https://iiw.idcommons.net/api.php?action=feedcontributions&feedformat=atom&user=OrcmidAgainIIW - User contributions [en]2026-06-13T04:17:04ZUser contributionsMediaWiki 1.31.6https://iiw.idcommons.net/index.php?title=Clippings&diff=420Clippings2008-01-08T22:09:05Z<p>OrcmidAgain: /* 2008-01-07 */ Marshall Kirkpatric and Simon Willison</p>
<hr />
<div>=2008 Clippings=<br />
<br />
==2008 January==<br />
<br />
===2008-01-07===<br />
<br />
:*Marshall Kirkpatrick: [http://www.readwriteweb.com/archives/flickr_to_authenticate_openid.php Flickr to Authenticate OpenID - Is This the Yahoo! CES Announcement?]. (web log) ''Read Write Web'', 2008-01-07 (via [http://simonwillison.net/2008/Jan/7/flickr/ Simon Willison]). This is the initial indication that Yahoo! and Flickr are moving toward use of OpenID in some fashion.<br />
<br />
:*Simon Willison: [http://simonwillison.net/2008/Jan/7/projection/ Yahoo!, Flickr, OpenID and Identity Projection]. ''Simon Willison's Weblog'', 2008-01-07. I'm not exactly clear what is supposed to be going on here. I think it is important to pay attention. (''[[User:OrcmidAgain|OrcmidAgain]] 14:09, 8 January 2008 (PST)'')<br />
<br />
=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-30===<br />
<br />
:*Malcolm Tredinnick: [http://www.pointy-stick.com/blog/2007/12/27/openid-and-googles-blogger/ OpenID and Google's Blogger]. ''Defying Classification'' (web log), 2007-12-27 (via [http://simonwillison.net/2007/Dec/30/defying/ Simon Willison]). This is a very insightful observation about the difference between the OpenID URL, a delegated OpenID URL, and an alias, handle, user name, or nickname. What is interesting is that Malcolm saw what he expected in the preview of a comment, but not in the actual post, so we have a problem of system incoherence (an appropriate category for disconnects of this kind) and a little tyranny of the developer, perhaps?<br />
<br />
===2007-12-15===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=49 Firefox Information Card Add-On Collaboration]. ''Mike Jones: Self-Issued'' (web log), 2007-12-15. This short post demonstrates the support for three different information card selectors in Firefox and how cooperation led to corrections to match recent Firefox changes. Mike also reaffirms that the recommended generic name is Information Card (as distinct from the Cardspace implementation) and also solicits feedback about that. (''[[User:OrcmidAgain|OrcmidAgain]] 11:30, 15 December 2007 (PST)'')<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher_1.html Reputation: Where the Personal and the Participatory Meet Up (part 2 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-15. Review of [[#2007-12-13|part 1]] and its comments is recommended. This piece addresses some problems of assymetry around others knowing more about us than we know about them as well as some regulatory difficulties. <br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000343.html Google Knol vs. Wikipedia: Authors in the Sunlight]. ''Lauren Weinstein's Blog'', 2007-12-15. Commenting on the Google announcement of an encyclopedia effort with fully-attributed articles, this is an useful placeholder on the difficulties of authority via anonymity, the contrasts between privacy, anonymity, and reputation, and the cultural/social/psychological differences that figure into how and when anonymity is important.<br />
<br />
===2007-12-14===<br />
<br />
:*Christopher Carfi: [http://www.socialcustomer.com/2007/12/you-are-the-poi.html Getting Centered]. (interview), ''The Social Customer Manifesto'' (web log), 2007-12-24. Videocast interview with Doc Searls. 'Key quote at 4:04: "We get along as independent and autonomous sovereign human beings in the physical world, and we need to bring that into the virtual world." ' (''[[User:OrcmidAgain|OrcmidAgain]] 11:50, 15 December 2007 (PST)'')<br />
<br />
===2007-12-13===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher.html Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (''[[User:OrcmidAgain|OrcmidAgain]] 13:25, 14 December 2007 (PST)'')<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=419Clippings2008-01-08T21:49:42Z<p>OrcmidAgain: </p>
<hr />
<div>=2008 Clippings=<br />
<br />
==2008 January==<br />
<br />
<br />
=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-30===<br />
<br />
:*Malcolm Tredinnick: [http://www.pointy-stick.com/blog/2007/12/27/openid-and-googles-blogger/ OpenID and Google's Blogger]. ''Defying Classification'' (web log), 2007-12-27 (via [http://simonwillison.net/2007/Dec/30/defying/ Simon Willison]). This is a very insightful observation about the difference between the OpenID URL, a delegated OpenID URL, and an alias, handle, user name, or nickname. What is interesting is that Malcolm saw what he expected in the preview of a comment, but not in the actual post, so we have a problem of system incoherence (an appropriate category for disconnects of this kind) and a little tyranny of the developer, perhaps?<br />
<br />
===2007-12-15===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=49 Firefox Information Card Add-On Collaboration]. ''Mike Jones: Self-Issued'' (web log), 2007-12-15. This short post demonstrates the support for three different information card selectors in Firefox and how cooperation led to corrections to match recent Firefox changes. Mike also reaffirms that the recommended generic name is Information Card (as distinct from the Cardspace implementation) and also solicits feedback about that. (''[[User:OrcmidAgain|OrcmidAgain]] 11:30, 15 December 2007 (PST)'')<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher_1.html Reputation: Where the Personal and the Participatory Meet Up (part 2 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-15. Review of [[#2007-12-13|part 1]] and its comments is recommended. This piece addresses some problems of assymetry around others knowing more about us than we know about them as well as some regulatory difficulties. <br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000343.html Google Knol vs. Wikipedia: Authors in the Sunlight]. ''Lauren Weinstein's Blog'', 2007-12-15. Commenting on the Google announcement of an encyclopedia effort with fully-attributed articles, this is an useful placeholder on the difficulties of authority via anonymity, the contrasts between privacy, anonymity, and reputation, and the cultural/social/psychological differences that figure into how and when anonymity is important.<br />
<br />
===2007-12-14===<br />
<br />
:*Christopher Carfi: [http://www.socialcustomer.com/2007/12/you-are-the-poi.html Getting Centered]. (interview), ''The Social Customer Manifesto'' (web log), 2007-12-24. Videocast interview with Doc Searls. 'Key quote at 4:04: "We get along as independent and autonomous sovereign human beings in the physical world, and we need to bring that into the virtual world." ' (''[[User:OrcmidAgain|OrcmidAgain]] 11:50, 15 December 2007 (PST)'')<br />
<br />
===2007-12-13===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher.html Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (''[[User:OrcmidAgain|OrcmidAgain]] 13:25, 14 December 2007 (PST)'')<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=387Clippings2007-12-30T17:25:25Z<p>OrcmidAgain: /* 2007-12-30 */ Malcolm Tredinnick</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-30===<br />
<br />
:*Malcolm Tredinnick: [http://www.pointy-stick.com/blog/2007/12/27/openid-and-googles-blogger/ OpenID and Google's Blogger]. ''Defying Classification'' (web log), 2007-12-27 (via [http://simonwillison.net/2007/Dec/30/defying/ Simon Willison]). This is a very insightful observation about the difference between the OpenID URL, a delegated OpenID URL, and an alias, handle, user name, or nickname. What is interesting is that Malcolm saw what he expected in the preview of a comment, but not in the actual post, so we have a problem of system incoherence (an appropriate category for disconnects of this kind) and a little tyranny of the developer, perhaps?<br />
<br />
===2007-12-15===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=49 Firefox Information Card Add-On Collaboration]. ''Mike Jones: Self-Issued'' (web log), 2007-12-15. This short post demonstrates the support for three different information card selectors in Firefox and how cooperation led to corrections to match recent Firefox changes. Mike also reaffirms that the recommended generic name is Information Card (as distinct from the Cardspace implementation) and also solicits feedback about that. (''[[User:OrcmidAgain|OrcmidAgain]] 11:30, 15 December 2007 (PST)'')<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher_1.html Reputation: Where the Personal and the Participatory Meet Up (part 2 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-15. Review of [[#2007-12-13|part 1]] and its comments is recommended. This piece addresses some problems of assymetry around others knowing more about us than we know about them as well as some regulatory difficulties. <br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000343.html Google Knol vs. Wikipedia: Authors in the Sunlight]. ''Lauren Weinstein's Blog'', 2007-12-15. Commenting on the Google announcement of an encyclopedia effort with fully-attributed articles, this is an useful placeholder on the difficulties of authority via anonymity, the contrasts between privacy, anonymity, and reputation, and the cultural/social/psychological differences that figure into how and when anonymity is important.<br />
<br />
===2007-12-14===<br />
<br />
:*Christopher Carfi: [http://www.socialcustomer.com/2007/12/you-are-the-poi.html Getting Centered]. (interview), ''The Social Customer Manifesto'' (web log), 2007-12-24. Videocast interview with Doc Searls. 'Key quote at 4:04: "We get along as independent and autonomous sovereign human beings in the physical world, and we need to bring that into the virtual world." ' (''[[User:OrcmidAgain|OrcmidAgain]] 11:50, 15 December 2007 (PST)'')<br />
<br />
===2007-12-13===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher.html Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (''[[User:OrcmidAgain|OrcmidAgain]] 13:25, 14 December 2007 (PST)'')<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=379Clippings2007-12-15T19:50:55Z<p>OrcmidAgain: /* 2007-12-14 */</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-15===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=49 Firefox Information Card Add-On Collaboration]. ''Mike Jones: Self-Issued'' (web log), 2007-12-15. This short post demonstrates the support for three different information card selectors in Firefox and how cooperation led to corrections to match recent Firefox changes. Mike also reaffirms that the recommended generic name is Information Card (as distinct from the Cardspace implementation) and also solicits feedback about that. (''[[User:OrcmidAgain|OrcmidAgain]] 11:30, 15 December 2007 (PST)'')<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher_1.html Reputation: Where the Personal and the Participatory Meet Up (part 2 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-15. Review of [[#2007-12-13|part 1]] and its comments is recommended. This piece addresses some problems of assymetry around others knowing more about us than we know about them as well as some regulatory difficulties. <br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000343.html Google Knol vs. Wikipedia: Authors in the Sunlight]. ''Lauren Weinstein's Blog'', 2007-12-15. Commenting on the Google announcement of an encyclopedia effort with fully-attributed articles, this is an useful placeholder on the difficulties of authority via anonymity, the contrasts between privacy, anonymity, and reputation, and the cultural/social/psychological differences that figure into how and when anonymity is important.<br />
<br />
===2007-12-14===<br />
<br />
:*Christopher Carfi: [http://www.socialcustomer.com/2007/12/you-are-the-poi.html Getting Centered]. (interview), ''The Social Customer Manifesto'' (web log), 2007-12-24. Videocast interview with Doc Searls. 'Key quote at 4:04: "We get along as independent and autonomous sovereign human beings in the physical world, and we need to bring that into the virtual world." ' (''[[User:OrcmidAgain|OrcmidAgain]] 11:50, 15 December 2007 (PST)'')<br />
