Drstarcat

The Physics of Air Conditioners–Preventing bloodshed in the office

air-conditioning Ah… Summer time. Long days, barbecues, and lazy afternoons by the pool. AND raging office wars over the AC! AC controls are one of the least understood of all User Interfaces. This isn’t surprising, as they vary between cars, central units, and window units, and are at times intentionally misleading. Let me step through a primer to avoid unnecessary battles.

1. The Temperature Setting: This applies to both window and central air controls. In window units, it is a gradient from blue to red. On central units, it is a degree setting in numbers. Many battles form around a misunderstanding of this control. Someone will walk into the office, find that it’s hot (because the AC hasn’t been on all night) and flip the temperature control to the “Coldest” setting. Makes sense right? Get a quick cool down so it’s livable again?

WRONG: The temperature control does NOT in fact make the AC shoot out colder air. ACs are binary objects. They are either on or they are off. They ALWAYS shoot out the same temperature of air! What does the temperature control do then? That means the AC will continue to run until the room is at the LOWEST possible temperature that the AC’s thermostat allows. In other words, the AC will just stay on for days and days while it attempts to cool the room to 50 degrees (usually the lowest setting). Not a good idea!

2. Energy Saver: Blech! Who wants to use this secret heat-enhancer guised as an environmentally-friendly control? No doubt it uses less “cold” energy and once again makes the AC shoot out hot air.

WRONG: Energy Saver is a stupidly mis-labled feature. All it actually does is when the compressor (the AC) isn’t running because the room has reached the desired temperature (by intelligently setting the termostat to a human livable temperature), it stops the fan as well. This way, when the unit isn’t producing cold air anyway, the fan doesn’t continue to run. This setting should be turned to “off” if you’d like the fan to continue to circulate air or if you hate the fan switching on and off when you are sleeping. It does NOT affect how cold the air coming from your AC is.

3. The High/Medium/Low Cool setting. Once again the name explains what this control does. Obviously on High Cool the AC shoots out “Super-Chilled” air that it generates using cold-enhancing technology. On Low Cool, it turns off its Super-Chilled air and pumps out luke-warm air befitting a “Low Cool” need.

WRONG AGAIN: The High/Medium/Low setting only affects the speed of the fan. On high, the fan spins quickly and will circulate more air as well as creating a stronger “gust” coming from the vent. On low, the fan spins more slowly and the air flow is reduced accordingly. Turn it on high if you want to blow the air far and wide and you like the noise. Put it on low if you don’t like the wind blowing on the back of your neck or would like to have a conversation.

I hope this primer can help alleviate the battles of the knob that often happen in offices. Although there will always be differences in opinion as to how cool it should be, at least by understanding the AC controls, both parties can have a rational discussion of needs and take the appropriate actions!

Share and Enjoy:

¶ Posted 02 July 2009 † drstarcat § Uncategorized ‡ Comments °

I’m a total f**king idiot: a Facebook URL adventure

I’m a pretty smart guy. I REALLY get the internet business. I’m also a total f**king idiot. I think this post will show how both of those characteristics play out to make my life really fun.

Facebook plays an important part of SetJam so within a couple of weeks of starting development, I built our Facebook fan page. Around that same time, Facebook announced they were enabling “vanity” URLs–that is, allowing people to choose a pretty way they can be reached at Facebook. To prevent “squatting”, however, they would only allow fan pages with over 10,000 fans to choose their name and would be releasing URLs to fan pages with less than 10,000 fans on Sunday June 28th. This was going to be the REAL land-grab.

I marked it on my calendar and got back to building our company–smart. Of course, I somehow set it for the wrong day, so I missed the day–total f**king idiot. I was so busy on Monday that I never even thought about it. Then at 3pm on Tuesday I remembered and almost crapped myself. I immediately went to SetJam’s fan page editor and couldn’t find anyway to set the URL. I googled and found the reason why: pages STILL needed at least 100 fans to get a URL!

Now for all you social media mavens out there, you probably think–no big deal, just tweet it out and let the people do their work. I am no social media maven. I’m not even social in person! Nonetheless, my job is to let people know about SetJam, so I wasn’t going to be thwarted. I squeezed everything I could from my meager social network through Facebook, Twitter, and email.

Due to the AMAZING response of friends, family, and business colleagues we hit 100 fans this morning (about 12 hours after the original request). So what do I find when I go to select my URL? Well, I was torn. The part of me that knows that SetJam is going to be great, just wanted to choose “SetJam”. The part of me that knows that no matter how great it is, if no one ever finds it, it won’t be great for long wanted me to choose a more Google friendly term.

