Credit where due: I first heard the term "sovereign identity" from Devon Loffreto, who has done a great job of carrying the torch for individual freedom and full agency.DocOn Mar 8, 2013, at 2:03 PM, Drummond Reed < " target="_blank"> > wrote:
Murray, let me suggest why you indeed may have "the wrong end of this stick".What Phil and Doc called "sovereign identity" means that an individual who wants to assert their identity does not need to rely on -- or be subject to -- any third-party "identity provider". No matter how big or benevolent that identity provider.To be truly "free", the individual needs to be able to be their own identity provider, which is why at least some of us are focused on personal cloud login -- using your own personal cloud as your "identity provider".Once you arrive at that architecture, then the requirements become pretty clear -- how a P2P personal cloud network works, what the P2P trust mechanisms are, and how relying parties start using it. That's what we're doing with the Respect Network, and which other P2P trust networks may be undertaking as well.=DrummondOn Fri, Mar 8, 2013 at 10:48 AM, Murray Lohoar < " target="_blank"> > wrote:
I had thought this is not a technical problem due to the para “With due respect to the identity incumbents...”... it’s a political/commercial one...
To get something up quickly you need:
a) A known brand who offers a standard social login style service or is willing to add one on. quickly
b) You need them not to have a service model which is purely about hovering up and trying to own the person.
c) They need to not think that they are the “end of the auth chain” – what I mean is that you can log into Yahoo using Facebook, but you can’t log into Facebook with anything else? So the provider needs to be happy to be a Yahoo... if you get my drift..
Basically a known brand with OpenID? Perhaps a Brand with an OpenID/Email combo?
Something like Mozilla, but not trying to break new technical ground, just providing a “neutral”, but known Auth provider using current tech.
Just thinking laterally:
Wikipedia?
HSBC?
Or perhaps a current brand who would benefit from stimulating the VRM industry would set up a “private” authentication service – Conceptually, there is a part of Microsoft which does not have an ad agenda and which probably has the capability to do this....or potentially a known brand who sees themselves as attacking a post-Facebook world...dunno who that might be though.
Or how about revitalising an old brand on the basis of re-found neutrality – some brands that we know and trust have gone off the curve a bit, but could re-position themselves slightly on the platform of “neutral authentication” or something.
Or have I got the wrong end of the stick?
Cheers
Murray
From: Johannes Ernst [mailto: " target="_blank"> ]
Sent: 08 March 2013 18:14
To: Phil Windley
Cc: ProjectVRM list
Subject: Re: [projectvrm] From social login to personal cloud login (was: The Next Web interview)
Can you enumerate the use cases as you see them, perhaps ordered by importance/urgency/business benefit?
(If this turned into a hard-core techie discussion, perhaps this is not the right list.)
On Mar 8, 2013, at 10:02, Phil Windley < " target="_blank"> > wrote:
I think we ought to focus on authn first rather than authz. There are lots of proposals for authz (like XDI) that are fairly far along and very involved. What I need right now is a replacement for social login.
<liveweb.png>
On Mar 7, 2013, at 9:01 PM, Johannes Ernst < " target="_blank"> > wrote:
Hi Phil,
couldn't agree more with you. At cldstr.com, we have the same problem: we're back at username and password, and that's simply not right. We don't do social logins either for the same reasons you quote.
The next IIW is number 16, and it seems sometimes we are right back before the first IIW even occurred. This makes me personally very unhappy, and I'm sure lots of others in the community feel just like I do.
As a community we have one advantage now in that personal clouds bring focus: many (most? almost all?) identity-related proposals made in the past simply don't work for such a decentralized architecture. So we can start with as clean a slate as we like, solve the problem, and hopefully leave out more of the politics than last time around. I'm up for it and actually have a strawman proposal in the back of my head which has been dormant there for some time.
Perhaps, between now and IIW, we can identify some of the requirements and architectural constraints by e-mail, and then have a really productive IIW.
Cheers,
Johannes.
On Thu, Mar 7, 2013 at 6:40 AM, Phil Windley < " target="_blank"> > wrote:
Doc,
Your comment in the article about avoiding social login raises questions that this community needs to address.
As you know, we recently launched SquareTag.com and eschewed social login because we thought it sent the wrong message.
I still believe that decision was correct in principle, but it was a bitch from a business standpoint. Two problems:
1.) We had to build stuff we wouldn't have had to otherwise and it's stuff that's hard to get right and doesn't make any difference to the product.
2.) We increased friction for people signing up
This community needs to come up with an alternative. We can't expect developers to simply forego the benefits. IIW is a good place to have these kinds of discussions.
The current crop of identity solutions favor large collections of administrative identities because of one thing: trust. As a small company I can use Google, Twitter, and Facebook for login because they've got lots of users and I trust them to *really* authenticate accounts. To support sovereign identities, we need trust frameworks.
With due respect to the identity incumbents, it's not in their best interest to support trust frameworks because they are reaping the benefits of a system that favors natural monopolies around administrative identities. This gives them tremendous advantage in the Web 2.0 marketplace of ideas, apps, and APIs.
<liveweb.png>
On Mar 7, 2013, at 5:19 AM, Doc Searls < " target="_blank"> > wrote:
I was interviewed by The Next Web, and the results are here: <http://thenextweb.com/insider/2013/03/03/tnw-interviews-author-consumer-advocate-doc-searls/>. A few VRM companies get mentioned, though fewer than I'd like, and also with fewer links. But the piece needed to be kept to ~ 500 words. (They could have fit more in if they'd skipped the huge photo that makes me look like Satan's dad.) Still, it's had some nice buzz on Twitter, fwiw.
Doc
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2013.0.2904 / Virus Database: 2641/6155 - Release Date: 03/07/13
Archive powered by MHonArc 2.6.19.