Just posted this to a mailing list.

OK. I'll have one more go at where I'm coming from because we are agreeing. But I still don't think MS and Liberty/SAML are addressing what I think of as the low end for very wide implementation (of digital identity). In the key early identity functions there are three players.
1) End user (EU)
2) Service provider (SP)
3) Identity provider (IP)

End User - These days, the early adopters are all using Firefox and Safari. An IE only strategy is going to alienate these people and you need them on side to drive EU adoption. So that means plain old HTTP, XHTML, Javascript and no ActiveX. Or a different strategy with Browser checking that uses different techniques depending on the browser being used.

Service Provider - There is a very large population of potential SPs that are using LAMP based applications such as Movable Type, Wordpress, Drupal, phpBB, OSCommerce, Nuke, etc etc. These could really benefit from a common single signon, and account creation identity system. Either for authentication prior to comments or authentication before joining the community. Or for authentication before buying something. A high proportion of these sites are running on minimal hosting. Which means that we're looking at lowest common denominator technology (today). eg http redirect, http auth, http Get/Post, and scripting language native tools like XML parsing, XML-RPC, SOAP-RPC. And finally toolkits that are written in the native scripting language. Requiring extensions to Apache or PHP probably isn't going to be possible for most of these sites.

Identity Provider - IPs have more flexibility because it's reasonable to assume that any commercial IP is going to have complete control over the server. So then we break the market into two. One is in the LAM part of LAMP probably plus Java and C extensions. The other is the MS camp. Now I want to push the system requirements for IPs downwards because ultimately I think there are a large number of the SPs that could and should provide *some* identity function with *some* level of trust. For instance, I can easily imagine a Civicspace site providing identity checking to a Movable Type site when the EU wanted to leave a comment. And there's a somewhat utopian ideal that we can push the IP even further down to personal websites which provide some *more limited* identity function with some *more limited* level of trust. But early on I can understand why the complexity of an IP may mean that we can't or shouldn't attempt to include this.

So in a nutshell we have, EUs needing at least IE6 and/or Firefox. SPs need plain vanilla LAMP support as found on cheap web hosting. DPs can require full server control from the owner, but we would like to reduce the system requirements to the same as SPs.

This is the market that LID and SXIP (and others) are aimed at. I'm not convinced that Liberty/SAML can address it. And the reasoning is that even if it's possible to implement the underlying design patterns as above, the current implementations all assume more technology than is available at the typical SP level. I'm not convinced that MS InfoCard can address it, because I think it will be too complex to implement at these levels of technology and because MS will feel unable to help due to commercial considerations.

The end? Or the beginning?

Jon Newton has written an amazing screed about the MGM vs Grokster ruling which is due to be released tomorrow. It's subtitled "You and I against them".

Yup, we could do with a "Them Spray".

ps. I always thought there should be a can spray called "MuzakOff". It would be a nasty congealing goo that you would spray into loudspeakers playing Muzak and render them mute.

I've just been talking to someone who wanted to sell me contextual advertising. After going round that, I suggested an idea that turns this on it's head.

I want to get an RSS feed of the latest ads that have been placed for a particular Keyword. The example we used was "Wifi". If I'm tracking Wifi by taking a whole set of RSS feeds both from single sites and from news aggregators like Google News, Topix, del.icio.us and flickr I'd really like to also take a feed of latest Ads in that area. Because that will give me an additional view of the market and should lead me to information about new products and services in the area. From the advertiser's point of view, I'm a high value customer who's shown specific interest in that keyword and so I'm actually much more likely to click through to find out more information.

What was interesting was that the guy on the phone had a really hard time getting his head round that because he was so concerned about the impact and how it would work around their current business model. Now as well as getting higher quality impressions in front of a customer who has self selected for interest in that keyword, you've also cut out having to pay the site publisher who displays them.

Somewhere in there, he said that Overture (and possibly others) provide a (possibly private) XML feed of the highest value ads for a particular keyword. Which means that they are very close to being able to offer this already. The XML just needs reformatting into RSS format.

So when is an advertising company going to think outside the box and start offering this? I'm sure there's some problems around click through fraud, and republishing bu they don't feel insurmountable given that Overture, Google and others are already providing ads for RSS that end up being displayed in RSS readers rather than on websites.

» InfoCard and Web Services | Between the Lines | ZDNet.com : Even so, I'm convinced that if Microsoft does what they say they will, the open source community will build components if for no other reason than the fact that they will have to to participate in the identity environment that will grow up around the standard Microsoft creates.

IMHO, Passport is an existence proof that this is wrong. My take is exactly the opposite. If Microsoft does what they say they will, the open source community will simply ignore them. And the MS identity environment will become Microsoft only. At which point it will only be of interest to people running MS Servers or who can afford to bolt MS servers into their rack for this purpose.

