What's Your i-Name?

Catching up on where the early seeds of the grass-roots identity movement have taken hold.

I'm looking to invalidate Searls' 4th Law, which says, "No matter what car you want to rent, what you'll get is a Chevy Cavalier." The law proved itself again during the weekend I'm finishing this column. When I went to the National Car Rental counter at the airport and asked if they had a choice of compact cars, they said "all we have are eleven Chevy Cavaliers". Next door at the Budget counter, where I had arrived earlier with a print-out of my Web reservation for a Ford Focus "or equivalent", all they had were (surprise!) Chevy Cavaliers.

I used to prefer renting from Budget because I stood a chance of getting a Ford Focus, which is a great little car. But Budget fell off the list of car rental agencies at the United.com site, so they don't currently offer bonus miles for my United MileagePlus account. National does, so here I am, driving The Most Generic Car in the World.

Which is appropriate. This month's theme is Desktop Linux. And, as I said in my speech at the Desktop Linux Summit one year ago, Linux desktops and laptops should aspire to be the computing equivalents of Chevy Cavaliers and Pontiac Grand Ams, the "intermediate" equivalent. In a SuitWatch newsletter last April, I explained why:

Chevy Cavaliers, Grand Ams and other generic rental cars have two characteristics that make them ideal models for Ultimate Linux Laptops. First, they're not bad--really. Second, all but the stripped-down models come with a full complement of minor conveniences you want in a car today: cruise control, air conditioning, electric doors and windows, AM/FM radio, CD player, cup holders, automatic transmission--and a wireless thingie on the key chain for unlocking doors and opening the trunk. Those are the equivalents of Wi-Fi, USB and CD burning in a laptop.

I think that's still a good model, even if Linux desktops and laptops eventually beat every competing platform--which they will. Crawl before you walk, drive before you fly.

Meanwhile, the car rental business makes an ideal controlled study for customers transforming whole business categories, whether vendors like it or not.

To explain what I mean here, it helps to go back to an e-mail Chris Locke sent to David Weinberger, Rick Levine and myself, while the four of us were plotting the posting of what was to become The Cluetrain Manifesto. Attached to the e-mail was this graphic:

This was the moment when, as Jakob Nielsen later put it, we "defected from marketing and sided with markets".

Yet, six years later, there's still a problem with that statement. Even though the Net has enlarged and leveled the playing field we call the marketplace, customer reach still fails to exceed vendor grasp. Networked customers may get smarter faster than most vendors, as Cluetrain also said, but market power still is unbalanced in favor of vendors, and that's not good for either side.

For evidence, look in your wallet. Every card you carry that features an identity--driver's license, credit cards, ATM cards, membership cards--has been issued by somebody other than yourself. Each tells you who you are and where you fit in the walled world of each organization.

Contrast that with your enormous portfolio of actual vendor relationships--with your coffee shop, your cleaners, your grocer, your public TV station. Then, consider your even larger portfolio of tastes and preferences. Precious little of that is represented by the cards you carry in your wallet, each of which embodies a limited data set, maintained for its own convenience by those who issue the cards.

"Markets are conversations", Cluetrain famously said. But how much conversation--of either the literal or the metaphorical sort--is allowed within the siloed confines of the name space you represent to your bank, your airline or even your local library or YMCA?

After Cluetrain came out as a book in January 2000, a higher principle than "markets are conversations" was suggested separately by open-source advocate Eric S. Raymond and Nigerian theologian Sayo Ajiboye. That principle is "Markets are relationships". To help clarify matters, Ajiboye also related an expression common in his native language of Yoruba: "Life is a marketplace".

In Raymond's bazaar and Ajiboye's marketplace, power is balanced between supply and demand. Markets can grow and thrive at any of three levels: transaction, conversation and relationship. These levels also are outlined separately by both men. In the industrialized world, however, power has long been unbalanced in favor of large industrial vendors. For practical among other reasons, these vendors have limited severely the scope of both conversation and relationship with customers, concentrating instead on making it as easy as possible to conduct identity-enabled transactions. Whole economies are seen entirely in terms of transaction, with minimal respect paid to the higher levels where conversation and relationship take place. There's a lot of business to be had up there, if the vendors begin to see the possibilities in conversations that aren't just about billing and credit card transactions.

