With the Internet Identity Workshop not far away, Alec Muffett writes of his distaste for parts of the current state of the Identity space. Hallelujah. I’ve been wanting to write this for a long time… now seems like as good a time as any to add my thoughts.

My takeaway of the moment is his advocating utilizing an entities(user/vendor) transaction history system as the authoritative trust and risk assessment mechanism. This isn’t new thinking, banks do this all the time. The problem however with the current identity space, is that to do this requires reliably storing *any* entities transaction history - which requires silo-free persistence, redundancy and management on all sides of the transaction in order to verify those claims. We don’t even have that silo-free persistence or redundancy yet - nor do we have the tools to manage our data that’s online and always available. Until we do, all this Identity talk has been bunk to me. Why I see it vital to be addressing this problem first.

He talks about relationships, links; they all require persistence or self-healing(think AI) in order to operate reliably as a system. Break one and any number of reliant services break unless caching is implied on the part of the relationship contract, or a human is there to fix every failure. It would be like losing your birth certificate, and having to go through the motions to restore your identity history to a verifiable 100 points before you could verify who you are in order to open a bank account, or create new relationships in the real world.

Now there are those I see aimed at fixing related networking architecture problems that partly solve persistence and redundancy: Van Jacobson’s Content-centric networking comes to mind, heavily laden with it’s key management system which has complexity drawbacks. Most of the other attempts out there however are all HTTP and REST-like based. One problem I see here is that we have network architecture not designed for todays identity, and one that criminals exploit at their own discretion with so many points of failure in the network that policing is near impossible. So how do you secure those routers and wireless networks your valuable personal private data traverses? You can’t. How can you be sure the chipset inside network devices hasn’t been tampered with by organised crime or opposing governments? You can’t. Or your personal network device? You can’t unless you can verify your device hasn’t been tampered with to the best of the manufacturers ability by checking an objects signature of operation with them /over time/. On the network side, only by signing and securing the data or hiding it completely can you get some peace of mind. Peace of mind with the knowledge that over time, that security will need to increase computational power as attacks do. There are already ISPs injecting information into web pages as they traverse networks, their proxies being easy targets for anyone wanting to be malicious. How do you make sure the data you ask for is the data you get? You can cryptographically sign it, or as many sites do now; open a ’secure’ pipe; HTTP SSL. A secure pipe over a network that could have hardware that’s been tampered with? That doesn’t seem very smart to me. What if you sign *all* the data? Then the points of failure become the crypto, end points, users, devices and the key management systems. What’s important however is knowing you get what you ask for, from who you ask for it from - efficiently such that such a system can scale. Problem is cryptographically signing and hash collisions mean you might not get what you asked for, instead a virus that goes undetected… which means we still need malicious software detection - virus scanners, etc - to monitor for malicious intent, checking packet signatures and detecting anomalies that slip through indicating the need to increase security. However, should malicious content breach a system, the best way to prevent that from causing untold damages, is by limiting what objects can do in a system - at all levels of the system.

Doing this presents still to solve issues on the end-points and user side in order to limit the social engineering of those wanting to be malicious. This has to be done by a means of focusing on user experience, education, and the interface by limiting damage and providing a support network for users should it occur. URI or email namespace, and HTTP resource handling as the interface are the real stumbling blocks here when it comes to adoption via user experience. You only need look at the Twitter namespace to see what’s possible otherwise, people often making requests for help to people they learn to trust as field experts over time - despite it’s inability to handle threaded verifiable transactions; something that could easily be added. Mobile and cross-platform devices really /are/ the future of transactions. What’s important about Twitter is that it’s /opt-in/. Capturing malicious claims openly in a persistent way can mean reputation based upon a persons history can become a reliable risk assessment tool. Don’t let the bad people in by default to access everything about you. Layers or capabilities are the key. There are also means that can make transactions between untrusted parties safer. Escrow and transaction risk assessment with repudiation should transactions go wrong being one - so long as the escrow is a trusted party of both parties…