So what does Google think? I’d done the research weeks before and these are the stats I was using:

google analytics

Pretty easy decision. I was going to go for online.tv (FB only allows alphanumerics and “.”). I type it in–taken. Watch.tv–taken, internet.tv–taken, web.tv–taken. This makes me sad–not entirely unexpected–but I’m still a little sad. My first thought is that the big media companies and well-funded startups I’m competing against snagged the good URLs instantly. My first thought was wrong. Not only hadn’t they gotten these URLs, almost NONE of them had even bothered to get a URL yet! Score one for the entrepreneurs.

In fact all of these URLs were taken by individuals who were squatting on them for no reason. So much for FB’s attempt to prevent squatting. Interesting, but what do I do? My reaction–find something better. I went back to Google and began doing a broader and more rigorous search. This is a truncated view of what I came up with:

I like to think that at SetJam we “make online TV easy“. The fact is that we make watching Movies and TV shows easy (and after beta will be adding music, news, sports, and other live events). And I’m never one to argue with the people. AMAZINGLY http://facebook.com/online.movies was available. Happy ending right? Check this out.

When I get to the above sentence when I’m writing this post, I go to check what I set SetJam’s permanent URL to (emphasis PERMANENT!), just to double check… because I’m a really meticulous guy. SetJam is NOT at “online.movies” (in fact it’s still available if you want it for your page). Somehow in my dyslexic frenenticism, I set the page to movies.online. Huge mistake?–probably not. Will it affect SetJam’s success or survival?–not at all. In fact the whole URL issue is just a blip on my marketing radar. Does this prove categorically that I am a total f**king idiot?–in SO many ways!

Share and Enjoy:

¶ Posted 01 July 2009 † drstarcat § Uncategorized ‡ Comments °

Understanding The Media Industry–My New Home

Wow. If you’d asked me when I left Angelsoft.net what the odds were I’d end up in the Media Industry, I would have said the chances approached 0. I guess that’s part of the fun of being an entrepreneur! Interestingly, in some ways, I’m right back in Identity as well. Let me explain a little about how big media works and where SetJam, my new company, hopes to play a role.

As ususal, I’d like to start with one of my big ugly diagrams:

A diagram of the how the money flows in the media industry.

This diagram shows how the money flows in the Media Industry. Red represents money that end-users pay directly for content and the blue represents money that advertisers pay. The thickness of the arrows give some indication of how much money is spent.

Let me explain a couple of the media industry terms:

1. MSO: An MSO or “Multi-Service Operator” is a cable company (the ones that run the lines to your house and you pay a monthly subscription to. They’re called Multi-Service Operators because according the the FCC each cable office is a single operator, so these giant cable companies (Comcast, Time Warner, Cox, Cable Vision) that have 100s of local cable offices are MSOs. Dumb industry jargan really.

2. OTT: OTT or Over-The-Top refers to anyone who tries to deliver you video content outside of (or over the top of) the services run by the MSOs. Not long ago, the only companies doing this were over-the-air broadcasters. Today we’ve got a whole slew of companies trying to do this. Some for direct advertising dollars (Hulu, YouTube, etc), others on a subscription basis (Netflix), and still others on a pay-per-view basis (iTunes, Amazon). As you can imagine the MSOs hate all of them.

So who are the Media Companies? In some way you can think of them as the content providers, but more accurately, they are the content owners, or more accurately still, they are the deal makers. As you can see from the diagram, all the money ultimately flows through the Media Companies. They have the direct relationships with the money providers (both advertisers and MSOs) as well as with the content providers (the Studios).

Given their central role, they ultimately decide what content gets made. Studios pitch them concepts for new shows, the media companies decide if they can sell the new concept to their advertisers and subscribers, and then make the call whether they’ll finance the concept. Without the backing of the major media companies, very little full-length video content is made.

Amazingly (or perhaps not surprisingly) given the power these organizations have in determining what we see, there are only 5 companies that really matter for the US:

Time Warner: Really a holding company for HBO, Turner Broadcasting, Warner Brothers, and Time. In video they control: HBO, Cinemax, Cartoon Network, CNN, TBS, TNT, Tru TV, Turner Classic Movies, and Warner (TV, Movies, and Home Video).

Viacom/CBS: Officially they are two separate companies but Sumner Redstone has controlling interests in both. They own such brands as BET, Comedy Central, MTV, Nickelodeon, Spike, The Movie Channel, TV Land, Showtime, and CBS.

News Corporation: Besides their huge news paper holdings, in video they control all of Fox (TV, news, sports, kids, business), My Network TV, and FX. Internationally they control all the Sky and STAR properties and they also own MySpace.

NBC Universal: Owned by GE, in video they control NBC (TV, sports, news), Bravo, CNBC, Oxygen, SyFy, Telemundo, USA, and the Weather Channel.

Walt Disney Company: In video they control ABC, ESPN, and Disney (studios and channel).

Wow… and in Identity I thought I was walking amongst giants! In my next posts I’ll explain how these companies interact, how they are dealing with new technologies, and how identity and SetJam are going to play a role.