Even on the customer side, the credit-card system alone is so familiar and so deeply ingrained in our culture, that it's hard to imagine life as a fully empowered customer. It's even harder to imagine a marketplace in which vendors compete to fulfill needs that customers themselves express.

Imagine walking up to the counter at a random coffee shop and presenting a card that lets the barista know you like double short decaf capuccinos. Or imagine a world where car rental agencies really do compete to provide you with the car you want and the options you want rather than Yet Another Chevy Cavalier, plus the usual up-sell for insurance and an extra tank of gas.

Imagine that same identity card--one you own, that contains secure pointers to whatever identity, preference, interaction history and relationship information you choose to accumulate and disclose, for your own or mutual purposes--letting the coffee shops on a road trip know you're coming.

We're not going to get that from vendors, for the same reason we didn't get Linux from vendors: Big suppliers in any category have trouble pioneering anything that's good for everybody and not only for them. Sure, they'll gladly get behind a grass roots movement once it grows like wheat over a big enough marketplace. (Exhibits A through D: Support for Linux by IBM, HP, Novell and Sun.) All due respect for the support these companies eventually do provide; they're simply not going to sow the first seeds.

To their credit in the identity space, big vendors have been thinking about identity problems for a long time and have made some moves that eventually will support grass-roots identity efforts. For example, the notion of "federating" digital identity is getting bigger than ever. In an interview last year, Eric Norlin of Ping Identity Corp. (disclaimer: I'm on the company's advisory board) described federation with a question: "How is it we allow the end user--be they an employee or a customer, or an investor, or a partner or a supplier--to actually have some sort of virtualized control over these distributed bits of digital identity?"

Those "bits" include all the credit, debit, ATM, library, club and other membership cards that live in your wallet. "Federation", Norlin explains, "leaves the distributed environment as it is but seeks to let the end user link together those pieces and still have control over their privacy and what information gets shared and how.... Federation seeks to leave the distributed environment as it is and still attain the advantages and benefits of what normally would be a centralized environment."

Although that description pays respect to the customer, all of the action with federation so far has been on the supply side, opening data silos for customer information to pass between siloed databases. In practice, this involves a selective form of blindness. As Eric Norlin puts it, "neither side...knows the identity of the data that's passed between them. The specification purposefully makes it hard to violate the customer's privacy."

That would be the Liberty Alliance ID-FF 1.2 specification. The Liberty Alliance includes a number of large companies (including Sun, Novell and--as of last October, IBM). Another group of Big Boys is gathered around the WS-Federation, Web Services Federation Language. That group includes IBM (a founding member), Microsoft, BEA, RSA Security and Verisign.

At the Digital Identity World conference last October, I jokingly referred to federation as "giant companies having sex with your data". That was unfair, even though it got a lot of laughs. Federation between companies and between parts of companies behind firewalls is a necessary thing, and both these projects should be commended for their efforts to protect privacy while achieving other purposes that everybody agrees are desirable.

But we still need that grass-roots movement.

In my closing keynotes at the first two Digital Identity World conferences, I cried like a wolf in the wilderness for somebody--anybody--to come sow some grass-roots identity seeds. By the middle of last year I pretty much had given up hope. Then, during last summer's LinuxWorld Expo in San Francisco, I found myself in the top row of the nosebleed section behind first base at a Giants baseball game. Next to me was a woman with a laptop doing stuff on the Web, thanks to the free Wi-Fi provided by the ballpark.

She said her name was Kaliya Hamlin, and she worked for IdentityCommons.org. In name alone, IdentityCommons sounded like it might be the Johnny Identityseed I'd been looking for. Naturally, we got to talking. Several months later, my by now traditional closing keynote at Digital ID World was about Identity Commons and the grass-roots effort it's leading around a set of customer-native identity standards, including one called i-names. XDI.org calls an i-name "the first universal private address--a single address you can use for all types of electronic communications while always maintaining control of your privacy".

The most immediately useful purpose for i-names is spam protection. XDI.org explains:

Conventional addresses such as postal addresses, phone numbers, and email addresses are tied to a specific location, device, or service. By contrast, i-names are abstract--they are not tied to any specific location or device. Instead they are a way to ask permission to contact an individual or organization--and for the i-name owner to control to whom this permission is granted.

An i-name is simply "unspammable"--you can't send it email, call it, or send it a fax directly unless the owner has given you permission. If you don't have permission, you can use an i-name to make a contact request of the owner. These requests can be automatically filtered by your i-name service provider (i-broker) using a personal contact page to eliminate all but legitimate requests for contact.

