From IIW

2008 Clippings

2008 January


2007 Clippings

This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.

2007 December


  • Malcolm Tredinnick: OpenID and Google's Blogger. Defying Classification (web log), 2007-12-27 (via Simon Willison). This is a very insightful observation about the difference between the OpenID URL, a delegated OpenID URL, and an alias, handle, user name, or nickname. What is interesting is that Malcolm saw what he expected in the preview of a comment, but not in the actual post, so we have a problem of system incoherence (an appropriate category for disconnects of this kind) and a little tyranny of the developer, perhaps?


  • Mike Jones: Firefox Information Card Add-On Collaboration. Mike Jones: Self-Issued (web log), 2007-12-15. This short post demonstrates the support for three different information card selectors in Firefox and how cooperation led to corrections to match recent Firefox changes. Mike also reaffirms that the recommended generic name is Information Card (as distinct from the Cardspace implementation) and also solicits feedback about that. (OrcmidAgain 11:30, 15 December 2007 (PST))
  • Lauren Weinstein: Google Knol vs. Wikipedia: Authors in the Sunlight. Lauren Weinstein's Blog, 2007-12-15. Commenting on the Google announcement of an encyclopedia effort with fully-attributed articles, this is an useful placeholder on the difficulties of authority via anonymity, the contrasts between privacy, anonymity, and reputation, and the cultural/social/psychological differences that figure into how and when anonymity is important.


  • Christopher Carfi: Getting Centered. (interview), The Social Customer Manifesto (web log), 2007-12-24. Videocast interview with Doc Searls. 'Key quote at 4:04: "We get along as independent and autonomous sovereign human beings in the physical world, and we need to bring that into the virtual world." ' (OrcmidAgain 11:50, 15 December 2007 (PST))


  • Andy Oram: Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4). O'Reilly Radar (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (OrcmidAgain 13:25, 14 December 2007 (PST))


  • Andy Dale: Social Graph Portability. The Tao of XDI (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI.
  • Nat Torkington: Outsourced Identity. O'Reilly Radar (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (OrcmidAgain 12:46, 12 December 2007 (PST))
  • Lauren Weinstein: Fears of ISP "Man in the Middle" Security Attacks. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.
  • Robin Wilton: The "Network of You" Event. Robin Wilton's Esoterica (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (OrcmidAgain 11:55, 13 December 2007 (PST))


  • Jenny Ambrozek: Yale Symposium on Reputation Economies 20071208. 21st Century Organization (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. Rather, it is the community in a social network that creates reputation." (OrcmidAgain 15:46, 12 December 2007 (PST))



  • Jason Kolb: More Web Centralization Problems., 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.



  • Stephen J. Dubner: Bruce Schneier Blazes Through Your Questions. (interview), Freakonomics (web log), Opinion section, The New York Times 2007-12-04 (2007-12-11 edition, via Bruce Schneier). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.


  • Mike Jones: Look ma! No passwords! Mike Jones: Self-Issued (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (OrcmidAgain 17:19, 12 December 2007 (PST))


  • Leah Culver: Oauth Tech Talk on, Leah Culver's Stupid Blog (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (Orcmid 11:16, 2 December 2007 (PST))
  • Dare Obasanjo: Facebook Beacon is Unfixable, Dare Obasanjo aka Carnage4Life (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices.
    • I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations.
    • I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (Orcmid 11:38, 2 December 2007 (PST))

2007 November


  • Robin Wilton: HMRC Breach -- Looking Ahead. Robin Wilton's Esoterica (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (Orcmid 12:28, 30 November 2007 (PST))


  • Eric: New Feature: OpenID Commenting. Blogger in Draft (web log), 2007-11-29 (via Johannes Ernst, Amit Agarwal and David Recordon [via Richard McManus via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (Orcmid 11:56, 30 November 2007 (PST))
  • Joshua Porter: Facebook's Growing Design Problem (and a Proposed Solution). Social Web Design (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of Peter Brantley's essay from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (Orcmid 11:59, 29 November 2007 (PST))
  • Jon Udell: CardSpace for the Rest of Us. Jon Udell (web log), 2007-11-28. Points to the tutorial from Kim Cameron on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((Orcmid 09:38, 29 November 2007 (PST)))