<br />
===2007-12-13===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher.html Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (''[[User:OrcmidAgain|OrcmidAgain]] 13:25, 14 December 2007 (PST)'')<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=378Clippings2007-12-15T19:50:34Z<p>OrcmidAgain: /* 2007-12-14 */ Doc Searl Interview</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-15===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=49 Firefox Information Card Add-On Collaboration]. ''Mike Jones: Self-Issued'' (web log), 2007-12-15. This short post demonstrates the support for three different information card selectors in Firefox and how cooperation led to corrections to match recent Firefox changes. Mike also reaffirms that the recommended generic name is Information Card (as distinct from the Cardspace implementation) and also solicits feedback about that. (''[[User:OrcmidAgain|OrcmidAgain]] 11:30, 15 December 2007 (PST)'')<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher_1.html Reputation: Where the Personal and the Participatory Meet Up (part 2 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-15. Review of [[#2007-12-13|part 1]] and its comments is recommended. This piece addresses some problems of assymetry around others knowing more about us than we know about them as well as some regulatory difficulties. <br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000343.html Google Knol vs. Wikipedia: Authors in the Sunlight]. ''Lauren Weinstein's Blog'', 2007-12-15. Commenting on the Google announcement of an encyclopedia effort with fully-attributed articles, this is an useful placeholder on the difficulties of authority via anonymity, the contrasts between privacy, anonymity, and reputation, and the cultural/social/psychological differences that figure into how and when anonymity is important.<br />
<br />
===2007-12-14===<br />
<br />
Christopher Carfi: [http://www.socialcustomer.com/2007/12/you-are-the-poi.html Getting Centered]. (interview), ''The Social Customer Manifesto'' (web log), 2007-12-24. Videocast interview with Doc Searls. 'Key quote at 4:04: "We get along as independent and autonomous sovereign human beings in the physical world, and we need to bring that into the virtual world." ' (''[[User:OrcmidAgain|OrcmidAgain]] 11:50, 15 December 2007 (PST)'')<br />
<br />
===2007-12-13===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher.html Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (''[[User:OrcmidAgain|OrcmidAgain]] 13:25, 14 December 2007 (PST)'')<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=377Clippings2007-12-15T19:30:18Z<p>OrcmidAgain: /* 2007-12-15 */ Mike Jones Firefox Add-on Collaboration</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-15===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=49 Firefox Information Card Add-On Collaboration]. ''Mike Jones: Self-Issued'' (web log), 2007-12-15. This short post demonstrates the support for three different information card selectors in Firefox and how cooperation led to corrections to match recent Firefox changes. Mike also reaffirms that the recommended generic name is Information Card (as distinct from the Cardspace implementation) and also solicits feedback about that. (''[[User:OrcmidAgain|OrcmidAgain]] 11:30, 15 December 2007 (PST)'')<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher_1.html Reputation: Where the Personal and the Participatory Meet Up (part 2 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-15. Review of [[#2007-12-13|part 1]] and its comments is recommended. This piece addresses some problems of assymetry around others knowing more about us than we know about them as well as some regulatory difficulties. <br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000343.html Google Knol vs. Wikipedia: Authors in the Sunlight]. ''Lauren Weinstein's Blog'', 2007-12-15. Commenting on the Google announcement of an encyclopedia effort with fully-attributed articles, this is an useful placeholder on the difficulties of authority via anonymity, the contrasts between privacy, anonymity, and reputation, and the cultural/social/psychological differences that figure into how and when anonymity is important.<br />
<br />
===2007-12-13===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher.html Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (''[[User:OrcmidAgain|OrcmidAgain]] 13:25, 14 December 2007 (PST)'')<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=376Clippings2007-12-15T19:00:23Z<p>OrcmidAgain: /* 2007-12-15 */</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-15===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher_1.html Reputation: Where the Personal and the Participatory Meet Up (part 2 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-15. Review of [[#2007-12-13|part 1]] and its comments is recommended. This piece addresses some problems of assymetry around others knowing more about us than we know about them as well as some regulatory difficulties. <br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000343.html Google Knol vs. Wikipedia: Authors in the Sunlight]. ''Lauren Weinstein's Blog'', 2007-12-15. Commenting on the Google announcement of an encyclopedia effort with fully-attributed articles, this is an useful placeholder on the difficulties of authority via anonymity, the contrasts between privacy, anonymity, and reputation, and the cultural/social/psychological differences that figure into how and when anonymity is important.<br />
<br />
===2007-12-13===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher.html Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (''[[User:OrcmidAgain|OrcmidAgain]] 13:25, 14 December 2007 (PST)'')<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=375Clippings2007-12-15T18:59:51Z<p>OrcmidAgain: /* 2007-12-15 */ Andy Oram on reputation (continued)</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-15===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher_1.html Reputation: Where the Personal and the Participatory Meet Up (part 2 of 4). ''O'Reilly Radar'' (web log), 2007-12-15. Review of [[#2007-12-13|part 1]] and its comments is recommended. This piece addresses some problems of assymetry around others knowing more about us than we know about them as well as some regulatory difficulties. <br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000343.html Google Knol vs. Wikipedia: Authors in the Sunlight]. ''Lauren Weinstein's Blog'', 2007-12-15. Commenting on the Google announcement of an encyclopedia effort with fully-attributed articles, this is an useful placeholder on the difficulties of authority via anonymity, the contrasts between privacy, anonymity, and reputation, and the cultural/social/psychological differences that figure into how and when anonymity is important.<br />
<br />
===2007-12-13===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher.html Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (''[[User:OrcmidAgain|OrcmidAgain]] 13:25, 14 December 2007 (PST)'')<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=374Clippings2007-12-15T18:17:06Z<p>OrcmidAgain: /* 2007-12-15 */ Google Knol</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-15===<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000343.html Google Knol vs. Wikipedia: Authors in the Sunlight]. ''Lauren Weinstein's Blog'', 2007-12-15. Commenting on the Google announcement of an encyclopedia effort with fully-attributed articles, this is an useful placeholder on the difficulties of authority via anonymity, the contrasts between privacy, anonymity, and reputation, and the cultural/social/psychological differences that figure into how and when anonymity is important.<br />
<br />
===2007-12-13===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher.html Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (''[[User:OrcmidAgain|OrcmidAgain]] 13:25, 14 December 2007 (PST)'')<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=373Clippings2007-12-14T21:25:22Z<p>OrcmidAgain: /* 2007-12-13 */ Andy Oram</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-13===<br />
<br />
:*Andy Oram: [http://radar.oreilly.com/archives/2007/12/reputation_wher.html Reputation: Where the Personal and the Participatory Meet Up (part 1 of 4)]. ''O'Reilly Radar'' (web log), 2007-12-13. The beginning of a lengthy essay inspired by the Symposium on Reputation Economies in Cyberspace. This installment ends with Three Goals for Reputation. I think that Oram still defines "economy" too tightly, although it is certainly a broader notion than most people think of when they hear it. Recommended. (''[[User:OrcmidAgain|OrcmidAgain]] 13:25, 14 December 2007 (PST)'')<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Reports&diff=369Reports2007-12-13T19:57:15Z<p>OrcmidAgain: /* N */</p>
<hr />
<div>=Reports=<br />
<br />
==N==<br />
<br />
*Nissenbaum, Helen F. Privacy as Contextual Integrity. ''Washington Law Review'', Vol. 79, No. 1 (2004). Available at SSRN: [http://ssrn.com/abstract=534622 http://ssrn.com/abstract=534622]. Cited by Robin Wilton on [[Clippings#2007-12-12|2007-12-12]]. The PDF is freely downloadable. (''[[User:OrcmidAgain|OrcmidAgain]] 11:47, 13 December 2007 (PST)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=368Clippings2007-12-13T19:55:53Z<p>OrcmidAgain: /* 2007-12-12 */ Robin Wilton</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/the_network_of_you_event The "Network of You" Event]. ''Robin Wilton's Esoterica'' (web log), 2007-12-12. The use of identifiers arose in the privacy-related event linked here. Some videos available. (''[[User:OrcmidAgain|OrcmidAgain]] 11:55, 13 December 2007 (PST)'')<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Talk:Reports&diff=367Talk:Reports2007-12-13T19:50:15Z<p>OrcmidAgain: New page: =Reports Section= ==2007-12-13 Getting Started== I am overdue to put up some reports elements. I don't think I will distinguish between books, articles, etc. Maybe this should be called...</p>
<hr />
<div>=Reports Section=<br />
<br />
==2007-12-13 Getting Started==<br />
<br />
I am overdue to put up some reports elements. I don't think I will distinguish between books, articles, etc. Maybe this should be called a bibliography, but it is a little too late.<br />
<br />
::''[[User:OrcmidAgain|OrcmidAgain]] 11:50, 13 December 2007 (PST)''</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Reports&diff=366Reports2007-12-13T19:48:35Z<p>OrcmidAgain: /* N */</p>
<hr />
<div>=Reports=<br />
<br />
==N==<br />
<br />
*Nissenbaum, Helen F. Privacy as Contextual Integrity. ''Washington Law Review'', Vol. 79, No. 1 (2004). Available at SSRN: [http://ssrn.com/abstract=534622 http://ssrn.com/abstract=534622]. Cited by Robin Wilton on 2007-12-12. The PDF is freely downloadable. (''[[User:OrcmidAgain|OrcmidAgain]] 11:47, 13 December 2007 (PST)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Reports&diff=365Reports2007-12-13T19:47:14Z<p>OrcmidAgain: Nissenbaum Contextual Integrity 2004</p>
<hr />
<div>=Reports=<br />
<br />
==N==<br />
<br />
*Nissenbaum, Helen F., "Privacy as Contextual Integrity" . ''Washington Law Review'', Vol. 79, No. 1, 2004 Available at SSRN: [http://ssrn.com/abstract=534622 http://ssrn.com/abstract=534622]. Cited by Robin Wilton on 2007-12-12. The PDF is freely downloadable. (''[[User:OrcmidAgain|OrcmidAgain]] 11:47, 13 December 2007 (PST)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=364Clippings2007-12-13T01:19:59Z<p>OrcmidAgain: /* 2007-12-02 */ Mike Jones, no password required</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-02===<br />
<br />
