If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

JasonKolb.com: Content Leeches

There are two separate things I want to pick up on from Jason’s post. Firstly the suggestion of using WordPress is a good one and it should be easy enough to migrate from Typepad. I’m not sure how well it would cope with the change in permalinks either!

Secondly, the comment about being in control of one’s own identity is interesting in this case - a domain name can be lost, for instance (this is the biggest weakness with URL based identity), and even accounting for that, most people don’t have their own (or hosted) sites in this way - most people will NEED Identity Providers to do this for them. I think it’s easy for us to get lost in what is a small, insular world - whilst I might be http://pasquires.net it simply won’t do for the majority of the population who don’t see things in the same way.

Scripting News: 6/29/2006 - Identity and Trust

Dave Winer doesn’t normally talk much about Identity, but what he says rings true. Not only is Identity required for trust decisions, but one needs to know who to trust with an Identity (Who’s asking?). Dave is completely right that about Google and the lack of trust, but that won’t stop most people from using it. I already use PayPal (though not on a regular basis) and I wouldn’t consider eBay to be any more trustworthy than Google…

The comment regarding Google becoming the “Internet czar” inspires thoughts of distributed personal Identity systems, but frankly, as things stand I wouldn’t say that something like OpenId is ready for this kind of scenario - I’ll happily use it for authenticating against other blogs, or for certain sites, but I’d be extremely cautious about using my OpenId for access to any of my financial records - people don’t know enough to do it safely and securely (I’d include myself in that, for now). All this leads to the question - who can we trust?

Microsoft did screw it up with Hailstorm (I could say that their reputation has been tarnished, but wonder if I should mention that word ), but I’m hoping that the work of Kim Cameron will help change that (an Identity Metasystem would resolve some of the problems we face). Google likewise have trust issues amongst a great number of people - the thought of the amount of information they have aggregated about me is scary - email, searches, news reading (both in the traditional sense and NNTP), RSS feeds and potentially now financial data! Google, however are still the darling of the media (the launch of Google Checkout hit the major media outlets) and anything they do will gain traction amongst a great number of people.

I mentioned Verisign PIP previously - a company that people DO trust (generally - after all, how many SSL certs do you check?), but is using OpenId - this could be the best of both worlds. If some sort of strong/two-factor authentication can be applied to the PIP then this might be the way forward…

Interoperability of the different Identity platforms is still required - seeing how YADIS, Cardspace and Higgins all have parts to play in this will be very interesting.

One thing that is certain is that the more this gets discussed both within Identity circles and outside is that more progress will be made.

Addendum: It appears that Jason Kolb agrees.

I’ve decided to remove sxore from the site for authenticating comments. Instead I’ve put OpenID Comments on…

I liked sxore, but frankly I don’t think it’s serving the purpose for me that it should and there are a couple of problems with it - primarily that sxore is not a distributed system - it all relies on the homesite, which at the moment seems to have to be hosted by sxip. (Although, admittedly, Rohan Pinto has a sxore homesite demo up and running) which also contains the comments, &c. (I’d prefer to have everything for my site contained ON my site) . This combined with what I perceive to be a lack of traction are factors against it.

On the other hand, OpenId can be a truely distributed and open system - already there are a large number of Identity Providers using OpenId (I have one hosted with MyLid, plus Livejournal is already using it and significantly Verisign PIP is using OpenID), finally OpenId forms part of YADIS…

One of the cool things about OpenId for Wordpress is it also contains a built in OpenID server (snaky has done a fantastic job!), meaning that I can now host my own identity (or anyone else who has a wordpress account here for that matter!), demonstrating the distributed nature and notion of “personal” identity that is missing generally.

Signing off for the week. I’m going to Dublin. Hopefully I’ll be able to find somewhere friendly to watch the England match on Sunday!

Identity, Security & Me » Blog Archive » In the context of reputation

As Paul states, this came out of a discussion in the office (mostly the two of us, but occasionally dragging in our colleages!) based upon our individual thoughts on Phil’s and Dave’s posts. We didn’t entirely agree, which, I think, demonstrates what the problem is when talking about this, although I think we’ve reached common ground, which is neatly summarised by Paul.

The biggest issue facing us in discussion is that of semantics, I think. Dave’s terms of “context”, “persona” and “identity” (and even “reputation”) don’t always match to the way I’d describe things - as with other areas, maybe the first thing we need is a common ontology. Thus far, I’ve been using the word “aspect” to describe the “hat” that one wears (Paul’s example of “Work”) and context to descibe the changing situation that the aspect faces - again, borrowing Paul’s example, whether that identity-aspect is dealing with customers, or colleagues, and which also reflects a change in time. Identity is the combination of all aspects, which only the individual is truely aware of. I’m happy to bow to superior knowledge and experience in these matters, but I’m not sure we all agree on the things that need to be labelled.