  • Peter Brantley: Digital Reading, Subpoenas, and Privacy. O'Reilly Radar (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (Orcmid 10:20, 29 November 2007 (PST))
  • Keith Brown: Display Tokens for Information Cards. Security Briefs (web log), Pluralsight, 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (Orcmid 13:02, 29 November 2007 (PST))
  • Jon Udell: Your Winnings, Sir. Jon Udell (web log), 2007-11-28. Borrowing a line from Casablanca, Jon discusses his life bits and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (Orcmid 11:05, 28 November 2007 (PST))


  • Kim Cameron: Ultimate Simplicity: 30 Lines of Code. Kim Cameron's Identity Weblog, 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.
  • Kim Cameron: Claims in the Self-Issued Information Cards Profile. Kim Cameron's Identity Weblog, 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (Orcmid 14:08, 30 November 2007 (PST))

2007 October


  • David Chappell: Digital Identity for .NET Applications: A Technology Overview. David Chappell's Weblog, 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (Orcmid 10:55, 30 November 2007 (PST))

2007 June


  • Michael Kaplan: Overheard Recently where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?


  • Kim Cameron: Long live minimal disclosure tokens!, responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.
  • Eric Norman: Collusion takes effort; how much? introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (Orcmid 17:46, 20 June 2007 (MDT))
  • Pat Patterson: Single Logout with SAML 2.0 and PHP, describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?


  • Kim Cameron: Colluding with yourself continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. Orcmid 13:45, 19 June 2007 (MDT)
  • Kim Cameron: Revealing patterns when there is no need to do so follows on the earlier discussion of collusion (while we are still on step #1 of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO Orcmid 13:45, 19 June 2007 (MDT)
  • Pat Patterson: SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.


  • Kim Cameron: Evolving technology for better privacy, the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.


  • Gina Trapani (Lifehacker): Shutdown - What To Do with your Yahoo! Photos and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? Orcmid 10:34, 15 June 2007 (MDT)
  • Jon Udell: Facebookizing the Web, Webifying Facebook, on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? Orcmid 11:36, 15 June 2007 (MDT)


  • Hubert A. Le Van Gong: OpenID @ Work - Architecture, providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? Orcmid 12:04, 15 June 2007 (MDT))
  • Robert Scoble: I Love Dawn ..., wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, Orcmid 11:01, 15 June 2007 (MDT)
  • Robert Scoble: Too Accessible, reflecting an identity+presence silo problem (check the comments)
  • Robert Scoble: Valleywag Offers Me a Job ... on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, Orcmid 11:01, 15 June 2007 (MDT)


  • Avi Bryant: Technorati Needs To Catch Up to Facebook, bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (Orcmid 11:45, 15 June 2007 (MDT))
  • Eric Norman: What Does an IdP Do? eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (Orcmid 17:56, 20 June 2007 (MDT))


  • Eric Norman: Horrible Human Engineering with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up — the big test is how rapidly repairs are made (Orcmid 18:11, 20 June 2007 (MDT))

2007 May


  • Eric Norman: OpenID as a Laboratory eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (Orcmid 18:15, 20 June 2007 (MDT))


  • Jon Udell: Hosted Lifebits. Jon Udell (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his 2007-11-28 post, "Your Winnings Sir." (Orcmid 11:15, 28 November 2007 (PST))

2007 March



  • Dave Winer: Preserving Ideas. Scripting News (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a life bits mechanism. (Orcmid 11:26, 28 November 2007 (PST))


  • Jon Udell: Critical Mass and Social Network Fatigue focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? Orcmid 11:45, 15 June 2007 (MDT)), with great discussion in the comments

2006 Clippings

2006 December


2006 October


  • Hubert A. Le Van Gong: Identity Federation overview and illustration of where one Circle of Trust shows up (Orcmid 12:29, 15 June 2007 (MDT))

2006 June