With regard to those three equal parties Alec mentions participating in a transaction (user/vendor/IdP) - I agree that the third is not needed once relationships are in operation. I break the three down to one ‘component’ performing different functions as in a peer-to-peer or end-to-end network - which is one of the original IP protocol design goals[Bring on IPv6! (and a scalable replacement)]. However, most of the time it’s easier for people to conceptualize two(user/vendor or client/server), with the third managing relationships(the connector) - not storing anything - and instead delegating capabilities. I say this because in any classical network, there are three basic elements: Components, connectors and the data that traverses connectors between components. My problem with many existing Identity efforts, is the term Identity Provider or the ‘middle man’ aka single connector; as they just add a silo of failure. In my mind these must be replaced with what I call Relationship Managers. While the network itself is the ‘provider’; that being the hosts you choose - or preferably the network chooses for you by locality - to replicate and distribute your data redundantly between. All accomplished via Relationship Managers that I consider analogous to the VRM Control Panel I’ve seen Doc Searls advocate. Those Managers themselves able to delegate to other Managers such that authenticating an identity from multiple points of contact is possible. Important for redundancy and the ‘object capabilities’ security model: As multiple, yet strictly authorized devices for authentication via those Managers, is then possible on a per device/capabilities basis. Revoke one device(or Manager), still use another. A layered failure approach. A process no different than getting a new credit card(or bank). These Relationship Managers will need to be able to delegate auditing like a ‘Hawk’ monitoring a person’s transactions in order to detect anomalies. Something that could be done in-house by users or outsourced; Identity Brokers doing that management - just like we do now with virus scanners. This important persistent transactional data can then be used to tailor services to a persons user experience ala VRM. Everything can be packaged with the user in or out of control then, home-grown or outsourced; user-driven.

Whatever. Until decentralized data persistence, redundancy, namespace, and relationship management tools are here, it’s all bunk. There’s also another major part of the process yet solved; authentication. The current authentication arena makes me cringe. While I consider CardSpace one of the best of the bunch, it fails to follow the transaction history verification regime to learn and detect anomalies in operation, a process I consider important and could be layered on top over time. Key producing - dynamic, personal, biometric authentication learning systems that throw away the biometric data. In other words AI and unique object detection. Captcha’s are failing, it’s becoming increasingly more important to be able to detect that a human is really a human and differentiate them from other humans… something I believe can be done with multiple time varying history challenges, systems that learn like we do, if narrowly and task-centric at first. Recording passphrase fingerprints is an example of a step in the right direction. Still, like any other security measure it’s a moving balancing act, so I see CardSpace-like tools as a useful beginning in a layered object capabilities approach.

Still, with all these areas yet addressed and many neglected by what I see from the outside looking in on the Identity World: I still think we have a long way to go to when it comes to the ‘online’ world moving towards a service that lives up to it’s name before Alec’s hankering will subside for another that follows.

Jon Udell discusses the idea that technical mastery requires social innovation. While I agree in general I don’t necessarily agree with his final statement that major innovation would require more social than technical. I just don’t believe you can separate the two cleanly yet. It’s still all about how you compose the data with the view(s) and technically I still see a lot of problems in information architecture today that needs solving.

Recent talk by Dave Winer and Tim Bray on what happens to your data and records when you die are the classic example. Data is spattered everywhere, yet there’s a technical solution to that, one that requires a social element as well. I say this as I’m attempting to create my own environment for historical data and innovation. So while the social hurdles are first and foremost in my mind - my user-facing API is defined by that - actually architecting what I consider important elements to achieve my goals, is trying technically. Sure if you have a lot of man hours of a big company it may well be simple to implement but conceptualizing how exactly to implement an entire environment with innovative paradigms, requires a lot of forethought. Usually by one BDFL slaving over that while guiding others to help implement that. eg. Tim Berners-Lee, Guido van Rossum. There’s an excellent talk Fred Brooks gave at OOSPLA07 that talks about innovation I’d highly recommend listening to.

Where Jon asks whether operations are beyond the capabilities of mainstream users I begin to envision a much simpler and more direct approach to how people interact with objects in a system. I always recall a mainstream user testing a web site I’d designed. The number one interaction she responded to - one that guided her into learning new capabilities - happen to be the direct object interactions. Popup’s on hovering menu’s, self-explanatory animated transitions on acting etc, all of these were at the point of object contact. It taught me how important it is to see and learn how to interact with each component and how those can effect others. More importantly how the system integrates and functions to get tasks done. Jon’s screencasts, the CoScripter example, they exemplify this.