Share and Enjoy:

¶ Posted 25 June 2009 † drstarcat § Uncategorized ‡ Comments °

Goodbye Angelsoft, Hello world

Madison Square Park As many of you know, I left Angelsoft.net in early April. I’m now the “Entrepreneur in Residence” at RTV and I’ve been tasked with finding the “next big thing”. I have no idea what that is.

I felt bad about stopping blogging. I felt like I’d abandoned the Identity Community. Comically enough, I had actually just done an interview with Paul Madsen right before stopping (the last person I’d want to offend is the Magpie of Identity–150 posts this year alone!) I felt bad though because of all the groups I’ve been involved with, I REALLY like identity folk, probably because they are doing the right thing.

I lost interest in Identity because the business I wanted to create (that would have given a very real reason to dedicate resources to the identity problem) just isn’t possible because identity Claim Consumers don’t value Identity Claims as much as Claim Holders do (btw… I’m still waiting for some discussion about this post!) I’ve built technologies for markets that don’t exist WAY too many times before to do that again, so I decided to take a break and dedicate myself to taking Angelsoft to the next level.

As I look to build something new, I continue to run up against the issues of reputation and identity. I’m looking for an excuse to attend IIW this spring, so I’d love to hear about any exciting new developments–identity, personal, or otherwise. Let me know.

Share and Enjoy:

¶ Posted 22 April 2009 † drstarcat § Uncategorized ‡ Comments °

Back from Summer: Angelsoft 3.0 Launches

Hey Identity Community. Well, summer is finally over and I’m back in business. I haven’t been slacking, but I stopped blogging for two reasons:

Everyone seemed to be on vacation and it makes no sense to write to no one.
I’ve been busy working on our 3.0 software release, which we just launched yesterday.

So:

If you need angel investors take a look at www.angelsoft.net and let me know what you think. No identity, but pretty cool.
Take a look at the IP Explosion series that I started and will continue shortly. It addresses what I believe is the biggest issue facing the community right now.

Hope to see and read more from all of you soon.

Share and Enjoy:

¶ Posted 03 September 2008 † drstarcat § Uncategorized ‡ Comments °

The Claim Broker (IP Explosion, pt 3)

In my last post I introduced the diagram below that identifies a larger “stack” of services that would be necessary for a full-fledged Identity Metasystem :

I also indicated that whereas the lavender roles receive a lot of attention in the community, the other colors do not. In this post, I’d like to take a look at what I’m calling a “Claim Broker” by outlining what a Claim Broker might do, why it is necessary, and some of the challenges a business like this might face.

As I wrote in part 1 of this series, much of this thinking was spurred by a talk Bob Blakley gave on the role of Relationships in the Identity industry at Burton’s Catalyst this summer. In that talk, he focussed on the need of what I’m calling a “Claim Holder” to develop a strong relationship with the Subject whose claims they are responsible for. This, of course, makes sense, because the stronger the relationship, the better the claims will be. When I began to think about this, however, I began to wonder if the MAJOR barrier to a broader adoption of Identity technologies was the weakness of THIS relationship.

To give an example of this, I have a pretty strong relationship with Netflix as my “movie” Claim Holder. I also have a strong relationship with Fandango. Now the question is, do these organizations really need to improve their relationships with me? They could (and probably should–particularly Fandango), but my relationship with THEM isn’t what’s preventing me from sharing the claims they have about me with other organizations. The relationship that is missing, is the relationship between THEM and OTHER ORGANIZATIONS.

Now there are good reasons these sites don’t have relationships with other websites (or each other as far as I can tell):

It’s not their core business. Their core business is and SHOULD BE fostering a relationship with ME.
The other organizations that would be interested in their data are likely competitors.
Establishing these relationships is expensive and doesn’t scale for a single Claim Holder.
There is no obvious financial incentive for establishing these relationships.

The point being, if the Identity industry waits around for Claim Holders to rise up and become Identity Providers, the Identity industry will be waiting for an amount of time approaching never. It makes no sense for a Claim Holders to enter into this business. The above conditions are PERFECT, however, for a Claim Broker:

A Claim Broker’s core business IS to establish relationships between Claim Holders and Claim Consumers.
A Claim Broker can act as a NEUTRAL broker of trust between competitors.
The economies of scale work for a Claim Broker by multiplying the value of each relationship they create.
Part of a Claim Broker’s job is to assess supply and demand and to set prices.

Let me unpack these points above beginning with the idea that this industry needs a strong sales organization DEDICATED to building relationships between Claim Holders and Claim Consumers. I see a real gap between these two kinds of organizations that is going to take a TON a sales work to close. Claim Holders often view their customer data as the core of their business that provides them with a competitive advantage against existing businesses and a barrier to entry for new ones.

Claim Consumers, on the other hand, are ill-equipped to make use of these claims and don’t fully-understand the value of the data they would receive. Not only that, but this is all a very new and weird idea for both of these businesses, and any time you have to explain a NEW business model, you are facing an uphill sales challenge. The point being, this is an entirely non-trivial sales challenge that will need to be handled by a large and sophisticated sales organization.

