Category: Technology

Categories
Web

Breaking out all Web 2.0 week

I don’t care if the weather is hot enough to burn you when you touch metal, I have to get out for some walks or go mad. And if I continue going mad, like I have been, I’ll chase you all away and then what value will I be?

Catarina from Flickr just announced a beta test for Yahoo’s new My Web 2.0. This follows on iTunes podcasting and Microsoft’s RSS — we’re busting out microformats and social networks all over.

There is an interesting twist to Yahoo’s My Web 2.0: your search results can be impacted by those who are in your community list. I’m still not sure about how this works, but if anyone wants to try this out with me, send me an email and I’ll send you an invite. Or you if you want, you can invite me. My Yahoo email address is p2psmoke.

I can see issues with search results being impacted by your community, and the fact that doesn’t this narrow our world vision rather than broaden it. But I’ve been critical of all this Web 2.0 technology all week, and this isn’t done, so I’m not doing it.

Categories
Technology

Bubble wrap up

I’m not going to be spending a lot of time on the the topic of Microsoft’s embrace of RSS, primarily because the implementation of much of this stretches too far out into the future. When the tech hits my hands, then I’ll kick the tires, and look under the hood.

I will say that I found the Microsoft examples of their RSS integration to be less than compelling: updates of calendars in Outlook and subscribing to Amazon wishlists. The former is just ActiveX subscriptions all over again; the latter seems more geared to bringing in the Amazon name than demonstrating anything particularly useful.

I can’t help thinking that, just like years ago when Microsoft realized it was late to the browser games, it’s now discovered it’s late to the syndication party. To make up for it, the company hopes to do something bigger and better: to redefine what a ