Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Our online identity
1. Our online identity
The social web, cloud computing,
and its discontents
Chris Messina March 6, 2009
DrupalCon Washington, DC
i was given the title of my talk today, and as a last minute add, well, i guess grammar went
out the window. ;)
2. Our online identities
The social web, cloud computing,
and its discontents
Chris Messina March 6, 2009
DrupalCon Washington, DC
so i thought i’d fix it...
identiTIES...
but that doesn’t quite sound right.
4. My online identity
___
The social web, cloud computing,
and its discontents
Chris Messina March 6, 2009
DrupalCon Washington, DC
how about MY online identity?
grammatically correct...
but...
8. I am you.
If we’re changing things, why not “I am you”.
that’s just weird. So I was like: what I am really talking about?
Then I just gave up. Besides...
9. Today, I am sick.
Snifle. I’m actually kinda sick today.
Yes, I have a cold. So that’s kind of part of my identity today.
Which sucks. (click)
11. walkah -›
Oh, BTW! Did anyone see Walkah’s presentation?
coz if you did...
12. ...you can skip my keynote.
He basically covered all my interesting stu and you can just skip to drinking.
;) j/k
13. but i also have to admit that it was a little weird that he had this big picture of my face in his
presentation, so i thought i’d return the favor.
15. Web 2.0
so let’s get started. ironically, where walkah started by asking why we’re using this
“godforsaken web 2.0 thing”, I’m going to plow back in time and answer that challenge.
16. “Web 2.0 is the business revolution in the computer
industry caused by the move to the internet as platform,
and an attempt to understand the rules for success on that
new platform. Chief among those rules is this: Build
applications that harness network effects to get better
the more people use them. (This is what I’ve elsewhere
called ‘harnessing collective intelligence.’)”
— Tim O’Reilly, Grand Poobah 2.0
Web 2.0 is the business revolution in the computer industry caused by the move to the
internet as platform, and an attempt to understand the rules for success on that new
platform. Chief among those rules is this: Build applications that harness network eects to
get better the more people use them. (This is what I’ve elsewhere called “harnessing
collective intelligence.”)
Emphasis mine.
17. “Data is the new Intel Inside.”
Photo credit: Adam Tinworth
He’s also more succinctly pointed out, as we move to the
internet-as-platform, data becomes the new “Intel Inside”.
That is, it’s not about the chips or the harddrives. We’ve moved up an abstraction layer.
Having the data is where the power is.
18. “Don't fight the internet.”
Photo credit: Charles Haynes
Eric Schmidt also said “Don’t fight the internet”. Wise advice.
19. Five rules
• The perpetual beta becomes a process for engaging
customers.
• Share and share-alike data, reusing others’ and
providing APIs to your own.
• Ignore the distinction between client and server.
• On the net, open APIs and standard protocols win.
• Lock-in comes from data accrual, owning a
namespace or non-standard formats.
But Tim also had five other rules that accompanied his definition from back in Dec 2006.
(review rules)
it’s as though he really saw the future here. Hindsight tells us that he certainly called cloud
computing before it happened. But it’s equally important to learn the history of your industry
and understand how we got to where we are now.
20. But why am I bringing up Web 2.0? Aren’t we over this? Where’s this Web three-oh thing that
I keep hearing RDF nerds go on about?
Wrong questions.
21. Does open source matter?
I think the question the Drupal community should be asking itself is:
Does open source matter?
22. Not like it used to.
the answer, simply, is: not like it used to.
things have changed. as Tim said, it’s data that’s interesting now.
All sorts and kinds of data.
But for the purposes of this talk today, I’m most interested in the data
created by and gathered about people.
23. Technology is becoming humanized.
and this represents and important shift historically.
the machines are finally starting to serve us — and by “us”, I mean people who don’t live and
breathe TechMeme or spend all of their time in code.
That is, I mean mere mortals.
24. Humans are becoming technologized.
...and at the same time, the technology that we are creating is changing us.
Short BarCamp anecdote (“back in the day before Flickr was owned by Yahoo...”).
At one time people’d think you were weird if you had your nose in your Blackberry all day.
And now that’s the norm with iPods and iPhones.
You’re weird if you DON’T have one!
25. We are becoming cyborganic.
We are becoming cyborganic.