Because an i-name is not tied to a specific physical or network address, it is also the first address that an individual can keep for life--across schools, jobs, homes, and travels. Furthermore, using the XDI trusted data interchange specifications under development at OASIS, individuals will be able to use their i-name to instantly share and link the precise set of personal data they want with other people, businesses, or organizations while always maintaining strong security and privacy protection.

...when shared contact or other data changes, your i-name service provider can automatically synchronize changes with all linked contacts that have permission to receive them.

An i-name is represented by a =name convention. At Digital ID World, Kaliya's badge said =kaliya. Over the course of the conference, a growing number of attendees had appended an = prefix to their badge names. Mine said =searls. I obtained that unique identity from 2idi, the first commercial i-broker. Later I added =dsearls (I found that =doc already had been taken).

Behind i-names are two other standards: XRI and XDI. Here's how XDI.org explains them:

Together, XRI and XDI solve the twin problems of persistent identity and trusted data sharing relationships by providing the technical foundation for linking people and organizations in a "Web of trust" just the way the Web lets us link pages in a "Web of text".

XRIs (Extensible Resource Identifiers) address a longstanding problem on the Internet: how to have a persistent, portable, privacy-protected identifier for any resource, from a person to a company to an application to a concept.

XDI (XRI Data Interchange) uses XRIs to securely and privately share, link, and synchronize data between any two devices, domains, or applications--and maintain this link for as long as the two parties want to keep a data sharing relationship.

So, in this context, XDI.org calls i-name "a human-friendly XRI intended for everyday use in browsers, email clients, Web pages"--any place a Web address (URI) would appear today.

Drummond Reed, the founder and CTO of Cordance.net, has led the development of these specs and their ancestors for a decade or more. He says they are "about identity ownership and trust that starts with individuals, out in the marketplace, rather than inside any large company, or association of large companies".

Identity Commons and XDI.org were not alone among the open-source identity advocates at the conference. There was a good bit of energy around the XML-based Simple eXtensible Identity Protocol (SXIP). Like a number of other commercial/noncommercial efforts, there's a Sxip.com and a Sxip.org involved.

Sxip's grass-roots solution to identity problems involves two breeds of sites:

*Homesites* are web sites that authenticate and identify users, provide a repository for user information, and release this information (with user-consent) to other web sites that want it. The Homesite typically serves one or more Membersites, and allows their constituents to seamlessly authenticate and share data between them.

*Membersites* can store user data at and retrieve it from the Homesite, ask for authentication, and release the user data to other Membersites that request it.

Sxip networks support single-sign-on and provide other goodies. Using i-names is allowed as well, so that's not a problem.

Two of the leading authorities on identity--Kim Cameron of Microsoft and Craig Burton--attended Digital ID World and were intrigued by these grass-roots efforts. But they also lamented that each involved creating "yet another name space" in a world where name space proliferation is itself a problem. Yet this was one rare occasion when I had to disagree with both men, who also are close friends of mine.

These grass-roots efforts may be flawed in any number of ways, but they're coming from the right direction and for the right reasons. They won't reach critical mass without early adopters. That's where the rest of you come in. Check out both IdentityCommons.org and Sxip.org. See what you think and help any way you can.

Let's see how soon we won't be forced to rent Chevy Cavaliers.

Doc Searls is Senior Editor of Linux Journal. He writes the Linux for Suits column for Linux Journal. He also presides over Doc Searls' IT Garage, which is published by SSC, the publisher of Linux Journal.

______________________

Doc Searls is Senior Editor of Linux Journal

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Wait until the National Car

willis's picture

Wait until the National Car Rental is more open minded, lol. I would like compact cars too instead of the everyone-could-get Cavalier.

Will - Fox Car Rental

I agree that car rental

Ninna's picture

I agree that car rental businesses need to offer more to retain customers. But they are also facing hard times with accelerating costs. Resolve that first, then they will be more open for next development. The business itslef has a great nature of sustainability.

Ninna,
Auto Insurance

Great article, Doc

Drummond Reed's picture

Doc,

You put the case for grassroots identity wonderfully. How ironic that either Identity Commons or the OASIS XRI and XDI specifications could be taken as a front for Trusted Computing. Only one member of the Trusted Computing Group (AMD) is even involved, and I can absolutely certify that Geoffrey Strongin, Platform Security Architect at AMD and my co-chair at the XDI Technical Committee, is one of the finest gentlemen you will ever meet in this entire industry.