:*Mike Jones: [http://self-issued.info/?p=46 Look ma! No passwords!] ''Mike Jones: Self-Issued'' (web log), 2007-12-02. I thought this was strange when it was announced in an IIW2007b session and I am still a little bemused. At the same time, I have noticed that since I have had to use OpenID on this wiki site, I have to go through far many more log in ceremonies and use far more keystrokes than when it was a simple user-name/password arrangement. This makes me wonder about getting a new password-less OpenId and using it here so the ritual becomes tolerable. I find that the overhead has me avoiding coming here to do simple things like add this one clipping in my backlog. (''[[User:OrcmidAgain|OrcmidAgain]] 17:19, 12 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=363Clippings2007-12-12T23:58:40Z<p>OrcmidAgain: /* 2007-12-10 */ David Weinberger</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
:*David Weinberger: [http://www.hyperorg.com/blogger/2007/12/10/global-infrastructure-global-id/ Global Infrastructure, Global ID]. ''Joho the Blog'', 2007-12-10. And then there is the exchange in the comments.<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=362Clippings2007-12-12T23:46:41Z<p>OrcmidAgain: /* 2007-12-11 */ Jenny Ambrozek</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
===2007-12-11===<br />
<br />
:*Jenny Ambrozek: [http://c21org.typepad.com/21st_century_organization/2007/12/yale-symposiu-1.html Yale Symposium on Reputation Economies 20071208]. ''21st Century Organization'' (web log), 2007-12-11. Thumbnails of some of the discussion about reputation. Big take-away, quoting Professor Beth Noveck: "''This requires, first, that we recognize that in on-line settings reputation is not the creation– and hence not the exclusive property – of the individual who is being rated nor of the publisher who supplies the tools for reputation-creation. '''Rather, it is the community in a social network that creates reputation'''.''" (''[[User:OrcmidAgain|OrcmidAgain]] 15:46, 12 December 2007 (PST)'')<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=361Clippings2007-12-12T20:46:15Z<p>OrcmidAgain: /* 2007-12-12 */ Nat Torkington</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Nat Torkington: [http://radar.oreilly.com/archives/2007/12/outsourced_iden.html Outsourced Identity]. ''O'Reilly Radar'' (web log), 2007-12-12. This article uses "identity" appropriately, although it is not about digital identity. It is about the identity that occurs as the result of how people talk about us. It also suggests that the internet and our authentic identity (let's say as from the integrity of how we speak ourselves) may be intertwined, at least for political life. (''[[User:OrcmidAgain|OrcmidAgain]] 12:46, 12 December 2007 (PST)'')<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=360Clippings2007-12-12T19:48:23Z<p>OrcmidAgain: Andy Dale Social Graph Portability</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-12===<br />
<br />
:*Andy Dale: [http://xditao.blogspot.com/2007/12/social-graph-portability.html Social Graph Portability]. ''The Tao of XDI'' (web log), 2007-12-12. Some interesting first thoughts on a kind of social-graph algebra and decorations using XDI. <br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=359Clippings2007-12-12T19:27:13Z<p>OrcmidAgain: /* 2007-12-12 */</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-12===<br />
<br />
:*Lauren Weinstein: [http://lauren.vortex.com/archive/000340.html Fears of ISP "Man in the Middle" Security Attacks]. Discusses the concerns about using self-issued certificates for SSL and the problem with ISPs that take liberties with web pages served up from their hosting services. Weinstein argues that ISPs putting men-in-the-middle is likely to be self-correcting, although the prospect of this happening silently under court order is not considered. This tangential topic does apply to creation of relying parties and preservation of identified-party privacy on personal/individual web sites though, along with the ubiquitous use of cookies.<br />
<br />
===2007-12-10===<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Talk:Clippings&diff=358Talk:Clippings2007-12-12T19:20:15Z<p>OrcmidAgain: /* Clipping-Organization Challenges */</p>
<hr />
<div>==Notes on Clippings==<br />
The initial clippings were created simply as part of my own blog reading and clipping on the topics of Identity and IIW in particular. This is a little like del.icio.us Wiki-style.<br />
<br />
The editorial preferences for selections are mine and the bias in my selection should be apparent. I am not apologetic for that. This is a wiki and I invite others to add their clippings too.<br />
<br />
The clippings are not as dated as I thought they might be by now. There is a gap, and I will use the library-catalog update strategy -- Start adding current material now, and fill in the gap between now and then on an opportunistic (i.e., chaotically random) basis.<br />
<br />
::''[[User:Orcmid|Orcmid]] 16:40, 27 November 2007 (PST)'' <br />
<br />
===Clipping-Organization Challenges===<br />
<br />
Earlier, I went through and added headings so that any individual day is easy to edit, and it is easy to add a new date, even though the overall page may become rather large.<br />
<br />
This makes for a ridiculous table of contents for the page, though. Not quite sure what to do about that. <br />
<br />
When we roll into 2008, I'll consider something else (and also making this an archive page, but I won't move it. I will change the link from the Help page though, and link this to its successor. Hmm, that's a design pattern. Ah well, back to my regularly scheduled activity.<br />
<br />
::''[[User:OrcmidAgain|OrcmidAgain]] 11:20, 12 December 2007 (PST)''<br />
<br />
===Transported Clippings===<br />
<br />
I have transferred clippings from Windley's IIW Wiki. <br />
<br />
'''FIX ME (NOT)''': I see that the internal links -- cross-references among the clippings pages themselves -- are still tied to the Windley Wiki. I will need to go in and edit those to be links to fragments of the page here. ADDED: This was apparently a false alarm -- I was looking at the wrong blog in my tabbed browser. (''[[User:Orcmid|Orcmid]] 12:00, 30 November 2007 (PST)'')<br />
<br />
::''[[User:Orcmid|Orcmid]] 16:40, 27 November 2007 (PST)''<br />
<br />
I also learned that an easy way to make an entire page movable, rather than moving it one subsection at a time, is to add a master title at the top of the page. This will open up all of the wiki text content when you click it's edit button.<br />
<br />
Now, the downside of this is that this is apparently something that wiki spam robots look for. On the Windley IIW Wiki, those seem to be the only pages that have been defaced. We'll have to watch here. (''[[User:Orcmid|Orcmid]] 12:00, 30 November 2007 (PST)'')<br />
<br />
OH, THE DOWNSIDE: is that I have now munged the table of contents. I now how to handle that though. I will make the table of contents even more nestier. Later. (''[[User:Orcmid|Orcmid]] 12:01, 30 November 2007 (PST)'')<br />
<br />
OH, DUHHH ... and if you use the edit tab at the top of a MediaWiki page, you get the entire wikitext for the page too, with no fuss, no problems. Ah well, I needed to make an organizational cleanup for clippings anyhow. Now, when this page gets just too freekin' big, there will be other problems (because I have #fragment shortcuts among items on the page.) Your obedient servant, Professor von Clueless. (''[[User:Orcmid|Orcmid]] 12:18, 30 November 2007 (PST)'')<br />
<br />
===Initial Clippings===<br />
<br />
Just getting started and doing a morning's worth of clippings to get the hang of it<br />
<br />
Job Jar:<br />
<br />
Clipping Format explained<br />
<br />
How to add clippings<br />
<br />
What are identity-relevant clippings<br />
<br />
Other places to look<br />
<br />
Other places to put items that are different or should be easy to find as other than clippings (too)<br />
<br />
::''[[User:Orcmid|Orcmid]] 13:14, 15 June 2007 (MDT)''<br />
<br />
A better organization and some way to roll off the older material without losing it is called for. There is probably some game with dates and levels of heading that can make exploration of clippings somewhat easier.<br />
<br />
::''[[User:Orcmid|Orcmid]] 13:24, 15 June 2007 (MDT)''<br />
<br />
I am a little concern that this Wiki is going away, to be replaced by a new MediaWiki on Identity Commons. That one isn't there yet. I need to make sure that I save the WikiText so it is easy to move it to another site. This is complicated by my using headings that break the WikiText up in line with the automatic table of contents. (This has not slowed down making clippings, the volume of related material has simply gone down in the past two days.)<br />
::''[[User:Orcmid|Orcmid]] 15:57, 18 June 2007 (MDT)''</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Talk:Clippings&diff=357Talk:Clippings2007-12-12T19:16:20Z<p>OrcmidAgain: Added overall heading to get an [edit] option at the top</p>
<hr />
<div>==Notes on Clippings==<br />
The initial clippings were created simply as part of my own blog reading and clipping on the topics of Identity and IIW in particular. This is a little like del.icio.us Wiki-style.<br />
<br />
The editorial preferences for selections are mine and the bias in my selection should be apparent. I am not apologetic for that. This is a wiki and I invite others to add their clippings too.<br />
<br />
The clippings are not as dated as I thought they might be by now. There is a gap, and I will use the library-catalog update strategy -- Start adding current material now, and fill in the gap between now and then on an opportunistic (i.e., chaotically random) basis.<br />
<br />
::''[[User:Orcmid|Orcmid]] 16:40, 27 November 2007 (PST)'' <br />
<br />
===Transported Clippings===<br />
<br />
I have transferred clippings from Windley's IIW Wiki. <br />
<br />
'''FIX ME (NOT)''': I see that the internal links -- cross-references among the clippings pages themselves -- are still tied to the Windley Wiki. I will need to go in and edit those to be links to fragments of the page here. ADDED: This was apparently a false alarm -- I was looking at the wrong blog in my tabbed browser. (''[[User:Orcmid|Orcmid]] 12:00, 30 November 2007 (PST)'')<br />
<br />
::''[[User:Orcmid|Orcmid]] 16:40, 27 November 2007 (PST)''<br />
<br />
I also learned that an easy way to make an entire page movable, rather than moving it one subsection at a time, is to add a master title at the top of the page. This will open up all of the wiki text content when you click it's edit button.<br />
<br />
Now, the downside of this is that this is apparently something that wiki spam robots look for. On the Windley IIW Wiki, those seem to be the only pages that have been defaced. We'll have to watch here. (''[[User:Orcmid|Orcmid]] 12:00, 30 November 2007 (PST)'')<br />
<br />
OH, THE DOWNSIDE: is that I have now munged the table of contents. I now how to handle that though. I will make the table of contents even more nestier. Later. (''[[User:Orcmid|Orcmid]] 12:01, 30 November 2007 (PST)'')<br />
<br />
OH, DUHHH ... and if you use the edit tab at the top of a MediaWiki page, you get the entire wikitext for the page too, with no fuss, no problems. Ah well, I needed to make an organizational cleanup for clippings anyhow. Now, when this page gets just too freekin' big, there will be other problems (because I have #fragment shortcuts among items on the page.) Your obedient servant, Professor von Clueless. (''[[User:Orcmid|Orcmid]] 12:18, 30 November 2007 (PST)'')<br />
<br />
===Initial Clippings===<br />
<br />
Just getting started and doing a morning's worth of clippings to get the hang of it<br />
<br />
Job Jar:<br />
<br />
Clipping Format explained<br />
<br />
How to add clippings<br />
<br />
What are identity-relevant clippings<br />
<br />
Other places to look<br />
<br />
Other places to put items that are different or should be easy to find as other than clippings (too)<br />
<br />
::''[[User:Orcmid|Orcmid]] 13:14, 15 June 2007 (MDT)''<br />
<br />
A better organization and some way to roll off the older material without losing it is called for. There is probably some game with dates and levels of heading that can make exploration of clippings somewhat easier.<br />
<br />
::''[[User:Orcmid|Orcmid]] 13:24, 15 June 2007 (MDT)''<br />
<br />
