User:Orcmid

Contents 1 Orcmid's IIW Hangout 2 Job Jar 3 =IIW 2007b Sessions 4 Earlier Material 4.1 Background 4.2 Interest at IIW 4.3 A Broader Concern 4.4 Thoughts on Protocol Components

Orcmid's IIW Hangout

Ah yes, well another page on which to create profile information. Hmph.

Well, the one observation I have to make right now is congratulations for getting the MediaWiki going for Identity Commons. Now I just have to figure out how to snake over my contributions from Windley's IIW Wiki and I can start to play in a stable environment again.

So, this OrcmidAgain fellow is not an imposter, just a different identity, but the very same persona? It's me again. Really. Hmm, maybe I can change my nickname to something more useful.

OrcmidAgain 12:47, 5 December 2007 (PST)

Job Jar

Things I want to do here:

1. Learn how to upload photographs directly to the Wiki. I might just link to my photos from earlier IIW events, for now. They are all up on Flickr.
2. Add something about the different Help Topics that I have in mind.
3. Jump start the resumption of Clippings
4. Add something beside Clippings, such as titles from Kaliya's library, other sources.
5. See what can be added to Project:Copyrights, which is not filled in by anyone but is in the standard template.
6. Recover something on sources of information on the MediWiki itself and Help on using this one.

=IIW 2007b Sessions

I'm keeping track and notetaking around these items:

• Usability without Rocket Science

• Proposed Usability Working Group

OrcmidAgain 12:55, 5 December 2007 (PST)

Earlier Material

I have managed to retrieve this from the earlier incarnation of IIW Wiki. I'm operating on trust that this is now the happenin' place.

Background

All there is about Dennis Hamilton and orcmid can be found at Orcmid's Lair.

Interest at IIW

My interest in identity, especially user-centric identity, is related to my interest in trustworthiness in open-system components. This ties into consideration of how attestations are conveyed, added to, and assessed. I was thinking with regard to attestations about software distributions, but it leads to a need to understand attestations generally and also an appreciation for how trust is not transitive.

I am also very keen about finding ways that users can understand and confirm the ways that internet identity works. I am interested especially in the kinds of conceptual models that allow users to be confident around identities that represent them (and othrs) in some way and also be vigilant when something is not quite right.

Those are the areas that I will be interested in the most as I look at the proposals and add anything of my own. I will also be bringing any ideas that fit from the previous weekend's MindCamp 2.0 experience.

I'm not quite sure how I fit in -- I need to do more homework on what's being done -- but I have placed some material, notes, and thoughts on these topics:

• The User Experience of User-Centric Identity for concepual models that work and are confirmable, all without getting in the ways of users and especially without encouraging careless (click to make it go away) behavior
• Getting Started as an essential concern around developing constructive and valuable user experiences
• ConceptualModels as they relate to all of it, with focus on understandabilty, clarity, and completeness (maybe via non-surprising drill-down)
• Reputation Framework for the relationship between reputation and assessment of reliability and veracity of attestations
• Standards (formats and protocols and practices) are importance, especially with regard to federation and disintermediation (e.g., P2P authentication protocols). I am concerned that the opaqueness of DIX material is more than a reflection of my own ignorance. I must read that draft through again, slowly.

Orcmid 10:39, 28 April 2006 (MDT)

A Broader Concern

I was reviewing the DIX materials looking for an understanding of exactly what the requirements and use cases are. The material creeps me out, and I notice a similar reaction to other materials on identity. I think what I am experiencing is apparent confusion between tools, methods, and their instrumental use in accomplishing some human purpose. It seems to me that we confuse the instrumental use with the purpose, and sometimes we see tools as solutions to problems without any effort to establish how that is the case.

Perhaps my difficulty is that I have come to reject the notion of artifacts and software as being the application or the solution. For me, the application is around opportunities for action in human space. The software and artifacts are not solutions, they are instruments that are (with luck) applicable and useful.

I see too many methods dealt with in the absence of a surrounding context of use and purpose. I find this to be a common limitation in the ways that use cases are often stated. Many characterize an activity from the perspective of looking inward to the system, without accounting for the over-arching purpose and achievement as seen by the parties involved and with regard to the activity they are engaged in that has the computer interaction as instrumental.

Finally, every time I read a list of supposed definitions of identity-related terms, I feel like I am left holding empty air. ("Identity information" is a perfect example.) I don't know if it is because of circularity or that the definitions are so abstracted that they are meaningless for me. This last is pretty funny, since I am regulary accused of operating at an abstraction level that is far removed from reality.

I hope that studying more and discussing more will alleviate these concerns/limitations on my appreciation of how identity is being treated in digital, distributed systems.

Orcmid 11:10, 28 April 2006 (MDT)

Thoughts on Protocol Components

I am, despite my concerns, very interested in this subject area. I'm pretty sure there is a pony in here. So I will do what I can to contribute clarity and to find a level of understanding that I can test, confirm, and convey in some useful way.

I am going to make one more observation based on the DIX materials (looking at the Use-Case draft). Many of the use cases are halves of protocols. We see an interaction, but it isn't the real interaction. It is only part of it. Without situating these in the end-to-end purposive case, the single-interaction cases are ungrounded. I think that is where I get the feeling of sterility. My friend Lance Myers has a great question that applies here: "What is the sound of one-half protocol clapping?" Ultimately, one does look at the ends of protocols, but what is happening is only meaningful in the context of the overall situation, and I think seeing that would make more sense.

This reminds me of two things to look for around protocols. Slicing a protocol and looking at the parts independently does not reveal the essential invariants that must be preserved by those delegates so that the desired aggregate behaviors including failure modes are achieved. The top level has to be available and held in view enough so that proper participation of the constituents can be inspected for and tested in terms of security and preservation of the overall essential invariants. Secondly, there must not be out-of-band understanding (or tacit knowledge) required for the supposed top level. (I suppose these are two aspects of the same thing.)

I think I'll examine what I find from that perspective. Now I must do more homework.

And finally, I have used my direct experience with OpenID and LID implementations and the DIX materials to sharpen my arrows. It is great that these materials and implementations are available. It gives us something concrete to test and improve. I want my observations to always be useful contributions. Please tell me when that is not the case.

Orcmid 11:33, 28 April 2006 (MDT)