The second point is that this sales organization can’t be an existing Claim Holder. There is no way that Netflix is going to convince Blockbuster that they, as Netflix, could act as a fair and neutral broker for Movie Claims. Google won’t convince Microsoft. Facebook won’t convince MySpace. If there is any hope of these organizations forming relationships, it will have to be through a neutral third party whose ONLY job is to maintain those relationships.

The third point is just a classic example of Network dynamics. If I’m Netflix, and I go out and establish a relationships with every website that could consume my Movie Claims, there is no way I can justify the cost. If, as a Claim Broker, however, I represent Netflix, Fandango, Moviefone, Blockbuster and every other movie Claim Holder, each Claim Consumer relationship I establish is MULTIPLIED in value by the number of Claim Holder relationships I have.

The fourth and final point is that before any Claim Holder will ever pay attention to this industry, someone will have to take the risk to develop relationship with Claim Consumers and establish a market price for the data the Claim Holders have. This, I believe, is the most pressing issue facing the Identity industry and one that is receiving WAY too little attention.

The industry continues to gloss over this fundamental question with the same tired examples of Credit Scores, Age Verification, and Address Verification. Certainly there are businesses here, but the one (Credit Scores) is already established and at best subject to slightly better margins using Identity 2.0 technologies and the other two (Age and Address Verification), in spite of reassurances that regulation will drive adoption, have been functioning across the entire spectrum (youth social sites, porn, and liquor for Age and e-commerce for Address) for a decade now without strong verification.

I am NOT arguing that these industries wouldn’t benefit from stronger claim validation, I’m simply saying that I haven’t seen enough leg work done on the sales side to give me any comfort about how MANY interested Claim Consumers there are or how MUCH these organizations would pay for stronger claim verification. And this is the state for the OBVIOUSLY valuable claims. What about the more esoteric visions that are driving much of the energy around Identity technologies?

How many Claim Consumers are there for Movie Claims and how much would they pay? What about for my music preferences? Or my Social Graph? I’ve seen virtually no work done on this and the little I’ve done hasn’t been encouraging. The basic idea, is that the Claim Consumers could use these claims to provide a more tailored experience to their visitors. To do this, they would need to incorporate this into some sort of recommendation engine technology. I’ve spoken to some of the recommendation engine companies and their customers. The picture I get is this:

Explaining the value of this technology even to large sophisticated Claim Consumers is VERY challenging.
The technology is non-trivial to implement and a major integration headache for Claim Consumers.
The QUALITY of the recommendations mean very little in terms of lift (the increase in sales post implementation).

In fact, if I were a recommendation engine company, I’d build a simple web service that was easy to implement that recommended socks and underwear at the end of each purchase. The point being, that for these more general “customized web” use-cases for Identity Claims, there is little indication that ANYONE is willing to pay ANYTHING for the data.

So what are some of the tough questions facing a fledgling Identity Claims Broker:

How much value can Idenity 2.0 technologies provide to the more mature Claim Holder/Consumer relationships?
Will the gap between the value of the Claims to the Holders and the value to the Consumers ever narrow sufficiently?
When will the adoption of recommendation engine technology be widespread enough to provide a large and ready market of Claim Consumers.
How expensive will it be to sell Claim Holders/Consumers on a novel business that they both have reason to be skeptical of?

As I hope the above makes clear, there is a LOT of work to be done on the relationship between Claim Holders and Consumers. Furthermore, it is my opinion that this work should be done PRIOR to building a ton of great technology to enable it. I’ve built revolutionary technology before assessing the need for it WAY too many times before to do it again. Nothing is more depressing than spending the inordinate amount of care that it takes to build quality software only to discover that there isn’t enough pain to justify the expense of convincing entrenched industries to use it.

What do you think? Does anyone have a better sense of how many Claim Consumers are eagerly awaiting validated claims? Does anyone know how much they will pay? Drop me a note or a comment if you do.

Share and Enjoy:

¶ Posted 20 July 2008 † drstarcat § IP Explosion ‡ Comments ° Tagged: BurtonGroupCatalyst08, Identity, IP Explosion

The Road to Transactional Assurance (IP Explosion, pt 2)

In my last post, I wrote about how Bob Blakley’s two uses of the word “Relationship” in his presentation at Catalyst had got me thinking about two questions:

What other relationships are missing from the Identity scene that might be inhibiting its development?
What other information would be valuable in Bob’s “Relationship Data Object” besides the nature of the relationship between the Subject and the IP?

In other words, Bob spent a lot of time talking about the relationship between the IP and the Subject, but I want to know if there are some other relationships, the neglect of which, might be a greater inhibitor to this industry moving forward. Also, if we do find some other relationships that need to be accounted for, what implications does that have for the “Relationship Data Object” Bob sees as the tradeable asset in the industry?

