Jon Udell

This could have been me:

A bicyclist riding along Old Homestead Highway was hit by a vehicle Friday evening.

At about 6:43 p.m. Swanzey Police and Fire Department responded to a reported hit-and-run accident on Route 32.

The vehicle was described as a white SUV, possibly a Chevy Blazer, with a black roof rack. It’s missing its passenger-side mirror as a result of the accident, according to Cpl. Robert Eccleston of the Swanzey police.

The cyclist suffered serious injuries and was transported to Cheshire Medical Center/Dartmouth-Hitchcock Keene.

A couple of years ago it was me. I got sideswiped on a bike ride in another part of the county. In that case too, the impact also broke off the passenger-side mirror. Luckily I only suffered a bruised leg. According to a follow-up report, this cyclist suffered “skull fractures on the left side of his head, where his helmet hit the pavement, a broken shoulder and severe road rash.”

When it happened to me, I was furious for weeks. Every time I saw a sedan similar to the one that knocked me off my bike I looked for the telltale missing passenger-side mirror. And I formed a clear idea of a product that might have prevented the hit-and-run, or failing that, nabbed the perpetrator. It’s a pair of bicycle-mounted cameras, front and rear, that trigger on approaching traffic and take sequences of shots that can identify approaching vehicles.

Here’s why I imagine this could work. I don’t know about yesterday’s hit-and-run, but in my case it didn’t feel like an accident. We were the only two vehicles on the road. There was plenty of room for the car to give me wide berth. But some motorists like to hassle cyclists verbally, and once in a while that escalates to a cat-and-mouse game. That’s a game people these people play because they think they can get away with it. There’s no expectation that the sideswiped cyclist will be able to prove that it happened, or capture the identity of the car. In my case, when I jumped to my feet after tumbling along the roadside, only to see the car speeding over the top of the next hill, I remember thinking: “You bastard, if I only had your license plate number you would regret this.”

Defensive surveillance isn’t just a capability that cyclists need, of course. It makes sense for motorists to identify and record oncoming traffic too. But car-on-car violence is a game played on a level field. Car-on-bike violence is so unequal that I’ll jump at any advantage I can get.

Does the product I imagine already exist? Maybe, but I don’t think so. There are obviously scads of cheap helmet- or bike-mountable cameras. What I’m looking for, though, is one that’s optimized for defensive surveillance. I think that means a gadget that senses oncoming traffic, and then shoots sequences of high-resolution stills. Ideally it’d come with two pairs of mounts. One pair would be fitted to my bike’s handlebar and seat. The other pair would be fitted to my car’s dashboard and rear deck. For extra credit, the car would keep the cameras charged so they’re always ready to defend the bike.

PS: Meanwhile, my low-tech solution is a helmet-mounted rear view mirror. I have always used one, and can now scarcely imagine what it used to be like to have to crane my head around — and wobble my bike — in order to see what’s behind me. With a helmet mirror, situational awareness only requires rapid eye flicks that become an automatic habit. Obviously the habit wasn’t fully automatic, but after the incident a couple of years ago I’m even more vigilant. I watch every car that approaches from the rear, and am always mentally preparing a dive into the ditch.

The KUOW Speakers’ Forum continues to deliver the most consistently valuable talks I listen to these days. The latest is Hernando de Soto on Shadow Economies. It’s about facts, relationships, linked data, identity, property rights, the rule of law, derivatives, toxic assets, and permanent credit crunch. Bottom line: We need to get the facts about those assets, link them together, and bring them out of the shadows. So far as I can tell, the current crop of financial reform bills aren’t saying that. The following excerpts from de Soto’s talk explain why they should, and also why they probably won’t.

Update: From Crain’s:

The Senate legislation would push most of the $615 trillion in over-the-counter derivatives onto regulated exchanges or similar electronic systems, a measure that would make it easier for the market and regulators to track the trades.

Really? Well OK then! Fingers crossed.

At a service stop on the Merritt Parkway over the weekend, I was approached by a young couple in a jam. They were halfway to their destination, had pulled in for gas, then realized neither had brought a wallet. They were both on their phones, working the problem, and the guy looked up to ask if I’d heard of a roadside assistance program that could help in that situation. I wound up giving them ten bucks. Maybe it was a scam, in which case I only lost $10. But maybe it wasn’t, in which case I helped some folks in need.

Ten bucks wasn’t enough to get them as far as they said they needed to go, though. And later I got to thinking about how we might have created enough trust, in an ad-hoc way, for me to make a short-term loan of, say, $50. It’s an interesting thought experiment. I wonder what solutions you can imagine? Here are a few that occurred to me.

Web identity. Given a web connection, I could have searched for the couple’s names, found their web footprints, and verified that their photographs, locations, and other attributes matched what they claimed.

Six degrees of separation. If we could trace our connection through social network space, that might be enough. It might even be possible to do that with voice calls, but with a web connection it could be almost trivial.

PayPal. Given a web connection, we could have brought up a browser and done a PayPal transaction. In that case I wouldn’t even be making a loan, I’d know that the funds had been transferred before handing over cash.

Losing my wallet while traveling is a nightmare scenario for me. It’s never happened but I dread the thought. I hate being so dependent on documents that I carry around in a wallet that could easily be lost or stolen.

Those documents embody claims made on my behalf by identity providers that we have all agreed to trust. That arrangement became necessary when society grew beyond what interpersonal trust could scale out to support. And it will remain necessary. But as voice and data connectivity become ubiquitous, and as interpersonal trust scales out in ways it never could before, I wonder if we’ll see a re-emergence of pre-bureaucratic modes of identity.

The other day my colleague Scott Hanselman wrote a useful essay called 10 Guerilla Airline Travel Tips for the Geek-Minded Person. It’s a mixture of technical and social strategies. The tech strategies include marshaling data with the help of services like Tripit, FlightStats, and SMS alerts. The social strategies include being nice to service reps, and using the information you’ve marshaled in order to make precise requests that they’re most likely to be able to satisfy.

Scott writes:

I’m a geek, I like tools and I solve problems in my own niche way.

That statement, along with the essay’s tagline — …Tips for the Geek-Minded Person — has been bothering me ever since I read it. Why is it geeky to marshal the best available data? Why is it geeky to use that data to improve your interaction with people and processes?

My Wikipedia page includes this sentence:

Udell has said, “I’m often described as a leading-edge alpha geek, and that’s fair”. ¹

I did say that, it’s true. But I’ve come to regret that I did. For a while I thought that was because geek was once defined primarily as a carnival freak. That’s changed, of course. Nowadays the primary senses of the word are obsessive technical enthusiasm and social awkwardness. Which is better than being somebody who bites the heads off chickens. But it’s still not how I want to identify myself. Much more importantly, it’s not how I want the world to identify the highest and best principles of geek identity and culture.

Fluency with digital tools and techniques shouldn’t be a badge of membership in a separate tribe. In conversations with Jeannette Wing and Joan Peckham I’ve explored the idea that what they and others call computational thinking is a form of literacy that needs to become a fourth ‘R’ along with Reading, Writing, and Arithmetic.

The term computational thinking is itself, of course, a problem. In comments here, several folks suggested systems thinking which seems better.

Here’s a nice example of that kind of thinking, from Scott’s essay:

#3 Make their job easy

Speak their language and tell them what they can do to get you out of their hair. Refer to flights by number when calling reservations, it saves huge amounts of time. For example, today I called United and I said:

“Hi, I’m on delayed United 686 to LGA from Chicago. Can you get me on standby on United 680?”

Simple and sweet. I noted that UA680 was the FIRST of the 6 flights delayed and the next one to leave. I made a simple, clear request that was easy to grant. I told them where I was, what happened, and what I needed all in one breath. You want to ask questions where the easiest answer is “Sure!”

I see two related kinds of systems thinking at work here. One engages with an information system in order to marshal data. Another engages with a business process — and with the people who implement that process — in a way that leverages the data, reduces process friction, and also reduces interpersonal friction.

These are basic life skills that everyone should want to master. If we taught them broadly, and if everyone learned them, then this sort of mastery wouldn’t attract the geek label. But we don’t teach these skills broadly, most people don’t learn them, and the language we use isn’t our friend. If systems thinking is geeky then only geeks will be systems thinkers. We can’t afford for that to be true. We need everyone to be a systems thinker.

