What we hear

Recovered from the Wayback Machine.

Lawrence Lessig posted a graphic of the spread of Creative Commons throughout the world. He used some interesting words to describe the colors:

As of Thursday, the current spread of Creative Commons. The green are countries where the project has launched. The yellow are close. The red is yet to be liberated.

(em. mine)

The red is yet to be liberated.

Joi Ito responded with:

A lot of progress but a lot left to do.

Yet no one, not one person has responded to the test challenge I did with the Creative Commons license, or the carefully written responses by Dennis Kennedy and Denise Howell at Corante’s Between Lawyers. It’s as if there’s a buffer around the license and absolutely no criticism or questioning of it is allowed.

What was more disappointing, though, was the fact that given this silence, the Corante folks still kept the CC license up at their site. Is it, then, that no one, including the CC people themselves, really take this license seriously? Then what the hell use is it, other than a way of marking yourself as a good weblogging citizen?



Kathy Sierra, author of the popular “Head First” series from O’Reilly, asked a question: Is your book, manual, website remarkable (or recognizable) at every scale?

There’s a game I used to play where you take a really small image from the painting of a famous artist and try to identify it. The trick is to see how small a sample you can use before you can no longer recognize either the painting or the artist. It’s amazing just how identifiable a Van Gogh or a Monet or a Kandinsky or a Miro is, just from the tiniest slice. It’s a wonderful game to teach yourself to really see the way the artist used color, texture, light, shapes, lines, etc.

Now, take the nearest computer book on your shelf and open it to a random interior page somewhere in the middle. Can you tell who the publisher is just by looking? Can you tell who the author is? Go a little further and start reading a paragraph. Now can you tell?

That’s the problem.

Kathy raises an interesting point. As a book author, I would hope that each book I write stands out from the others on a specific topic. In fact, I, and my royalties, are dependent on this to some extent.

However, Kathy places the burden for uniqueness almost purely on the visualization of the books–what each looks like when opened to a random middle page. This tends to emphasize a more visual learning technique, and though this approach works for some people, it doesn’t work for all. Studies conducted in the past have shown that each of us has a preferred learning style: a method of learning that facilitates how quickly we absorb new material. Tests, surveys, and other assessment techniques are used to help us identify our learning style, and how we can best make use of it.

One such technique, the DVC Learning Survey, breaks learning styles into Visual/Verbal, Visual/Nonverbal, Tactile/Kinesthetic, and Auditory/Verbal. According to the survey results, I am a strong Visual/Verbal, which means I learn best when material is presented visually–as bullet points or diagrams–and in writing.

With another, the Felder-Soloman Index of Learning Styles survey, I am barely Reflective, strongly Intuitive, evenly divided between Verbal and Visual, and mildly Global. This means I tend to learn better by thinking things through rather than hands on; that I prefer concepts over concrete facts; and work from the big picture to the details. This is fairly consistent with the results of the DVC survey.

(You can take the DVC survey yourself –name and other information not required; the Index of Learning styles can be found here. Other studies and self-tests are listed in this helpful summary page.)

These styles, while quite accurate overall, aren’t immutable; the context of a learning situation can alter which style works best. For instance, when working with code I prefer learning by example, which is more Tactile/Kinesthetic on the DVC scale. Based on this, I prefer books that provide numerous small, easy to accomplish examples that allow me to quickly learn the material being presented.

When I’m trying to create one of my homemade books, though, I work almost exclusively with diagrams (which is Visual/Nonverbal). The bookbinding books I like the most are those with clear illustrations, preferably using photographs demonstrating the techniques.

It is a combination of basic learning style and behavior in certain circumstances that makes each of us learn in different, unique ways. However, publishers can’t target the individual; not and make a profit. All they can do is create a specific book brand that caters to a group of people, and make sure the books within that brand are consistent.

A case in point: O’Reilly has many well known brands of books, and each has a different audience. Among the more well known brands is the “In a Nutshell” series, which differs, dramatically, from those that Kathy writes: the “Head First” series. The former is pure text, little diagraming, and focuses largely on specific facts and must-know information, given with little verbal embellishments. The Head First books, though, make heavy use of humor, whimsey, and graphics. Oddly enough, on any particular topic, both types of books probably provide the same amount and type of information–the only difference is the presentation.

