There is:

• e-mail (Mail.app)
• VoIP (Skype)
• RSS (NetNewsWire, and Mail.app)
• Twitter (Tweetie)
• sometimes IM (iChat, others)
• sometimes IRC (Colloquy)

That’s in addition to websites that also act as messaging clients, like Facebook,

I’m sorry, how many feeds am I supposed to monitor in how many pieces of software?

What about somebody develop a real nice piece of software that brings all of them (and whatever they invent next week) into a user experience that actually makes sense? An Über-multiprotocol messaging client that does all of this?

2 Comments »

I’m beginning to have second thoughts.

Plenty of people (myself included) got involved in internet identity because of its promise to put all of us as  individuals at the center of our interactions on-line. To empower individuals to define and offer and enforce their own terms in their interactions with others. To not merely be somebody’s user or consumer, but to be a first-class citizen of the net. To not be at the mercy of any government or organization.

And from a merry band of similar-minded individuals, the movement was born. The assumptions were:

• Anybody could set up their “digital home” anywhere on the web at any URL of their choosing. The address of that home would be their LID or OpenID URL.
• When visiting somebody else’s site, they would use that URL-to-home to create a relationship from your site to my site, from your on-line home to my on-line home. It wasn’t thought of single-sign-on, but the equivalent of leaving one’s card at someone else’s place with the invitation to visit and establish a relationship. Technologically similar, but very different in intent.
• This relationship between your site and my site would enable two-directional information flow for a variety of interesting purposes that could be switched off by either participant at any time.

While OpenID, the technology, still can support all of this, the thrust of the thinking of many of its larger supporters today goes into a different direction:

• There is a belief that URLs are too complicated to use by the average individual, which has encouraged what’s called the OpenID “NASCAR GUI“. However, because that GUI can only show a few icons, it clearly encourages me to use a big-company-provided identity instead of my own.
• Directed identity and identifier select hides the identity URL and downplays the “let’s create a relationship by exchanging pointers to home” to the extent that few people new to OpenID can even comprehend they are getting mere single-sign-on, not relationships.
• The primary focus of OpenID-based profile exchange is to convey the user’s e-mail address to the visited site (usually a vendor), so that vendors can send e-mail to the user. Note that because it is e-mail, the the user cannot turn it off. It didn’t have to be that way.
• Certification has entered the picture. While many details are still unclear, all certification schemes that I’ve ever heard of require substantial effort and perhaps money to get certified. In all likelihood, that will make it all but impossible or impractical for individuals to play on a level playing field with mere users of large company’s products. This is particularly ironic when applied to the relationship between citizen and government, which suddenly will have to be mediated by substantial commercial entities. Among other things, they get to see which citizen interacts with which part of the government when and how often.

I know the argument that “if the user can see which attributes go over the wire, it’s user-centric.” Well, yes, perhaps, but in my view that’s user-centric in the same way a calorie-free chocolate cake is sweet. I ordered a real chocolate cake, though, please, where did it go?

Don’t get me wrong, there are good things about all of this, the most important of which is that the state of the art has driven substantially more adoption than it likely would have been in the less organized, decentralized, you-be-in-charge-of-your-own-destiny world.

But is the price of more adoption less user-centricity? Or is that just a phase we are going through?

I hope to discuss this and other big questions at the upcoming Internet Identity Workshop. Hope to see you there.

7 Comments »

ComputerWeekly reports somewhat breathlessly:

Multiple passwords to access computer networks and services may soon be a thing of the past.

ITU-T X.1250 provides the ability to enhance data exchange and trust in the identities used worldwide by users, network access devices and service providers using a certificate-based public key infrastructure (PKI) system. This is similar to how e-passports are verified.

I figured something was missing in identity land. I’m sure everybody’s immediately going to throw away OpenID, and information cards, and SAML, and what have you, now that the ITU has discovered PKI and solved the problem for us Clearly all of our work was always doomed to failure because we did not make it work the same way that e-passports work. (Or should I put the last “work” in quotes?)

No Comments »

Alexander van Elsas left a comment on my post “On Identity Business Models or Lack Thereof” that I feel I have to respond to. It is not the first time I have heard a comment along these lines, so this is more a response to “everybody”, not specifically just to him. He writes:

…The underlying issue (imo) is that there isn’t a user demand. Users either don’t know or care, and it is therefore hard to get them to use a standalone hosted identity provider and pay for it.

…The technology is not the biggest bottleneck right now, it’s the naiveness of the user.

Pardon me, but this very much sounds like the old “our software is great, if it wasn’t for those darned users”. To which the equally old, and always-correct answer is: “No, the user is never the problem. As vendors, we either solve a problem for our users, in which case they pay us, or we don’t. If users don’t use our ’solution’, we either don’t solve an actual problem, or we don’t explain well enough how we solve the problem, or our solution is simply not good enough for the user.”

At this point, it is very clear that consumer identity providers do not solve a problem for users that is commensurate with paying money. (I would go further and say that the product category “consumer identity provider” is most likely never going to be able to get many users paying for it.)

To quote Pip Coburn: “People are only willing to change when the pain of their current situation outweighs the perceived pain of trying something new.” We are not there yet in identity land, even if we’d all like to be there.

3 Comments »

We went to Yosemite this past weekend. In the past, we’ve seen deers, coyotes of course, an occasional rattle snake, a bobcat once, and every few years, a bear.

And this Sunday morning, in two encounters, a total of five bears, right from Tioga Road without even getting out of the car! Here are two of them. Of the five, three were youngsters and two adults.

Amazing.

No Comments »