The 2nd reading of the UK ID card bill is coming up in ten days time on June 28.

Whether you're for or against the bill, you can write to your MP and let them know your feelings here.

If you're against the bill, please sign the pedge here.
3381 people have already signed for "I will refuse to register for an ID card and will donate £10 to a legal defence fund but only if 10,000 other people will also make this same pledge." [from: JB Ecademy]

Corante has a post about the RIAA attempting to stamp out "Casual Piracy" and make criminals of us all. I'm reminded yet again of Zappa predicting a time when music is made illegal.

Two posts from me in the comments.

---

A little vignette from last year.

I decide I want to buy Zero7's latest album. I walk down to the record store and notice the "Copy Protection", "This is not a CD" label on the CD and decide not to buy it (£14 saved). I walk back home and a quick search shows that AllofMp3.com have the album available in MP3 192Kb VBR so I buy it from there instead (£0.80 spent).

This year, the store closed down.

---

I'm not condoning this but merely reporting it.

A DVD-RW holds what? 5Gb? I know people who have burnt their collection of MP3s to 3 or 4 of these and take them round to their friends to copy onto their computers.

An 80Gb 2.5" disk and a USB2 case is what? $150? I know people who have filled one up and keep it in their shoulder bag. Dumping the whole lot onto somebody else's computer and dumping their files onto the disk takes an hour at most.

Who needs P2P when you can share with friends and family by the 10s of Gb? And with no risk of being chased by the RIAA via their ISP.

So here's two aphorisms. "Why is it my fault if your business model is screwed?" and "Just Say No To DRM". If the current content business disappeared you think people would stop making music or being paid to do it?

Upcoming.org: Home
[from: del.icio.us]

Vitalsecurity.org - We're Calm like a Bomb: Aurora install source revealed, and 175 Megabytes of televisual terror
When BitTorrents go bad. Download a .RAR of Family guy, and get 175Mb of self installing adware. [from: del.icio.us]

eclectech : the very model of a modern labour minister : a tribute to charles clarke and his id cards
No2ID - The GB version. Awesome! [from: del.icio.us]

'I will refuse to register for an ID card and will donate £10 to a legal defence fund' - PledgeBank - Tell the world "I'll do it, but only if you'll help"
Do it now! [from: del.icio.us]

A music lover's lament : You smiled when you first got away with selling a Billy Joel LP for $8.98, and you can damn well smile again now when we fold the worthless thing into jagged thirds and ram it up your ass.

In the last couple of days we've heard of some emails being sent out that apparently come from Ecademy. The text of the email reads almost like a typical support form email but is subtly different from anything we actually send.

If you receive these you should delete them and above all else do not open or run the attachment.

A few notes:-

- We never send emails with an attachment.

- We never request that you change your password except via a personal email from the support team which will have been obviously hand written.

Here are a couple of examples.

---

This one was actually sent by a BT Openworld connected PC and contained a virus laden attachment.

From: support@ecademy.com [mailto:support@ecademy.com]
Sent: 14 June 2005 10:13
To: xxx.yyy@zzz.com
Subject: Warning Message: Your services near to be closed.

Dear Ecademy Member,

We have temporarily suspended your email account xxx@yyy.zzz.

This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our
processors.
See the details to reactivate your Ecademy account.

Sincerely,The Ecademy Support Team

+++ Attachment: No Virus (Clean)
+++ Ecademy Antivirus - www.ecademy.com

---

From: webmaster@ecademy.com [mailto:webmaster@ecademy.com]
Sent: Monday, June 13, 2005 3:30 PM
To: xxx.yyy@zzz.com
Subject: Your password has been successfully updated

Dear user xxx.yyy,

You have successfully updated the password of your Ecademy account.

If you did not authorize this change or if you need assistance with your
account, please contact Ecademy customer service at: webmaster@ecademy.com

Thank you for using Ecademy!
The Ecademy Support Team

+++ Attachment: No Virus (Clean)
+++ Ecademy Antivirus - www.ecademy.com [from: JB Ecademy]

I had a wonderful Indian dinner last night with a collection of notables including David Weinberger, Cory Doctorow and a cast of BBC employees. At some stage in the evening I was talking to the ubiquitous Tom Coates about factors in the adoption and success of social networking technologies. He suggested that for a technology or system to be successful it must provide an immediate payback and benefit for three participants:-
- The end user
- The community
- The company or organisation that runs the system
If we look at last.fm, del.ico.us, flickr and a host of others we can clearly see that they fulfill a basic need and provide an immediate payback for the end users because even without the social network, they let you track your music listening, bookmarks and provide an easy way to post photos on the web. All three systems then derive added value from the fact that lots of people are using them and feed this back into the end users behaviour. Finally, and inevitably, the organization gets benefit from high usage. Although like all internet systems, success has a cost. I'm sure you can apply the same sort of analysis to the growth of Tags on blogs and Technorati or the growth of Skype.