I remember my first steps playing with the Self programming language desktop GUI. The ability to inspect objects was fantastic even though the overall user experience was awkward. I think we need more of this interaction if users are to learn new capabilities. Interfaces simply must be object accessible.

Applications today just aren’t built with this in mind and I think the problem is one of default functionality. By default 99% of systems don’t guide people as they use them. There is so little by way of best practices and the advantages they afford because more often than not it’s educated developers doing the implementation.

I think the only way to solve this is to give users the tools do the implementation and customization themselves by lowering the barrier to entry through an object accessible interface. Community driven applications modifiable at the object level comes to mind. Wikipedia is a good example at making information more accessible to the masses, Twine a level up. Why not do the same for application development? The Linden Labs guys also talked at OOPSLA07 that is worth listening to. A large number of scripts were developed by people with little previous programming skill because they could grasp basic constraints to the interface and architecture. If we can create an interface to do this and get tasks done while the hard technical aspects are hidden; great! But technically I don’t believe we’re there yet on a distributed level nor social. The two problems are just too similar.

It’s really one distributed problem over two different mediums.

I couldn’t leave without linking to an interactive application example The Neuron.

A quote by Sep Kamvar repeated by Greg Linden sparked some thoughts on personalization that I’ve managed to boil down to a simple old age adage:

It’s what people do, not what they say that matters when it comes to personalization.

This is why I believe contextual and personalized attention data is the most important personal information one can aggregate. I see this happening with services like Google’s Search History and Twitter/Facebook’s activity feeds at the very edges of this personalization movement.

It’s an area I believe the semantic web needs to work on in order to fill out the middle and become successfully adopted. Standardizing actions on the side of the developer and openly(with privacy in mind) recording these actions with dynamic ontologies. Associating the data with these actions. I say dynamic because meaning often changes over time and as Sep highlighted; checking every box and labeling someone as having a general interest doesn’t necessarily return useful results. It’s the history that matters (why dynamic ontologies) and personal information has to be personal to be effective.

Twine and other sites like it are interesting to me in capturing the data they do for a number reasons, however they all seem to be one shop shows, only capturing some attention from their own narrow usage patterns. This is where I see the real power to the people; aggregating attention cross-application and intelligently customizing usage for user experience. VRM is one area that comes to mind to manage all of this.

The way I see it, right now the only actions we have on users visiting sites are; entry, internal actions and exit. I think this is why only search history and location are returning results. I’m more likely to visit local business and services more if the ads are relevant to my location and search contexts. The closer something is, the more personal it often feels and closer to instant gratification you become.

Contexts include the who what where when how and why of a persons action. Who they are and their history of performing actions, what they’re looking for in relation to, where they are while seeking that. When they are seeking the what aka the time/day, how they’re attempting to obtain their goal and why being their motivation for doing so.

Who is the history - The records of a persons actions.
What is they seek - The goal aka resource aka search term
Where they are - Their location (IP address / wifi mesh / GPS location)
When they’re seeking - Is it after work? Middle of the day? Just after school?
How they’re seeking - What service or applications are they utilizing? Voice, Phone or Web?
Why they’re motivated - Is it research or are they in the mood to purchase something? History is telling.

If I’ve missed any, please leave a comment.

I believe this is why results always come back to context as Sep highlights with his statement that “recent searches are much more important.” It’s where they are and what people are doing right now.

Having said that, another area I see yet to be fully exploited is using time-varying attention information to predict what users may be motivated to do next or soon and return results(not necessarily all of them) that reflect that before the user even knows they want them. I call this the consumer cycle as most people are just patterns stuck in a cycle that evolves over time. I hear Microsoft Research are doing this with Visual Studio by tracking actions and customizing the interface. I know Werner Vogel’s of Amazon in a recent InfoQ video displayed a diagram Jeff Bezos drew that highlights their business growth cycle and the feedback loop. People are growth cycles too and if you can figure out those patterns then and you can pander to their every whim even before they know they have them. Targeted suggestion can really be a powerful form of persuasion. Friends do it to other friends all the time. This is why it’s important to also know a person’s friends and in what contexts they pay attention to them. A friend might buy a new phone and the person ask them about that purchase. Great time to personalize an experience and display the information from other sources(friends/known sites) the user can use.