And this will have massive ramifications, even if the change is more or less gradual for those
of us in the center of these shifts.
But it also means that people’s previous expectations will need to be upgraded.
And that will be painful for some.
26. Summary
• Identity
• Friends
• Social Web
• The Open, Social Stack
• Privacy Property
• Cloud Computing
• etc.
unorthodox, but i’m going to tell you what i’m going to talk about.
28. Who are you?
Identity is really about answering one simple question: who are you?
Of course, the answers aren’t so simple, but that’s essentially what this is about.
29. Now, services need to assign you a public key (your username or email address) coupled with
a private key that only you know so that when you leave and come back, you can pick up
where you left o.
It doesn’t really have anything to do with your identity or who you really are... but people
tend to be able to remember who they are and at least one or two passwords that they don’t
share so this trend of course has taken o across the web.
30. Of course, a site has no idea who you are when you visit, so they have to greet everyone the
same way every time.
Regardless of whether you own the site or not.
31. of course, some sites won’t let you do anything until you’ve signed up.
which still has nothing to do with who you are or your identity per se
everyone wants to store a record of your date rather than providing you a service and letting
you take it with you when you leave.
why? because it’s the way it’s always been done even though most people hate writing this
code.
32. in fact, that’s one of the problems right now across the web. we’ve got all these services with
little splinters of our identity and piecing them together is really friggin’ hard.
Here’s a shot from FriendFeed — with the 59 services they support and the subset that I’ve
actually decided to import. Is this my identity? Really?
34. When I started thinking this through and considering my homepage as it exists today, I
realized that something really important is missing. Y’know, when I said “I am you” I guess I
wasn’t being totally facetious.
(click)
And that brings me to the next aspect of identity...
35. When I started thinking this through and considering my homepage as it exists today, I
realized that something really important is missing. Y’know, when I said “I am you” I guess I
wasn’t being totally facetious.
(click)
And that brings me to the next aspect of identity...
37. So it kind of turns out that, now that more and more normal people are getting online, it’s
becoming more and more eective to get to know someone by the company they keep. No
where is this more obvious than on Facebook.
This a list of three people that Facebook thinks that I might know. The second one was
suggested because we went to the same high school. Kind of a stretch, right? I mean, what is
that? A pillow? I have no idea WHO SHE IS (back to identity)
38. So let’s say I actually dive in and ask Facebook to list ALL the people it thinks I might know...
this is where it gets interesting.
(click)
Now, here I see someone I know. I’ve met Eric in person; I could probably add him as a
friend... but is it really him? It’s not like I have some shared secret with him to verify that this
is actually an online representation of his...
39. So let’s say I actually dive in and ask Facebook to list ALL the people it thinks I might know...
this is where it gets interesting.
(click)
Now, here I see someone I know. I’ve met Eric in person; I could probably add him as a
friend... but is it really him? It’s not like I have some shared secret with him to verify that this
is actually an online representation of his...
40. so I decide to do a search — and lo, he comes up first. Sure, but this is the same guy from
the previous page.
(click)
If we have 63 mutual friends, well, that’s starting make this more plausible...
41. so I decide to do a search — and lo, he comes up first. Sure, but this is the same guy from
the previous page.
(click)
If we have 63 mutual friends, well, that’s starting make this more plausible...
42. Ok, now I’m feeling pretty confident. In lieu of a shared secret between us, a familiar social
graph is a reasonable substitute. Get that: by revealing one’s social connections I get closer
to someone’s real identity.
43. your social graph is essentially a kind of identity fingerprint for people who know you and
know who you know.
44. @factoryjoe
but there’s something else at work here. some of you might know that I go by “factoryjoe” on
the web.
I came up with it in high school* — you can read about how; I’m sure people have more
interesting stories than mine I’m sure.
Point is, no one has any frigging clue who “factoryjoe” is, especially out of context.
In fact, so linked was my online username to “me” that people would come up to me and call
me “Joe” without even thinking about it.
My online persona was becoming better known than me!
45. @factoryjoe
@chrismessina
So I killed it. At least on Twitter. And now I’m just chrismessina.
Like I was before, and always have been.
And thus this false dichotomy between who I am online and o no longer exists.
46. But this is more interesting than that.
Compare the chat list on the left with the one on the right. Look closely and you’ll notice
something curious (not the weird butt avatar -- I don’t know even know who that is!).
(pause)
basically with AIM, you’ve got all these foreign-looking usernames...
whereas on the right you have real names.
[talk about Facebook’s early decision to swear o usernames]
47. “l0ckergn0me”
vs.
Chris Pirillo
understand that this DESIGN decision was as important as Flickr’s public-by-default decision.
Heck, I don’t even know what a “locker gnome” is. But here’s the change.
52. I mean, look at this option panel from Eventbox, the application I just showed you.
53. why does this option even exist?
This to me proves that we are in a transitional period, from assumed aliases to one of real,
public, transparent identities.
And this change is giving rise to...
54. why does this option even exist?
This to me proves that we are in a transitional period, from assumed aliases to one of real,
public, transparent identities.
And this change is giving rise to...
56. “...a business revolution in the computer industry caused
by the move to the internet as platform...”
If Web 2.0 is a business revolution...
57. “...a social revolution in the way people interact and share
caused by the move to the internet for connection...”
then I think that the “social web” is a social revolution in the way people interact and share
caused by the move to the internet for connection...”
58. Of course we found this in 2005 when we planned the first BarCamp.
Here we were on the cusp of the social web...
real desire to come together in person, to interact and share...
the web facilitated those connections and then helped this idea to spread.
59. Similarly, with coworking — our eort to prop up shared workspaces for independents —
working alone sometimes really sucks!
social networking in isolation also sucks...!
as we invite technology into our lives, technology must change for us too.
this means that the space between our online and ofline lives is decreasing.
and that’s a good thing.
60. I originally wasn’t going to talk about hashtags, but since they’re being used here, I thought I
might as well.
61. I kind of proposed them back in the summer of 2007 to allow for emergent conversations on
a given topic to coalesce.
i bring this up largely to talk about the idea of changing technology to fit our needs.
62. Activity Streams
Key to all of this, I believe, is the discovery of what people are doing will be facilitated by
activity streams.
So, once you have identity — you know who I am and who I know — well, logically, next you
want to know what I’m up to or what I’m doing... as an implicit recommendation of an activity
or behavior.
but before i get into that... some background.
63. Twitter unique visitors/time
Source: compete.com; taken 3/6/09
this chart is from compete.com. It shows Twitter’s growth in unique visitors over a year.
Clearly going from less than a million uniques to around 8M is good growth.
But what this picture fails to portray is activity.
64. Twitter’s cumulative messages/time
Jason Kottke: Twitter vs. Blogger redux
Now, take a look at these two charts. They’re two years old. This is from a post by Jason
Kottke in March of 2007. But the point stands that look at this chart, you can clearly see a
hockey-stick growth pattern for the number of messages sent with Twitter.
Kind of gives you a dierent perspective on what’s going on, especially, by Twitter’s own
admission, most of their trafic doesn’t come from Twitter.com but 3rd party apps.
The social web is no longer about stickiness or even virality — but about the meaningful use
of your services.
65. Photo credit: Eric Heupel
Turns out, humans are social beings. It also turns out that as you give people easier and
simple ways to connect and communicate, they’ll use them.
this is what it means to democratize the means of publishing.
In some ways, Twitter is a form of social grooming. And I bring this up for a specific reason.
How many of you have heard of Dunbar’s number? Yeah, it’s like 150 and the upper limit of
the number of friends you know in your social network, right? (nods) Wrong.
Actually it was a study of monkeys’ grooming and gossiping behaviors.
Robin Dunbar suggested that maybe there’s a link between humans and monkeys here — in
terms of grooming. Not in terms of network size, per se.
66. “...But I don't think that the technology is to blame. I
would argue that we’re addicted to our friends, not the
computer. When the computer lets us get access to our
friends, we look like we're addicted to the computer.”
— danah boyd, when research is de-contextualized
On a related point, this woman, Lady Greenfield, claimed in the House of Lords that social
network sites are quot;infantilisingquot; the human mind, and should therefore be regulated.
danah boyd rebutted her argument, pointing out that it’s not technology to blame.
we’re addicted to our friends, and that computers merely facilitate these connections.
Lady Greenfield’s assertion was that SNS trivialized relationships. Perhaps that’s because the
“game” in social networks has been to “friend” as many people as possible.
But perhaps now that we have these friends, we can do something more interesting.
71. FriendFeed
the 59 flavors of FriendFeed. the problem is — how is this scalable to the size of the web?
if you’ve just released an awesome web service and a bunch of your users want to share their
activities to friendfeed, how do you get friendfeed to support you?
RSS isn’t enough.
that’s where standards come in.
78. What can we observe?
microformats or scientific method: start with what can we observe.
we’re essentially looking at what’s already been done, what kinds of activities are already
being published and starting there.
79. Weblog Entry
Note
Photo
Video
Bookmark
...
we’ll probably add a few more like sharing or moods...
but what can we do incrimentally?
80. and fortunately, it looks like there’s already work underway in drupal... now we just need to
get support for producing and consuming the activitystreams format into the module!
82. Joseph Smarr John McCrea’s original
the original stack by Joseph Smarr and John McCrea wasn’t so much of a stack...
more like a bunch of colorful bricks piled up on top of each other with specific technologies
identified.
[list each one]
83. The new Facebook stack
The facebook stack -- identity, friends and feed. Of course, this highly limited subset allows
you to do much as long as you’re feeding back to a mothership like facebook.
also helps developers pick which part they want to implement without worrying about weird
acronyms.
84. Luke Shepard’s recent proposal
Luke Shepard’s recent proposal -- you can see that this is starting to get away from technical
jargon — allowing for substitution of technology
85. Streams
Friends
Identity Discovery Authorization
Profile
“The Blimp”
“the blimp” (stacks are overrated anyway)
I think what I’m trying to get at here is that the triumvirate of identity-discovery-
authorization is a pattern we’re going to see replicated, and which will become essential to
distributed social network.
86. Photos
Videos
Identity Discovery Authorization
Documents
“The Blimp”
in this model, you can imagine substituting photos, videos and documents on the far right
and the model still holds.
87. Streams Public Data
Friends
Private Data Public Data
Profile Public Data
zooming in on the data resources, we can see that some of this data is made public, but
some of it is not.
what’s important to keep in mind here is that people should be able to choose their level of
default public disclosure and modify it over time.
88. Streams Public Data
Friends
Private Data Public Data
Profile Public Data
zooming in on the data resources, we can see that some of this data is made public, but
some of it is not.
what’s important to keep in mind here is that people should be able to choose their level of
default public disclosure and modify it over time.
89. You can see how Facebook currently supports this in giving me the ability to choose my level
of disclosure or privacy for my public search result.
By giving me control, I have a better sense for how exposed I am. With more control, I’m
confident about sharing more. Or so the theory goes.
90. Facebook also gives you controls about how you look to your friends —
by tweaking what information shows up in your friends’ newsfeed.
this helps me look GOOD.
91. Performative identity
so activity streams — and giving people the ability to control who sees what and how much...
help both you and your customer look good.
this is what i call “performative identity”.
your identity emerges as you do things — as you expose those things to your social graph.
92. “...Only accounts that choose to be publicly
accessible are included in Twitter Search. However,
more than 90% of the folks who use Twitter have
decided to make their accounts public. It seems
that people, companies, and organizations are
discovering there is value in openness.”
— Biz Stone, Twitter
on that point, this was an interesting quote from biz stone about Twitter search:
He said:
“Only accounts that choose to be publicly accessible are included in Twitter Search. However,
more than 90% of the folks who use Twitter have decided to make their accounts public. It
seems that people, companies, and organizations are discovering there is value in openness.”
But while people clearly see that value, we haven’t figured everything out yet...
94. xkcd.com/256
if there were a part of this map from XKCD that dealt with privacy policies, it would be the
part that reads “here be dragons”.
(click) no one really wants to go there.
but this area is HUGELY important as two things are accelerating:
1. people move to web services
2. and increasingly want to be able to move/share data between services
95. xkcd.com/256
if there were a part of this map from XKCD that dealt with privacy policies, it would be the
part that reads “here be dragons”.
(click) no one really wants to go there.
but this area is HUGELY important as two things are accelerating:
1. people move to web services
2. and increasingly want to be able to move/share data between services
96. From a legal perspective, you essentially have to figure out a way to disclaim any bad stu
that might happen if people share their data outside your network.
At the same time (click) you have to tell people that, “hey, all bets are o” once your stu
goes o our servers, we have little control over getting it back.
this means we have to think about what we share —
focus on “from this point forward”
97. Hey, all bets are off.
From a legal perspective, you essentially have to figure out a way to disclaim any bad stu
that might happen if people share their data outside your network.
At the same time (click) you have to tell people that, “hey, all bets are o” once your stu
goes o our servers, we have little control over getting it back.
this means we have to think about what we share —
focus on “from this point forward”
98. our course, this is exactly why Facebook changed their terms of service, but the shitstorm
that resulted has been fascinating and illuminating to watch.
99. “... You may remove your User Content from the Site at
any time. If you choose to remove your User Content, the
license granted above will automatically expire, however
you acknowledge that the Company may retain archived
copies of your User Content....”
— Facebook Terms of Service
Here’s what happened.
Sometime last month, Facebook made a change to their TOS, striking the passage here.
Language was also clarified about ownership of user data... giving Facebook a “perpetual
right to license and sublicense your content”... basically you give it to Facebook and they can
do what they want with it.
At least that’s how people read it.
100. “... People want full ownership and control of their
information so they can turn off access to it at any time.
At the same time, people also want to be able to bring
the information others have shared with them ... to
other services and grant those services access to
those people's information. These two positions are at
odds with each other. ”
— Mark Zuckerberg, Facebook
In response, they reverted the changes and Mark Zuckerberg said on the FB blog:
“Still, the interesting thing about this change in our terms is that it highlights the importance
of these issues and their complexity. People want full ownership and control of their
information so they can turn o access to it at any time. At the same time, people also want
to be able to bring the information others have shared with them—like email addresses,
phone numbers, photos and so on—to other services and grant those services access to
those people's information. These two positions are at odds with each other. There is no
system today that enables me to share my email address with you and then simultaneously
lets me control who you share it with and also lets you control what services you share it
with.”
In other words, people want their cake and to eat it too.
101. as a result of the public outcry, facebook came up with a statement of principles and rights
and responsibilities.
kind of like reinventing democracy, but I guess when you have like 175M members, you’re
kind of a social network nation-state.
we’ll see how this plays out, but some lessons are clear.
102. Communication setting expectations
Part of this comes down to communication and setting expectations.
I mean, if you say you’re going to do something and then change the agreement but don’t
tell anyone, that’s kind of bogus, even if your intentions weren’t evil.
And with all the social media and transparency, people will call you on what they perceive as
a violation of some social contract, even if they’re wrong.
103. Things are changing
Second, is that things are changing.
Walled garden social networks are a thing of the past, and yet
the legal department didn’t get the memo (they still use typewriters, remember?).
104. the funny thing is, this kind of thing happened before.
you had an option: close your account or merge your Flickr account with your Yahoo account.
join us. the water’s fine!
Of course, what it doesn’t say here, is that this change was largely motivated by a need to get
all Flickr users under the worldwide Yahoo TOS.
Heh, and you thought this was a technical detail.
But this was back in early 2007 before Facebook became a mainstream phenomenon.
105. Licensing and “property”
of course it’s one thing when it’s a parent company wants to bring acquired users under one
set of terms.
it’s another when you’re talking about separate companies whose members are covered by
dierent — if not conflicting — terms of services.
and you want to share data between them.
106. Copyrights, trademarks patents
were intended to protect creators
in the old days, when information networking was scarce, copyrights, trademark and patent
protections were created to incentivize creativity and to reward those who spent their time
inventing because it wasn’t always the most profitable lifestyle.
of course neither is panning for gold, but for those who strike gold make it big. and so,
because of IP laws, some people have gotten fabulously wealthy.
the problem is that these protections really don’t work as well on the social web when the
cost to create and share has dropped to zero and the enforcement of “digitial property rights”
has skyrocketed exponentially.
107. Creative Commons social property
Of course Creative Commons is one answer to this problem, where people use a plain-
language licenses that permits sharing or reuse of their intellectual property without prior
permission — generating “social property” or “property in common”.
But what kind of legal stipulations work when we the lines between services and companies
are blurring? If you post a message to Twitter and it shows up in FriendFeed and later decide
to delete that post, must FriendFeed delete it as well? Who’s responsible for what? Who do
you sue when your expectations aren’t met? What’s going on?
109. In my view, this is where OpenID will really add the most value. Here’s why.
110. c:
icons by Seedling Design and Fast Icon
so you need a way to refer to these cloud-based applications like you used to...
111. c:
meanwhile we have hybrid apps like these that are also being thrown into the mix with
infinite storage but a native experience. and these all require identity of some sort.
112. icon by Seedling Design
which brings me back to openid.
as I mentioned before, with discovery, you can use your OpenID as a universal pointer to all
of your services, so when a great new web applications launches, you simply sign in, provide
authorization and BOOM, you can get to work.
None of this “invite your friends” and all that. Activities Streams become a passive mechanism
to invite your friends, showing them what you’re up to.
113. Government
So, I want to shift gears here. We are in Washington, DC after all. And we do have a huge
opportunity in front of us here.
114. Transparency
there’s a big buzz around transparency in Washington, and at TransparencyCamp last
weekend, there were all kinds of ideas shared on how to make our government more
transparent.
Clearly this is because, for the past 8 years, it’s been anything but and look at how that
turned out!
So, who knows more about transparency than any one else?
115. Open source!
we do!
and so the opportunity for us to make a dierence in this new world order (yes, I just said
that) is actually to help usher in these changes in a meaningful and productive way.
116. look, clearly the new administration is aware of us.
for starters (literally) recovery.gov is a Drupal website! Sure don’t look like one... at least
given what I’ve seen that comes out of the tarball!
But what if we set out sights a little higher? What if we were to shoot for something a little
more conspicuous?
117. what if this were run on Drupal?
why isn’t it? heck, why don’t you go and implement it, and redesign whitehouse.gov taking
into consideration everything that you’ve heard during DrupalCon all the things that i’ve
talked about?
less broadcast, more interaction, dialog, sharing, activities...
the government should come to ME.
118. Open Source Government
I want to issue a challenge to you. And this is something that I’m coming to think dierently
about in my old age.
What if government really were of, by and for the people?
What if I wanted to see my government be changed or improved? For so long, this idea has
been abstract to me... “change the government”... what does that even mean?
Shouldn’t we fear the government? Isn’t it full of bureaucracy and bickering and ugh...! Why
would I even want to get involved?
119. OpenID the government
There’s an interesting opportunity here, where something like OpenID, in the way I’ve talked
about it today, could be one key to simplifying interactions with the government, as well as
improving the services that that government can provide to you as a citizen.
I think on the one hand, I don’t even know all the ways in which this is a good or bad idea,
but I do know that the clumsy oafish government that we have today is annoying and
unproductive to work with. Frankly I want my dealings with the government to be eficient. I
want the government to act more like a customer service-oriented organization. And I want it
to get out of the way and let me focus on the things that are important to me. Like the way
good technology does.
120. Trust + transparency make open source work.
Let me suggest that trust and transparency are the glue that make open source projects
work.
And you don’t get trust without identity.
Could we expect the same from government?
121. Work on stuff
that matters
so let me leave you with one final thought, brought to us, again, by Tim O’Reilly.
I don’t really need to tell you guys this, but it bears repeating. We who choose to work in
open source are some of the luckiest folks in the world, getting to pursue our passions and,
hopefully, making a decent living for ourselves making technology easier to use and better
for people.
but that’s not always the case. for some, open source is your passion, but it’s just a hobby.
you tell yourself that you need the day job to get by and to make things work and I respect
that... I hear that.
But here are some principles to consider.
122. 1. Work on something that matters to you more than money.
2. Create more value than you capture.
3. Take the long view.
First. Work on something that matters to you more than money.
Second. Create more value than you capture.
Third. Take the long view.
On that last point, everyone in this room has something to contribute. And you should
consider your contributions — to Drupal and open source — beyond the scope of the module
or patch you’re working on — but how it fits into a bigger picture.
What if every module or line of code that you wrote ended up in software used by your fellow
citizens everyday? What if you were writing code that you knew was going to make its way to
whitehouse.gov? Would you think about it dierently?
With the way things are going, I’d say that every moment of eort that you spend should be
considered in that light, and in the ultimate impact it may have.
123. fin.
me -› @chrismessina -› factoryjoe.com
so that’s it. questions?
124. fin.
me -› @chrismessina -› factoryjoe.com
so that’s it. questions?