Now since my thoughts about this have been in some way inspired by an analysis of Bob’s talk, I want to keep with that theme and AVOID doing something with this series that both Bob and I have a tendency to do, and that is to “bury the lead”. In other words, Bob and I both like to keep the “cool” idea that we think we have until the end of a paper. This is a lot of fun as an author because it let’s us build up some suspense. The problem with this is that the subject matter of Identity is obscure enough on its own, and by trying to be clever, we can very easily lose our audience. It’s kind of akin to trying to build tension when writing an API–it may be the wrong literary device for the subject.

Having said that, let me introduce the diagram below:

This diagram outlines what I see as a more fully fleshed out Identity “stack”. The roles in carnation (OminGraffle’s term, not mine) show the roles that the Identity community spends a lot of time talking about. The roles in other colors are the roles that get less attention. Now before I go on, let me make clear that I’m not really introducing anything novel here. I’ve heard all these other roles discussed before (and I’m sure that upon publishing this, I’ll learn there are entire projects dedicated to them!). Nonetheless, for all the talk and work going on around the carnation roles, these equally important roles seem to get short shrift (for reasons that are not too surprising and that I shall endeavor to explain).

More importantly, I believe that each of these roles is a NECESSARY component of the Identity stack, if Burton’s vision of an “Identity Oracle” or Microsoft’s vision of “Minimal Disclosure” is going to be realized. Further, I also believe that each of these roles is probably better handled by DIFFERENT kinds of organizations. The good news if this is indeed a more accurate picture of the IP is that there are a NUMBER of potential business opportunities surrounding the Identity space. The bad news is, I don’t think the industry has done enough legwork to determine if there is enough DEMAND at all for claim-based Identity to justify the incredible resources necessary to create any one of these businesses.

In my next post, I’m going to take a look at the business in the exploded Identity stack whose role it is to DETERMINE the supply and demand of claims, namely the baby blue (or Sky in OG speak) “Claim Broker”.

Share and Enjoy:

¶ Posted 13 July 2008 † drstarcat § IP Explosion ‡ Comments ° Tagged: BurtonGroupCatalyst08, Identity

Bob Blakley’s Confusing Relationships (IP Explosion, pt 1)

Well, I’m on the flight home from Burton’s Catalyst conference. The conference was a good one, and as I wrote in my previous post, we have a lot to learn from enterprise identity. The most important thing about Catalyst however, is the priority Burton puts on relationships. Their consultants spend less time talking and more time connecting people with others in their industry, and they’ve replaced vendor booths with evening hospitality suites, where a less staged form of social interaction can take place. In other words, they understand the importance of relationships.

Which brings me to the point of this piece: Relationships and Identity. I heard Bob Blakley give his talk on needing to introduce a Relationship entity into the identity discussion for a second time (see my brief summary of the first time here). As I listened to the talk, I noticed that Bob was subtly equivocating between two definitions of the word relationship as the talk progressed. It was interesting because Bob’s typically very precise with his language. When someone like him begins to equivocate, it’s typically because there’s some unconscious energy surrounding the word that’s trying express itself, but because it isn’t fully conscious, it sort of slides out at the seams.

These unintentional expressions are the stomping grounds for Freudian analysis because usually what’s seeping out is repressed and in the highly repressive Victorian era in which Freud lived, these energies were often repressed to the point of disease. The trick for the analyst has always been (at least) two-fold: to notice these moments of seeping intent AND to allow the PATIENT to interpret that intent without introducing too much of the analyst’s own perspective into the interpretive process (this is called projection and a BIG no-no).

The second trick is often much harder than the first. Fortunately for me, however, I’m less interested in analyzing why Bob’s leaking “Relationship” energy (though that would no doubt be great fun!), as I am in riffing on the energy in a more jazz-like way by letting it combine with my own thoughts about building a business in this space. In other words, I’m going to EXPLICITLY project.

To understand Bob’s first use of the word “Relationship”, let’s go back to the simplified diagram of the identity provider I’ve used ad nauseum in this blog:

Here we see a person (Subject) trying to get some information to a website (Relying Party) that they currently have entrusted to a third party (the Identity Provider). Bob starts his talk addressing the relationship between the Subject and the Identity Provider. His first point is that Identity Providers need to focus on building QUALITY relationships between them and their subjects, since, as he’ll claim, that’s ultimately what they are selling.

This makes complete sense and is an important point. Who we are is always defined in context. My relationship with my wife is entirely different than the one I have with my coworkers. Because of this, in a very real sense, I am a DIFFERENT person with them than I am with my wife (though I try to be less bifurcated than most, which has some interesting ramifications for both my work AND my marriage!). Regardless, the point is, the context of your relationship with your IP will DEFINE what KIND of identity about you that they possess and that relationship should be made explicit when they share that identity with a Relying Party.