I am a little concern that this Wiki is going away, to be replaced by a new MediaWiki on Identity Commons. That one isn't there yet. I need to make sure that I save the WikiText so it is easy to move it to another site. This is complicated by my using headings that break the WikiText up in line with the automatic table of contents. (This has not slowed down making clippings, the volume of related material has simply gone down in the past two days.)<br />
::''[[User:Orcmid|Orcmid]] 15:57, 18 June 2007 (MDT)''</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Talk:Clippings&diff=356Talk:Clippings2007-12-12T19:15:46Z<p>OrcmidAgain: </p>
<hr />
<div>==Notes on Clippings==The initial clippings were created simply as part of my own blog reading and clipping on the topics of Identity and IIW in particular. This is a little like del.icio.us Wiki-style.<br />
<br />
The editorial preferences for selections are mine and the bias in my selection should be apparent. I am not apologetic for that. This is a wiki and I invite others to add their clippings too.<br />
<br />
The clippings are not as dated as I thought they might be by now. There is a gap, and I will use the library-catalog update strategy -- Start adding current material now, and fill in the gap between now and then on an opportunistic (i.e., chaotically random) basis.<br />
<br />
::''[[User:Orcmid|Orcmid]] 16:40, 27 November 2007 (PST)'' <br />
<br />
===Transported Clippings===<br />
<br />
I have transferred clippings from Windley's IIW Wiki. <br />
<br />
'''FIX ME (NOT)''': I see that the internal links -- cross-references among the clippings pages themselves -- are still tied to the Windley Wiki. I will need to go in and edit those to be links to fragments of the page here. ADDED: This was apparently a false alarm -- I was looking at the wrong blog in my tabbed browser. (''[[User:Orcmid|Orcmid]] 12:00, 30 November 2007 (PST)'')<br />
<br />
::''[[User:Orcmid|Orcmid]] 16:40, 27 November 2007 (PST)''<br />
<br />
I also learned that an easy way to make an entire page movable, rather than moving it one subsection at a time, is to add a master title at the top of the page. This will open up all of the wiki text content when you click it's edit button.<br />
<br />
Now, the downside of this is that this is apparently something that wiki spam robots look for. On the Windley IIW Wiki, those seem to be the only pages that have been defaced. We'll have to watch here. (''[[User:Orcmid|Orcmid]] 12:00, 30 November 2007 (PST)'')<br />
<br />
OH, THE DOWNSIDE: is that I have now munged the table of contents. I now how to handle that though. I will make the table of contents even more nestier. Later. (''[[User:Orcmid|Orcmid]] 12:01, 30 November 2007 (PST)'')<br />
<br />
OH, DUHHH ... and if you use the edit tab at the top of a MediaWiki page, you get the entire wikitext for the page too, with no fuss, no problems. Ah well, I needed to make an organizational cleanup for clippings anyhow. Now, when this page gets just too freekin' big, there will be other problems (because I have #fragment shortcuts among items on the page.) Your obedient servant, Professor von Clueless. (''[[User:Orcmid|Orcmid]] 12:18, 30 November 2007 (PST)'')<br />
<br />
===Initial Clippings===<br />
<br />
Just getting started and doing a morning's worth of clippings to get the hang of it<br />
<br />
Job Jar:<br />
<br />
Clipping Format explained<br />
<br />
How to add clippings<br />
<br />
What are identity-relevant clippings<br />
<br />
Other places to look<br />
<br />
Other places to put items that are different or should be easy to find as other than clippings (too)<br />
<br />
::''[[User:Orcmid|Orcmid]] 13:14, 15 June 2007 (MDT)''<br />
<br />
A better organization and some way to roll off the older material without losing it is called for. There is probably some game with dates and levels of heading that can make exploration of clippings somewhat easier.<br />
<br />
::''[[User:Orcmid|Orcmid]] 13:24, 15 June 2007 (MDT)''<br />
<br />
I am a little concern that this Wiki is going away, to be replaced by a new MediaWiki on Identity Commons. That one isn't there yet. I need to make sure that I save the WikiText so it is easy to move it to another site. This is complicated by my using headings that break the WikiText up in line with the automatic table of contents. (This has not slowed down making clippings, the volume of related material has simply gone down in the past two days.)<br />
::''[[User:Orcmid|Orcmid]] 15:57, 18 June 2007 (MDT)''</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=355Clippings2007-12-12T03:55:27Z<p>OrcmidAgain: /* 2007-12-04 */</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-10===<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-04===<br />
<br />
:*Stephen J. Dubner: [http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/ Bruce Schneier Blazes Through Your Questions]. (interview), Freakonomics (web log), Opinion section, ''The New York Times'' 2007-12-04 (2007-12-11 edition, via [http://www.schneier.com/blog/archives/2007/12/freakonomics_qa.html Bruce Schneier]). I'm surprised by the amount of the discussion that bears on issues around digital identity, authentication, etc. Schneier also responds to a number of the numerous comments.<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=354Clippings2007-12-12T02:55:33Z<p>OrcmidAgain: /* 2007-12-05 */</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-10===<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://radar.oreilly.com/archives/2007/12/openid_20_final.html Artur Bergman], [http://self-issued.info/?p=48 Mike Jones], [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst],and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=353Clippings2007-12-12T01:55:26Z<p>OrcmidAgain: /* 2007-12-05 */</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-10===<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst], [http://self-issued.info/?p=48 Mike Jones], and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=352Clippings2007-12-12T01:53:06Z<p>OrcmidAgain: /* 2007-12-05 */</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-10===<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-05===<br />
<br />
:*David Recordon: [http://openid.net/2007/12/05/openid-2_0-final-ly/ OpenID 2.0 ... Final(ly)]. (blog article), ''OpenID.net'', 2007-12-04 (via [http://netmesh.info/jernst/News/openid-20-is-final.html Johannes Ernst] and others). Describes the conditions for OpenID 2.0 approval, availability of the specifications, and an indication of implementations that are already supporting 2.0. (''[[User:OrcmidAgain|OrcmidAgain]] 17:53, 11 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=351Clippings2007-12-11T23:09:01Z<p>OrcmidAgain: /* 2007-12-06 */ Amit Agarwal</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-10===<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-06===<br />
<br />
:*Amit Agarwal: [http://www.labnol.org/internet/tools/openid-for-dummies-get-personal-openid-url/1892/ OpenID for Dummies + How To Make Your Blog URL as Your OpenID]. ''Digital Inspiration'' (web log), 2007-12-06. A quickie tutorial with links to OpenID 101 material. I confess that the Blog URL bit is not very clear, but I included this because it seems indicative of the gradual popularization of OpenID. (''[[User:OrcmidAgain|OrcmidAgain]] 15:09, 11 December 2007 (PST)'')<br />
<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=350Clippings2007-12-11T22:10:49Z<p>OrcmidAgain: /* 2007-12-06 */</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-10===<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-06===<br />
:*Jason Kolb: [http://www.jasonkolb.com/weblog/2007/12/more-web-centra.html More Web Centralization Problems]. JasonKolb.com, 2007-12-06. Raises identity issues tangentially in a concern over concentration on the web and the kinds of failures that can arise.<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Clippings&diff=348Clippings2007-12-11T21:46:51Z<p>OrcmidAgain: /* 2007-12-10 */</p>
<hr />
<div>=2007 Clippings=<br />
<br />
This collection is a bit like a link blog, providing bibliographic clippings for Identity-related materials. It is free for anyone to add to. The format should be clear by examining the wiki text for any particular date.<br />
<br />
==2007 December==<br />
<br />
===2007-12-10===<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/12/yale_reputation.htm Yale Reputation Economies Symposium Recap], ''Technology & Marketing Law Blog'', 2007-12-10. With numerous links to symposium wiki, position papers, and other coverage. (''[[User:OrcmidAgain|OrcmidAgain]] 13:46, 11 December 2007 (PST)'')<br />
<br />
===2007-12-01===<br />
<br />
:*Leah Culver: [http://www.leahculver.com/2007/12/01/oauth-tech-talk-on-justintv/ Oauth Tech Talk on justin.tv], ''Leah Culver's Stupid Blog'' (via Scobleizer), 2007-12-01. Links to video of the talk and to the slides. (''[[User:Orcmid|Orcmid]] 11:16, 2 December 2007 (PST)'')<br />
<br />
:*Dare Obasanjo: [http://www.25hoursaday.com/weblog/2007/12/01/FacebookBeaconIsUnfixable.aspx Facebook Beacon is Unfixable], ''Dare Obasanjo aka Carnage4Life'' (web log), 2007-12-01. One might think this has nothing to do with identity management. I think it is a great demonstration of the law of unintended consequences combined with the problem of people doing stuff because they can, something that always undermines our good intentions and poorly-instutionalized privacy practices. <br />
:**I don't know if Dare's appraisal is accurate, but the issues that he identifies are ones that have consequences for identity management, tracking, and unwarranted disclosure among/across commercial collaborations. <br />
:**I have colleagues who are completely sceptical of Web 2.0 efforts exactly because of these prospects and the damage that may occur before there's enough maturity to thwart mishaps of this kind. The enemy here is how far-reaching are the consequences of carelessness and how easily other interests blind the eyes that should have noticed endangering of the public interest. Whether good news or bad, the lawyers should have fun with this. Security expert Bruce Schneier is of the opinion that serious, successful litigation is the only thing that will reform the level of misconduct that is perpetuated in this manner. He may be right. (''[[User:Orcmid|Orcmid]] 11:38, 2 December 2007 (PST)'')<br />
<br />
==2007 November==<br />
<br />
===2007-11-30===<br />
<br />
:*Robin Wilton: [http://blogs.sun.com/racingsnake/entry/hmrc_breach_looking_ahead HMRC Breach -- Looking Ahead]. ''Robin Wilton's Esoterica'' (web log), 2007-11-30. Amidst the difficulties of the recent personal information breach in the UK, ably covered by Wilton and others, here is a look at some broader context around the implications for policy, public administration, and accountability of mechanisms that collect more and more information in a nicely centralized, compromisable form. An identity meta-topic? (''[[User:Orcmid|Orcmid]] 12:28, 30 November 2007 (PST)'')<br />
<br />
===2007-11-29===<br />
<br />