¹ Actually I’d say that Scott Hanselman is a leading-edge alpha geek. I am, at best, a trailing-edge beta or gamma geek. But if someone were to remove the word entirely from my Wikipedia page, I’d be fine with that. I no longer want to be labeled as any kind of geek.

As Phil Windley mentioned the other day, I’ll be speaking at the Kynetx Impact conference, April 27-28 in Salt Lake City. Last year I interviewed Phil about what Kynetx does. It’s hard to boil it down to an elevator pitch without examples, so here’s one that came up today: Scott Hanselman’s Put Missing Kids on your 404 Page application.

Inspired by a PHP solution to the problem, Scott set out to replicate it for ASP.NET.

But then I realized that a server-side solution wasn’t really necessary.

Could I do it all on the client side? This way anyone could add this feature to their site, regardless of their server-side choice.

One next step, as Scott points out, is to add geolocation so the list of kids you see will be more relevant to you. But there are lots of ways to contextualize that list based on aspects of your identity. And this is what Kynetx applications do: Contextualize your experience of the web based on aspects of your identity.

My own interest in this idea dates back to the LibraryLookup project, which was an early demonstration of the power of client-driven contextualization. It evolved from a bookmarklet to a browser plug-in, but then stalled there for lack of a ubiquitous client-side technology.

Now there is: jQuery. What Scott’s example shows, as do all Kynetx applications, is that we’re ready to make clients more equal partners in the dance of the web. Among other things, this possibility raises horny issues about the control of content — issues that I explored in a 2005 screencast.

But there’s also a deep connection between Phil’s work and the ongoing saga of digital identity. Phil wrote a book on that subject, and has been a key organizer of the Internet Identity Workshop. When he started Kynetx he wasn’t really thinking about a tie-in to Information Cards and the identity metasystem. But the connection emerged organically.

In a Kynetx-enhanced version of the Missing Kids 404 Page application, your browser would present selected aspects of your identity to the services that provide the data, and a Kynetx application would personalize that data in ways meaningful to you.

The Internet began as a network of peers. That arrangement didn’t last long, and there have been several efforts to restore the original symmetry. In the early 2000s, during Napster’s heyday, there was a flurry of interest in peer-to-peer architectures. Thanks to today’s more capable and more standardized browsers, we’re seeing a new wave of interest. I’m looking foward to hanging out at the Kynetx conference and meeting folks who are riding that wave.

Ever since Peter Wayner introduced me to the idea of a translucent database I’ve been thinking about the implications of this powerful idea. In a nutshell, the data in a translucent database service is opaque to the operator of the service, and visible only to sets of users who establish trust relationships. My 2002 review of Peter’s book summarizes his babysitter example:

Imagine a web service that enables parents to find available babysitters. A compromise would disastrously reveal vulnerable households where parents are absent and teenage girls are present. Translucency, in this case, means encrypting sensitive data (identities of parents, identities and schedules of babysitters) so that it is hidden even from the database itself, while yet enabling the two parties (parents, babysitters) to rendezvous.

Fast forwarding to 2009, here’s a current headline from InfoWorld: Microsoft adds access controls for SQL Azure online database. The article doesn’t say so, but this is database translucency in action.

The 2009 version of the babysitter example appears at 37:45 in this PDC session, where Dave Campbell and Rahul Auradkur discuss, and also show, a translucent pharmaceutical reagent marketplace. Dave Campbell spells out the scenario:

Pharma companies see reagents as being pre-competitive. They don’t compete at that level, and they’re willing to sell these reagents to one another, as long nobody can see what’s being bought and sold. That’s the controlled trust we need to set up.

The trick is accomplished by means of encryption and careful separation of concerns. Access policies are isolated from data storage, capable of federation, and auditable by trusted intermediaries.

This is exciting new territory. Historically, we’ve always assumed that the operator of an online information system has complete access to the data in that service. Translucency turns that assumption on its head, and leads to entirely new service design patterns. To implement those patterns requires more than just a database in the cloud. You also need a coordinated suite of supporting services for identity, access control, auditing, and more. Azure, as it becomes one provider of such services, will help make translucency a practical reality.

A couple of years ago I was enamored with a clever password manager that pointed the way toward an ideal solution. It was really just a bookmarklet — a small chunk of JavaScript code — that used a simple method to produce a unique and strong password for the website you were visiting. The method was to combine a passphrase that you could remember with the domain name of the site, using a one-way cryptographic hash, in order to produce a strong password that would be unique to the site — and that you’d otherwise never be able to remember.

It wasn’t perfect. Sometimes the passwords it generated wouldn’t meet a site’s requirements. And sometimes the login domain name would vary, which broke the scheme. But it introduced me to two powerful — and related — ideas. JavaScript could turn your browser into a programmable cryptographic engine. And that engine could be used to implement protocols that relied on cryptography but transmitted no secrets over the wire.

To my way of thinking, that’s a killer combination. For years I’ve been using Bruce Schneier’s Password Safe, a Windows program that keeps my passwords in an encrypted store. There are many such programs, another example being 1Password for the Mac. This kind of app lives on your computer and talks to a local data store. That means it’s cumbersome to move the app and your data from one of your machines to another. And you can’t use it online, say from a public machine at the library or a friend’s computer.

Imagine a web application that would encrypt your credentials and store them in the cloud. It would deliver that encrypted store to any browser you happen to be using, along with a JavaScript engine that could decrypt it, display your credentials, and even use them to automatically log you onto any of your password-protected services. You’d trust it because its cryptographic code would be available for security pros to validate.

I’ve wanted this solution for a long time. Now I have it: Clipperz. My guest for this week’s Innovators show is Marco Barulli, founder and CEO of Clipperz, which he describes as a zero-knowledge web application. What Clipperz has zero knowledge of is you and your data. It just connects you with your data, on terms that you control, in a way that reminds me of Peter Wayner’s concept of translucent databases.

Clipperz is immediately useful to all of us who struggle to manage our growing collections of online credentials, But it’s also a great example of an important design principle. We reflexively build services that identity users and retain all kinds of information about them. Often we need such knowledge, but it’s a liability for the operators of services that store it, and a risk for users of those services. If it’s feasible not to know, we can embrace that constraint and achieve powerful effects.

Some fellow residents of my town have recently noticed, and pointed out to me, that I’m listed in Wikipedia as a notable inhabitant of Keene, NH. They’re more impressed than they should be. All forms of notability are subject to bias, but Internet notability is subject to a different kind of bias than most people realize.

For example, friends and family used to be impressed by the fact that I was the top result in Google for my first name — and then second to Jon Stewart for a long while, until I had to reboot my InfoWorld archive. Why? Just because I’ve projected a large surface area of searchable documents whose titles include the trigram jon.

An example of a far more notable person than me is Glenn Fine, who was in my grade in junior high school and is now Inspector General for the Department of Justice. You won’t find him anywhere near the top of a search for his first name because Inspectors General don’t (yet) project a large surface area of documents onto the web.

To place my newfound Wikipedia notability into a similar context, I wanted to show people how these lists of notable inhabitants are made. I figured the person who made the change is somebody who knows of my work, because I’ve written about it so much online, and who is inclined to edit Wikipedia, which correlates with an interest in my work.

I wanted to illustrate exactly who, when, and how, so I went to Wikipedia with the confident expectation that it would be easy to answer those questions.

Surprisingly, it wasn’t. I guess I haven’t really tried searching revision histories in Wikipedia before, but in this case and a few others I’ve tried lately, it seems quite difficult to pinpoint the author of a change.

For example, on Twitter I asked:

Wikipedia: “The term ‘Web 2.0′ was coined by Darcy DiNucci in 1999.” Added when, by whom? WikiBlame seems an ineffective way to find out.

@bazzargh replied: Robert Gehl. http://bit.ly/46r1a

Thanks. By the way, how’d you do that?

switch to 500 view in history, then rough bisection from oldest. Couple of minutes; used this a lot to find long-lived vandalism.

if older, I progressively back off 2..4..8… pages through this. In this case though, there was a clueful log message!

That’s pretty much what I’ve found myself doing when trying to track down changes, so I was glad to know it wasn’t just me. But this highlights an important point about transparency: It’s all relative.

One of the reasons we think of government as opaque is that while records may be notionally public, it takes time, effort, and skill to visit city hall, dig through them, and find what you’re looking for.

I have always regarded Wikipedia as an extreme counter-example. And that’s true. It is radically transparent. You can ultimately find out exactly how any statement in any article came to be. You may not be able to correlate the author’s pseudonym to a real-world identity, but you can evaluate that author’s corpus and reputation within the context of Wikipedia.

And yet, the ability to do this spelunking requires more time, effort, and skill than most people possess. Although I’m reluctant to deflate my status as a notable inhabitant of Keene, I wish it were easier for people who read that to also find out what it does — and doesn’t — mean.

This week’s Innovators show has the lowdown on Phil Windley‘s new company, Kynetx. The first application of the Kynetx technology is Azigo’s RemindMe service. It alters search-results pages to highlight cases where the user has — but would likely have forgotten about — a discount-qualifying membership.

There are a number of moving parts in this scenario. On the back end, Kynetx provides a rules engine that decides how to rewrite a page based on the context of the user’s “web episode” and the user’s membership in an organization like AAA. Membership is asserted by an Information Card that the user installs, then presents on request to a browser extension. It asks the Kynetx service for a chunk of page-modifying JavaScript, then runs that code locally to effect the change specified by the rule.

If you’ve followed the Internet identity saga — a story that Phil has helped to write, as author of a book on digital identity and as an organizer of the Internet Identity Workshop — you’ll be thrilled to see that the Kynetx system is responsible for the minting and real-word use of Information Cards. As Phil explains in this interview, the cards as currently used convey no extra information, they merely signify membership. Still, it’s great to see this key technology finally percolate out into the mainstream.

Kynetx will mainly serve companies that want to solidify and enhance high-value relationships with customers by means of “permission-based context management.” Refreshingly, the Kynetx wiki qualifies that definition in a way that will make Doc Searls smile:

The following anti-lexicon contains words and concepts that Kynetx doesn’t use:

• exploit – while opportunities might be exploited, people never should be.

• eyeballs – we’re not doing optometry

• target – you target enemies, not customers.

Near the end of the interview, Phil refers explicitly to Doc’s VRM (Vendor Relationship Management) campaign:

We see ourselves as plumbing for VRM. For example, we’re putting together a green choice card. If you install it, as you search around the web it will show you which companies have been ranked well or poorly in terms of social responsibility. Right now it’s just a demo, and we don’t have great data, but suppose we did, and there were enough of those cards out there, and Constellation Brands was determined by Fortune Magazine to be the least socially responsible company in 2008. If every time a cardholder found a Constellation product on Google there was a little icon indicating that, and there were a lot of people with the card, you could change the company’s behavior. They’d want to get the icon off that page.

It’s a fascinating notion, and it leads to an issue that I should’ve raised with Phil in the interview but will raise here instead. A couple of years ago, during my period of infatuation with Greasemonkey, I made a 4-minute screencast entitled Content, services, and the yin-yang of intermediation. At the time, I’d just invented a Greasemonkey-enabled version of LibraryLookup that was more aggressive than the standard bookmarklet version.

With the standard version, you click a bookmarklet while on an Amazon page, and a query against your local library pops up in a window. With the Greasemonkey-enhanced version, the Amazon page itself is rewritten to say:

“Hey! This book’s available at the Keene Public Library!”

Or:

“Due back at the Keene Public Library on March 28.”

But does the user of a web-based service have the right to modify pages in these ways? The screencast ponders that question. Three years ago there wasn’t enough client-side page rewriting going on to raise that question in a big way, and I guess there still isn’t, but now that jQuery is making the capability broadly available it’s bound to come up.

There’s a continuum of ways in which I can modify a web page in a browser, ranging from font enlargement to translation to contexual overlays. I wouldn’t draw a line anywhere along that continuum. It seems to me that I’m entitled to view the world through any lens I choose.

This doesn’t only apply to my view of the virtual world, by the way. It will apply to my view of the physical world too. We don’t yet have magic glasses that overlay web prices on shelf items, or web reputations on store signage, but someday we will.

I can’t see how I could be prevented from creating a heads-up display — for realspace or cyberspace — that’s advantageous to me. But I’ve got a hunch that those magic glasses are going to be controversial.

Doug Purdy is thinking out loud about the principles, scenarios, architecture, and software necessary for what he calls infobus and what I have called hosted lifebits. I started to respond in comments on Doug’s blog, but of course that subverts what I declare to be a core principle, namely syndication.

There’s a crucial difference between a) committing my words to Doug’s blog, and b) committing my words to my own lifebits stream and then syndicating them to Doug’s blog. We don’t see it very clearly yet because we lack the mechanism for b).

I can kinda get the effect of syndication by referring to Doug’s blog entry from mine, and hoping that his blog engine will notice and acknowledge. But a truly syndication-oriented mechanism would imply that I publish in my own space, and then — in Doug’s space — actively subscribe back to myself. To explicitly comment on Doug’s entry, in other words, I don’t type words into his comment form. I create a subscription associated with my identity (as a conventional comment always is) that points back to my feed.

Let’s consider Doug’s point #4: “You determine if/when/how this data is accessed, the terms of use and the revocation of the license.” If I comment on Doug’s blog, I can hope for ex post facto control of my words, but whatever agreement may be (tacitly or explicitly) in place, the architecture doesn’t support that control. I may or may not be able to revise or extend my remarks. And Doug can certainly revise, extend, or delete — it’s his blog.

If I syndicate to Doug’s blog, there is still only a hope of ex post fact control, not a guarantee. But the architecture is at least aligned in my favor. The effort I invest in writing on Doug’s blog, or a bunch of other blogs, is preserved. I can archive, organize, and search all my stuff. I don’t need to depend on services Doug’s blog may or may not offer to find out who is reading and reacting to my stuff. And if I want to withdraw my comment, I just revoke the permission I gave Doug’s blog service to syndicate from mine.

Realistically, that revocation won’t erase my contribution to Doug’s blog. My words may have been quoted there, in other comments, and the mixing process dilutes control — which I argue is a feature, not a bug. But if the default is to syndicate by reference, rather than by value, the architecture favors the kind of control we want.

To clarify what I mean by favoring the right kind of control, let’s switch to a medical information scenario. Recently I had a dental xray. The image lives on the dentist’s hard drive. I want it to work differently. When I show up at the dentist’s office, I want to give the xray technician a token that grants her machine access to my lifebits store. The machine publishes the image to my store. I, in turn, agree to syndicate the image back to the dentist — maybe to copy, but maybe only to view.

One interesting benefit of this arrangement is that I’m decoupling dental service from image storage service. Maybe I’ll just turn around and reconnect them, because maybe I’d rather just let the dentist bundle those services. But when I interpolate my lifebits store into the pipeline, I guarantee portability to another dentist.

Another benefit is clarity of ownership and syndication rights. My lifebits store will have a management service where I declare, review, and adjust all of the syndication relationships between my lifebits streams and the services they participate in. And this management service can not only implement my ownership and syndication policies, it can announce them to the world. It can be the place where I say who gets to do what with my stuff. Some of those policy assertions will be private, but many will be public. Ultimately, again, there is no guarantee of ex post facto control. But if you violate my terms, it will be easier for me, or anyone, to determine that you have done so.

PS: Coincidentally, or maybe not, Doug was my guest on last week’s Innovators show. The topic was “Oslo”. But the context was our shared passion for figuring out how computers, information systems, and networks can more easily and more faithfully express the intentions of the people who own, operate, and inhabit them.

As I mentioned here, I’m exploring the viability of Python as a way of programming the newly-announced Microsoft cloud platform, Azure. Partly that’s because I love Python, but mainly it’s because I believe that the culture surrounding Python and other open source dynamic languages can fruitfully cross-pollinate with the culture that infuses Microsoft’s platforms.

One of the reasons these cultures face each other across a great divide is religious attachment to low-level operating systems. In the cloud, though, the differences among these low-level systems are increasingly hidden behind interfaces to higher-order constructs: compute nodes, storage objects. These, in turn, are building blocks for still-higher-order services that will be created — and consumed — both by platform vendors and by the developers who are their customers.

It becomes possible, in this new world, for platforms to support a continuum of access styles. You want object-oriented? Do it that way. RESTful? Go for it. You know the Python or Ruby libraries best? Use them. The .NET Framework? Use that. Or even mix and match according to convenience and taste.

