Dotmocracy

The first day of the Internet Identity Workshop we discussed in groups - what we know and what we don't know.

Out of this we asked people to share key ideas that would be voted upon using the dotmocracy method. These are the statements from that exercise. Hopefully we will have some online way people can vote and comment on them.


 * People should be allowed to choose how they their interests, their relationships, are defined, and protocols, data formats and services should respect those choices, not restricting them into a predefined set of possibilities.
 * DataSharing *requires* one or more schemes to address typed data with permission, owner, requests.
 * I believe identity rights agreements could become as standard EULAS on the Web
 * Users will benefit from being able to import their data into new sites without * giving out their passwords (ie OAuth)
 * Younger, smaller or more 'niche' players must serve as the pioneers and peddlers of OpenID data sharing. The number of <1,000,000 user websites who could, pressure, support, politically motivate the power players (facebook, MSN, MySpace, LinkedIn, etc) to the forefront of this effort, despite business model restrictions.
 * Individual import/export is a much less problematic place to start then sharing entire social graphs. Let's let users move their data!
 * Applications should be able to access the social graph efficiently independent of where the application is run.
 * Facebook is "open."
 * Customers are greater than or equal to Vendors
 * Collection of terms and conditions from each country around the world listed in one place in multiple languages (wiki) verified by lawyers. is needed?
 * Digital Lifestyle Aggregation
 * Individual sites should unify inter-messaging systems
 * The internet needs to be mulched.
 * You should control your Globally Unique Identifier ("GUID").
 * Authentication is as/more important than identity
 * Overlapping technology specification causes confusion for developers and end users.
 * Complexity of existing standards encourages reinventing the wheel.
 * Light Weight identity does not work with the enterprise.
 * The identifier as an abstraction of relationships allows us to re-invent the web from the edge.
 * Kaliya is the Queen of Identity
 * Privacy is Fiction
 * We do not know what the Internet scale trust models will be.
 * Why should you care about OpenID?
 * What is the urgency for OpenID?
 * How much linked data is out there?
 * We don't know how to decentralize vouching for handles.
 * Users do not understand the security implications of their actions on-line.
 * What we know: Governments will make regulations/laws/policies about identity.
 * I don't know how end users are going to "get it"
 * The problem with the internet is maintaining billable scarcities that really don't exist.
 * No one cares about privacy
 * Cardspace (cardselector) - what is compelling use case for adoption?
 * A complete identity solution requires both social and technological solutions.
 * Individual identity is a U.S. centric concept.
 * You can use GUID to don one off credit card.
 * Dick can define the problem but not the solution.
 * Social enablement of the web is driving the adoption and relevance of online identity and reputation.
 * OpenID is not for Business
 * URLs are people too.
 * IIW - What is in it for the B2B Enterprise?
 * The next IIW should be held in Europe.
 * Identity enterprise can build trust and users by indemnifying all transactions.
 * By the time we solve the identity problem there will be a generational shift and the problem will have chnaged.
 * We want to run our 120,000 employee corporation on Facebook. We just need an identity model that could cope, right?
 * How do you get corporate-grade authentication widely adopted?
 * Is the ecosystem ready for high value apps like BT, VeriSign, Iovation. Why can't we turn on ____ through Facebook - most info is not proprietary. Managing tasks - need to determine health of machine/need to review pst ____.
 * Networking will be something we do. Not a central thing.
 * We need identity brokers now.
 * There is no business model that fits all federation contexts. Money and risks are moving and are depending upon shifting contexts.
 * 50% of us know someone who has had ID theft of online identity.
 * What will it take for vendors/Relying Parties of high value products to accept Single Sign-On type identities? The adopters of full-scale identity management products are not represented here because they are still in middle school today.
 * How do we get Internet users to adopt user centric identity and Single sign-on? And why do we want to "get" users to do something?
 * OpenID to crossover to high value (or enterprise/business) apps. There is a need for certifying/reputation OpenID providers and/or relying parties.
 * While new models we build around the user; can we, as users or entities, sell another user's data?
 * Identity is not the issue - the issue is processing claims.
 * Identity is a gatekeeper for the Internet.
 * Correct implementation of protocols may be a serious problem.
 * Poor privacy behavior online is much easier to detect but data spreads faster (compared to offline data).
 * There is a $90 billion identity industry not represented here that has far more control over consumer identity. IIW has better idea and approaches but no market yet.
 * If you want relationships you need an algebra of identifiers.
 * Emerging identity technologies will need to include mobile platforms in order to be successful.
 * Identity is just plain broken.
 * How would the industry work together to integrate the health of device to be part of authentication?
 * Protocols are no longer the problem.
 * Can we use online credit card transactions as a model for online identity transactions?
 * How is liability for identity mismanagement to be established?
 * We don't know what "our" data is?
 * Protocol convergence is inevitable so we should do all we can to accelerate it.
 * Don't know what our rights are.
 * The Internet will be rebuilt from the edge-in by self-empowered individuals.
 * Online ID is insecure therefore "I don't buy online." How does Grandma get trust?
 * Financial institutions will be an important source of identity for real business purposes.
 * Common rule sets required to take adoption of federation to the next level ... a policy "standard" vs. technology.
 * No one company is enough to carry this forward, We need cooperation.
 * Does "user centric" identity require a single aggregator of personal information?
 * Hasn't there been a breakthrough in user demand for identity?
 * Not Hollywood; instead the rise of the emitter class (more people producing content/info) - no longer data control by a few.