:*Eric: [http://bloggerindraft.blogspot.com/2007/11/new-feature-openid-commenting.html New Feature: OpenID Commenting]. ''Blogger in Draft'' (web log), 2007-11-29 (via [http://netmesh.info/jernst/Digital_Identity/google-blogger-openid-beta.html Johannes Ernst], [http://www.labnol.org/internet/blogging/leave-comments-in-blogger-with-wordpress-openid/1871/ Amit Agarwal] and [http://daveman692.livejournal.com/ David Recordon] [via [http://www.readwriteweb.com/archives/openid_google_blogger_beta.php Richard McManus] via Scobleizer]). The use of OpenId credentials including existing credentials from LiveJournal and WordPress are now accepted on Blogger blogs. My Blogger blogs receive so few comments that some days even a little spam is welcome. (No, this is not an invitation.) I'm so long tail this should not make any difference. We'll see, since it is very easy to discourage a commentor. Ask Kim Cameron about the grief I give him. (''[[User:Orcmid|Orcmid]] 11:56, 30 November 2007 (PST)'')<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/facebooks-growing-design-problem-and-a-proposed-solution/ Facebook's Growing Design Problem (and a Proposed Solution)]. ''Bokardo.com Social Web Design'' (web log), 2007-11-29. There is plenty of chatter about Facebook without cataloging it here. I selected this item because it demonstrates the perils of bottom-up problem solving (where global concerns are too easily overlooked until after the damage is done) and the propensity to do something cool because we can. Consider this in the context of [[Clippings#2007-11-28|Peter Brantley's essay]] from yesterday. Consider this in the context of alleged NSA interception of all internet traffic passing through US "border" nodes. Commercial firms are much more careless than the government, but one form of mis-conduct actually facilitates the kinds of surveillance we presumably still don't want in our society. (''[[User:Orcmid|Orcmid]] 11:59, 29 November 2007 (PST)'')<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/29/cardspace-for-the-rest-of-us/ CardSpace for the Rest of Us]. ''Jon Udell'' (web log), 2007-11-28. Points to the [[Clippings#2007-11-27|tutorial from Kim Cameron]] on long-tail, low privacy usage of Information Cards over HTTP as a great way to learn how this works. This has me take another look at Cameron's post. ((''[[User:Orcmid|Orcmid]] 09:38, 29 November 2007 (PST)''))<br />
<br />
===2007-11-28===<br />
<br />
:*Charles W. Bailey, Jr: [http://digital-scholarship.org/digitalkoans/2007/11/28/digital-identity-issues-explored-in-two-jisc-reports/ Digital Identity Issues Explored in Two JISC Reports]. Digital Koans (web log), 2007-11-28. This applies to Levels of Assurance around digital identity in United Kingdom higher education instutions. The studies are from the [http://www.jisc.ac.uk/ Joint Information Systems Committee]. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
:*Peter Brantley: [http://radar.oreilly.com/archives/2007/11/digital_reading.html Digital Reading, Subpoenas, and Privacy]. ''O'Reilly Radar'' (web log), 2007-11-28. The special protections against disclosure of reading habits, book purchases, and library activities (in the United States) is eroding in the digital space. This essay serves as a reminder that warrantless searching can and will easily breach this protection. It is interesting to me that the encryption of communications and transactions, along with measures that discourage identity tracking and correlation can help preserve the sanctity of our persons and identities from those who will attempt surveillance (commercial or governmental) simply because they are able and believe it is their privilege. Factoid: I knew that human speech does not actually put spaces between words, as we learn when trying to hear a new language, but I didn't realize that spacing of words was created in print so that we wouldn't have to read aloud. (''[[User:Orcmid|Orcmid]] 10:20, 29 November 2007 (PST)'')<br />
<br />
:*Keith Brown: [http://www.pluralsight.com/blogs/keith/archive/2007/11/28/49313.aspx Display Tokens for Information Cards]. Security Briefs (web log), ''Pluralsight'', 2007-11-28. A straightforward discussion of the trust that you must have in your identity provider to be sure that only what you're told is being disclosed is being disclosed to the relying party. (''[[User:Orcmid|Orcmid]] 13:02, 29 November 2007 (PST)'') <br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/11/28/your-winnings-sir/ Your Winnings, Sir]. ''Jon Udell'' (web log), 2007-11-28. Borrowing a line from ''Casablanca'', Jon discusses his [[Clippings#2007-05-22|life bits]] and what it might take to associate all of the occurrences of him on the internet in a simple, consistent way, as much as he would like. (''[[User:Orcmid|Orcmid]] 11:05, 28 November 2007 (PST)'')<br />
<br />
===2007-11-27===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=894 Ultimate Simplicity: 30 Lines of Code]. ''Kim Cameron's Identity Weblog'', 2007-11-27. The new CardSpace bits in .NET 3.5 permit pure HTTP (not encrypted with HTTPS and not requiring a server-side certificate) transfer of self-issued information card responses in low-security/privacy situations where unencrypted exchanges are good enough (e.g., to comment on a blog, access a wiki, and other places where recognized-identification is important more as a barrier to spammers than as a privacy and transaction security measure). The philosophy of this satisfaction of a full range of cases is provided in the post, along with a screen cast, a narrative of the process, and illustration using Kim Cameron's favorite vendor-neutral proof-of-concept, PHP.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=896 Claims in the Self-Issued Information Cards Profile]. ''Kim Cameron's Identity Weblog'', 2007-11-27. Part of a series of little how-to items, this post identifies existing URI schemes, schemas, and definitions for some common items that will appear in self-issued Information Cards, the ones likely to be used with OpenID and other user-centric identifiers. These can be used for the same attributes in other schemes, as a way to enhance portability of elements. They are also useful to think about in terms of which ones you want to be supplied in which self-issued information cards of your own. There are links to the detailed technical materials. Oddly missing is a simple example of how to employ these in an XML document. (''[[User:Orcmid|Orcmid]] 14:08, 30 November 2007 (PST)'')<br />
<br />
==2007 October==<br />
<br />
===2007-10-30===<br />
<br />
:*David Chappell: [http://www.davidchappell.com/blog/2007/10/digital-identity-for-net-applications.html Digital Identity for .NET Applications: A Technology Overview]. ''David Chappell's Weblog'', 2007-10-30. Although very technology-specific, this is representative of how identity technologies are emerging among different IT infrastructures. I just stumbled on Chappell's blog and am mining a few identity-related items. (''[[User:Orcmid|Orcmid]] 10:55, 30 November 2007 (PST)'')<br />
<br />
==2007 June==<br />
<br />
===2007-06-20===<br />
<br />
:*Ethan Ackerman: [http://blog.ericgoldman.org/archives/2007/06/the_4th_amendme.htm The 4th Ammendment in Your Inbox] supplementing Randy Picker's [[Clippings#2007-06-18|2007-06-18 analysis]] of the privacy-significant Warshak vs. US decision at the 6th Circuit.<br />
:*Kim Cameron: [http://www.identityblog.com/?p=811 Collusion takes effort; how much?] wherein Eric Norman expands our sensibilities about collusion (see [[Clippings#2007-06-19|yesterday]]) and ties in Warshak vs. US to boot. <br />
<br />
:*Michael Kaplan: [http://blogs.msdn.com/michkap/archive/2007/06/20/3424633.aspx Overheard Recently] where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?<br />
<br />
:*Joshua Porter: [http://bokardo.com/archives/common-pitfalls-of-building-social-web-applications-and-how-to-avoid-them-part-2/ Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2] evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop<br />
<br />
===2007-06-19===<br />
<br />
:*Stefan Brands: [http://www.idcorner.org/?p=154 Anonymous Credentials? No, Minimal Disclosure Certificates!] continues the [[Clippings#2007-06-18|web-wide discussion]] on Kim Cameron's [[Clippings#2007-06-17|starting-gun post]] on evolving privacy technology.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=809 Long live minimal disclosure tokens!], responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/collusion-takes-effort-how-much.html Collusion takes effort; how much?] introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (''[[User:Orcmid|Orcmid]] 17:46, 20 June 2007 (MDT)'')<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/single_logout_with_saml_2 Single Logout with SAML 2.0 and PHP], describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?<br />
<br />
===2007-06-18===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=806 No masks in the grocery store] discusses the response to Kim's [[Clippings#2007-06-17|2007-06-17]] post by [http://vquill.com/2007/06/i-dont-wear-mask-when-i-go-to-grocery.html David Kearns] (responding to [http://connectid.blogspot.com/2007/06/colluding-with-yourself.html Paul Madsen]) on the prospect of a relying party linking through correlation across time.<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=807 Colluding with yourself] continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)''<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=808 Revealing patterns when there is no need to do so] follows on the earlier discussion of collusion (while we are still on [[Clippings#2007-06-17|step #1]] of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO ''[[User:Orcmid|Orcmid]] 13:45, 19 June 2007 (MDT)'' <br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/saml_2_0_http_simplesign SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension] allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.<br />
<br />
:*Randy Picker: [http://uchicagolaw.typepad.com/faculty/2007/06/regulating_the_.html Regulating the Cloud: Warshak v. United States] discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "[http://www.identitywoman.net/?p=601 Yeah! for the Fourth Ammendment]." ''[[User:Orcmid|Orcmid]] 13:56, 19 June 2007 (MDT)'')<br />
<br />
===2007-06-17===<br />
<br />
:*Kim Cameron: [http://www.identityblog.com/?p=804 Evolving technology for better privacy], the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.<br />
<br />
===2007-06-15===<br />
<br />
:*Oren Eini: [http://ayende.com/Blog/archive/2007/06/15/The-myth-of-the-all-inclusive-metaentity.aspx The Myth of the All-Inclusive Meta-Entity], reminding us to consider that an identity might be of merely an aspect in relevant context<br />
<br />
:*Johannes Ernst: [http://netmesh.info/jernst/Comments/sun-openid-online.html Sun's OpenID Provider is On-line]<br />
<br />
:*Jerry Fishenden: [http://ntouk.com/?view=plink&id=295 From Oxford to Rio - identity and privacy], links to a webcast and some other material<br />
<br />
:*Eric Goldman: [http://blog.ericgoldman.org/archives/2007/06/lawyer_ranking.htm Lawyer Rating Service Sued&mdash;Browne v. Avvo], having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not<br />
<br />
:*Pat Patterson: [http://blogs.sun.com/superpat/entry/openid_work_architecture OpenID @ Work - Architecture], source of details on openid.sun.com<br />
<br />
:*Joshua Porter (Bokardo): [http://bokardo.com/archives/comic-et-tu-brute/ Comic - Et tu, Brute?]<br />
<br />
:*Gina Trapani (Lifehacker): [http://lifehacker.com/software/shutdown/what-to-do-with-your-yahoo-photos-269173.php Shutdown - What To Do with your Yahoo! Photos] and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? ''[[User:Orcmid|Orcmid]] 10:34, 15 June 2007 (MDT)''<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/06/15/facebookizing-the-web-webifying-facebook/ Facebookizing the Web, Webifying Facebook], on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? ''[[User:Orcmid|Orcmid]] 11:36, 15 June 2007 (MDT)''<br />
<br />
===2007-06-14===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/openid_sun_architecture OpenID @ Work - Architecture], providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? ''[[User:Orcmid|Orcmid]] 12:04, 15 June 2007 (MDT)'')<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/i-love-dawn/ I Love Dawn ...], wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/too-accessible/ Too Accessible], reflecting an identity+presence silo problem (check the comments)<br />
<br />
:*Robert Scoble: [http://scobleizer.com/2007/06/14/valleywag-offers-me-a-job/ Valleywag Offers Me a Job ...] on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, ''[[User:Orcmid|Orcmid]] 11:01, 15 June 2007 (MDT)''<br />
<br />
===2007-06-12===<br />
:*Avi Bryant: [http://smallthought.com/avi/?p=24 Technorati Needs To Catch Up to Facebook], bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/what-does-idp-do.html What Does an IdP Do?] eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (''[[User:Orcmid|Orcmid]] 17:56, 20 June 2007 (MDT)'')<br />
<br />
<br />
===2007-06-09===<br />
<br />