There’s obviously an identity/person/individual, which has multiple aspects/personas/views/context/fragments. Each of these has a context (based on time/location) which has two components - one inward looking, and one outward facing - these are all controlled by the person themselves. The reputation is the external view of the outward-looking as seen by others, and based on the information they have, share and aggregate. One important point I wanted to get across was that of the reputation being weighted based upon one’s existing relationships (Paul’s example of the view of the Rt. Hon. Anthony Charles Lynton Blair MP) - obviously the aggregation of a large number of people will outweigh the view of one, even very close, contact.

Reputation does exist in a community and is created and owned by the community, but that whole reputation exists based on a single context, of a single aspect of a single identity.

Phil Windley’s Technometria | Principles of Reputation

An important post from Phil Windley on why reputation is important. Point four is especially vital - “Reputation is based on identity”, but all have value. As was said recently Identity management, in and of itself, is not the end-goal, but decisions about trust are made, based on identity information. Whether it be in the corporate space about whether a userid can access a file, in the P2P space such as eBay where one decides whether to partake in a trade based on the reputation of the seller/buyer or in the academic space where one determines how much to trust an article depending on the reputation of the author, all rely on knowing who the other party is. Finding ways to bring all these together whilst still allowing indentities to be aspected is the goal.

I’m a geek, and this isn’t some sort of AA like help group. Part of this is that I like to explore things, especially those that seem odd to other people. In my youth I played a lot of role-playing games (which is a pretty geeky thing to do), with their abundance of statistics, exploration of character (identity..?), heroic or anti-heroic themes and fantastic nature. To anyone under the age of thirty the concept of a group of friends getting together, rolling dice and writing on paper probably seems odd since the community of this particular hobby has been vastly reduced. However, there were some useful things to be learned from it - some mathematical (quickly, what is the probabilty of getting 15+ on three six sided dice?) and some more personal (how would my character respond in this situation?) - and there was a time when it was seen as “a good thing”. One of the main reasons for the hobby, as I knew it, being shunted aside was that, in an effort to gain more market share and compete against the instant gratification of computer games, RPGs were made more ever more simplistic, until the essence was gone. Some things are meant to be difficult.

All the good things require effort to do properly and the essence of geekyness is that learning to do something, practicing it, refining the method is the best bit - the result is kind of irrelevant. The traditional geeky disciplines are perfect examples of this - none more so than programming, but I remember spending hours attempting to squeeze the next 2k base memory and loading device drivers in higher memory for DOS. I didn’t need really need it (except for some games - I seem to recall that Tie Fighter was particularly bad!), but the challenge was in doing it anyway. Geeks don’t just mess with computers though and I don’t see much difference with the car-modding community (how much more BHP can be squeezed from the engine?). We’re all geeks but just express it in different ways. I know music geeks, football geeks, science geeks, book geeks, movie geeks and even alcohol geeks (how much of that wine in the cellar will you actually drink?) where accumulation of knowledge (or collecting examples) becomes more important than the subject itself.

One effect of the rise of Google and Wikipedia is that anyone can become an instant expert (OK, not completely, but people can be convincing). The work of geeks serves to devalue the nature of being a geek, but in some ways that’s the point as well - why shouldn’t everyone be a geek and share the joy? In the same way that one is expected to contribute to the knowledge, one can also take advantage of it. I find it fantastic - those things I’m not already well versed in, I can learn. This would not have been possible in any other era.

There’s a problem though… I keep meeting people who don’t take advantage of this. There are millions of people who have access to this information, but don’t use it and don’t learn from it. People who don’t even get the wrong information that abounds on Wikipedia and don’t even try. They’re not geeks. They’re the same people who don’t have books, never went to libraries. They don’t consume information. I’m not talking about the truely disadvantaged in the third world, or even the poor in the first world. It obviously doesn’t start in schools (although I think our education system discourages the geeky nature) so the fault must lie with parents (for a good look at how parenting translates into success for children, please read The Undercover Economist).

What we can do as geeks (I saw we since according to my access logs I have a reader and it’s not just bots from the search engines!) is take advantage of that. One thing I wanted to do is learn new things, learn about the links between the various disciplines and learn from other people. A blog seems to be a good way of doing just that - constructing one’s thoughts and presenting them to others is a great way of codifying and reinforcing them. I read other people’s work, literary and documentative in both printed and electronic format - both have advantages BTW - and combine those pieces of knowledge to improve my own awareness of things (which in turn improves my professional and personal lives). I’m using LibraryThing to see what other, similar people are reading on paper, but each time my own horizons are expanded the definition of “similar” also expands and the potential for the next expansion is that much greater (as with any network an extra node increases the overall value exponentially). I check the blog-rolls of the blogs I read and get recommendations from friends. My own rss reader has got more categories in now and I’m exposed to a greater variety of subject on a daily basis.