Consider this Python module written by Sriram Krishnan, which wraps the RESTful interface to Azure blobs. It’s written in standard Python, using OpenSSL-based cryptography. When I tried it on my machine, though, I ran into an inconsistency in my local Python installation.

Normally a Python developer would debug and fix the installation. But I was planning to deploy this module in IronPython on Azure, and IronPython doesn’t run compiled modules such as OpenSSL. It can, of course, use equivalent .NET functionality — in this case, the method implementing the SHA-256 flavor of keyed-Hash Message Authentication Code. So I made that small change.

At this point, having eliminated my module’s only dependency on unmanaged code, I thought I could run it in the Azure development fabric, and then deploy it to the Azure cloud. But no. Azure’s security model currently won’t allow Python even to import pure-Python modules at runtime. A wacky solution might be to use Python’s custom import mechanism to load those modules over the network. More practically, the modules might be provisioned into Azure.

I don’t know how this will play out. Meanwhile, there’s another option: Eliminate all use of Python modules, and rely only on the .NET Framework. So as an experiment, I switched over from Python’s minidom, httplib, time, and base64 modules to their .NET equivalents.

The good news is that this works. I can deploy the module to Azure, and use it in the cloud. The bad news is that, in some cases, I’d rather use the standard Python modules. The .NET equivalent to Python’s httplib, for example, is the HttpWebRequest/HttpWebResponse pair. But these APIs differ from those provided by httplib in a couple of ways that annoy me.

First, there’s an inconsistency in the way headers are handled. You get and set most headers using the Headers collection. But you get and set a few special ones, like Content-Type and Content-Length, using special named properties.

Second, status codes are handled inconsistently. Most responses return status codes. But for codes in the 4xx series, an exception is thrown.

To me these behaviors are quirks that make it trickier to create RESTful interfaces. I’m sure there are reasons for them, and people who prefer them for those reasons, but I’d rather just use httplib. In any case, if both styles are available, there’s no need to argue. Everybody gets what they need.

We’re not there yet in the current Azure preview. Those of us chomping at the bit to run IronPython in the cloud will have to be inventive. I expect things will get easier as both Azure and IronPython mature, and as Python technologies like Django and NWSGI are — I hope — woven into the fabric.

Why might this matter? Again, I’m looking for cross-pollination. Python culture will be able to make really productive use of higher-order Azure services such as identity, access control, workflow, Live Services. And it will also exert a positive influence on the future evolution of the Azure platform.

I hope James Governor, Mary Branscombe, and Kim Cameron will triangulate on this, but here’s my report on a cosmically funny incident at a party last night. I walked up to James just as he witnessed Kim being forcibly denied access to the venue. He lacked the necessary identity token — a plastic wristband — and couldn’t talk his way in.

If you don’t know who Kim is, what’s cosmically funny here is that he’s the architect for Microsoft’s identity system and one of the planet’s leading authorities on identity tokens and access control.

We stood around for a while, laughing and wondering if Kim would reappear or just call it a night. Then he emerged from the elevator, wearing a wristband which — wait for it — belonged to John Fontana.

Kim hacked his way into the party with a forged credential! You can’t make this stuff up!

Social networks are Petri dishes in which we can watch memes emerge and spread by imitation. Three years ago, I traced the effect of a powerful one created by the ACLU: a fictional screencast about a dystopian future in which identity and privacy have gone horribly wrong. What I found when I looked at the data was that, although forward thinkers and actors in the realm of digital identity had only recently become aware of the ACLU’s powerful meme, it had been active for 18 months, most forcefully at the beginning of that span.

In that case the meme was an idea which, because it was neatly represented by an URL, could be tracked by using services like del.icio.us and bloglines as proxies for the attention that flows to an URL.

In other cases, a meme is best represented by a word — often, a neologism. There’s no canonical URL to track, but there are other ways to monitor the spread of the meme. Search engines, for example. In the case of screencast, for example, there were 200 Google hits for screencast in April 2005, 60,000 in June 2005, 325,000 in November 2005, and there are 3,000,000 today.

I’m always on the lookout for new ways to make these kinds of observations. Yesterday I encountered Pecha Kucha for the first time. It has a Wikipedia page, so the revision log there is one source of insight.

Since I encountered the phrase on Twitter, I tried a different strategy. While relaying a definition of the term, I used the tag #pechakucha. I realized that these Twitter “hashtags” are another proxy for linguistic memeflow, so I plotted occurrences of the tag on a Timeline. There were only 16 occurrences as of yesterday, so it’s a little sparse, but the same approach can be used to provide insight into the birth and evolution of any Twitter hashtag.

Here’s a Timeline for #quotes. It started on April 6, 2008, when Leonardo Souza quoth: “#quotes ‘This story, like any story worth telling, is about a girl’”, which evidently is from Spider-Man.

One of the nice features of Timeline, one of David Huynh’s many ingenious creations, is this condensed summary of activity:

Here we can see sporadic use of #quotes from April to the first of September, and then much heavier use. What happened on September 1? Tim O’Reilly, a powerful meme transmitter and amplifier, quoth: “‘The skill of writing is to create a context in which other people can think.’ Edwin Schlossberg. #quotes”

In Timeline we can watch other Twitter users immediately begin to use and transmit the #quotes meme:

This method will be most useful for watching Twitter hashtags that haven’t yet been widely adopted. If you apply it to, say, #ike you’ll run into two problems. First, Twitter’s API caps the number of search results you can retrieve, so in the case of #ike we can only see back as far as September 18. Second, Timeline struggles to display thousands of events.

These are general problems. No matter which Petri dish we observe — del.icio.us tagspace, the blogosphere, Twitter — our ability to watch memes evolve is limited by the amount of data we can gather, and also by our ability to effectively visualize what data we can gather. I expect both constraints to gradually erode. As they do, this game of meme tracking will become even more interesting.

Reacting to this report about a flaw in the single signon protocol for Google Apps (via ZDNet and heise Security), Kim Cameron writes:

As an industry we shouldn’t be making the kinds of mistakes we made 15 or 20 years ago. There must be better processes in place. I hope we’ll get to the point where we are all using vetted software frameworks so this kind of do-it-yourself brain surgery doesn’t happen.

The “brain surgery” Kim refers to here was the omission of a unique ID that’s supposed to be cryptographicallly bound into a SAML assertion, so that the party relying on the assertion knows it was “freshly minted in response to its needs”.

It would certainly be useful to standardize on a relatively small set of frameworks that have been vetted, as Kim suggests, and are believed to implement these tricky protocols accurately and reliably.

I can imagine taking things a step further, exposing the test suites for these frameworks so that any implementation can be explored interactively and probed automatically. Given the complex dance of machine-to-machine, machine-to-human, and sometimes human-to-human interaction that occurs when a security protocol is enacted, I’m reminded of Ward Cunningham’s swim-lane visualizations. The idea is that anyone can run business-logic tests on demand, visualize the resulting flow of interaction, and verify the outcomes. Ward’s vision didn’t garner nearly the interest I expected when I first wrote it up (and then followed with a podcast). But like so many of his brainstorms, I think his approach to implementing Brian Marick’s notion of Visible Workings is revolutionary.

Evaluating an implementation of a security protocol is a job that requires expert brainpower assisted by all the automated tooling it marshall. But security protocols are also forms of business logic that can, and should, be transparent and understandable to everyone — at least at some useful level of description. In Ward’s world, when you’re ready to submit your credentials to a login authority, you could hit an Explore button and land in a swim-lane visualization driven by the actual tests used to validate the implementation of the protocol you’re enacting. I’d like to live in that world.

I’ve always had a fondness for solutions that scribble in the margins of the Domain Name System. Today I saw a new one at the DEMO conference: Telnic, a service you can use to store basic personal or business information directly in the DNS. The service is associated with the .tel top-level domain. If you visit, say, henri.tel, which belongs to Henri Asseily, Telnic’s chief strategist, you’ll see a web page, but it’s rendered by a proxy that pulls the information from DNS records.

As Henri notes on his blog, which is one of the links advertised in henri.tel, the system at its core is a way to store key-value pairs in the DNS. Users control this data by way of a web-based management console. Developers of .tel-aware applications can use DNS directly, or can use access libraries provided by Telnic. An application might, for example, locate people by way of the LOC (location) record in their .tel domains.

You could, of course, use a web-based convention — like foaf.xml — to accomplish the same thing. People mostly don’t, though. Would a system bound more closely to DNS identity seem more natural and be more appealing? Maybe.

