Report on IIW 2008

There’s no place like home. When I walked in the door this morning after taking the red-eye back from Mountain View, my 6 month-old daughter squealed with delight, turned to her mom, and immediately forgot who I was again–stupid baby. There is also, however, no place like the Internet Identity Workshop. With its (un)conference format and list of passionate identity attendees, it continues to be the event of the year in the Identity space.

For those of you unfamiliar with the (un)conference format, it bears going over. At 8:45 am all the attendees circle up and people go the center to fill out notebook-sized cards with discussions, presentations, or demonstrations that they’d like to lead. They then each give a brief overview and post the cards on a giant wall schedule. Some of the sessions have been planned long ago, others are inspired by the day, but everyone has equal access to time slots. Only two rules prevail: sessions should go on only as long as they still have energy (this could mean a session ends early or takes all day) and individuals should remain in a session only as long as it is the most valuable place for them to be (in other words, getting up and leaving for whatever reason is encouraged).

With spontaneous session selection, indeterminate times, and roaming participants, it may seem that such a conference would quickly degrade into chaos, but I experienced just the opposite at IIW. Some highlights from the sessions I attended:

A session led by Dick Hardt on bi-directional validation of blog comments made by a single user across sites to help establish reputation. Conclusion: interesting but probably not worth the complex technology necessary to make it work for now.

A session led by Johannes Earnst on creating a community to ensure people are properly represented in the “Digital Deal” emerging between them and the sites they go to. Conclusion: a working group has been formed and a community site broad enough to embrace the multitude of perspectives is forthcoming.

Two sessions led by Joseph Smarr on the emerging social stack and a proposed consolidation of the major players’ various contact portability apis. Conclusion: the best description of the tools now available for social data export (posted on his blog) and a specification that is likely to be implemented by most of the major internet players over the next year.

A demonstration by Andy Dale of Ootao‘s new iPage product. Conclusion: a VERY powerful backend that masks the complexity of the various claims sharing protocols and the first implementation I’ve seen that allows you to consolidate claims from various iCards into a single managed card.

A description by Drummond Reed of the XRDS-Simple, a discovery service being adapted by OpenID and Oath for service discovery. Conclusion: a light-weight alternative to XRDS that is likely to become the standard for these lighter protocols.

A demonstration of relationship cards (rCards) by the Higgins team. Conclusion: Cardspace makes a strong distinction between Self-Issued iCards (where you control the claims) and Managed iCards (where the vendor controls the claims). Since in most cases, you should control some of the claims (contact info) and the vendor should control some (like an airline with frequent flier miles), segmenting control over claims in a single card makes a TON of sense.

A preview of a paper by Bob Blakley that argued that the true value of an Identity Provider was not the DATA they have about the person, but rather the RELATIONSHIP they have with the person. In doing this, he proposed that the IP actually needs to provide much more than just the Identity information–they need to establish the terms under which the Identity can be used by the Relying party as well provisions for damages should the Relying Party abuse the Identity data or should the IP provide untrue Identity Data. Conclusion: This helps clarify what organizations would make good identity providers and moves the discussion from IP vs User vs RP rights into a discussion of mutual agreement of usage through contracts.

Now how many conferences have you been to where you can recall by memory every session you attended after a red-eye home? I’m lucky if I can remember what most sessions at a typical conference are about half way through the session itself! This just goes to prove the real quality of IIW. Much of the credit for this goes to the high-caliber of the attendees, but much credit also deserves to go to the day-to-day leader of the conference and one of the truly great connectors in the Identity space, the Identity Woman, Kaliya Hamlin.

Kaliya doesn’t get nearly as much credit as she deserves. Leading a conference and a movement that’s composed of SO many smart and opinionated people is a real trick. There are a lot of egos, careers, and hard work at stake in these emerging standards and people fight hard for what they believe in. Kaliya doesn’t assert herself into the middle of these necessary conflicts. Don’t get me wrong–Kaliya takes great glee is stirring the pot, but a community of technologist NEEDS this kind of communication and she never comes across as mean-spirited or controlling. Kaliya understands two of the most important aspects of leadership–a willingness to serve and a willingness to facilitate without domination. There are many communities that would be lucky to have leaders who understand these things, and IIW is lucky to have Kaliya.