Panlibus Blog

Archive for the 'Identity' Category

Is Privacy a Luddite Fig-leaf?

In this month’s Library 2.0 Gang show on the recent ALA conference in Anaheim, Char Booth fed back that one of the themes from the conference that she had picked up on was privacy.

Specifically around the area of patron (or borrowers as we call them in the old country) data, both personal and activity data from within a library system.  There seems to be three shades of strongly held opinion.

The do-what-everyonelse-does faction promote the fact that people are happy for Amazon, Flickr, Facebook, and the rest to store and use their data to deliver a better service for them – so why should libraries be any different.

The there-is-data-and-there-is-data group point out that they are not talking about really personal data (such as birth date, phone number, social security number), but general information (along the lines of ‘an unknown 2nd year engineering student has loaned these books).  Anonymous but very useful data that could add great value to the services offered by a library.

The expunge-any-and-all-data-once-it-is-not-absolutely-necessary grouping seem to think it is a massive violation of privacy to even keep a record of previous loans so that you could tell someone what the title of that book they borrowed last summer was.

In that final grouping I believe there are some who are clutching at the privacy issue as a way to slow or even stall the move towards social networking and other 2.0-ish influences that are changing the balance of interaction between librarians and their patrons.

It would be disingenuous to colour all those at the keep it private end of the debate with this motivation, but I do feel that there are some out there that think this way.  How often in a conference session about the wonders of social networking, or one that points out the fact that OPAC results would be more relevant if you could use a student’s course information in the ranking algorithm, do you hear the ‘but you are exposing private data so it will never work‘ comment?

Let’s face it, in the broad grouping of opinions we find in the librarian community, there are a few who are not comfortable with things 2.0, and would prefer things to stay as they are.  It is to these that others at the other end of the spectrum of opinion may be tempted to attach the label luddite, especially in these times when it is fashionable to espouse the virtues of using people data to add value.

There is much to be worked out as to the how, how much, by whom, for whom, with what permission, under what control, of the data held about the users of our systems, but I believe that some opening up is already starting to happen.  Those using the privacy issue as a reason to hold back innovation in this area will eventually find themselves bypassed.

Having said all that, I don’t expect my local library to be sharing any of my personal information without my permission anytime soon.  I would hope that sometime soon they will be using my borrowing patterns to help others with their choices; my clicks to help improve navigation through their software; my demographic profile to provide a better service to me; and possibly even providing OpenID verification from a service I trust.

Picture by wasabicube on Flickr

Technorati Tags: , , ,

Will this one be the right ID

OpenID, to quote the web site, is an open, decentralized, free framework for user-centric digital identity.

OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI (also called a URL or web address). Since URIs are at the very core of Web architecture, they provide a solid foundation for user-centric identity.

By OpenID-enabling a web site it can accept your login credentials from your chosen OpenID Provider (which could even be your own system). The outcome being that if all sites that you use were OpenID enabled you would only ever need to use one set of credential to login to all of them – the Holy Grail of Internet – no more notepad documents or whatever to keep track of all those account names and passwords!

To find out more try this 5 minute informative screencast on Simon Willison’s blog, and Wikipedia.

I’m getting an attack of Déjà Vu whilst writing this [no not the movie which looks fun by the way, or the or the fascinating the web as we remember it site that I tripped over whilst looking up the term]. We been here before. Remember the launch of Microsoft’s Passport, or i-Names, or our first Talking with Talis podcast with Dick Hardt, Founder and CEO of sxip Identity.

These and many other peaks of web excitement over the last few years have tried to address the tricky problem of trying to tell all the sites on the web who you are in a secure, reliable, and trusted way. Testament to this so far intractable problem being the way that so far nobody can even agree a standard scheme for what a password prompt will accept – I have yet to work out a password which will satisfy the criteria for upper/lower alpha/numeric min/max length on all the sites I visit. (And it drives me wild!)

All the initiatives to provide a solution for a single shareable identity, rely upon the fact that some central web presence, that all the other sites will reference, will hold your actual credentials. This is not necessarily a single central source, OpenID and others envisage that you could choose from many.

From my point of view this is the problem for all of them. Passport failed to take off because of this – ‘Let Microsoft become the arbiter of all Internet identity – Yeah right!!” Others have tried to avoid this by distributing the ability to host these identity stores across many organizations, but the fundamental problem still remains – trust. Who is going to trust some third party to hold your identity or to provide validation of an identity for login and or single sign on functionality. A service provider may trust an organization like a bank, but would you want your bank acting as the validater of your ID – what happens when you go overdrawn? An individual may trust an open source community site, but would a service provider?