The confusing equivocation comes when Bob explains his “Relationship” data object, which I have reproduced below:

This is a fictional example Bob envisions coming from Facebook. Confusingly, the example is of a claim that Facebook has between him and a coworker, namely that they are friends. Now this is a NEW kind of relationship (between two people), which I would argue is actually the CLAIM of this relationship data object (namely that Bob and Lori are friends). So Facebook is claiming that Bob and Lori are friends, but for this to be a true RELATIONSHIP data object in the sense Bob was talking about in the beginning of his presentation, the top of the card should read “Relationship: Three year member of our casual social network” rather than “friendship”, which is really part of the claim an only coincidentally a “relationship”.

In other words, the thing that makes a data object a “Relationship” data object, is not if the claim is about two people, but rather that in addition to any claims, it ALSO contains details about the context between the IP and the subject within the data object itself–in this example this could include the duration of the relationship (three years), how frequent it is (every day!), and how serious it is (just for fun). Now this is in some ways just a case of a bad example on Bob’s part that probably confused his audience, but I bring it up because incongruities like this get me actually THINKING, and as I thought, two important questions came to mind:

What other relationships are missing from the Identity scene that might be inhibiting its development?
What other information would be valuable in Bob’s “Relationship Data Object” besides the nature of the relationship between the Subject and the IP?

These questions are, of course, only tangentially related to Bob’s original discussion, but like I said, exegesis is just a path to interesting thinking rather than an end in itself for me. In my next post, I want to begin to unpack some of that thinking, because I think it’s important for the business of Identity (Relationship?) moving forward.

Share and Enjoy:

¶ Posted 07 July 2008 † drstarcat § IP Explosion § Uncategorized ‡ Comments ° Tagged: BurtonGroupCatalyst08, Identity

Burton Catalyst 2008: Learning from the enterprise.

Wow. I would never have thought that my first post after IIW wouldn’t come until Catalyst. I’ve been absolutely absorbed in my work helping angel investors with Angelsoft, as we’re releasing Version 3.0 of the platform on August 1st (and it is going to be SICK!). Fortunately, I’ve got a little more time now that we’re out of the product development stage, so I’m back at the keyboard.Even more fortunate, is the fact that I’m at Burton’s Catalyst Conference! For those of you who don’t know, Burton has long had the strongest Identity practice in the industry and has played a major role in helping enterprises understand the identity problem. I’ve been a proponent of applying the lessons learned from the enterprise to the issues we’re trying to solve for the internet, and this conference has only served to further that belief. Anyone who is working on the issues surrounding internet identity and doesn’t think the work being done in the enterprise is relevant is just kidding themselves. They’ve been doing it way longer, with way more people; and they’ve been forced to be extraordinarily rigorous, as they are controlling access to trillions in assets.It’s easy to see why this lack of communication between the two communities exists. As I’ve written before, the origins of the internet identity movement were deeply idealistic and anti-corporate. Much of the energy comes from a desire to usher in a sci-fi vision of the virtual worlds portrayed in books like Snow Crash or Down and Out in the Magic Kingdom. What could the short-sleeved, button-down wearing IT servants of the corporate machine have to say about this brave new world?It turns out a lot. The first thing to remember about the enterprise space is that many of these enterprises have tens of thousands of people, offices in dozens of countries, and hundreds of applications that each of their employees use. Moreover, through acquisitions and the fiefdoms that naturally arise in organizations of this scale, there is rarely any consistent architecture from team to team or office to office. In fact, when you begin to look inside these organizations, you quickly realize that these massive intranets have almost all the same characteristics as the World Wide Web.To get a sense of some of the issues they have dealt with that the internet identity movement has just begun to look at, let’s take a look at a few:

International Regulations: Hearing from George Sherman about the constraints put on Morgan Stanley’s efforts to build an Identity system, given that they have to comply with dozens of regulatory jurisdictions, clearly demonstrates the hazards we are likely to face as we grapple with the widely divergent privacy legislation emerging throughout the world.
Revocation: Employees move on (often not by their own choice). Enterprises understand all the complexities of revoking access to multiple systems.
Federation: Companies need to work with partners, suppliers, consultants and a multitude of other organizations. They’ve dealt with the issues required to enable people from other organizations to access to their secure systems.
Usability: The enterprise has experimented with hundreds of Identity Management products and has an extremely tight feedback loop with their users. We can learn from their UI sucesses and failures.
Roles: Enterprises have had to deal with fine-grained permissioning for decades. What kind of employees should have access to which details of a customer isn’t too far from wanting to let your mom see your baby’s first step, but not your drunken exploits from the weekend that’s all the rage with your friends.
Monitoring: Enterprises need to know when someone’s credentials have been compromised so they can take immediate action. What happens when someone’s internet ID has been compromised? How do we even know and what do we do?
Concensus Building: Getting different business units to agree on a framework is no less easy than getting Google and Microsoft to agree (okay… maybe a LITTLE easier). Regardless, spend a half-hour speaking with a CIO who’s implemented a company-wide identity management project, and you will quickly learn how expert they are at building concensus around a project.