:*Paolo Massa: [http://www.gnuband.org/2007/06/09/reputation_is_in_the_eye_of_the_beholder_on_subjectivity_and_objectivity_of_trust_statements/ Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements], position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (''[[User:Orcmid|Orcmid]] 13:22, 15 June 2007 (MDT)'')<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/06/horrible-human-engineering.html Horrible Human Engineering] with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up &mdash; the big test is how rapidly repairs are made (''[[User:Orcmid|Orcmid]] 18:11, 20 June 2007 (MDT)'')<br />
<br />
==2007 May==<br />
<br />
===2007-05-27===<br />
<br />
:*Eric Norman: [http://ejnorman.blogspot.com/2007/05/openid-as-laboratory.html OpenID as a Laboratory] eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (''[[User:Orcmid|Orcmid]] 18:15, 20 June 2007 (MDT)'')<br />
<br />
===2007-05-22===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/05/22/hosted-lifebits/ Hosted Lifebits]. ''Jon Udell'' (web log), 2007-05-22. Udell speculates on what it would be like if he had a (virtual) place to stash all the bits that arise in his life, including records, writings, reports, photographs, audio, all and any digital memorability. This is related to the digital persona and identity question raised in his [[Clippings#2007-11-28|2007-11-28]] post, "Your Winnings Sir." (''[[User:Orcmid|Orcmid]] 11:15, 28 November 2007 (PST)'')<br />
<br />
==2007 March==<br />
<br />
===2007-03-02===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/deep_dive_on_saml_2 Deep Dive on SAML 2.0 vs. WS-Federation], for those keeping score at home (''[[User:Orcmid|Orcmid]] 12:00, 15 June 2007 (MDT)'')<br />
<br />
===2007-03-01===<br />
<br />
:*Dave Winer: [http://www.scripting.com/stories/2007/03/01/preservingIdeas.html Preserving Ideas]. ''Scripting News'' (web log), 2007-03-01. Winer raises concerns about preserving our works in their hyperlinked, search-indexed form in some persistent fashion that can outlast us as part of the human digital legacy. An inspiration in Jon Udell's search for a [[Clippings#2007-05-22|life bits]] mechanism. (''[[User:Orcmid|Orcmid]] 11:26, 28 November 2007 (PST)'')<br />
<br />
===2007-02-06===<br />
<br />
:*Jon Udell: [http://blog.jonudell.net/2007/02/06/critical-mass-and-social-network-fatigue/ Critical Mass and Social Network Fatigue] focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? ''[[User:Orcmid|Orcmid]] 11:45, 15 June 2007 (MDT)''), with great discussion in the comments<br />
<br />
=2006 Clippings=<br />
<br />
==2006 December==<br />
<br />
===2006-12-04===<br />
<br />
:*Danah Boyd: [http://www.firstmonday.org/issues/issue11_12/boyd/index.html Friends, Friendsters, and Top 8 &mdash; writing community into being on social network sites], ''First Monday'' '''''11''''', 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via [http://scobleizer.com/2007/06/20/defining-friending/ Robert Scoble], ''[[User:Orcmid|Orcmid]] 19:09, 20 June 2007 (MDT)'')<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/iiw6_-_saml_%2F_liberty IIW2006b SAML/Liberty Presentation] (digging up background items deep in this blog, ''[[User:Orcmid|Orcmid]] 12:10, 15 June 2007 (MDT)'')<br />
<br />
==2006 October==<br />
<br />
===2006-10-22===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/identity_federation_part_2 Identity Federation] overview and illustration of where one Circle of Trust shows up (''[[User:Orcmid|Orcmid]] 12:29, 15 June 2007 (MDT)'')<br />
<br />
==2006 June==<br />
<br />
===2006-06-26===<br />
<br />
:*Hubert A. Le Van Gong: [http://blogs.sun.com/hubertsblog/entry/a_taxonomy_on_user_centric A Taxonomy on User-Centric Identity] mainly links on this useful topic (''[[User:Orcmid|Orcmid]] 12:44, 15 June 2007 (MDT)'')</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=345UsabilityNoRocketSci2007-12-07T22:02:21Z<p>OrcmidAgain: /* Bob FrankstonBob Frankston */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
::runs an RP project <br />
*Rp is the face of infor cards<br />
*diverse set of user interfaces<br />
*need to define a set of expectations for peopple<br />
*make it easy for people to adopt best practices<br />
*make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
::Microsoft emerging businesses<br />
*prior usability <br />
*last 2 days -- what's happening <br />
*the tech savvy people are having problems getting this<br />
*tech has to be ready for joe sixpack<br />
<br />
===Charles Andres===<br />
::Parity<br />
<br />
*make user-centric identity principles usable to everyone; <br />
<br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
===Bob Frankston===<br />
<br />
[[Image:F07-12-055-21b.jpg|thumb|right|75px|Bob Frankston]]<br />
<br />
*Multics<br />
<br />
*The more you reveal, the easier it is to be scammed<br />
<br />
*if you think you have a workable solution, you don't.<br />
<br />
*microsoft is a mechanism not an app solutions<br />
<br />
*spreadsheets are great ways to fool people<br />
<br />
===Rich Conlan===<br />
::Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
::MedicAlert<br />
<br />
*usability and access management<br />
<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=344UsabilityNoRocketSci2007-12-07T21:58:31Z<p>OrcmidAgain: /* Bob Frankston */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
::runs an RP project <br />
*Rp is the face of infor cards<br />
*diverse set of user interfaces<br />
*need to define a set of expectations for peopple<br />
*make it easy for people to adopt best practices<br />
*make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
::Microsoft emerging businesses<br />
*prior usability <br />
*last 2 days -- what's happening <br />
*the tech savvy people are having problems getting this<br />
*tech has to be ready for joe sixpack<br />
<br />
===Charles Andres===<br />
::Parity<br />
<br />
*make user-centric identity principles usable to everyone; <br />
<br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
===Bob Frankston[[Image:F07-12-055-21b.jpg|thumb|right|200px|Bob Frankston]]===<br />
<br />
*Multics<br />
<br />
*The more you reveal, the easier it is to be scammed<br />
<br />
*if you think you have a workable solution, you don't.<br />
<br />
*microsoft is a mechanism not an app solutions<br />
<br />
*spreadsheets are great ways to fool people<br />
<br />
===Rich Conlan===<br />
::Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
::MedicAlert<br />
<br />
*usability and access management<br />
<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Help:Editing&diff=343Help:Editing2007-12-07T21:51:23Z<p>OrcmidAgain: /* Editing help */</p>
<hr />
<div>=Editing Help=<br />
<br />
==MediaWiki Editing Resources==<br />
<br />
*'''General Help on Editing''' is available on the [http://www.mediawiki.org/wiki/Help:Editing Help Editing] pages of the MediaWiki site.<br />
<br />
*'''[http://www.mediawiki.org/wiki/Help:Formatting Formatting Help]]''' illustrates basic wikiText markup for mediaWiki <br />
<br />
*'''Download the PDF [http://meta.wikimedia.org/wiki/Help:Reference_card Reference Card]''' for printing and consultation while you are working on the wiki.<br />
<br />
*'''The [http://meta.wikimedia.org/wiki/Help:Wikitext_reference Wikitext Reference]''' provides a series of examples that illustrate all of the markup capabilities.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Help:Contents&diff=342Help:Contents2007-12-07T21:35:35Z<p>OrcmidAgain: /* How To Create and Edit Wiki Pages */</p>
<hr />
<div>==Getting Started==<br />
<br />
==Internet Identity Topics==<br />
<br />
==Internet Identity Resources==<br />
====[[Clippings]]====<br />
:Collection of links to internet-identity related material that we've noticed and may be helpful. These are different than the list of blogs where identity-related topics are a regular occurence. Clippings may be from those and other sources.<br />
<br />
====[[Reports]]====<br />
:Bibliographic information on reports produced around Digital Identity and the interest areas of Internet Identity Workshop and the Identity Commons.<br />
<br />
==Exploring IIW Wiki==<br />
<br />
==Contributing to IIW Wiki==<br />
<br />
===Getting Started===<br />
<br />
===It's Safe to Experiment===<br />
<br />
*Learn by Looking at Wiki Text.<br />
<br />
*You Won't Break the Wiki. <br />
<br />
*Hesitant to Edit? Use the Discussion Page. <br />
<br />
===How To Create and Edit Wiki Pages===<br />
<br />
*The Media Wiki Handbook has a brief overview on [http://meta.wikimedia.org/wiki/Help:Editing editing and contributing] on a wiki.<br />
<br />
*The Help Guide section on [http://www.mediawiki.org/wiki/Help:Contents Editing and Advanced Editing] will help you drill down on specific techniques and using MediaWiki wikiText markup to get what you want.<br />
<br />
*When you are editing a page, there is a [[Help:Editing|Editing Help]] link at the bottom of the page. Click this link for additional information in a separate window.<br />
<br />
==IIW Wiki Technical Information==<br />
<br />
* [http://www.mediawiki.org/wiki/How_does_MediaWiki_work%3F About MediaWiki], providing a brief overview and a sandbox for practicing wiki posts using the MediaWiki text format.<br />
<br />
* [http://www.mediawiki.org/wiki/Help:Contents Help on Using MediaWikis], the general Help Information available for using all MediaWiki wikis. Details can vary based on different customizations and installation of extensions. The basics are covered here.<br />
<br />
* [http://www.mediawiki.org/wiki/MediaWiki MediaWiki.org], the main site for MediaWiki downloads, support, and links to further information<br />
<br />
* [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], is for operators as well as users of MediaWiki wikis. Sections for users include<br />
** [http://www.mediawiki.org/wiki/Manual:FAQ#Basic_usage Basic Usage], providing links to coverage of questions on basic usage<br />
** [http://www.mediawiki.org/wiki/Manual:FAQ#Where_now.3F Further Help], when you're unable to find an answer to your question</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Help:Contents&diff=341Help:Contents2007-12-07T21:17:50Z<p>OrcmidAgain: /* How To Create and Edit Wiki Pages */</p>
<hr />
<div>==Getting Started==<br />
<br />
==Internet Identity Topics==<br />
<br />
==Internet Identity Resources==<br />
====[[Clippings]]====<br />
:Collection of links to internet-identity related material that we've noticed and may be helpful. These are different than the list of blogs where identity-related topics are a regular occurence. Clippings may be from those and other sources.<br />
<br />
====[[Reports]]====<br />
:Bibliographic information on reports produced around Digital Identity and the interest areas of Internet Identity Workshop and the Identity Commons.<br />
<br />
==Exploring IIW Wiki==<br />
<br />
==Contributing to IIW Wiki==<br />
<br />
===Getting Started===<br />
<br />
===It's Safe to Experiment===<br />
<br />
*Learn by Looking at Wiki Text.<br />
<br />
*You Won't Break the Wiki. <br />
<br />
*Hesitant to Edit? Use the Discussion Page. <br />
<br />
===How To Create and Edit Wiki Pages===<br />
<br />
*The Help Guide section on [http://www.mediawiki.org/wiki/Help:Contents Editing and Advanced Editing] will help you drill down on specific techniques and using MediaWiki wikiText markup to get what you want.<br />
<br />
*When you are editing a plage, there is a [[Help:Editing|Editing Help]] link at the bottom of the page. Click this link for additional information in a separate window.<br />
<br />
==IIW Wiki Technical Information==<br />
<br />
* [http://www.mediawiki.org/wiki/How_does_MediaWiki_work%3F About MediaWiki], providing a brief overview and a sandbox for practicing wiki posts using the MediaWiki text format.<br />
<br />
* [http://www.mediawiki.org/wiki/Help:Contents Help on Using MediaWikis], the general Help Information available for using all MediaWiki wikis. Details can vary based on different customizations and installation of extensions. The basics are covered here.<br />
<br />
* [http://www.mediawiki.org/wiki/MediaWiki MediaWiki.org], the main site for MediaWiki downloads, support, and links to further information<br />