What I'm interested in here is whether the same thing applies to new standards. If we look back at RSS. It appeared fully formed from the heads of Netscape and Dave Winer. Simultaneously with the standard appearing there were both tools for generating RSS and tools for reading it. Atom was the same; really not long after the standard was first proposed we had support for it in several programming toolkits as well as from Movable Type and Blogger. If we go back to the early RFCs there was a very tight link between the appearance of the RFC and the appearance of toolkits and applications that actually used them.

So I think it's fair to say that Standards need reference implementations to succeed and that, in my famous quote "Standards without implementation are just academic wanking"!

But for a standard to succeed, we need more. We actually need adoption as well. So the big question is how do we engage the early adopters and get them to actually use it. This is usually seen as being a political issue. The trick is to get one of the bigger players to support it. Which then means wining and dining key individuals within those players, getting speaking engagements at conferences, making noise on mailing lists and blogs and all the other evangelist activities.

Now even if you do all that, you still can't get the standard off first base if people don't actually use it. And at that point, I think we're back to the question of immediate payback for the three layers of participant. End user, community and system owner/provider.

And so finally I get to the point of this whole post. There are a whole lot of metadata standards that many of us feel ought to exist and buoyed up by the success of RSS we think it should be easy to get them going. And a lot of these fall under the heading of microformats. eg
- A structured "About me" page in common blogging software that provides a Personal Identity Server.
- A structured way of showing my friends and their presence on my personal website
- Open Reviews. For reviews placed on a personal site rather than IMDB or Amazon
- Open Listings. A way for me to post my offered/wanted listings on my website instead of Craigslist
- Open Events. A Web wide shared calendar based on my own public calendar on my website
- Publisher driven advertising. Anyone can post an advert and aggregators then serve them. Publishers can pick and choose which ones they show.
- Attention. A more formal way to say, right now I'm listening to this, reading that, viewing this TV program, learning about this, working on that, talking on Skype to them, participating in this IRC channel where I last posted 3 hours ago.
- Location. I'm currently in Geneva airport in transit to Heathrow and then San Diego for Etech 06. Or the Starbucks in Kings Road.

Now there's at least some work being done on creating standards and providing transports and displays for all of these. But the catch is not only are they missing implementations at the toolkit level, but they're also missing applications that actually do something useful with them. But much much worse, for quite a few of them there's no obvious immediate payback for any of the end user, community or a system or application owner. To take just one example of OpenReviews; why should I make the effort to write a review and post it on my website. And especially if there the associated systems don't exist to pick them up, aggregate them and get the extra link love of people reading them elsewhere and clicking back to me.

I'm especially concerned here about the Personal Identity Server. This really *should* exist. But it's dead boring and the payback for the user is minimal. At least initially.

So I'm not really doing my usual thing of "Bitching and Moaning before eventually Agreeing". This is more a call to arms for people who are doing the work to define standards to enable these sorts of opportunities described above. Even if you write a good well documented standard, and even if you build reference tools to use the standard, and even if you do the politics to get the standards adopted in systems, it still won't come to anything if you don't provide a compelling reason to adopt it to the end user, the community and to commercial or non-commercial system owners.

Making the Jump to tableless design
[from: del.icio.us]

LoicLeMeur Wiki - The european blogosphere is an amazing barn-raising attempt to try to map the European spread of blogs. The gist is that it is much much wider than is generally portrayed in the (US dominated) media.

Found via Boing-Boing, Cory said Loic sez, "In 24 hours, about 40 bloggers from around Europe created wiki pages to get a better picture of the European blogosphere. Everybody is welcome to correct and add information so that we bridge Europe with blogs faster." [from: JB Ecademy]

Perhaps we need a firefox add on or bookmarklet to auto-fill phishing sites with random detail following
PBS | I, Cringely . June 2, 2005 - Man Bites Phish. Cringely suggests swamping Phishing sites with random data.

Though actually this hasn't got a hope in hell of working because it relies on lots of people doing something with no immediate payback. More on that later regarding getting critical mass for micro-content.

New Skype Developer Zone
[from: del.icio.us]

This site is based on Drupal. So "node.php" appears often in the URLs. So what does Google AdSense throw up?

Node
Huge selection of Node Albums and posters
Search for Node now

What is the point?

Hey! Ford! Listen up!

I want to buy a Hybrid Focus.

Just a thought. The London congestion charge is currently free for Electric and Hybrid vehicles. If we end up with a national congestion charge and road tolls will they also be free? They should be because that could provide a large initiative to the motor industry to get us to use more efficient vehicles and we could be seen to be doing something for global warming.

Marc's Voice: Personal Identity Summit in London - Sept. 21st : Listen to Julian Bond bitch and moan and then agree.

Miaaaoooww!!!!

I guess I've been found out.