design constraints, i.e. that identity architecture will be more stable it’s designed to assure that the fewest parties are involved. Sure, that’s a great design constraint, but not because it’s makes the standard more stable in the long run. Aboslutely not. In fact it’s probably much less stable in the long run. Consider eBay; eBay is a very very stable business architecture; because it inserts a nominally unnecessary party – a middleman – into every single transaction.

That constraint is desirable because it makes your offering less threatening. It accelerates adoption, it isn’t a long term stabilizing force it’s a short term driver of growth. The kind of thing firms often, intentionally or not, use to stage a bait and switch. Meanwhile, have you noticed that the email announcing you
have made a purchse at eBay now includes a link that hands you off to Paypal thru DoubleClick! Have I mentioned that DoubleClick is the real leader in identity systems? Talk about unnecessary third parties!

To say Passport failed because it broke that constraint is all well and good but it’s a diversion. It would be a hell of a lot more straight forward to say that Passport failed because it fundamentally threatened the customers’ businesses and Microsoft lacked the market power to get away with that.

Ok, enough on the shape of markets.

The second thing the use of the word “laws” reminded me of was the drawing on the right (from here).
What level on that ladder is the identity problem going to get solved
at? Where is Microsoft playing?

We get a hint from the use of the term “laws” rather than say “first draft design constraints.” When the software industry was defined by the desktop Microsoft could thrive as a business on the lowest rungs of that ladder. It would Consult – but at arms length thru market research or ad-hoc conversations at developer conferences. Placation was a job for PR. Partnership was an occasional activity to be engaged in with Intel, IBM, possibly Apple or Sony. The bottom three rungs where the job, for example, of the developer network.

Mostly they just used Manipulation. “Chasing tail lights.” “Cutting
off air supply.”

Marc Canter wrote recently that solving the Identity problem is 98% political. Absolutely. But, damn it, for the vast majority of the leaders in this industry politics means Nixon, Vietnam and not the New Deal and the Second World War. Many of them model the industry as small startups that ripped power from big firms and handed it over to small players. All that enabled by the PC and Moore’s law.

These folks the word politics is right up there with necrophilia on the list of ethical activities. It’s not an attitude that make it easy to work constructively on the top rungs of that ladder. Notice, the guy that drew that ladder couldn’t bring himself to label the top rungs “politics.”

The bag of of governance models for working on political problems is huge. For example, the standards process around Atom is a very modern one. I do not believe that Microsoft knows how to work at these levels constructively; 25 years of habit aren’t easily changed. I do not see any sign they have made significant progress in learning how since the Hailstorm debacle. I don’t think they even know what kind of debacle Hailstorm was. Look at how hard they fought to keep Sun out of WS. They only let Sun is as part of buying them out.

If you want to think seriously about working at that higher levels on that chart there are two groups trying to do that. WS and Liberty. (Disclaimer: I was involved in Liberty, but then I’ve also taken money from other players in this market.) It appears to me that only Liberty is actually trying to work on the political problem of solving the identity puzzle. Much higher on that ladder than any other group, by far. Not high enough; but much higher.

I haven’t posted about identity for a long time; no particular reason.

But if you are a participant in the evolving standard’s war around identity you must carefully listen to this Gilmore Gang session!

The rest of this post really makes zero sense if your not intimate with the strategic landscape of this standards war and you have listened to the tape.

The most important thing here in is that if you carefully listen you can see the outlines of Microsoft’s next offensive in this war. As usual you need to look hard thru the fog of war. Amazingly if you listen carefully I think I heard the rumble of trusted computing! But, their back!

It’s particularly worth modeling very carefully what Dave Winer is thinking thru out the call, particularly when he wasn’t speaking! Man he’s smart! People forget that.

It is notable that Kim’s shy nature evaporates suddenly when the going gets rough.

Shocking that it appears that Kim honestly seems to be totally unaware of how much violence Microsoft did to the internet community in the 1990s. If Kim, in the role he’s got, doesn’t know then nobody at Microsoft knows. Unbelievable.

There is a very amusing conversation about trust; almost operatic in nature. One part of the chorus singing about the issue of trusting the parties trying to set standards while the other part of the chorus is singing about trusting the validity of the library card presented upon borrowing books. It’s as if the two chorus, singing at the same time, have no idea the other guys are singing about a different topic.

There is an amazingly lame round to attempting to demand concessions from various people – as if that is a constructive way to get anywhere at the beginning of a negotiation. But in the midst of it the PingId guy makes clear that he just doesn’t care about the protocols that he’s in the market to broker federation deals. Nobody hears him; at least I don’t think anybody heard him. They also didn’t hear when he made it clear that he’s nominally in the Liberty Alliance camp because that’s were they believe the momentum is; that’s quite an endorsement given that the same bunch of guys run Digital ID world.

I was totally pleased that Doc Searls asked about momentum. That is always the question to ask about emerging standards. Where is the momentum going to break out? It’s sad that nobody was able to be clear. Momentum comes from boots on the ground, nothing else! Instead they talked about electing Microsoft king, or maybe Kim or Dick Hardt as leader. Well they didn’t quite put it that way; but that’s what they were thinking!

I ought to have mentioned this a long time ago, but if your interested in the deep puzzle of identity in our Internet era you’ll be greatly rewarded by reading Kim Cameron’s Identity Weblog. It just marvelous. This is a very tough design problem and even f I don’t entirely agree with them all it helps to have very smart diverse minds working on it.