Last week I spoke with Joshua Tauberer for an upcoming interview about his project, GovTrack.us, which is one of several efforts to make official sources of information about Congressional legislation available in more useful and actionable ways.

On Sunday, my local newspaper ran an article that sent me scrambling to GovTrack, to OpenCongress, to the Washington Post’s Congressional voting database, to the Library of Congress’ THOMAS, and to a flock of other sites. Why? The newspaper article, illustrated by a photo of NH Senator John Sununu standing with the owners of New England Wood Pellet in front of a pile of sawdust that will be pelletized, said:

Sununu supported a tax credit on high-efficiency biomass fuel systems, including wood-pellet stoves. The Senate passed the measure in April, in effect encouraging people to use the appliances, just as those who take on solar or wind power receive financial incentives for doing so.

I’ve invested rather heavily in clean wood-burning technologies — first in a pellet stove, now also in a wood gasification boiler — and I’m hoping these investments will qualify for tax credits. When phone calls to the local offices of my state representatives produced no results, I resolved to research the matter myself.

Here were my questions, along with the answers I found.

Q: Which bill approved by the Senate in April contains these incentives?

A: Bizarrely but typically, it’s not an energy bill. Instead it’s a housing bill, the Foreclosure Prevention Act of 2008, otherwise known as:

Building American Homeownership Act of 2008
Clean Energy Tax Stimulus Act of 2008
FHA Manufactured Housing Loan Modernization Act of 2008
FHA Modernization Act of 2008
Mortgage Disclosure Improvement Act of 2008
REIT Investment Diversification and Empowerment Act of 2008

Q: Which appliances will qualify?

A: The bill says:

(F) a stove which uses the burning of biomass fuel to heat a dwelling unit located in the United States and used as a residence by the taxpayer, or to heat water for use in such a dwelling unit, and which has a thermal efficiency rating of at least 75 percent.

On that basis I believe that both of my appliances should qualify.

Q: What is the status of that legislation?

A: According to GovTrack:

Status:

	Introduced	Jul 30, 2007
	Scheduled for Debate	Sep 5, 2007
	Amendments (235 proposed) [details]
	Passed House [details]	Aug 4, 2007
	Passed Senate	Apr 10, 2008
	Differences Resolved	-
	Signed by President	-

The bill may now proceed to
a conference committee of senators and representatives to work out
differences in the versions of the bill each chamber approved.
The bill then goes to the President before becoming law.
[Last Updated: Jul 20, 2008]

Cool! That’s what I needed to know. It ain’t law yet, but it might be. And thanks to a bevy of Web 2.0 tools and services, it was easy to find that out, right?

Wrong. It took me three hours on Sunday morning to sort this out. Along the way, I uncovered information that challenges the premise of the newspaper story. Entitled “Sununu touts alternative energy”, the story supports NH Senator John Sununu’s own claim to be a champion of long-term energy policy.

Here’s part of the analysis I posted in a comment to that newspaper article:

Sununu (and Gregg) were two of the votes responsible for the failure, by one vote, to include a $22 billion energy tax package in the Energy Independence and Security Act of 2007. Weirdly, that rejected tax package included Sununu’s original pellet stove provision from S1697!

So while the act became Public Law 110-140 in December, $22 billion of renewable energy incentives were jettisoned from it by Sununu. Why? The Congressional Quarterly noted that it “would have been offset in part by stripping about $13 billion in tax breaks from the oil and gas industry,” suggesting that Sununu was influenced by those interests.

Subsequently, I remembered Maplight.org where I found the breakdown for that crucial NO vote:

It’s utterly amazing, and deeply hopeful, that an ordinary citizen with no prior experience with an issue can dive in and do this kind of analysis.

And yet…I’m not really an ordinary citizen. It’s true that I’ve never before attempted this kind of detailed analysis. But I have an unusual degree of skill and perseverence when it comes to searching the Net, finding and using a variety of services, and correlating information from a variety of sources. At one point, trying to pull it all together, I had two dozen browser tabs open. That’s not normal.

It’ll take a few more turns of the crank before this kind of thing becomes routine enough for a truly ordinary citizen who cares about some issue to do the same kind of analysis.

On the first turn of the crank, we’ll need to get to the point where a Net-savvy individual can do what I did in minutes not hours.

On the second turn of the crank, we’ll need to deliver that capability into the hands of folks who aren’t freakishly Net-savvy.

I really believe that’s possible, maybe even inevitable. But challenges remain.

One of the biggest challenges, as Joshua Tauberer says in our upcoming interview and as my experience here confirms, is the analysis of the legislative texts themselves. Even with all of the excellent online services now available, it’s incredibly hard to relate colloquial discussion of legislation to the actual process and to related commentary. Every day, we read statements like this:

The Senate passed the measure in April, in effect encouraging people to use the appliances, just as those who take on solar or wind power receive financial incentives for doing so.

It took me hours to unravel that statement. For starters, it would help if newspapers would cite the legislation they mention. But that’s only a start. In this case, as is typical, the Sununu pellet stove provision began its life in one Senate energy bill that died, migrated into another Senate energy bill that died, and eventually wound up as part of a housing bill that passed. Separately, the provision was included in, then struck from, yet another energy bill that passed.

Crowdsourcing will be part of the answer. But to empower the crowds, we’re going to need power tools that help us visualize how specific bits of legislative language flow through the bewildering thicket of bills, to tie those bits of language to their sponsors, and to relate them to journalistic/blogospheric commentary.

Happily, this is just the sort of problem that should appeal to software engineers. The management of source code, like the management of legislation, is a high-stakes game. And in the software realm, we play that game really well. We take for granted the ability to reliably track changes in a large and evolving corpus of interrelated texts. When that same expertise is applied in the legislative realm, the results could be dramatic.

On a related note, I enjoyed this snippet from a Wired interview with Martin Wattenberg, whom I also interviewed here.

Wired:
Why is a numbers guy like you so interested in large textual data sets?

Martin Wattenberg:
Language is one of the best data-compression mechanisms we have. The information contained in literature, or even email, encodes our identity as human beings. The entire literary canon may be smaller than what comes out of particle accelerators or models of the human brain, but the meaning coded into words can’t be measured in bytes. It’s deeply compressed. Twelve words from Voltaire can hold a lifetime of experience.

Similarly, snippets of legislation can be the tickets to a more participatory democracy — if we can unravel and expose the contexts surrounding those snippets. It should be doable.

In conversation with English and Welsh friends last week, the subject of Britain’s imminent National Identity Scheme came up. My friends, who are worldly and well-educated but not technical, voiced concerns about the amount of personal information that will be stored. Their understanding was that a lot of this information will be kept on the new ID card. In fact, the proposal says that only a subset will stored on the card, which will be backed by a cloud-based (and decentralized) National Identity Register. But either way, my friends’ concerns are of course valid. If governments or businesses aggregate too much personal information, accidents and abuses will occur.

At the same time, my friends do recognize the need for a strong and secure means of identification. So they’re not opposed to identity cards on principle, they just don’t want those cards to contain, or link to, extensive dossiers.

At this point, channeling Kim Cameron, I launched into an explanation of the laws of identity and the identity metasystem. Well, sort of. I didn’t say anything about cryptography, or digital certificates, or XML web services. But I did paint a picture of a world in which individuals interact with many identity providers and many relying parties, in which all actors trust one another in exactly the ways they already do today, and in which disclosure of personal information is minimal and context-dependent.

Halfway through I thought, well, this will never fly. This whole scheme is based on decentralization and indirection, and I know people don’t take naturally to those concepts.

But…they completely got it! Maybe that’s because the threat of a monolithic system leads people to appreciate the virtues of a decentralized one. Maybe it’s because ongoing experience with the Net makes people more comfortable with the principle of indirection. Maybe it’s both these factors and others as well. In any event, it was a hopeful moment. Identity geeks have struggled, for many years, not only to devise right systems, but also to motivate an understanding of what makes systems right, and why. Now that right systems are coming into existence, it’s good to see that (some) people are ready to appreciate and embrace them.

Lately I’m obsessed with figuring out how to harness the cognitive surplus and put it to work doing better social information management.

The other night I attended a kick-off meeting for a group interested in advancing the cause of local food production in our region. Inevitably the discussion turned to questions that require data to answer. Who are the local producers? Where are they? What do they produce?