I wish OpenID, which builds on much that has gone before, well but I have a feeling that even this will not gain critical mass. I wish I did know the answer – I could put my feet up and retire on the proceeds! But brains far bigger than mine still don’t appear to have found this particular silver bullet.

Pessimistically I think there is a possibility that this will not be solved in a globally accepted way for a long long time or until we all get fitted with a personal MAC Address at birth. The present technically unsatisfactory situation is, unfortunately, just good enough to enable the wheels of Internet commerce to keep turning. If we could find a way to make the acceptance of something like OpenID a business critical issue for the likes of Amazon, eBay, and the rest, well things may well be different.

Afterthought
Of course Libraries are universally trusted organizations which are used to handling peoples identity information. Now what if we could some how enable all those borrower/patron records to be used to underpin something like OpenID, that might create a critical mass of data that would provide some momentum. Problem currently is that there is no standardly implemented way to get at that information – same old [library] story – what we need is a Platform!

sxip announces public beta of identity management tool, sxore

Sxore Beta logo

In our very first Talking with Talis podcast, I spoke with Dick Hardt of Canadian company, sxip Identity.

We spoke about ‘Identity 2.0’, the importance of reliable identification – and defensible privacy – in the online world, and about one tool that sxip were developing to demonstrate some of their ideas, and to combat comment spam on blogs in the process.

This tool, sxore, has just been released as a beta plugin for WordPress.

We don’t use WordPress at Talis, but all the tech journalists I know seem to, so maybe Charles Arthur, David Tebbutt, or one of the others could give it a whirl, let me know if it works and, if it’s as good as my conversation with Dick suggested it could be, write nice things about it?

Technorati Tags: , , ,

Structured Blogging

Dick Hardt, CEO of sxip Identity and subject of our very first podcast, draws my attention to the new Structured Blogging initiative.

“Structured Blogging is a way to get more information on the web in a way that’s more usable. You can enter information in this form and it’ll get published on your blog like a normal entry, but it will also be published in a machine-readable format so that other services can read and understand it.

Think of structured blogging as RSS for your information. Now any kind of data – events, reviews, classified ads – can be represented in your blog.”

I shall definitely be taking a closer look, as it sounds potentially powerful… …and it works with Movable Type, the technology behind this blog.

Technorati Tags: , , , , , , ,

What’s in an I-Name?

Up until recently my question was “What is an I-Name” Then I listened to the ITConversations interview with Owen Davis on the subject of IdentityCommons, which underpins I-Names, and it all became clearer.

The simple answer appears to be “DNS, but for people“ I-Names are assigned to people in a similar way to the way Domain names are allocated to their owners. You identify an unused I-Name, pays your money, and its yours! You pay an Identity Service Provider such as 2idi.

I’ve now got mine =Richard.Wallis it only cost me a donation of $25, and it is mine all mine for the next 50 years. That should impress the other Richard Wallises out there, I got in first! It raises an interesting point though, all I-Names are unique, but all people names are not. When was the last time you saw an eBay User Id that was the user’s actual name? But again selecting an identity, or handle, that describes you is an interesting exercise in its self

So what! What can I use my I-Name for, beyond showing off that I have got one by putting it in my eMail signature. Today not much, but it has potential.

As an I-Name is a guaranteed unique universal private address, or identity, it could be used by all sorts of systems to confirm who you are. It picks up on the same ideas as Microsoft Passport, but without the perception of world domination.

I-Names are also applicable to organisations so as well as being able to uniquely identify me, it should be able to identify the me that works at Talis separately from the me that is at home buying stuff off eBay. The same ‘me’ but in two different contexts.

Extending that concept to ‘me’ on a University course context that because of it has licensed access to a particular eJournal, starts to make things interesting. Add to that the possibility of Amazon knowing my I-Name and will then trust me for one-click purchases and things could get very interesting.

So is this the Holly Grail of identity management that will solve all the problems Shibboleth, Athens, WS-Federation, etc. have all tried to address with differing levels of success? I doubt it, as Jon Udell has quiet rightly pointed in his thoughts on the subject

“having spent more hours than I care to admit poring over specs and architecture diagrams from the Passport, Shibboleth, Liberty, and WS-Federation projects, I suspect (as does Doc Searls) that some other identity standard will prevail.”

But there again it could be one of the lights at the end of the tunnel that together will solve the travelling identity problem, and will be so obvious [like DNS is now] after we have all given in and start using the de-facto standards that emerge.