What I find interesting is that all of this is related to a more fine-grain approach to handling users personal data in applications. The decision is then one of how dynamic to make an application such that collaboration and convenience are enhanced and not sacrificed in the overall user experience. One person might require a completely different experience to the next. So how best then to share those disparate world views? Links with history and session data that form historical views on data comes to mind. I’ve not seen much work on this regard but I haven’t really look that hard. Still, I believe this will be vital for the platforms of the future. Avi’s Seaside has been one of the few attempts I do know about, if you know any others I’d like to hear about them.

Now all of this dynamic data collection requires architecture to support it. I’m of the belief that a deterministic approach with history and session data stored for context recall may be the best approach to personalization across future contexts. Most of my research is focused in this area, so it better be.

With that, I’m off to revise my Combinatory Logic skills.

Leisa writes:

So, today I did my first ever podcast and shipped it off to Anne for the Office 2.0 Podcast Jam.

I’ve shied away from podcasting for as long as I’ve known about it for a few reasons.

Before this blog I had a few short lived experiments with websites and blogging, but none of them really stuck. Partly, I think, because they were so inauthentic. Firstly, I didn’t know what I wanted to write about, but more importantly, I didn’t really want people to know who I was for security reasons. The idea of someone hunting me down somehow from my website was something that was a real fear for me at the time.

I'm seeing a trend towards being more open online, especially when it comes to professionals who work in the space. My only fear is that it opens people up to unsavory types. Recently someone I was writing to turned out to be one and that has made me think twice about what information I reveal to others online and to second guess those who aren't willing to be open and honest about themselves. Comments too on one of my blogs in the past has had me questioning being completely open. I think our tools are in dire need of identity, reputation and privacy evolution to facilitate proper personal expression.

Saying that, I think people are learning the value of openly marketing themselves and forming relationships with those like-minded and open individuals and companies, because often that can present new and interesting opportunities in areas of ones interest. I know for example, that when I read Leisa I'll get good UX commentry, links, etc. I actually went searching for others in the area and came up short for quality on the specific topic.
I'm finding I don't have the time to troll everywhere to keep updated on my interests and as a result experts in their fields are becoming more valuable to me. Something I've noticed about experts is that they mingle and mix in them, openly share and market themselves doing what they love - and do it often enough to build reputation.

It can be scary being open about yourself online though. I'm still not fully. Because of some of the content of what I write about I still like to keep certain aspects of myself semi-private. For a long time though I've wanted to register my name and start writing there. I've just been lazy… I think I'm going to do that soon and invest in myself…

Leisa talks about her podcasting experience too. Podcasting and more so Videocasting is something I keep meaning to give a real go too. Scares me. I'm not used to talking much. I always end up chickening out when I try, drawing a blank, having little to say. Still… doing things like it can be a good confidence booster I believe. And that makes it worthwhile in the end.

I look forward to hearing hers evolve.

I've been following Cameron Reilly's progress with ThePodcastNetwork for a while now. Listening to his current woes, hoping things pick up soon for him. His request for ideas had me thinking and I've decided to pitch some of my ideas in. Feel free to steal them, I have much bigger ones in the works. Anyway here are my suggestions and thought I'd publish them for all to see and debate.

I'll start by outlining the podcast hosting (or video log for that matter) business model as I see it. Advertising. With more and more services like Amazon's S3 our likely future, I see the bottom eventually falling out of mere hosting unless you make the hardware or maintain it. Still you can cream a little off the top using it if you like, but for me the future is all advertising and subscriptions with hosting a side dish unless your a data centre.

Now Cameron more than anyone knows that advertising for his medium will most likely come through embedded sponsorship in podcasts as well as targeted on his site. Thus the more listeners and distribution, the better exposure for all involved. In my mind therefore building brand reputation while building distribution channels are the key to this medium. So, first we build on those. I use Cameron's business as my case study here. So here are my suggestions:

1. Build a better distribution model.

Make it easy for anyone to access and share your data.

The first and easiest thing Cameron could do is make each and every podcast easily sharable on anyone's site with a custom and branded flash player(with fallback) they can drop in, ala Youtube.

Optionally, a player, that on mouse hover or excerpt button click, displays either a text excerpt or transcript of the cast. (I've heard anecdotal evidence that transcripts next to casts improve listens by up to 225%.) Note: I'd do it with display:none javascript, not ajax to help the search engines find it. Let's hope RSS readers of the future support display:none or some other safe means of embedding metadata, aye. (Comments on alternative methods welcome)

So for easy copying and pasting I see the implemenation best done through and interface something like Live Clipboard's.

Thus we display Live Clipboard scissors on objects considered sharable. With our podcast example, on hovering those scissors would display your options for that content. In this case clicking Copy simply copies a piece of HTML to the users clipboard containing an object element marked up. ie. the podcast player <object> with podcast uri and description.

Note: This example doesn't utilise the 'Live' of Live Clipboard, but you get the idea. BTW, to anyone looking to implement Live Clipboard, please, on selecting a method of an object the user should be presented with something like a tooltip instructing them what has just happened! eg. "Success! HTML Object copied to your operating system clipboard. Now, go paste it somewhere!" or "Success! Live Clipboard XML Object copied to your operating system clipboard. Perhaps on hovering objects the type of content to be copied is displayed. eg. replace Copy (CTRL-C) in the figure above with Copy HTML Object (CTRL-C) or Copy Live Clipboard Object (CTRL-C)

Now, back to distributing our podcasts.

I'd also suggest branded widgets of feeds copied and pasted in similar fashion.

Taking this further an open API service for database access to casts and their metadata as well as data processing services. This however requires infrastructure and one central content management and hosting system. So build one(if and when you can afford to!). And Cameron, I know I'd have a 2web widget on my blog if you had one.

Next for distribution, another interesting path I see this model taking is with distributed metadata creation services. Check out what the blip.tv guys are working on with mirrorplay (not up yet) and read about video vertigo (user and password are in the popup authentication) and where metadata sharing for distributed media is headed.

There's an opportunity here for someone to build an open API that lets developers build podcasting software into their own, have those podcasts hosted on the API providers servers and allow collaboration with advertisers through it. Or just a service that streams the process of adding ads to the media and then to the clients servers. It's complicated to explain but if your interested, have a look at the eventful aka EVDB model. I think it's kinda similar but in their case used for events and I hear purchasing tickets.

And BTW, while your at it creating widgets, don't forget to add digg and delicious buttons to each! And comments… You could even include an area in the widget for displaying tags and tagging that very podcast using AJAX! No need then for mirrorplay? Maybe. Maybe not. Something worth considering is that not everyone lets you embed scripts… alternative: flash… *grumble*

Additionally you should write or purchase rights or licensing to podcast aggregating software for downloading content locally and consumuing it and feeding the playlist back to your database. Don't forget to brand it all.

Don't forget to bundle your service with other hardware. Mobile devices especially are the media players of the future.

2. Build a solid brand image.

Produce quality content under your logo stamp. Seek out existing podcasters(or vloggers, whatever floats your boat) with a proven track record and bring em aboard your stamp. Podtech did this with Scoble, Scoble did this with GETV…

Make podcasts about the people. Interviews, exclusives… I love those. Encourage that in your producers. Everyone loves to hear from experts in their field. Experts market themselves, experts therefore market you if you can get em.

3. Design and marketing.

Now I'm basing this off Camerons site and his homepage is a little bland. Get a good designer Cam, make it fun and build upon the brand in the design. In Camerons case, get rid of the whitespace at the top and make the TPN logo stand out. Add some mr.sheen polish to it and develop a 'look & feel' synonymous with TPN. Make play buttons using the logo to use there and in widgets? Something with personality…

Add a "featured show(s)" section with clips and play buttons. Add a short playable promo clip for all the shows and latest shows on there so people can get a feel for the hosts quickly. We're all time poor so please don't make me listen through ads or fancy long intros on those promo clips. Make the search feature and categories more visible. Make the site fun and idiot proof.

Maybe add sound effects on hovering items. Make promo's automatically play on hovering… Grab people's attention. Just never play music on page loading! That's a heinous usability crime! I curse you myspace.