I agree with your reader that the issues surrounding trusted computing are complex. As Geoffrey frequently puts it: trusted computing is like any other security tool - it can protect the good guys, or protect the bad guys. DRM makes this even more of a Faustian bargain: you're a good guy if it’s your rights being protected (for example, your personal identity data that's being kept safe), or a bad guy if it’s someone else's rights you're trying to break (like an illegal MP3 file).

I certainly can't settle that debate. But I can say that the OASIS XRI and XDI open standards that are the basis for i-name and i-broker architecture are simply tools to help us develop an open, interoperable persistent identity and trusted data sharing infrastructure for the net. And there are many more little companies and individuals involved in the development of these standards that big companies by far.

Please visit the XRI and XDI TC home pages for complete info. And also the Identity Commons Dataweb page for a full picture of XRI/XDI technology.

Thanks Doc,

=Drummond
=Drummond.Reed
Blog: Equals Drummond

THIS IS A FRONT FOR TRUSTED COMPUTING & DRM!

Alsee's picture

"Grass roots movenment" my ass!

The organisations involved, OASIS (oasis-open.org), XDI.ORG and the others, they are all TRUSTED COMPUTING groups creating "open standards" FOR ENFORCING DRIGITAL RIGHTS MANAGAMENT systems.

XDI.org's FAQ says
What does XDI.ORG do... vision of an accountable, trustworthy layer on the Internet... Specifically its purpose is to: Manage the intellectual property rights for a new data interchange protocol.

This "Identity Commons" wants you to sign up and created a "Trusted Identity" (which is conviently tied to the CREDIT CARD you used to register!), and in the future DRM files will be locked to that identity, and software installations will be locked to that identity, and access to websites will be locked to that identity (single sign-on oh joy) and on and on. And they are offering you an opportunity to sign up and reserve your name before the system is fully deployed, gee thanks.

The system will not be fully operational unless you are running Microsoft's Palladium operating system, or if you are running a Palladiumized version of Linux or other operating system. Palladiumized TrustedLinux is already under construction. And these new operating systems will only work on the new TrustedHardware. IBM and HP and others are already shipping PCs with this new Trust chip. Intel has already embedded a version of the Trust chip inside the Intell Prescott, although it is in an inactive form. The expectation is that the Trust chip will soon be standard on all motherboards, and then move into the CPU itself. Intel, AMD, ARM, Transmeta, and the rest, all of the CPU makers are on board.

The Trust chip spys on your hardware and what software you are running and reports it to other people (remote attestation), the Trust chip makes it impossible to read your own files except with the approval and under the restrictions imposed by the software you were given (sealed storage), it prevents you from modifying the software on your own machine (code identity and sealed storage), the Trust chip even DEFEATS THE GPL! Having the source code and being able to modify and compile it is USELESS when that recompiled code DOES NOT WORK. The Trust chip forbids the recompiled code from access to the required encryption keys. The recompiled code will "run", but it will not WORK because it cannot read it's encrypted files and it cannot interoperate.

I know this sounds like a tinfoil hat conspiracy theory, but IBM is already shipping ThinkCenter, ThinkVantage andNetvista desktops, and Thinkpad laptops with this chip embedded. HP/Compaq are already shipping dc7100 and D530 Desktops and nc6000,nc8000,nw8000, nc4010 notebooks with these chips embedded. Acer Veriton 3600GT/7600GT. Toshiba Tecra M2 Series. Fujitsu Lifebook S7010 and E8000 series and the T4000 Tablet PCs. Samsung all X model laptops. And more every day. As I said, the expectation is that is will soon be standard hardware on ALL motherboards.

If you have to make up an nonunique identifer, what's the point?

Anonymous's picture

>> Later I added =dsearls (I found that =doc already had been taken).

Yep, that's the problem I always have with these things. Some one *always* has already registered my real name so I have to make up a fake, truncated, modified, or otherwise incorrect name instead of using my real name. From the first BBS I signed onto up until the most recent website I registered with, I have never, ever been able to use my real name as an identifier. I don't see how this is any different. It's not allowing me to have a "more human" identifier - just another string of made up numbers and letters that's not really my name.