I recently finished The Psychopath’s Bible: For the Extreme Individual and was suprised at the end to discover a list of “courses” including a number of recommended books, on a variety of subjects including logic, socio-economics, history, statistics, business, negotiations and many others. Looking through my recent purchases I noticed a definite overlap (in subject matter, if not necessarily title) to the recommendations in that book! I’m inadvertantly taking the psychopath’s course! Of course, some books have been taken as future purchases…

There’s always been some suspicion of geeks, from the original philosophers, to the natural philosophers and alchemists, to the chemists and physicists who shaped our world. More recently there’s a mysticism and associated suspicion of hackers (including the mis-labelling), who can perform magic with technology beyond the ken of the layman, who will help shape our world in the coming years.

Maybe there’s not that much difference between a geek and a psychopath after all…

The Virtual Quill

Dave Kearns following up a post from Kim Cameron, which is more on the compartmentilisation of identity debate that has been going on for a while. I know I’m late picking up on this (again), but I’m busy

Even without the proliferation of social networking sites such as Facebook and MySpace, this is something that was always likely to come more to the forefront of recruiting practices. When looking at a CV (or resumé, for those on the wrong side of the Atlantic) one of the first things I do is a quick google check - it’s always interesting to find out more about a potential employee, already the way that useNET posts are so available has had an impact on this (the guy who had posted in alt.sex.bondage a few years previously asking for the location of “clubs” in the area that he’d attended university raised a few eyebrows), but most of the time this is relatively good natured and not really any different from gossip about a new colleague (for instance, one whom had previously worked with an existing one and had “strange” hobbies - such as radio transmitter spotting - hi, Richard!). Checking the web is merely an extension of this… It wouldn’t take long for someone to build up a pretty good profile of me just with information found through Google (I’ve also had a bad experience of this from one particular site I have an account on).

What we have now is a situation where people (kids) are actively publishing their personal exploits in public and whilst there’s going to be a certain overlap between identities, what needs to be realised is that the aspect of an identity on show is static in time - the same identity, even in similar situations, will differ over time - In the long term we call this growing up, or gaining experience. There’s definitely a fine line to be drawn in how this should be approached. On on hand it is a virtual world, but an employer should do as much research as possible to avoid future liability. This can actually be used to one’s own advantage, which is why a site such as Linkedin is popular - actively exploiting this approach and allowing someone to check out one’s connections (thus identity and reputation).

Whilst many of us do have compartmentalised identity aspects, in most cases there will be overlaps and, as was previously mentioned, there are only a limited number of steps between people. If there are only 6 steps between any two people, it must be true that there are only 6 steps between two aspects of a single person’s identity (which might suggest that there’s only three steps to someone who is common to both!).

One problem with any solution to this, is that even with a pseudonymous identity online for each aspect, there will be things that tie those together - simple facts will do that. How many people are called Paul, live in this area, have a blog and work in the identity space? It’s a deliberately bad example since I work with another, but the fact remains that whenever people reveal any aspect of themselves it will, somehow, be traced back to another aspect of them - if not by employers, then by someone. I don’t honestly believe that there’s any way to avoid this at the moment and will take a generational change for something to be resolved.

IdentityStuff: Trust is the Root of…

I’ve mentioned this before, but there is a strong link between the maturing identity space and trust, as a human concept. There are a couple of points that Mark makes that I want to address…

I’m not sure if there is a difference between RL and online when it comes to trust, but we’ve evolved tools to establish, reliably and quickly, whether we can trust an unknown subject and those tools simply don’t translate to our online habits (the same is partially true for protecting children), which is why we need software tools to help establish those relationships. The changing nature of online personas from pseudonymous “fantasy-fulfilling” figures to well-grounded and established “identities” reflects the change in the Internet itself from a toy to a serious tool.

One final thing is that one of the biggest drivers behind Identity Management as a corporate technology is that of regulatory compliance (Sabanes Oxley et al) which requires the element of control and CYA that Mark laments. There’s potentially a strain between the different identity-aspects of an individual, especially if the corporate crowd are attempting to control aspects that potentially overlap with personal ones where corporate data could potentially leak to the outside world (which is, or at least should be, one of the core functions of information security).