Also add features that will entice people back. Let people tag and mark casts as favorites for later referral. Capture that attention data on what each user plays/tags/does on your site. Create a social network of tags and "who tags like me", "who likes listening to what I do" network ala last.fm. Create widgets of this data for the users. Use the data to recommend other items, including advertising. Create widgets for those.
Ultimately, you'll be reaching your users through distribution channels. Get that right. Make it so that people can easily find your content on your site to help it go viral. Add feeds and widgets on everything. Even categories, peoples listening lists, top downloaded… basic SEO.
4. Education

Drive traffic through education. Create a podcasting tutorial blog(and cast) to educate people. Let the TPN producer crew write it, everyone has a howto podcast story right? Call it the Digital Podcasting School ala Darren Rowse and his Digital Photography School.

5. Advertising

First, create some. Your own! Build a service that can attach advertising automatically to media. Create your own advertising first for podcasts in your network to test the system and attract advertisers that listen. Add an advertise with us option to your widgets. Failing those, hire someone to find you advertisers. Or something. Advertising hurts my brain.

6. Product Affiliates

Create a "cool audio tool" directory using amazon and other affiliates who'd like to advertise their wares to podcasters/users through you. This would fit well on the education blog and next to podcasts. Include hardware/software recommendations, reviews, etc. Track it all with stats.

7. Service Affiliates

"Advertisment FREE" podcasts for paying clients or subscribers.

8. Statistics

Watch them and learn.

9. Brainstorm

Put all the content producers on a mailing list if they're not already. Bounce ideas in it with them all. Create a community wiki to document all those ideas. They'll want to help, they're making a cut of the money for producing the content…

10. Get good developers to build it all

So you can sit back, feet in the air and let someone else stress out. I should also talk about networking, blah, blah, but I'm no good at that. Just do it. You'll figure it out with all that traffic and attention you'll be getting from people.

In conclusion:

• Build an API
• Build your own service on top of that API
• Open your API and service to the Public

The future is in API's and widgets(smart widgets and apps that talk back to your server with attention data).

SIOC (Semantically Interlinked Online Communities) is an ontology for describing discussion forums and posts on topic threads in online community sites. This includes but is not limited to: blogs, bulletin boards, mailing lists, newsgroups, etc.

I came across this word today: Fauxonomy. There seems to be some disagreement about it's meaning however. The first thing that came to my mind was fauxonomy as machine generated taxonomy made out to look like user-generated taxsonomy(folksonomy), however some who support scientific taxonomies have dubbed folksonomies as fauxonomies themselves. Either way I'm sticking with my interpretation. My french was never any good though…

Today, Marc Canter took the wrapper off PeopleAggregator

PeopleAggregator is a Social Network with a difference. You can build your own site and network of people, groups, and media with it!

While on first impressions the user interface and design is hideous, it looks very promising. Communities will love the APIs!

Here are some of the features:

• AJAX drag-n-drop content sections on your personal peofile page that displays your relations (friends, colleges, etc), a photo, your flickr, delicious, networks you belong to and a link list. There's a personal info section you can fill out and place access restrictions on who can see what parts of that information. Nobody, everybody and immediate relations privacy measures. There's the ability to upload your CV and list your professional info as well as snippets of text area information for you to fill in the details about you.
• You can join groups and browse members content
• Upload Media: Images (up to 500kb), tag it and describe it while setting image access and what album you place it in. Audio or Video (up to 3MB)
• Blog and create content either a post, audio, images, video, events, reviews, people or groups.
• Creating groups allow you to create links to external group spaces or ones you've made in your people aggregator network.
• People, this item lets you describe peoples details.
• Review all sorts of different standard types.. eg: local services, events, bar/clubs, books…
• Event creation
• All using structureblogging formats it appears.
• A simple manager to manage your content.
• A search to search that content
• A gallery of your Images/Audio/Video, you can also view friends media or groups media
• Clicking on an audio loaded windows movie player, Video loaded embedded Quicktime for .mov (without any video)
• There's a people search, by details though not very detailed. Age isn't listed.
• You can create your own groups and invite people.
• Create a network for anyone to join and create groups inside that network. Media too, basically aggregate member content into the network. In other words; create social networks inside the people aggregator social network. This would have to be the best feature, allowing communities to build their own homes and share their content with one another. It's just a pity the site is ugly and the content creation too complicated and long-winded in a lot of areas. This is where the API's might come in handy to design your own.

If you'd like an invite, leave a comment.