These are just a few examples, but it’s clear the enterprise has dealt with identity issues for a long time and solved use-cases many in the internet identity community have yet to consider. We need to learn from them, so we don’t make the same mistakes or repeat work that’s already been done. I don’t know exactly how to start this dialog, but it’s one that needs to begin. Any suggestions? That’s what Comments are for.

Share and Enjoy:

¶ Posted 26 June 2008 † drstarcat § Uncategorized ‡ Comments ° Tagged: BurtonGroupCatalyst08, Identity

Report on IIW 2008

There’s no place like home. When I walked in the door this morning after taking the red-eye back from Mountain View, my 6 month-old daughter squealed with delight, turned to her mom, and immediately forgot who I was again–stupid baby. There is also, however, no place like the Internet Identity Workshop. With its (un)conference format and list of passionate identity attendees, it continues to be the event of the year in the Identity space.

For those of you unfamiliar with the (un)conference format, it bears going over. At 8:45 am all the attendees circle up and people go the center to fill out notebook-sized cards with discussions, presentations, or demonstrations that they’d like to lead. They then each give a brief overview and post the cards on a giant wall schedule. Some of the sessions have been planned long ago, others are inspired by the day, but everyone has equal access to time slots. Only two rules prevail: sessions should go on only as long as they still have energy (this could mean a session ends early or takes all day) and individuals should remain in a session only as long as it is the most valuable place for them to be (in other words, getting up and leaving for whatever reason is encouraged).

With spontaneous session selection, indeterminate times, and roaming participants, it may seem that such a conference would quickly degrade into chaos, but I experienced just the opposite at IIW. Some highlights from the sessions I attended:

A session led by Dick Hardt on bi-directional validation of blog comments made by a single user across sites to help establish reputation. Conclusion: interesting but probably not worth the complex technology necessary to make it work for now.

A session led by Johannes Earnst on creating a community to ensure people are properly represented in the “Digital Deal” emerging between them and the sites they go to. Conclusion: a working group has been formed and a community site broad enough to embrace the multitude of perspectives is forthcoming.

Two sessions led by Joseph Smarr on the emerging social stack and a proposed consolidation of the major players’ various contact portability apis. Conclusion: the best description of the tools now available for social data export (posted on his blog) and a specification that is likely to be implemented by most of the major internet players over the next year.

A demonstration by Andy Dale of Ootao’s new iPage product. Conclusion: a VERY powerful backend that masks the complexity of the various claims sharing protocols and the first implementation I’ve seen that allows you to consolidate claims from various iCards into a single managed card.

A description by Drummond Reed of the XRDS-Simple, a discovery service being adapted by OpenID and Oath for service discovery. Conclusion: a light-weight alternative to XRDS that is likely to become the standard for these lighter protocols.

A demonstration of relationship cards (rCards) by the Higgins team. Conclusion: Cardspace makes a strong distinction between Self-Issued iCards (where you control the claims) and Managed iCards (where the vendor controls the claims). Since in most cases, you should control some of the claims (contact info) and the vendor should control some (like an airline with frequent flier miles), segmenting control over claims in a single card makes a TON of sense.

A preview of a paper by Bob Blakley that argued that the true value of an Identity Provider was not the DATA they have about the person, but rather the RELATIONSHIP they have with the person. In doing this, he proposed that the IP actually needs to provide much more than just the Identity information–they need to establish the terms under which the Identity can be used by the Relying party as well provisions for damages should the Relying Party abuse the Identity data or should the IP provide untrue Identity Data. Conclusion: This helps clarify what organizations would make good identity providers and moves the discussion from IP vs User vs RP rights into a discussion of mutual agreement of usage through contracts.

Now how many conferences have you been to where you can recall by memory every session you attended after a red-eye home? I’m lucky if I can remember what most sessions at a typical conference are about half way through the session itself! This just goes to prove the real quality of IIW. Much of the credit for this goes to the high-caliber of the attendees, but much credit also deserves to go to the day-to-day leader of the conference and one of the truly great connectors in the Identity space, the Identity Woman, Kaliya Hamlin.

Kaliya doesn’t get nearly as much credit as she deserves. Leading a conference and a movement that’s composed of SO many smart and opinionated people is a real trick. There are a lot of egos, careers, and hard work at stake in these emerging standards and people fight hard for what they believe in. Kaliya doesn’t assert herself into the middle of these necessary conflicts. Don’t get me wrong–Kaliya takes great glee is stirring the pot, but a community of technologist NEEDS this kind of communication and she never comes across as mean-spirited or controlling. Kaliya understands two of the most important aspects of leadership–a willingness to serve and a willingness to facilitate without domination. There are many communities that would be lucky to have leaders who understand these things, and IIW is lucky to have Kaliya.