What's the point? In real life I simply use my real name, I don't have to go around calling myself steve1962 to differentiate myself from steve1975. How is that any better than having an identity number? Of course the early adopters never see this problem. It sounds great to the first person named D. Searls that registers. The next couple of can use dsearls, d.searls, maybe d-searls. but what about the tenth or thousandth? By then you'll be back to having make up goofy hax0r names so we can be unique. Or am I missing the point of this entirely?

i-name goldrush?

Dilireus's picture

This reminds me of the mid-90s when everyone discovered there was money to be made by buying domain names they had no intention of using and then selling for profit. Has anyone thought about how to prevent or at least control this? Is this even something to worry about?

You May Be Missing the Point - These Guys are Good

=jon.ramer's picture

I just wanted to speak up on behalf of the I-Name and Identity Commmons initiatives. I have no financial interest to advance in making these commets.

I have worked with the people involved with the Identity Commons and I-Names for the past three years. They are developing a solution that doesn't leave our digital identities in the hands of commercial interests. This is in our mutual best interest. They are not after a gold rush.

The work grow out PlaNetwork and is well worth visiting http://www.planetwork.net

The Augmeneted Social Network paper outlined the need for identity management as a civil society, open solution. http://asn.planetwork.net/

As I understand the dollars involved they are being used to pay modest salaries to hard working developers.

In community,
=jon.ramer

Not resellable

Ric's picture

I grabbed 'e' - it available, and it seemed VERY short and easy.

If this takes off, this is worth $25 risk.

On the other hand, these things probably will not be transferable, so it is not a big market like domains.

Try it! Send me a reply through the service at
=e

hmm, your =e does not appear to be active...

Kristofer Dale's picture

"No data found matching the submitted i-name or i-number. The contact page may not be enabled.

If this is your i-name, log in to 2idi and click the Contact Page tab to begin the activation process."

Compact Cars...

Michael Maclean's picture

It always amuses me when people on the North American continent refer to a Ford Focus as a "compact" car. In the UK, there are a lot of cars which are even smaller so the Focus is about average size (assuming they're the same size on both sides of the Atlantic).

Grassroots - has it always been a market?

Tom's picture

Relationships - family and community - preceded governance and markets. This view from Jeremy Rifkin is in an interview published in May 2000:
"What I say to business leaders is "understand that your sector and the government sector are derivatives, not primary institutions." There is no example in history where you first create a government or establish a market, then you create a community. It's always the other way around, although we have lost sight of that lesson. First people establish communities, then they create social exchange, shared metaphors, shared meetings in life. Only when the social capital is well developed do communities create markets for trade and establish governments."

The full interview is at Government Technology:

http://www.govtech.net/magazine/visions/may00visions/rifkin/rifkin.php

I've found this perspective useful in my "regional community" work. Our individuality is important, but we don't get here without biological family, don't grow and learn without human relationships, and have nowhere to function without communities.

A hermit dies alone in the woods ending a gene line. Is there a tear? Humanity continues. Optimization of the individual life - go for it - build it yourself.

Mediated trust services to regulate i-name's shield?

David Orban's picture

Doc,
I enjoyed your speech at the DLS last year, where I was a fellow speaker talking about Linux in Europe. The Chevy metaphor was, and is very valid. I am glad you are supporting the IdentityCommons initiative, and I share your enthusiasm for it, too.

I think that a key element to their value will be the possibility of implementing webservices that, to a certain extent, will enable us to set up rules defining what should be done to a given ping of our i-names. The risk is that while the i-name is an effective shield, it won't speed up the management of worthy contacts or input, if for each decision the human behind it must be involved.

=davidorban

What are citizens?

Jock Gill's picture

Doc,

I like your essay but think we need to go a lot further than "Markets can grow and thrive at any of three levels: transaction, conversation and relationship."

It seems to me that we require a new 'frame' through which to view what it means to be a citizen. In this frame, I see that we are, first and foremost, active and dynamic creators, producers, and distributors of a myraid of things, including conversations and relationships with other humans. Lastly, we are also, as it happens, consumers of each others creativity, production and distribution.

This new frame redefines the options, payoffs and possibilites for citizenship. It transcends the industrial reduction of citizenship to the status of being merely a consumer trapped in a star network.

Regards,

Jock

a newer of linux

zxchqh's picture

a newer of linux

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix