marypcbuk | Entries tagged with infocard

Last year I contributed to an 'anonymous' column for PC Plus called The Insider. I was going to keep the secret, but I just spotted one of my columns on the PC Plus Web site, with my name on; funnily enough it's one about identity!

Kim Cameron is Microsoft’s identity architect. He’s embarrassed to be called a ‘Microsoft official’. He won an award for knowing that technology has to work in the real world. And he can’t cope with a single extra password so he’s come up with a password-free system for proving your identity that will start showing up in Windows soon. Read on...

I am fed up with phishing, with having hundredsof logins to Web sites that are some permutation of email address, my standard user ID and the two standard disposable passwords I use for logins that are worthless to me and with having to type the wretched details in when I have remembered them. I want a nice and easy, secure, visual way of identifying myself. That's one reason I like CardSpace, which is Microsoft's implementation of a technology called information cards, which is intended to bring together a range of identity technologies in an abstraction called the identity metasystem (the same way we have file systems and printer drivers). I like Open ID too, because enough developers have heard of it that they might start using it on their sites - as AOL and Digg and others just have.

Just before AOL and Digg blessed Open ID, Microsoft did too, so I talked to Kim Cameron about what it meant. A short portion of the conversation is on the Developer Register as Identity brings Microsoft and Internet 2.0 together.

But please, don't tell me things like 'I won't trust CardSpace because I don't trust IE' without A going and reading up on the security background of CardSpace 2 being prepared to tell me what you think the security problem is. Want to complain about Microsoft technology? Make sure you know as much as I do about the way this is designed (or preferably more and you can teach me something)

I've written a lot about developments in identity systems this year; this time I've been writing not about new features but about old problems and whether the new approaches will make a difference. It turns out that some of the old systems provide good principles. If someone changes the address on your credit card but not the address you've set with an online identity provider, the credit card company can cross-check with your preferred address - or they can just choose to trust you. The less information a company keeps, the fewer liability issues. Small pieces, widely distributed; stealing all of my identity would be like a treasure hunt. Plus, why Dale Olds from Novell thinks identity might be the wrong word to use for all of this: read on at Developer Register...

I have to like a site that mocks the -r convention of Web 2.0 sites but I also really like being able to see who at a conferenec comes from where using Attendr. We're going to need a 'MyPlace' microformat for embedding the map view we want of ourselves in our profiles along with our geocode to plug straight into these kinds of sites instead of entering the information from scratch each time. How about having it as an InfoCard property, to give me control of where it gets used and for what...

Why Web 2.0 will end your privacy
Are they investing in Web 2.0 sites because they're cool? Nope - because they can do contextual advertising. Which will be the next big thing; Microsoft's adCenter will allegedly detect your gender from your surfing habits and allow advertisers to deliver 'relevant' ads on the next page you visit.

But that's not quite all the answer. The VCs are investing because they all want whatever turns out to be the next Google: Google's VC had another 199 projects you've probably never heard of, and that was just in that 12 months. There's the me-too element and the 'new and shiny' bubble element. There's the fact that if you're under 21, 60+% of the content you look at online is generated by someone you know (news as entertainment rather than information again). Tim O'Reilly has been saying for a long time that the future of Web applications is metadata (Amazon ratings, flickr tags, digg 'dugs' and the rest), and that the smart companies get us to make the metadata for them.

And the other side of the coin is Identity 2.0, as it seems to be called. Add together the US laws on ID theft that mean companies have to disclose how many personal details they lose in laptop thefts, stolen backup tapes and good old-fashioned hacker break-ins, the post-SarbOx emphasis on compliance and regulation and the fact that the head of compliance is more likely to be on the board than the head of IT. Not many companies want the responsibility of keeping a lot of customer data unless it's sanitised and anonymised. Technology and privacy advocates are finally going in the same direction: put the user back in control of what data they disclose to a site and tell them where what they say is going (at least in the first instance). Over the next year or so we'll start seeing more ways to log in with tools like InfoCards that give you at the very least more of an idea about who is tracking what about you.

In my DevReg piece about Implementing InfoCard and the identity metasystem, I said that IinfoCard is 'less a replacement and more of an antidote' to Passport. One reader rightly points out TRevin's post that InfoCard supplements rather than replaces Passport

Perhaps I should have said successor; it's a replacement in the sense that MSN et al will at least supplement their use of Passport with InfoCard logins that will be part of the identity metasystem if other sites choose to honour them - but it certainly doesn't work the same way or do the same thing and Pasport is adding infoCard to Passport rather than dropping the Passport system. I didn't have space to go into the claims handling and other basic functionality of InfoCard, which make it very different from Passport per se. The way I think of it - and the way Kim Cameron phrases it when people hail him as the slayer of Passport - is that that he was one in a long line of people to explain what was wrong with Passport and that acknowledgement led to a search for what would be right.

Incidentally, I wasn't able to read the MSN Spaces site from my BlackBerry the way I usually browse the Web on the go, because Vodafone marks it as potentailly adult content - and asks me to pay £1 to take the contnet block off my account. Admirable caution or nanny state? How many teenagers will have BlackBerry-capable SIMs? Surely the Sidekick is the teen BlackBerry?

My first piece for the Developer Register is online now, covering Implementing InfoCard. There have been plenty of pieces on the philosophy and the politics of InfoCard and the identity metasystem, but I wanted to concentrate on the technical and implementation details - all four will have to work for anything to succeed. MIX 06 was excellent timing because I was able to get the latest details from the InfoCard team and talk with Kim Cameron and Pault Trevithick together, explaining why InfoCard and Higgins actually complement rather than compete.

Researching a piece on InfoCard, the identity metasystem and the laws of identity and catching up on Kim Cameron's IdentityBlog, I spotted a familiar name; there are some people I keep coming across in the industry and Sam Sethi is one of them. Tracking him down led me to another calendar site, www.eventful.com. Again it's metadata slice and dice, with an emphasis on venues as much as events, so I can see what's on at the Mountain View Computer History Museum. Interesting, but unsatisfying. The search does better on CA than California - I think they should be a synonym. I'd like to see more grouping within results. It comes up with 4330 events in California for March; I'd like to be able to explore those by week or day or geographical region or event type or other finer grain information rather than just sorting them and paging through them a dozen at a time. There's a good mix of events though it's rather flooded with recurring events at Borders & Barnes and Noble. The tag cloud on the front of the site makes it look teen-oriented, I'm not sure what criteria the 'Sort by relevance' uses and my impression is 'interesting information, not enough tools '. When I'm browsing rather than searching, I still need to be able to narrow things down. I can't quite find the kind of events I want; the tag cloud is a mix of high level and low level and I suppose the fact that it doesn't make it easy to find the broad groupings of events I'm after may mean that the site doesn't have events of the kind I'm after (neat, mainly technology-oriented things to do in California in the first half of March).