In the ensuing discussion, various sources of data emerged. There’s a USDA website, a state government website, a special-interest website, this or that blog. Two things were immediately clear to everyone. First, there would be no effective way to collate these existing sources. Second, most of the needed data wouldn’t be there anyway.

I’d like to be able to recommend the sort of loosely-coupled collaborative list-making method that works so effectively for me. But here’s why I can’t. The method presumes that all the things you’d want to collaboratively curate are already represented by URLs.

In the real world, some are and some aren’t. Consider two examples from this list:

Name: Darby Brook Farm
Day/Time:  8:00 AM – 5:00 PM
Season:  June 1 – October 1
Address:  347 Hill Road
What you’ll find: Vegetables, raspberries, apples.
More Info: 603.835.6624

Name: Stonewall Farm
Day/Time:  Hours vary
Season:  June – October
Address:  242 Chesterfield Road
What you’ll find:  Garden fresh produce through the Community Supported Agriculture (CSA) program, call for options
More Info:  603.357.7278,   bsaunders@stonewallfarm.org,  www.stonewallfarm.org

Because Stonewall Farm has a web presence, we can do all kinds of useful things with its URL. We can tag various bits of metadata onto it (location, products), we can derives views that include that information, we can syndicate those views.

Because Darby Brook Farm doesn’t have an URL, we can’t do those things.

Of course Darby Brook Farm does have an implicit URL-addressable identity at Lighten Up NH. That identity is the record in Lighten Up NH’s database that’s currently being published into a web page by its ColdFusion server.

If that record were directly URL-addressable, the implicit identity would be explicit. Using the record’s URL as a temporary placeholder, we could bootstrap Darby Brook Farm into a collaborative list-making regime based on URLs, tags, and syndication.

Later, when Darby Brook Farm does establish a real web presence, we can unhook its cloud of annotations from the placeholder URL and attach it to the official one.

This scenario highlights a subtle but powerful benefit of data-publishing technologies like Astoria. When you aggressively expose record-level URLs, you can enable the same methods that will work for Stonewall Farm to also work for Darby Brook Farm.

I had a great time talking about LibraryThing with Tim Spalding for this week’s ITConversations show. He says LibraryThing is a baroque application. I think of it as deep in the same ways that Flickr is: Many features, many modes of use, many constituencies. Although Tim is flagellating himself about the way we swam around in those depths, I enjoyed the conversation immensely. If you’re fascinated by the dynamics of social information management — whether or not you are a book-lover — I think you will too.

We wound up talking for almost two hours. I omitted the second hour not only for reasons of length, but also because it raised a question that neither of us felt we were able to address very well. As mentioned in comments here, though, it does warrant further consideration. A lot of folks, me included, feel that the inability to move identity and relationships across social networks is increasingly an impediment to joining them and participating in them.

But Tim rightly points out that friction has value. Rites of initiation are costly for a reason. When you invest effort you create meaning. So here’s the question. How do we separate those aspects of social information management that should be portable and frictionless from those that should be unique and special?

The second installment of Perspectives is up, with Vittorio Bertocci, author of Understanding Windows CardSpace. This interview was recorded a few months ago, and has been waiting for the Perspectives site to launch. In January I excerpted the part about omnidirectional identity, a difficult phrase that I continue to struggle with. Maybe a better one is Internet persona: the social mask that you project when you self-publish online, and to which reputation attaches. Whatever we call this phenomenon, its Laws of Identity — not only for people, but also for digital object — are not yet well defined.

Most of the interview, though, concerns the existing “unidirectional” mechanisms supported by CardSpace. I asked Vittorio to relate those mechanisms to precursors like SSL client certificates and Kerberos, and also to the complementary OpenID system. As discussed in my ITConversations podcast with Dick Hardt, the principles that govern this identity machinery are abstract and, until we experience them firsthand, will be hard for most of us to grasp. But Vittorio does a good job of explaining those principles in terms of concrete examples.

Today I’m launching a new Microsoft-oriented interview series called Perspectives. The show will touch on a variety of topics including robotics, digital identity, e-science, and social software. I’ll be speaking mostly with passionate Microsoft innovators, and sometimes also with key partners from academia and industry.

The format is an audio podcast and a blog, where the blog provides a partial (but substantial) text transcription in order to make these conversations accessible to folks who don’t listen to podcasts, and also to expose them to the Net’s ecosystem of search, linking, and aggregation. Where appropriate, I’ll also use screencasts to show software in action.

Perspectives runs on the same publishing platform that supports Channel 10 (for enthusiasts), Channel 8 (for students), TechNet Edge (for IT pros), and VisitMIX (for Web designers and developers). (Channel 9, the original site, will migrate to this platform too.) Perspectives intersects with the interests of all these sites, but it doesn’t really belong in any of them, so we’ve created an independent home for it. Thanks to the EvNet team, especially Duncan Mackenzie, David Shadle, and Jeff Sandquist, for making that happen.

The first episode, with Henrik Nielsen and Tandy Trower, explores the Microsoft Robotics initiative. We discuss why robotics is — as futurist Paul Saffo believes — a Next Big Thing. And Henrik and Tandy explain how the concurrency and decentralized-services infrastructure that supports the robotics platform is broadly relevant in an era of loosely-coupled services.

For this week’s ITConversations podcast I asked Phil Windley to review the work he’s done — with several groups of his students — to develop a software framework for managing online reputation. Phil explains:

Reputation is a very personal thing. The way you think about a person we both know in common, and the way I think about that person, is different. We talk about Joe having a reputation, but in fact, Joe doesn’t have a reputation, every single person has a different feeling and way of thinking about Joe. Reputation is your story about me. I don’t control my reputation, I only control some factors that you might or might not use to calculate it. I don’t control all of them, and you may take factors into account that I have no control over.

If we’re going to bring that social system, developed over thousands of years, to the Net, we need to mimic that opportunity as closely as possible. So the idea of our rules language was to allow you to create your own algorithms abouthow you determine the reputation of something or someone, and to allow me to create a different one.

Of course, if my calculations about Joe and your calculations about Joe refer to the same public, or omnidirectional, digital identity, then they can be merged. And by referring to my digital identity and yours, somebody else will be able to aggregate our calculations about Joe, and propagate them transitively.

That scenario entails both risks and benefits. At the moment, it’s easier for most people to imagine the risks. Phil says:

Offline we all give up information about ourselves all the time, trading privacy for convenience, and we have a pretty good feel for how that information is compartmentalized — not always, and there are obvious problems — but if I tell somebody in one business my name, that won’t mean the business down the street finds out about my transactions. Online, all of those intuitions have been switched around, and we’ve come to believe that giving up as little information as possible is the right thing.

The phrase “giving up information” has a negative connatation. We haven’t yet established norms for “declaring information” in a positive sense, and we have no intuitions about the benefits that doing so might yield. But we may find that by declaring information about ourselves, we can help make the stories that are being told about us — whether we participate in them or not — truer and more useful.

When Verizon recently and erroneously canceled the online bill presentment service that I’d signed up for, I told them to just start sending paper bills again. I just couldn’t face the hassle of repeating their signup process.

For me, paper and electronic bills converge on the payment screen of my bank’s online service. So while the e-bills save me typing in amounts, versus clicking on a payment option, there aren’t many amounts to type and it’s really not a big deal.

I chose this method because, again, I couldn’t face the hassle of signing up individually for a bunch of per-biller payment systems. One obvious conclusion is that the long-awaited user-centric identity technologies now emerging — OpenID, CardSpace, and more broadly the identity metasystem — will grease the wheels, eliminate a huge amount of friction, and hugely accelerate e-commerce. If we think it’s big now, we ain’t seen nothing yet.

But beyond the convenience of single sign-on, and of common registration profiles that we can transmit with a click, a deeper issue looms on the horizon. It’s not just the psychic burden of signing up for services that weighs on our minds. Increasingly it’s the psychic burden of being in many service relationships, each of which needs to be managed and monitored individually.

Consider, for example, the problem of renewing those relationships. Just yesterday, I was confronted with three different renewal scenarios involving WordPress, EZPass, and GoDaddy. In each case I had to locate and jump through a differently-shaped hoop. That kind of thing wears you down. It’s never easy enough, your past experience is always too remote to guide you in the present, and if you fail or just forget, the consequences can range from annoying to severe.