Share and Enjoy:

¶ Posted 17 May 2008 † drstarcat § Uncategorized ‡ Comments ° Tagged: Identity, IIW

Kim Cameron and the Philosophy of Privacy: (iCards, pt 5)

I’m currently trapped on the six-hour flight out west to join the rest of the Identity crowd at this year’s Internet Identity Workshop, so I thought I’d use the time to write my final post on the history of iCards. Fittingly, the subject of this post is the father (grandfather?) of iCards, Microsoft’s own Identity Architect in residence, Kim Cameron.

Many people know (of) Kim from his Seven Laws of Identity, but Kim’s story (like most of the participants in the community) starts much earlier. Kim began his career in academia teaching Sociology (he had concentrated in both Sociology and Math/Physics), an occupation that he loved (teaching), but a subject that he soon became disillusioned with (as he said, “There was never any way to prove who was right”). Like any disillusioned sociology professor, he did the natural thing and started a Reggae band (no, I’m NOT making this up), called the Limbo Springs and proceeded to tour the East coast of Canada and the US for the next 7 years.

Having come off his 1981 sold-out stadium tour promoting the multi-platinum “MetaLimbo” (okay, THAT I made up, but JUST that), he returned to Canada to teach Assembly at George Brown University, Canada’s largest community college (as he explains, technology was always his fall-back when he needed money—sounds familiar!). It wasn’t long, however, until he realized that teaching technology wasn’t what he wanted to do long-term, so he and the head of the IT department decided to start a technology business. As he explains, they were dead-broke at the time (as btw it seems everyone in this space is broke at some time or another—I, myself, like to go broke about once every four years), so they did what any broke technologist would do and started consulting.

Kim and his partner were obviously quite good at what they did because they built this nascent technology company into a 40 person strong outfit by 1992, which was when Kim first encountered the problem of Identity (How many of YOU can say THAT?!). The issue of Identity arose when he was trying to build an email directory for Sprint’s 60,000 employees. The problem was that those 60,000 employees had 150,000 email addresses (it was common to have an email for every ISP at the time). The question was, how do you find a way to associate each of those email addresses with the correct person in the directory?

If you know anything about Kim or his company, you will recognize this was his first foray into the technology that would put Zoomit on the map (and eventually in Redmond as part of Microsoft)—the metadirectory. Metadirectory technology arose out of the need to simplify the management of people and software in the enterprise. Anytime someone joins a company, they have to be given permission to use any of a number of pieces of software and other digital assets. The larger the corporation and the more wired it is, the larger this problem becomes. How can an administrator setup 25 accounts for every person for a company that hires 10,000 employees a year? Better yet, how can an administrator ensure that access has been properly removed for a company that fires that many people in a year?

To solve this problem, Kim and the Zoomit team came up with the concept of a “metatdirectory”. Metadirectory software essentially tries to find correlation handles (like a name or email) across the many heterogeneous software environments in an enterprise, so network admins can determine who has access to what. Once this is done, it then takes the heterogeneous claims and transforms them into a kind of claim the metadirectory can understand. The network admin can then use the metadirectory to assign and remove access from a single place.

Zoomit released their commercial metadirectory software (called “Via) in 1996 and proceeded to clean the clock of larger competitors like IBM for the next few years until Microsoft acquired the company in the summer of 1999. Now anyone who is currently involved in the modern identity movement and the issues of “data portability” that surround it has to be feeling a sense of deja vu because these are EXACTLY the same problems that we are now trying to solve on the internet—only THIS time we are trying to take control of our OWN claims that are spread across innumerable heterogeneous systems that have no way to communicate with each other. Kim’s been working on this problem for SIXTEEN years—take note!

When I asked Kim what his single biggest realization about Identity in the 16 years since he started working on it was, he was slow to answer, but definitive when he did—privacy. You see, Kim is a philosopher as well as a technologist. He sees information technology (and the internet in particular) as a social extension of the human mind. He also understands that the decisions we make as technologists have unintended as well as intended consequences. Now creating technology that enables a network administrator to understand who we are across all of a company’s systems is one thing, but creating technology that allows someone to understand who we are across the internet, particularly as more and more of who we are as humans is stored there, and particularly if that someone isn’t US or someone we WANT to have that complete view, is an entirely other problem.

Kim has consistently been one the strongest advocates for obscuring ANY correlation handles that would allow ANY Identity Provider or Relying Party to have a more complete view of us than we explicitly give them. Some have criticized his concerns as overly cautious in a world where “privacy is dead”. When you think of your virtual self as an extension of your personal self though, and you realize that the line between the two is becoming increasingly obscured, you realize that if we lose privacy on the internet, we, in a very real sense, lose something that is essentially human. I’m not talking about the ability to hide our pasts or to pretend to be something we’re not (though we certainly will lose that). What we