There are those who love the Nutshell series; there are those who prefer the Head First series. There might even be people who like books from both, but which series they’ll purchase a book from is dependent on the topic.

Regardless of style, though, the key element is the material offered: if it isn’t quality, no amount of pretties will make it better. I agree with Danny Ayers (author of a book I’m currently reading, “RSS and Atom Programming”–an excellent and comprehensive read with lots of examples), who wrote:

Style and branding is important to the consumer. It’s certainly significant when it comes to purchase decisions, and undoubtedly influences their response to the material when reading.

But generally I do think Kathy is over-concerned with presentation. She talks of it being a way to make a memorable impact, make the book remarkable. She does touch on an author’s “information style”, yep, that’s more like it – surely the most significant thing is the content. That’s what should be remarkable, the rest is icing. Unless it’s visually-oriented, a good book/manual/website should still be good typewritten on A4.

The ‘information style’ that Danny quotes is a reference Kathy made about how the writing of the books seems to be similar, regardless of which series the book is in. However, again, this is most likely driven out by the topic — computer books have a certain ‘feel’ to them, and the topic can influence the writing.

When Danny writes about SPARQL, the RDF query language, he uses a different tone and style then when he writes about Sparql–his cat. When I write about RDF, I don’t use the same tone or style of writing as I do when writing about the Ozarks. It’s not that we’re deliberately suppressing our unique styles; it’s that when writing about technology, it’s difficult to pack a great deal of personality into a paragraph, and still be able to provide coverage of the topic.

This leads me to another part of what Kathy mentioned: how granular can one go and still be able to recognize a specific person’s writing. Since she mentioned ‘paragraph’ I decided to visit the archives of some webloggers who I read regularly and pull a paragraph–just one– from each to re-publish here sans name.

These are all people who I’ve referenced in posts in the last year. Can you identify the weblogger? I’ll provide answers annotated as references in a day or so.

(If you recognize yourself — hush up! Don’t tell! You’ll spoil the game.)

1. Jeneane Sessum

These are the times when I wish we had that place in the woods where we could bring each other ginger ale with ice, and warm soup with saltine crackers, maybe a medium cheese pizza late at night, a boxload of books, read to eachother, and tell wonderful stories about trips into town, the curious people we’d meet, with bags full of the weekly staples and furrowed foreheads, staring at us in wonder, wanting to ask: “Ya’ll aren’t from this neck of the woods, are you?”

2. The much missed Jonathon Delacour

I accept that male bloggers are less likely to link to female bloggers: whatever the topic being debated, technology-related or not. But I referred to “men’s alleged reluctance to link to women bloggers” because running through the entire discussion is the unstated assumption that, even though men might not be actively colluding to ignore women, the situation could be turned around if they were made aware of their “unfair” (albeit unconscious) behavior. Yet it is abundantly clear (to me, anyway) that linking practices have far less to do with gender than with deeply ingrained human behavior.

3. Lauren from Feministe

One aspect of blogging that fascinates me is the presence of an individual through words. On the Internet, if you cease writing, you cease to exist. You are only able to exert your Self if you remain an active participant. When you stop writing regularly, you cease to exist through a lack of writing and updates and a loss of readership. The audience’s presence becomes a type of motivation for writing, especially because it plays to our egos and narcissistic tendencies when a respected audience gives positive feedback. This idea interests me so much because I never thought that moving around charged particles on this plastic box could create community or help me grow as a person.

4. Joseph Duemer

The spider has now descended for the fourth time to the top of the legal-sized clipboard I use for a mouse pad & I’m pretty sure that he is engaged upon a huge engineering project: to anchor a web between the ceiling of my study & the shiny metal clip at the top of the clipboard. Because stuff gets moved around on my desk all the time the spider’s efforts are doomed to failure. I am not a good enough Buddhist to refrain from moving the clipboard until the spider moves on, but I am willing to wait & see what the situation looks like in the morning.

5. Yule Heibel

Because of course, when the men play, it’s called avant-gardism and innovation and it’s celebrated as another way to move the particular forward and make it all even more terrifically universal. But it’s always the male-controlled particular that’s advocated, it’s that particular which is allowed to modify the universal or collective bindingness. The female particular is brushed off as …well, as too particular. So tedious. So …male-bashing: this latter epithet is supposed to be the kiss of death, the ne plus ultra, but it’s really the final reveal of the man who has nothing left to say, sort of like a sad codpiece covering …nothing very much.

6. Sheila Lennon

Despite the lofty language, it’s Napster with fish, although simpler: You can’t control the type of fish you get. But if you could, if you could search the network for angelfish, for example, and even peek at what other fish the angelfish-owners might harbor, and bring them to your system, you’d have Napster. Fish files, music files, video files, it’s all just data.


’ll say more about this when I blog about reputation, which I hope to do this evening or tomorrow morning, but the cardinal point in all this is that the impetus for widespread acceptance of DigID will come when it feels like using a credit card. That is, no matter how porously insecure physical-world credit card transactions are (and there’s no mistaking their comically insecure character), a credit card feels safe to most users. A credit card resides in my pocket; I can choose to use it or pay with anonymously cash (sometimes—but the ideology of security tends of conceal the exceptions); my credit card has whoop-de-doo security features like a magnetic strip and a laser-etched hologram, a confirmation code printed on the opposite side, and my own signature right on it. These contribute to a sense that somehow physical-world credit cards are secure, but digital identity isn’t. Give Jack Public the feeling that DigID works like a credit card, and you’ll be most of the way home.

8. Don Park

I wonder why most blogs have no ads? We are not shy about recommending things, places, and products on our posts, so why not have ads for the recommended things, places, and products on our blogs? If it can be done easily and without losing control, bloggers can make money without selling out.

(Try this yourself with some of the webloggers you read. It’s interesting to read through people’s writing and seeing how much their voice changes from post to post, year to year.)

Standards Technology

What do you want from digital identity

Recovered from the Wayback Machine.

I removed the last paragraph from my last posting. It added nothing to the discussion and was unnecessarily snarky. Still, doing so doesn’t impact on the message threaded throughout the post that *I’m not supportive of universal (read that ‘federated’) digital identities.

I don’t believe there is a system that can’t be cracked. What I do believe is that there is a tradeoff between the willingness to spend time and energy in cracking a system, and how universally it’s used. One overall, agreed on universal digital identity system that every major financial, economic, government player has bought into seems to me to be a mighty big target. It’s not so much that it represents a widely used identity infrastructure; it’s that behind the infrastructure is some very tasty data.

Additionally, I’m not sure that there is demand for this type of overall identity. In the midst of these discussions, Johhanes Ernst posed the question: why do we want digital identity? Is it for seamless enterprise wide access? Is it to facilitate commerce? Eliminate the existing highly fractured state of security, with implementations that range from heavily robust to wide open?

I personally favor the concept of ’single sign-on’ where I can use the same name and passwords at different sites, without having to re-input my contact information, and without having to remember different connection information with each. Even then, I would most likely only use something like this with sites where the cost of exposure of the data is minimal. Though it would be tempting to want to store my credit card on my machine, and have a remote system handshake with my local computer to exchange the information without me having to do so, I don’t find the fact that I have to re-input the data with each purchase to be an overwhelming burden. Not to the point of storing this information on my machine–whether it is my dual Windows/Linux machine, or my Mac.

Work on enhancing the security of our data exchanges is a goodness; but the farther from my machine I can store sensitive data, the happier I’ll be. In this discussion, rather than focus on separating the specification of a security infrastructure from the implementation, I’d rather discuss separating the storage of the data from the transport.

(Of course, some companies require that you store your credit card information on their machines, but I don’t know how something like InfoCards would eliminate this–unless part of the architecture also provides an ‘on-demand’ request for the card information from the site back to us. )

To answer his own question, Johhanes sees digital identity as a way of empowering people:

So let me tell you what excites me about Digital Identity: it is the transformational power that Digital Identity can bring — assuming it is done right — to empower individuals and groups in ways that are highly desirable but impossible without. Or, in plain language: the new products and features that only can be built with Digital Identity and will be built as soon as we have it. And we will never look back.