What you really want, of course, is a renewal policy. When you set up a new service relationship, you define the policy: Renew automatically, on request, or never. In my case, I’d make all three of those relationships renew automatically. That would mean that WordPress gets to take ten bucks from my PayPal account every year for domain mapping, EZPass gets to refresh the expiration date on my credit card, and GoDaddy gets to charge my credit card for domain renewals.

What would it take to be able to review and manage all of your service policies in one place? Enterprises, for whom the need to do that is much more acute than it currently is for individuals, have concluded that service-oriented architecture is the answer. The much-maligned WS-* bells and whistles, which seem so overblown for simple point-to-point interaction on the web, come into their own in a fabric of cooperating services governed by policy-based intermediaries.

I predict that as individuals find themselves embedded in more and more service relationships, and begin to feel the need to manage those relationships more sanely, one of the current distinctions between the enterprise and the “consumer web” will start to erode. We’ll find that we are all embedded in many service relationships. And we will all benefit from technologies that enable us to flow those relationships through management consoles.

It was great to see my interviews with Beth Kanter and Dick Hardt appear on the ITConversations top 10 list for 2007. Since it’s the listmaking season, I want to make one as well. Not a list of favorites, because there are so many, but instead of conversations that best exemplify the theme of using technology in socially innovative ways.

Last summer I realized that this theme had become really important to me. It also occurred to me that, while there hadn’t been much overlap between ITConversations and its sister channel, Social Innovation Conversations, there should be. Doug Kaye and Phil Windley agreed, and I was delighted when my interview with Ned Gulley became my first crossover show to appear on both channels.

I think that many of my shows, including the interviews with Beth Kanter on working with digital immigrants in non-profit organizations, and with Dick Hardt on user-centric identity, touch on the theme of socially innovative uses of technology. Here’s a rundown of some others, in alphabetical order by last name.

Barbara Aronson: Making medical research literature available online, at low or no cost, to poor countries. (blog)

Ken Banks: Using SMS to create communication networks in Africa and other places ill-served by the Internet. (blog)

Gardner Campbell: Using the tools and methods of Web 2.0 to reimagine higher education. (blog)

Mike Caulfield: Bootstrapping and running a state-level community-based political blog. (blog)

Brian Dear: Enabling performers to measure and respond to demand for personal appearances.

Greg Elin: Extracting, reformulating, and making sense of the operational data of government. (blog)

Beth Jefferson: Federating the online catalogs of public libraries, and pooling the participation of patrons. (blog)

Ned Gulley: Designing problems to be solved by gameplay that teaches advanced skills using an optimal mix of cooperation and competition. (blog)

John Halamka: Modernizing the exchange of health care information, and putting patients in charge of it. (blog)

Timo Hannay: Bringing the tools and methods of Web 2.0 to the scientific world. (blog)

Ed Iacobucci: Creating a decentralized alternative to the hub-and-spoke air travel system. (blog)

Doug Kaye: Helping volunteers capture and publish audio recordings of civic events. (blog)

Matt MacLaurin: Recapturing the joy of creative expression in software, in a game inspired by LOGO and implemented using modern software principles. (blog)

Hugh McGuire: Bootstrapping and running a collective effort to record and publish public-domain audiobooks. (blog)

Simon St. Laurent: Chronicling the civic and political life of a small town. (blog)

Jim Russell: Analyzing the dynamics of the Pittsburgh diaspora. (blog)

Greg Whisenant: Enabling cities and towns to publish crime data online, and imagining the citizen/government collaborations that can flow from that. (blog)

John Willinsky: Advocating open access to academic literature, and reimagining education in the era of Net participation. (blog)

Jeannette Wing: Explaining why the principles of computational thinking will become part of everyone’s educational foundation. (blog)

On a recent flght to Seattle, Microsoft identity expert Vittorio Bertocci wrote:

I want to take some time writing down some hallucinatory (=vision without execution) thoughts about omnidirectional identities. Be warned, this may be just pointless rambling.

It isn’t pointless, not by a longshot, but the term omnidirectional identity needs to be unpacked — and maybe even revised to something like public (versus private) identity, or broadcast (versus narrowcast) identity. I had a long talk with Vittorio last month, for a new interview series I’ll be launching soon, and in the part where we discussed OpenID and CardSpace he discussed omnidirectional and unidirectional identity:

VB: OpenID is actually a kind of omnidirectional identifier, which is something that sooner or later we have to deal with. Whereas cards are metaphors that help me to do things that are unidirectional. Every time I use a card, it’s for a transaction specifically with one relying party.

The same happens with OpenID, but you have the perception that there’s a URI which describes you. This opens the way to future developments which, in my view, we desperately need. What we see happening with Facebook is just a signal that the industry needs to do for omnidirectional identifiers what we are now doing for unidirectional identifiers.

JU: Can you define those terms?

VB: The idea is that your identity, or identity in general, can have different audiences. An omnidirectional identifier is something you use for being recognized by everybody. So if you go to the Verisign website, using HTTPS, their certificate declares their public identity.

Then you have unidirectional identities. So if I land on a website that, for business purposes, asks my age, then I obtain a token specifically for that website. We call this unidirectional. The flow goes straight to that website and nobody else. When you use a card today, or OpenID, you’re in a unidirectional context. You’re transmitting attributes to one specific relying party.

But in the case of OpenID, I have my account, vibro.openid.com, and it’s a URI, it’s my identifier, and it’s omnidirectional in the sense that everybody knows it. While in the case of my cards, there’s nothing that I tell to everybody. So I think OpenID is a good starting point for thinking about an ecology of omnidirectional identity. How do I handle identity that I want projected everywhere, not just to a specific relying party?

Also, the concept of an identity provider — in both CardSpace and OpenID — is for giving you attributes about yourself. I go on a website, I want to buy wine, I am the one who is asking the identity provider to certify me. While in the world of social networks, the requester of an identity may be somebody other than me. If somebody is looking at my profile, it’s not me. But the request is still for identify information about me. This is an area that needs thought. As an industry we did an excellent job with unidirectional identity, and the ecosystem for both CardSpace and OpenID is vital. But we haven’t yet found the laws for omnidirectional identity. When we do, things like Facebook Beacon won’t happen. We need to extend the conversation to include omnidirectional identifiers for users. A website has a public identity. But at this moment, a user’s public identity is an imagined phenomenon. You search for yourself and find traces of your identity on the web, or maybe the identity of somebody who has your same name.

JU: Or someone who said something about you. Made a claim about you, in effect.

VB: Exactly.

I’ve long projected a public identity omnidirectionally, so I’ve had a long time to consider this issue. A decade ago, when I realized the asymmetry of digital certificates — the secure website identifies itself to you, but not vice versa — I began using, and advocating the use of, client digital certificates. I used them to sign my emails, and would have used them to sign my postings to the Net if there had been any kind of ecosystem in place to recognize and honor those assertions of identity. There wasn’t, and there still isn’t. Meanwhile, as Vittorio notes, we’ve done a good job of first thinking through, and then implementing, the unidirectional identity scenarios that we need for e-commerce.

I realize now that even blogging, as big a phenomenon as it has become, wasn’t enough to motivate serious thought about the kind of public identity projection that I’ve always understood blogging to be. But I think Vittorio is right. The social networks are a much bigger phenomenon, and they’re acquainting many more people with the notion of public identity projection. Perhaps now the need for a system that enables people to project and manage their own public identities — a need that I was never able to articulate convincingly before — will simply become apparent.

Tim Bray wants to know if/why spock.com matters. Here’s why I think it does. At some point, people are going to throw up their hands in disgust when invited to sign up for yet another service in order to assert or defend their online identities. So, for example, Spock thinks that Jon Udell is the inspector general at the Department of Justice, based on these two blog postings of mine. In fact, that person (whom I will not name here in order to avert yet more identity confusion¹) is represented thusly in Spock.

I have no interest whatsoever in setting Spock straight about these facts, because I know that effort won’t carry over to ZoomInfo or to anywhere else.

I have a huge interest in establishing a presence, anchored somewhere in the emerging identity metasystem, to which I can refer Spock and ZoomInfo and other services. If Spock inspires other folks to appreciate why they might want to establish such presences for themselves, that’d be great. And based on some of the reactions I’m seeing, perhaps Spock will help us get there.

Isn’t it delightful, by the way, that both of these books exist?

I am Spock / I am not Spock

¹ Of course, by writing the phrase “Jon Udell is the inspector general” I am probably ensuring that it will show up here.

In response to a Kim Cameron item about Blogger’s support for OpenID — and, when the OpenID provider is myopenid.com, for identity selectors — Vittorio Bertocci pointed out something I had not realized:

MyOpenID does exactly what I was asking for: it allows me to create a new openid without having to establish any password. Let me repeat/rephrase it: I can create an account that can be accessed exclusively by using a personal card.

That got my attention. Coincidentally I had just been reading the rough cut of Vittorio’s forthcoming book, Understanding CardSpace, and was at the same time reviewing how OpenID providers like MyOpenID work with OpenID relying parties like ClaimID.com. The ability to create a passwordless, card-only account on MyOpenID is a great step forward, for the reasons Vittorio explains on his blog.

I went over to MyOpenID, created a new, passwordless account, associated that OpenID URL with my ClaimID account, and away I went. Nice!

Now I’m trying to imagine how I would explain all this to a civilian. Honestly, I don’t think I could, yet. It’s a stretch even for me to hold in my head all the moving parts. Which identity selector works with which browser on which platform? What does the card represent? What does the OpenID URL represent?

But we are tantalizingly close to real use cases that will begin to walk people through these scenarios. It’s difficult to describe the abstractions, but as people begin to actually have the experiences, it’ll all start to come clear. Similarly, as people start to have the managed-card experiences that Dick Hardt discusses in our ITConversations podcast, those will start to come clear as well.

To all those attending the Internet Identity Workshop today: Thanks, and keep up the great work!

Hat tip to the CardSpace team for enabling “long tail” use of Information Card technology by lots of folks who are (understandably) daunted by the prospect of installing SSL certificates onto web servers. Kim Cameron’s screencast walks through the scenario in PHP, but anyone who can parse a bit of XML in any language will be able to follow along. The demo shows how to create a simple http: (not https:) web page that invokes an identity selector, and then parses out and reports the attributes sent by the client.

As Kim points out this is advisable only in low-value scenarios where an unencrypted exchange may be deemed acceptable. But when you count blogs, and other kinds of lightweight or ad-hoc services, there are a lot of those scenarios.

Kim adds the following key point:

Students and others who want to see the basic ideas of the Metasystem can therefore get into the game more easily, and upgrade to certificates once they’ve mastered the basics.

Exactly. Understanding the logistics of SSL is unrelated to understanding how identity claims can be represented and exchanged. Separating those concerns is a great way to grow the latter understanding.

In random moments I type my first name into Google to check on my long-running competition with Jon Stewart for the top spot. I thought that once he ousted me it would be all over, but strangely there are still days — like today — when I show up first. Except not really, because the top link goes to my InfoWorld blog, not my current blog which currently shows up at #40.

The situation is completely different in Live Search, by the way, where I’m way down in the list along with other Jons who are loved by Google but are not conventionally famous.

This Google love is a temporary anomaly that’s lasted longer than I expected. But if things really shouldn’t work this way, how should they work?

Part of the answer is a lifebits service that guarantees me a persistent lifelong online persona and namespace. That’ll present interesting challenges as people mix personal identities with institutional identities, and then move among institutions. But those challenges will also create business opportunities for a service fabric that manages identity, syndicates content, and measures reputation.

Suppose you’re a Microsoft blogger who has launched at blogs.msdn.com. You can choose to write a mostly professional blog, or a mostly personal one, or a blend of both. Or you can separate the professional from the personal by establishing separate blogs. But no matter how you slice it, there are no good answers to some vexing questions like:

How do you integrate the online persona that you developed before joining Microsoft, or the one you will develop if you leave?

or:

If you establish separate blogs for separate purposes, but wish to combine their reputation effects, how do you do that?

More broadly, this isn’t just about the reputation that accrues to your online persona, but also the reputation that it confers on others. Page ranking algorithms are numeric, not social. People who know me, and my work, value resources I cite because it’s me citing them. So they assign equal value to citations that emanate from weblog.infoworld.com/udell or from jonudell.net. But ranking engines have no idea that those two sources represent a common identity, and no idea of how other identities relate to that one.

The service fabric I’m envisioning would deal with this problem by means of:

1. Claims-based digital identity.

2. Persistent digital object identifiers.

From the identity metasystem manifesto:

Digital identities consist of sets of claims made about the subject of the identity, where “claims” are pieces of information about the subject that the issuer asserts are valid.

In this scenario the issuer of claims about me might as well be me. I have no need to appeal to some other authority, I just want to be able to say, definitively, “I published this piece of content,” and also, “I linked to that other piece of content.”

Now although we normally think of people having digital identities, it seems to me that digital objects can have them too. If those objects have unique and stable identifiers, then they can be the subjects of claims. In the case of a conventional hyperlink, the claim is simply that my digital identity has linked to a digital object that’s associated with some other digital identity. Your evaluation of me, of the object, and of the object’s author can leverage not only the numeric weights assigned by conventional search engines, but also claims made — about me, the object, or the object’s author — by people in your social network that you trust.

We can also imagine the service fabric supporting stronger claims, like “I recommend this object,” or “I assert that this object has been peer-reviewed,” or “This object is required reading at institution X for purpose Y.” These claims won’t be implicit in the web, but could arise from a federation of identity and content services.

It’s admittedly a stretch, but surely a worthy ambition. The recent brouhaha at TechCrunch, about astroturfing YouTube to make videos go viral, drew strong reactions from all quarters. Some people were shocked by the tactics described. Others were shocked by the naivete of the shocked. And still others were shocked in a Casablanca sort of way:

Captain Renault:
I’m shocked, shocked to find that gambling is going on in here!

[a croupier hands Renault a pile of money]

Croupier:
Your winnings, sir.

Captain Renault:
[sotto voce] Oh, thank you very much.

Piles of money will continue to be made in this way. But there are other piles that can be made by offering identity and content services that take us in another direction. I would like to gravitate toward those piles.

When Kim Cameron pointed to this CBC story about a British Columbia trial use of managed Information Cards, he noted:

Dick Hardt of sxip played the key and even charismatic role in developing a catalytic relationship between industry and government.

On this week’s ITConversations show¹ I chatted with Dick Hardt about that project. According to Kim’s Information Card thermometer, 10 percent of desktops are now running CardSpace or an equivalent identity selector technology such as DigitalMe. I’m not sure where the tipping point will be, but even if you’re in that 10 percent it’s hard to find concrete examples of how the technology will simplify your life.

The BC program should prove to be a nice example. It will provide roaming access to WiFi hotspots for people who work in government agencies and also in public-sector organizations. The managed cards issued to these folks will identify them as members of those agencies and organizations.

From the user’s perspective, this will in many cases be the first real hands-on experience with the identity selector that’s built into Vista, available for XP, and emerging in other forms.

From the government’s perspective, it will provide another kind of experience. The identity metasystem that Kim Cameron has been birthing is really about network effects. In this kind of network, the packets are identity claims, and you want them to be able to flow frictionlessly.

I asked Dick to compare this architecture to other kinds of “trust bridges” — like the Higher Education Bridge Certification Authority and the Federal Bridge Certification Authority — and here’s what he said:

The architectural advantage of this model is that you have a URI representing each claim in a transaction. So that makes it wide open. You don’t have a single schema, you have a set of URIs and anybody can define a new one. That enables an organization to set up their own claims. They can say, our people have these attributes, and this is what those attributes mean.

The advantage of this approach is that once you’ve got some parts of it working, it’s very easy for someone else to join in and become part of the whole network. So once we’ve got this WiFi thing set up and running, another public sector organization comes along and wants to use it, and we just say, OK, you just need to turn something up to issue them managed cards. Then someone says, well, I’ve got a service I’d like someone to access if they’re members of one of these organizations. They can just turn it up, and their people already have the cards they can use to access it.

The equivalence between URIs and identity claims seems crucial here. Although I hadn’t made this connection before, I suspect it will enable a compositional approach to identity management which has much in common with the principles of RESTful web services.

Of course it’s challenging for experts, and impossible for civilians, to discuss this stuff in the abstract. But when somebody receives a managed card, uses it to access a service, finds that the claims carried by the card can be used to access another service, and can see which claims are being sent to which parties for which purposes, it’ll all start to make sense. It’s been a long time coming, but it feels like the puzzle pieces are finally fitting into place.