Yesterday I was watching breakfast TV as usual when the story about forcing homes to be rated for energy efficiency ran. After a fairly inept performance from the housing minister (Seriously, when was the last time any member of the Labour party actually said something that ANYBODY agreed with?) left me shouting at the TV I started thinking about the problems with the housing market generally.

The whole energy rating fiasco will help contribute to the problems faced by everyone attempting to buy or sell a house since it will be included in this ridiculous “seller’s pack” that seems designed to provide more work for surveyors and estate agents (along with, now, insulation salesmen). We have a very well established system of conveyancing in this country, which works well (by and large), but is creaking in the face of modern life with its increased labour mobility. However, and this is something that the Government should take account of - just because something is old it doesn’t mean that it’s no good (this is a valuable lesson I’ve picked up from both my training in law and my work in IT - if anyone thinks that IT is all about “newness” then try looking at encryption algorithms where the best are always those that have been used and reviewed).

As far as I can tell, the problems with the housing market are thus -

• Buyers require an incredible amount of information about the property (due to large sums involved).
• The time taken between agreeing a sale and actually exchanging is unacceptable, leading to additional costs
• The costs of actually performing the sale are too high
• Chains can break down, leading to the loss of other sales due to no fault of the parties directly involved
• First time buyers are unable to get on the property ladder due to excessive prices generally
• Key personnel (teachers, nurses &c.) are unable to get housing in certain areas such as London
• Many homes in rural areas are purchased as secondary/weekend homes by city-dwellers, pricing locals out of the market

The “Information Pack” is intended to remove the problem of information discrepancy (ie, the seller has 100% knowledge, the buyer has 0%) which I think is the key problem that needs to be solved. One thing that seems to be overlooked in producing this is why this happens and why the buyer needs quite so much detail about the property they are buying.

Most of the requirements on information that a house buyer needs are not necessarily required by the buyer himself, but by his mortgagee, who needs to ensure that they are taking adequate security against the loan. Will the mortgagee be forced to follow the information that the seller has provided? Where will liability rest should any mistakes (or fraud!) be committed?

I recently finished the book “The Undercover Economist” in which Tim Harford discusses the problem of buying and selling used cars - where the primary problem is one of an information discrepancy which causes a loss to both parties and it’s worth reading the book for the explanation behind this (the rest of it is eye-opening as well!). The way that this information gap has been resolved is that sellers of cars have become more trustworthy, thus reducing the need for a buyer to have quite as much information - fewer second hand cars are sold privately and more by established organisations. The buyer has more confidence as a result - should something go wrong the car can be returned (an organisation with larger premises and more stock is more likely to be there in future - as Harford explains, this is the reason that banks have impressive buildings themselves) and therefore the buyer doesn’t need as much information in advance.

My solution to the housing market problems is to take the same approach - instead of buying from a private person through an intermediary (who takes a cut of the money and creating imperfections in the market (interestingly, another book, “Freakonomics: A Rogue Economist Explores the Hidden Side of Everything” discusses how real-estate agents take advantage of their own knowledge of the markets, without always getting the best deal for the seller)) a buyer could buy from an established organisation who takes on more of the risk of the sale. The first step to introducing this would be to remove the notion of “stamp duty” on property and allow property sales to be tax free, in themselves (although obviously profits would be taxed).

What I forsee is a housing market where an individual sells his property to a large organisation (likely to be a bank, or house-builder) and is then free to purchase any other property he wants. The organisation then can do what it wishes with the property (within planning laws) and most likely sell it (or rent it) to another individual (obviously some profit would be involved). Once this happens though, the selling organisation becomes responsible for flaws (under standard consumer protection laws). The result is, almost immediately, that the housing chain is broken and the information discrepancy problem is removed. Costs and timescales of performing the sale will also fall - especially if the organisation selling the house is also the one lending the money (this is also the way that car sales work).

One final thing that would solve most of the other perceived problems with the current housing market is if the Government itself had a semi-autonomous organisation participating in this process - there could be limits set against this and specific goals to be achieved (extra help for first time buyers, extra help for teachers in certain locations &c.).

There are issues with such a system, of course, and one that I can see immediately is that it may encourage a “land grab” by a few large organisations - instead of reselling the properties to individuals they would keep them in stock or as an investment. There are ways to avoid this (I’d prefer not legislating against it) but it would only happen if the increasing value of property was larger than the returns to be made by selling (plus mortgage interest of course) or renting - of course the cost of maintaining property plus the associated annual taxes (council tax could be levied against the OWNER of a property) would help in this.

I’m sure there are other flaws with such a plan which will occur to me later… In the meantime, comments?