A New Liberty? to prevent single vendor dominance

Issue/Topic: Is it time for a new “Liberty” from single-vendor dominance alliance

Monday – Session 2 - G

Conference: IIW10 May 17-19, 2009 this is the complete Complete Set of Notes

Convener: Johannes Ernst

Notes-taker(s): Doc Searls

A.	Tags for the session - technology discussed/ideas considered:

B.	Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Johannes: Things have actually gotten worse. There are too many acronyms. (Consider Kaliya's talk.) If I want to implement discovery on my server, I don't know what to do. Yadis started simple, and now there are N proposals, no agreement.

Stuff might or might not be in an HTML header.

Many versions of the hammer stack.

unless we have something smaller and better defined, we can't implement it.

The focus on user centricity is being lost.

"User control and consent" Remmember that? OpenID Connect ignores that. It is now considered naive to be user centric. People don't want it, supposedly. Kim Cameron's Laws of Identity have fallen far behind

Identity infrastructure needs to be distributed and simple. Nothing any more centralized than DNS. XOauth?

Panzer: Xoauth does not have to be centralized. All data lives on the client. Centralized server required by Javascript.

Andy: In IIW #1, we had a common ideal. Agreed on basic premises.

John Panzer: Xoath may start with cantral server at Google, then Google will implement it in Chrome if the Chrome people will do it.

Andy: There is a cynical take here, involving third parties using client-side data.

John: want to reduce the NASCAR buttons required when checking in.

Johannes: Idea behind LID was implementing in an afternoon. Don't like the trajectory now. Have no UI because there are too many technologies involved.

Hank Mauldin: Now have VRM, PDS, Data Portability. Way too many things being proposed. Confusing. Not much on identity.

Doc: Here is some history. DIDW, Identity Gang, IIW... all personal.

Johannes: Now we have deployment, where before we had an open space. Still, openID usage is not very high.

Jaap: Play time is over. It's time for the corporates.

Johannes: True maybe for telcos. But not for the rest of the world.

John Panzer: Google has its stuff. Whenever you're figuring out what to deploy... there is a make or use choice: make it yourself or use what others have made already (open source). For using other guys' stuff, Well, OpenID has all these versions...

Hank: One good trend is OIX. Frameworks are attempting to be built, and this is a good thing. From a biz perspective, OIX is one of the better things that has come down the pike and is at least a step in the right direction. Huge step.

Johannes: Somebody has to say "we'll take this one, and let the others go... would be nice if OpenID or OIX had a narrower spec. It now has to please many factions, killing adoption.

Andy: Toolkit and use cases.

John: consider the users who put their Facebook login in the URL bar or the Google search bar. That's what we're dealing with.

Johannes: Want to start with blog comments. Or health care. Need a decentralized org or tech focusing on a single market Or people. Neither have happened.

Andy: That's what I'm doing. ooTao tried to solve problema that didn't exist. Now in industry. After 1.5 years at OCLC I can see the use cases. If you have a business where value is flowing, they'll pay for something.

Johannes: Kim Cameron liked common ceremonies. I now don't know what to evangeliae any more. Maybe the best avenue now is for facebook to take over the Net in general for personalized experiences until the rest of us get it together.

We were trying to standardize, but all this wild development makes it harder, not easier. Easiest adoption is using the big evil company's SSO.

The UI should be invisible.

From the consultant's perspective, it's "Implement Facebook and get it over with."

(somebody) Can't find one open solution. Facebook looks attractive.

Hank: If all I have is one login screen, and I can't do it, where are we?

John P: We need implementations that are simple to make happen. The user experience has to not suck.

Jaap: If I only have to produce an iPhone and click on this. T-Systems.

?: You'll have to rely on some big company.

Omidyar is using simple SSO for paypal. His new take on journalism news site. Hawaii Civil Beat. $20/month.