I thought this, at first, had to do with authenticity, and establishing that we’re who we say we are. However, from the examples Johhanes lists, this doesn’t seem to be the case. Examples, such as Marc Cantor’s digital lifestyle aggregation, where all of our digital devices work out how to integrate themselves; and Johhanes own company’s software, which …is aware of the user’s immediate situation, and proactively supports them in that situation, instead of being just able to offer a bunch of remote websites that are very clueless about the user and thus not very helpful.

I don’t know that we need digital identity for the latter — I have extensions added to my browser that lets me know when a site has RDF/XML I can examine, or a syndication feed I can link to. I’d rather passively put easily discoverable information out on a site using established ‘hooks’ and then use generic discovery tools to find this data elsewhere, then build something in them reflecting my identity.

I don’t think the power of the internet is based on the concept that eventually, everyone will know your name. I think it’s based on the fact that everyone doesn’t know your name.

*There goes my planetary status on Planet Identity I imagine


You want we should what?

I’ve briefly mentioned Microsoft’s InfoCards, and chances are you may have heard snippets of it elsewhere. InfoCards is the company’s planned implementation of a digital identity infrastructure it terms “Identity Metasystem”.

Johannes Ernst of LID fame provides a good, plain language description and scenario for the concept. Though much of the details are still unknown, we do know that it’s possibly dependent on certain desktop and browser objects, is dependent on SOAP and what is known as the “Web Services Stack”, including WS-trust, WS-Security, WS-Policy, WS-Addressing, and several other services.

Reading all of this, Julian Bond responded with:

– User end requires Longhorn or an XP upgrade
– Depends on SOAP and the WS protocol stack
– Uses HTML OBJECT tag wth DLL support
– Multiple commercial licensing but with probably no open, free, license.

What’s sad about this is that Microsoft cannot separate the standards process from it’s commercial business. It’s completely unable to take a view that a larger market raises all boats. So I’m not at all surprised at the approach and I also predict loads of noise and very little implementation leading to another failure. I think the rest of us can safely ignore what they’re doing. While at the same time borrowing from all the excellent work that people like Kim Cameron are doing on the fundamental analysis of Identity.

And in a later post, he continues:

I’ve written here and on Kim Cameron’s and Marc Canter’s blogs that InfoCards is doomed because MS cannot implement a standard that is genuinely open. They’re completely stuck in architecting something that relies on ActiveX, Internet Explorer and the WS-Stack of SOAP protocols. It’s completely understandable why they do this. But it’s also just about guaranteed to fail. The reliance on ActiveX and IE rejects macs, linux and firefox on the desktop. The reliance on the WS-Stack rejects PHP/PERL/Python on the server and it probably rejects Java as well because interop with plain old SOAP is patchy let alone the full stack. Basically, if you don’t use an MS development environment you can pretty much guess it won’t work. And compatibility or at least the ability to interop with things like SAML, PingID and Liberty is a noble goal, but I wouldn’t bet money on it unless I could afford large numbers of Accenture contractors.

Kim Cameron, the Microsoft architect behind the concept of ‘meta-identities’ responds, refuting some of the technical concerns that Julian expressed:

InfoCard does depend on SOAP and WS. But creating an interoperating stack is not difficult. People on non-windows clients will have open source implementations available to them. Such implementations are being built today (some exist).

As regards the license:

Again I will say that the IP will be available in a royalty-free license. We are working on using an existing license that is well accepted by the vast majority of people building software today.

However, much of Kim’s response seems to focus more on the fact that Julian has challenged InfoCards, rather than on specific issues. He writes:

I just don’t get Julian’s vibrations. We thought long and hard about how to make the client tremendously open to a plurality of identity technologies and operators. We’ve put it out there. It doesn’t require anyone to lay down their existing protocols – use whatever works for interacting with conventional clients. But let’s give the end user a better, safer and more comprehensible mechanism for taking control of her identity.

In this, Julian, why not work with us? The laws are not abstract things. This is the time when we need to change the Internet so it comes into accord with them. Not every aspect of these proposals may be exactly as you would wish. But please consider the great complexity of “weaving” a solution here, garnering support across all the consitutencies, and consider again why you would walk away from this opportunity.

In some ways, Kim’s response to Julian reminds me of the response (or lack of one) to the recent challenge to Creative Commons: how could we possibly challenge something so overwhelmingly good?

(Personally, I’ve always thought that challenges are best when made before the champagne is popped, rather than after, but that’s me.)