<br />
* [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], is for operators as well as users of MediaWiki wikis. Sections for users include<br />
** [http://www.mediawiki.org/wiki/Manual:FAQ#Basic_usage Basic Usage], providing links to coverage of questions on basic usage<br />
** [http://www.mediawiki.org/wiki/Manual:FAQ#Where_now.3F Further Help], when you're unable to find an answer to your question</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=Help:Contents&diff=340Help:Contents2007-12-07T21:16:44Z<p>OrcmidAgain: /* Contributing to IIW Wiki */</p>
<hr />
<div>==Getting Started==<br />
<br />
==Internet Identity Topics==<br />
<br />
==Internet Identity Resources==<br />
====[[Clippings]]====<br />
:Collection of links to internet-identity related material that we've noticed and may be helpful. These are different than the list of blogs where identity-related topics are a regular occurence. Clippings may be from those and other sources.<br />
<br />
====[[Reports]]====<br />
:Bibliographic information on reports produced around Digital Identity and the interest areas of Internet Identity Workshop and the Identity Commons.<br />
<br />
==Exploring IIW Wiki==<br />
<br />
==Contributing to IIW Wiki==<br />
<br />
===Getting Started===<br />
<br />
===It's Safe to Experiment===<br />
<br />
*Learn by Looking at Wiki Text.<br />
<br />
*You Won't Break the Wiki. <br />
<br />
*Hesitant to Edit? Use the Discussion Page. <br />
<br />
===How To Create and Edit Wiki Pages===<br />
<br />
*The Help Guide section on [http://www.mediawiki.org/wiki/Help:Contents Editing and Advanced Editing] will help you drill down on specific techniques and using MediaWiki wikiText markup to get what you want.<br />
<br />
*When you are editing a plage, there is an [[Help:Editing|Editing Help] link at the bottom of the page. Click this link for additional information in a separate window.<br />
<br />
==IIW Wiki Technical Information==<br />
<br />
* [http://www.mediawiki.org/wiki/How_does_MediaWiki_work%3F About MediaWiki], providing a brief overview and a sandbox for practicing wiki posts using the MediaWiki text format.<br />
<br />
* [http://www.mediawiki.org/wiki/Help:Contents Help on Using MediaWikis], the general Help Information available for using all MediaWiki wikis. Details can vary based on different customizations and installation of extensions. The basics are covered here.<br />
<br />
* [http://www.mediawiki.org/wiki/MediaWiki MediaWiki.org], the main site for MediaWiki downloads, support, and links to further information<br />
<br />
* [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], is for operators as well as users of MediaWiki wikis. Sections for users include<br />
** [http://www.mediawiki.org/wiki/Manual:FAQ#Basic_usage Basic Usage], providing links to coverage of questions on basic usage<br />
** [http://www.mediawiki.org/wiki/Manual:FAQ#Where_now.3F Further Help], when you're unable to find an answer to your question</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=320UsabilityNoRocketSci2007-12-05T22:32:54Z<p>OrcmidAgain: /* Bob Frankston */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
::runs an RP project <br />
*Rp is the face of infor cards<br />
*diverse set of user interfaces<br />
*need to define a set of expectations for peopple<br />
*make it easy for people to adopt best practices<br />
*make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
::Microsoft emerging businesses<br />
*prior usability <br />
*last 2 days -- what's happening <br />
*the tech savvy people are having problems getting this<br />
*tech has to be ready for joe sixpack<br />
<br />
===Charles Andres===<br />
::Parity<br />
<br />
*make user-centric identity principles usable to everyone; <br />
<br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
===Bob Frankston===<br />
*Multics<br />
*The more you reveal, the easier it is to be scammed<br />
*if you think you have a workable solution, you don't.<br />
*microsoft is a mechanism not an app solutions<br />
*spreadsheets are great ways to fool people<br />
*[[Image:F07-12-055-21b.jpg]]<br />
<br />
===Rich Conlan===<br />
::Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
::MedicAlert<br />
<br />
*usability and access management<br />
<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=File:F07-12-055-21b.jpg&diff=319File:F07-12-055-21b.jpg2007-12-05T22:30:23Z<p>OrcmidAgain: Bob Frankston at the Usability without Rocket Science session</p>
<hr />
<div>Bob Frankston at the Usability without Rocket Science session</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=318UsabilityNoRocketSci2007-12-05T22:13:34Z<p>OrcmidAgain: /* Tim Freeman */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
::runs an RP project <br />
*Rp is the face of infor cards<br />
*diverse set of user interfaces<br />
*need to define a set of expectations for peopple<br />
*make it easy for people to adopt best practices<br />
*make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
::Microsoft emerging businesses<br />
*prior usability <br />
*last 2 days -- what's happening <br />
*the tech savvy people are having problems getting this<br />
*tech has to be ready for joe sixpack<br />
<br />
===Charles Andres===<br />
::Parity<br />
<br />
*make user-centric identity principles usable to everyone; <br />
<br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
===Bob Frankston===<br />
*Multics<br />
*The more you reveal, the easier it is to be scammed<br />
*if you think you have a workable solution, you don't.<br />
*microsoft is a mechanism not an app solutions<br />
*spreadsheets are great ways to fool people<br />
<br />
<br />
===Rich Conlan===<br />
::Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
::MedicAlert<br />
<br />
*usability and access management<br />
<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=317UsabilityNoRocketSci2007-12-05T22:12:59Z<p>OrcmidAgain: /* Charles Andres */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
::runs an RP project <br />
*Rp is the face of infor cards<br />
*diverse set of user interfaces<br />
*need to define a set of expectations for peopple<br />
*make it easy for people to adopt best practices<br />
*make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
::Microsoft emerging businesses<br />
*prior usability <br />
*last 2 days -- what's happening <br />
*the tech savvy people are having problems getting this<br />
*tech has to be ready for joe sixpack<br />
<br />
===Charles Andres===<br />
::Parity<br />
<br />
*make user-centric identity principles usable to everyone; <br />
<br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
===Bob Frankston===<br />
*Multics<br />
*The more you reveal, the easier it is to be scammed<br />
*if you think you have a workable solution, you don't.<br />
*microsoft is a mechanism not an app solutions<br />
*spreadsheets are great ways to fool people<br />
<br />
<br />
===Rich Conlan===<br />
::Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
::MediAlert<br />
<br />
*usability and access management<br />
<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=316UsabilityNoRocketSci2007-12-05T22:12:17Z<p>OrcmidAgain: /* Reviewing the Ceremonial Stages */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
::runs an RP project <br />
*Rp is the face of infor cards<br />
*diverse set of user interfaces<br />
*need to define a set of expectations for peopple<br />
*make it easy for people to adopt best practices<br />
*make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
::Microsoft emerging businesses<br />
*prior usability <br />
*last 2 days -- what's happening <br />
*the tech savvy people are having problems getting this<br />
*tech has to be ready for joe sixpack<br />
<br />
===Charles Andres===<br />
***Parity<br />
*make user-centric identity principles usable to everyone; <br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
<br />
===Bob Frankston===<br />
*Multics<br />
*The more you reveal, the easier it is to be scammed<br />
*if you think you have a workable solution, you don't.<br />
*microsoft is a mechanism not an app solutions<br />
*spreadsheets are great ways to fool people<br />
<br />
<br />
===Rich Conlan===<br />
::Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
::MediAlert<br />
<br />
*usability and access management<br />
<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=315UsabilityNoRocketSci2007-12-05T22:10:36Z<p>OrcmidAgain: /* Tim Freeman */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
::runs an RP project <br />
*Rp is the face of infor cards<br />
*diverse set of user interfaces<br />
*need to define a set of expectations for peopple<br />
*make it easy for people to adopt best practices<br />
*make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
::Microsoft emerging businesses<br />
*prior usability <br />
*last 2 days -- what's happening <br />
*the tech savvy people are having problems getting this<br />
*tech has to be ready for joe sixpack<br />
<br />
===Charles Andres===<br />
***Parity<br />
*make user-centric identity principles usable to everyone; <br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
<br />
===Bob Frankston===<br />
*Multics<br />
*The more you reveal, the easier it is to be scammed<br />
*if you think you have a workable solution, you don't.<br />
*microsoft is a mechanism not an app solutions<br />
*spreadsheets are great ways to fool people<br />
<br />
<br />
===Rich Conlan===<br />
::Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
::MediAlert<br />
<br />
*usability and access management<br />
<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=314UsabilityNoRocketSci2007-12-05T22:10:04Z<p>OrcmidAgain: /* Rich Conlan */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
::runs an RP project <br />
*Rp is the face of infor cards<br />
*diverse set of user interfaces<br />
*need to define a set of expectations for peopple<br />
*make it easy for people to adopt best practices<br />
*make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
::Microsoft emerging businesses<br />
*prior usability <br />
*last 2 days -- what's happening <br />
*the tech savvy people are having problems getting this<br />
*tech has to be ready for joe sixpack<br />
<br />
===Charles Andres===<br />
***Parity<br />
*make user-centric identity principles usable to everyone; <br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
<br />
===Bob Frankston===<br />
*Multics<br />
*The more you reveal, the easier it is to be scammed<br />
*if you think you have a workable solution, you don't.<br />
*microsoft is a mechanism not an app solutions<br />
*spreadsheets are great ways to fool people<br />
<br />
<br />
===Rich Conlan===<br />
::Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
***MediAlert<br />
*usability and access management<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=313UsabilityNoRocketSci2007-12-05T22:09:37Z<p>OrcmidAgain: /* Kenik Hassel */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
::runs an RP project <br />
*Rp is the face of infor cards<br />
*diverse set of user interfaces<br />
*need to define a set of expectations for peopple<br />
*make it easy for people to adopt best practices<br />
*make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
::Microsoft emerging businesses<br />
*prior usability <br />
*last 2 days -- what's happening <br />
*the tech savvy people are having problems getting this<br />
*tech has to be ready for joe sixpack<br />
<br />
===Charles Andres===<br />
***Parity<br />
*make user-centric identity principles usable to everyone; <br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
<br />
===Bob Frankston===<br />
*Multics<br />
*The more you reveal, the easier it is to be scammed<br />
*if you think you have a workable solution, you don't.<br />
*microsoft is a mechanism not an app solutions<br />
*spreadsheets are great ways to fool people<br />
<br />
<br />
===Rich Conlan===<br />
***Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
***MediAlert<br />
*usability and access management<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=312UsabilityNoRocketSci2007-12-05T22:09:02Z<p>OrcmidAgain: /* Pamela Dingle */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
::runs an RP project <br />
*Rp is the face of infor cards<br />
*diverse set of user interfaces<br />
*need to define a set of expectations for peopple<br />
*make it easy for people to adopt best practices<br />
*make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
**Microsoft emerging businesses<br />
**prior usability <br />
**last 2 days -- what's happening <br />
**the tech savvy people are having problems getting this<br />
**tech has to be ready for joe sixpack<br />
<br />
<br />
===Charles Andres===<br />
***Parity<br />
*make user-centric identity principles usable to everyone; <br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
<br />
===Bob Frankston===<br />
*Multics<br />
*The more you reveal, the easier it is to be scammed<br />
*if you think you have a workable solution, you don't.<br />
*microsoft is a mechanism not an app solutions<br />
*spreadsheets are great ways to fool people<br />
<br />
<br />
===Rich Conlan===<br />
***Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
***MediAlert<br />
*usability and access management<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=311UsabilityNoRocketSci2007-12-05T22:07:41Z<p>OrcmidAgain: /* Chronological notes (Charles Andres) */</p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
*RP= Relying Party - consumer of ID services<br />
<br />
*user interaction with an RP<br />
<br />
*'voucher' without knowing your true Identity<br />
<br />
*at the edge of technology<br />
<br />
*have people aware of what is happening, and there are verifiable ceremonies<br />
<br />
*popular use<br />
<br />
*wanting to make it as friction free as possible<br />
<br />
<br />
*ceremony (quality of)<br />
**illusion<br />
**theatre<br />
<br />
*conceptual dissonance<br />
<br />
<br />
*Con Games<br />
**Nigerian Scam<br />
**Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
*TSA<br />
**security theatre<br />
<br />
<br />
*every-day experience<br />
<br />
*Usability is key, but lots of tool makers are not thinking about users<br />
<br />
==Why Are We in This Room==<br />
<br />
===Pamela Dingle=== <br />
***runs an RP project <br />
**Rp is the face of infor cards<br />
**diverse set of user interfaces<br />
**need to define a set of expectations for peopple<br />
**make it easy for people to adopt best practices<br />
**make info cards real<br />
<br />
*The Pamela Project<br />
**open php frameworks, media wiki, expand to Drupal,<br />
**components that are easy to use from both admin and user perspective<br />
**what does it mean to see an information card (not cart) <br />
**how to make it easy to be invited into new paradigm<br />
<br />
===Kenik Hassel=== <br />
**Microsoft emerging businesses<br />
**prior usability <br />
**last 2 days -- what's happening <br />
**the tech savvy people are having problems getting this<br />
**tech has to be ready for joe sixpack<br />
<br />
<br />
===Charles Andres===<br />
***Parity<br />
*make user-centric identity principles usable to everyone; <br />
*make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
<br />
===Bob Frankston===<br />
*Multics<br />
*The more you reveal, the easier it is to be scammed<br />
*if you think you have a workable solution, you don't.<br />
*microsoft is a mechanism not an app solutions<br />
*spreadsheets are great ways to fool people<br />
<br />
<br />
===Rich Conlan===<br />
***Google<br />
*Human computer i/f, <br />
*security, <br />
*better passwords<br />
*made a password selector with smiley face feedback mapped to happier:more secure<br />
**it did result in people choosing more-secure password forms<br />
<br />
*issues:<br />
**firewalls that prompt<br />
**bad SSL search<br />
<br />
===Tim Freeman===<br />
***MediAlert<br />
*usability and access management<br />
*10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
*people in distress<br />
<br />
===Dennis Hamilton===<br />
*Find a layer above diversity of protocols<br />
*reliable implementations<br />
*Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
==Noodling==<br />
<br />
*Mistakes will be made<br />
<br />
*Card like interfaces couldn't happen too soon.<br />
<br />
*Can cards allow 'agents' to work on your behalf without you?<br />
<br />
*liability<br />
<br />
*unintended irreversable consequences<br />
<br />
==Reviewing the Ceremonial Stages==<br />
<br />
*Registration - how to use a card<br />
<br />
*Authentication - how to subsequently use it efficiently<br />
<br />
*Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
*quality of the info - actionable for the actor/reader<br />
<br />
*Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
*mapping claim data - is data in the card relevant to the RP<br />
<br />
*trust is not transitive<br />
<br />
*faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
*What is the pragmatic aspect<br />
**social contexts<br />
***neighbors<br />
***nepotism -- more trustworthy (or the devil you know)<br />
*don't confuse intractable social problems with what can be solved with technology<br />
<br />
*Trust no one<br />
*Trust but verify<br />
<br />
*adhoc community effort -- work to influence everyone to get a common experience<br />
<br />
*consistent i/f as a differentiator<br />
<br />
*branding is often used to ensure standards and confidence<br />
<br />
*get together for specific protocols<br />
**write the info messages<br />
**notifications that can be sent to a user<br />
**similar messages from sites within a similar context<br />
**cultural issues<br />
<br />
*should the browser be the interpretive sum of the messages?<br />
*404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
*Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
*GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
*When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
*Last 4 digits of the phone number<br />
<br />
*feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
*attention into property<br />
*knowledge into property<br />
*identity into property<br />
*distinction needed between hijack and a breach<br />
*need to tell people how to be smart<br />
<br />
*dif rules for who is responsible for fraudulant credit card changes<br />
**US: bank has responsibility<br />
**not worldwide<br />
**leads to different responses and responsibilities<br />
<br />
*why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgainhttps://iiw.idcommons.net/index.php?title=UsabilityNoRocketSci&diff=310UsabilityNoRocketSci2007-12-05T21:46:40Z<p>OrcmidAgain: </p>
<hr />
<div>=Usability without Rocket Science=<br />
<br />
Day 3, Session 2 (10:15 to 11:15), Meeting Location H<br />
<br />
==Participants==<br />
<br />
*[[User:orcmid|Dennis Hamilton]]<br />
<br />
*Tim Freeman<br />
<br />
*Richard M. Conlan<br />
<br />
*Bob Frankson<br />
<br />
*Charles Andres<br />
<br />
*Kenik Hassel<br />
<br />
*Pamela Dingle<br />
<br />
==Chronological notes (Charles Andres)== <br />
::[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]<br />
<br />
RP= Relying Party - consumer of ID services<br />
<br />
user interaction with an RP<br />
<br />
'voucher' without knowing your true Identity<br />
at the edge of technology<br />
<br />
have people aware of what is happening, and there are verifiable ceremeonies t<br />
popular use<br />
wanting to make it as friction free as possible<br />
<br />
<br />
ceremony (quality of)<br />
- illustion<br />
-- theatre<br />
<br />
conceptual dissonance<br />
<br />
<br />
Con Games<br />
- Nigerian Scam<br />
- Complex financial labyrinths that people can't fathom, will be fooled<br />
<br />
TSA<br />
- security theatre<br />
<br />
<br />
every-day experience<br />
<br />
Usability is key, but lots of tool makers are not thinking about users<br />
<br />
<br />
Pamela Dingle -- run an RP project <br />
Rp is the face of infor cards<br />
-diverse set of user interfaces<br />
- need to define a set of expectations for peopple<br />
- make it easy for people to adopt best practices<br />
- make info cards real<br />
The Pamela Project<br />
- open php frameworks, media wiki, expand to Drupal,<br />
- components that are easy to use from both admin and user perspective<br />
- what does it mean to see an information card (not cart) <br />
- how to make it easy to be inivted into new paradigm<br />
<br />
Kenik Hassel <br />
- Microsoft emerging businesses<br />
- prior usability <br />
- last 2 days -- what's happening <br />
- the tech savvy people are having problems getting this<br />
- tech has to be ready for joe sixpack<br />
<br />
<br />
Charles Andres - Parity -- make user-centric identity principles usable to everyone; make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)<br />
<br />
<br />
Bob Frankston<br />
Multics<br />
<br />
<br />
The more you reveal, the easier it is to be scanned<br />
if you think you have a workable solution, you don't.<br />
microsoft is a mechanism not an app solutions<br />
spreadsheets are great ways to fool people<br />
<br />
<br />
Rich Conlan - Google<br />
Human computer i/f, security, better passwords<br />
made a password selector with smiley face feedback mapped to happier:more secure<br />
<br />
issues:<br />
firewalls that prompt<br />
bad SSL search<br />
<br />
Tim Freeman - MediAlert<br />
- usability and access management<br />
- 10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.<br />
people in distress<br />
<br />
Dennis Hamilton<br />
Find a layer above diversity of protocols<br />
reliable implementations<br />
Doc Searls has the best sound bites to communicate the issues and where we need to go.<br />
<br />
<br />
Card like interfaces couldn't happen too soon.<br />
<br />
Can cards allow 'agents' to work on your behalf without you?<br />
<br />
liability<br />
unintended irreversable consequences<br />
<br />
<br />
Registration - how to use a card<br />
Authentication - how to subsequently use it efficiently<br />
Condition handling -- geeky error messages - "Your certificate has expired"<br />
<br />
quality of the info - actionable for the actor/reader<br />
<br />
Choreography -- your dance must be in sync with your partner<br />
<br />
<br />
mapping claim data - is data in the card relevant to the RP<br />
<br />
trust is not transitive<br />
<br />
faux authoratitative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.<br />
<br />
What is the pragmatic aspect<br />
- social contexts<br />
--- neighbors<br />
-- nepotism -- more trustworthy (or the devil you know)<br />
- don't confuse intractable social problems with what can be solved with technology<br />
<br />
!. Trust but verify<br />
<br />
adhoc community effort -- work to influence everyone to get a common experience<br />
consistent i/f as a differentiator<br />
<br />
branding is often used to ensure standards and confidence<br />
<br />
get together for specific protocols<br />
- write the info messages<br />
- notifications that can be sent to a user<br />
- similar messages from sites within a similar context<br />
- cultural issues<br />
<br />
should the browser be the interpretive sum of the messages?<br />
404 - 'this is 'don't bother your pretty little head problem'<br />
<br />
Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.<br />
<br />
GE: 'make the error message as obtruse as possible to protect security"<br />
<br />
When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.<br />
<br />
Last 4 digits of the phone number<br />
<br />
feeding into popular (mis)conceptions generate fear -- it's the user's fault.<br />
<br />
attention into property<br />
knowledge into property<br />
identity into property<br />
distinction needed between hijack and a breach<br />
need to tell people how to be smart<br />
<br />
dif rules for who is responsible for fraudulant credit card changes<br />
- US: bank has responsibility<br />
- not worldwide<br />
<br />
why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.</div>OrcmidAgain