Posted 5:08 PM (2) comments

More LIDs

I suggested to Johannes Ernst that it would be very useful if all LID URLs hosted by the same service provider have the same format (i.e., http://yourdomain.com/users/jim/cgibin/lid.cgi). He's now responded on his blog with a rationale of his thinking which brought about the structure LID uses:

...[O]ur goal was really to have only one URL for the person (well, the persona). Which means that using my blog URL as my LID URL (as I do) is a fundamentally simpler setup, and it provides the abstraction that we want to provide: there is one URL for a person, and depending on which arguments you provide (some, none, e.g. xpath=...) it returns different information.

It still seems, to me, to be more complicated then it needs to be, especially when compared to SMBmeta or the older Personal Directory structure that Novell talked about some years ago. There's also still the implementation problem. Shelley Powers objected to the Liberty Alliance because it's implemented "by and for" giant corporations, not users. LID suffers an even bigger mountain to get over, though, since it's proposed that ISPs do the implementation on behalf of users with no real incentive (e.g., profit) to do so. There's a reason why there are more users of Microsoft's Passport then all other "personal identity" schemes combined, and that's the fact that "someone else" (Microsoft) does the heavy lifting while the user gets rewarded (easy access to MS sites) for a minimal effort. Come up with a similar scheme and you'll smile all the way to the bank.

Posted 8:46 AM (1) comments

Stick to what you know... Updated 3:15 PM

Kim Cameron mentioned Shelley Powers in his blog today. Coming on the heels of mentions by both Jamie Lewis and Johannes Ernst, it seemed that I might be missing something by not reading Ms. Powers.

I wasn't.

She starts a discussion of federated identity by saying "Well, frankly, Liberty Alliance isn't for the likes of you and me..." Then proceeds to savage the usage scenario laid out in an early version of the ID-FF specification by wondering why "Joe User" needs to frequently be asked "You may federate your Airlines, Inc. identity with any other identities you may have with members of our affinity group. Do you consent to such introductions?" when with a single button press he could book a hotel and car along with his plane ticket at Expedia, Travelocity or Orbitz right now.

She fails to mention that this would only occur once, and only to people who have existing accounts - not some newbie trying to buy his first plane ticket! The difference is that none of these travel sites would have the personalization information that might be in Joe User's existing accounts with American Airlines, Hertz and Marriott! Federation allows these vendor accounts to be associated with Joe User quickly and efficiently. The Liberty Alliance is about much more than Single Signon, I know that - as do Cameron and Lewis, but evidently Powers couldn't take the time to learn that much. She may know ASP and Unix (she's written books on both) but she shows a clear misunderstanding of identity issues.

Further proof that she not only doesn't understand identity, but also has trouble realizing the needs of the average user. She complains about existing IdM schemes as: "They weren't for the likes of me, people who come in all muddy from a hike, and who sit down at their computer to read an article at the Washington Post, but don't want to have to register for yet another online newspaper." But fully expects Joe Sixpack to spend hours installing LID with vCard and FOAF files, cgi scripts and perl! Even LID's creator doesn't expect Joe Sixpack to do that!

When you want to read about Identity, stick to people who "do" identity.

UPDATE:

Powers and I now agree that we both were a little cranky in our respctive posts. And we both think UDDI sucks big time. It's a start, and she does actually have a few decent ideas (he says grudgingly). I'll keep reading her.

Posted 9:39 AM (0) comments

Peaking under the LID

Jamie Lewis, this morning, points to a description of LID, Lightweight IDentity technology. It's major draw is that it enables personal identity management and it's based on existing identity tools (vCard) and technologies (URLs). Actually, as Lewis points out, it uses the XML version of vCard, which isn't, as yet, approved as a standard.

There is one huge drawback to LID, though. It requires a user to have full - and exclusive - control over CGI scripts for a domain! Most people do not - it's not something a typical ISP will allow to every Tom, Dick and Harriet, even those with their own domains.

Building on vCard isn't a bad start, and using a well-known URL is certainly feasible, but the actual implementation is going to need a lot more work.

Johnannes Ernst, CEO of NetMesh and originator of LID appears to be open to changes, though, as this reference to SMBmeta attests.

UPDATE (5:15 PST) - Johannes emailed me to note that 1) you don't need an exclusive domain or administrative control of CGI, just a CGI bin folder that's exclusively yours. You need a unique URL, but a single domain can host an ulmost unlimited number. He also notes that what's available now must be considered pre-beta and most folks will need to wait for their ISP to install the LID-enabling package.