Regardless, like Julian I’m hesitant about buying into a universal digital identity system of which key components of said system are held by a single non-public entity. This is my concern about using LID, as lightweight and open as this system is; this remains an even stronger concern with InfoCards.

It’s not that I believe that Microsoft is inherently evil. How can I? I spent a great deal of my professional life working on Microsoft-related technologies. In fact, much of my livelihood in the past was due, directly or indirectly, to Microsoft. If I call Microsoft ‘evil’ than I must take responsibility for having spread evil, and the use of evil.

No, I don’t think Microsoft is evil, but I do think the company is arrogant–an arrogance reflected in the company decisions. We have only to look at how long Internet Explorer lived in the crippled 6.x version after Microsoft achieved success over Netscape, to realize that though the company is inspired–brilliantly at times– by competition, it becomes complacent, even lazy, when said competition is routed.

Now Microsoft is asking that we buy into a proprietary architecture governing a technology as sensitive as digital identities, with only a given assurance that the company will act benevolently. More, the company is asking that we believe it will act consistently. Though it may apply a liberal software license that allows others to implement the architecture, there’s nothing in a royalty free license to prevent Microsoft from implementing a sudden and not necessarily backwards compatible change in direction–as was demonstrated when the company rolled out .NET.

Joining the dialog, Doc Searls wrote a post titled Some Questions of the Identity Metasystem. Specifically, he addressed the issue of separation of specification and implementation:

I think what we have here (looking at Johannes’ and Julian’s posts, which are representative of questions I hear quite often elsewhere) is an insufficient distinction between an open environment (Identity Metasystem) and one vendor’s implementation inside that environnmemt (InfoCard). Because both come from Microsoft, it’s easy to conflate the two.

From the beginning of these conversations, Kim has made it clear to me that he (and Microsoft) want to see other implementations on other platforms, to demonstrate the open and inclusive nature of the metasystem, and to invite more implementations into the marketplace.

I have no doubts that Microsoft wants acceptance and adoption of this system within the open source and other environments. There would have to be implementations in other platforms for some major players in the commerce market to buy into the infrastructure. Though I don’t care for SOAP, and am disconcerted by the heavy metal of web services necessary for the implementation of this Identity Metasystem, I do understand the concerns that have been expressed with alternatives, such as HTTP and SSL. Given time I do think we can overcome the current technical obstacles integrating the Web Services into open and lightweight environments such as the ones running this weblog.

The issue, though, isn’t the technology; it’s not even the license. It’s the surprising fact that in all of this discussion, there seems to be an assumption that the average person is willing to input sensitive information, such as the following, into a digital identity–a digital identity which will then be stored on in their internet-enabled personal computer, bits of which to be passed around from site to site:

Full name
Home and Work address
Family member information
Credit and Debit cards
Bank information
Driver’s license and passport
Date and location of birth
Access names and passwords, as well as other digital security data


History of activity, including:

Purchases at all online stores
Membership in various organizations, online or off
Trip and traveling information
Political and social activities
Friends and associates

Microsoft’s old foray into digital security, Passport, was rejected because the data was centralized and outside individual control. Now the data is distributed, tucked away into individual machines and under the control of you and me. Being distributed, though, does you no good when your computer is wired to the world and the back door is open.

When Longhorn is released with InfoCard as part of it, it will effectively be the target of every hacker–benevolent or not–in the free and not so free world. Microsoft is banking the success of InfoCards on a corporate belief that its engineers can create what is, in effect, a crack proof system. It, and those others who implement the “non-Windows” components of this new Identity Metasystem, are also banking on the fact that we agree.


Integrated metadata

As you may, or may not, have noticed, I’ve been integrating various pieces of metadata into the site, primarily into each individual post. Eventually I’ll remove the ‘meta’ option for each page, and just provide a machine consumable RDF/XML option — the humanly readable components will show directly.

Right now I’m creating a plugin in that pulls the links within a post and adds these into the metadata as references associated with the post. I’ve also added a form that allows me to add references that aren’t linked in the post (and which are printed out at the end of the post).

I’m playing around with tags and other odds and ends, but I wish I could find the right combination of data and implementation to really effectively demonstrate how all this holds together.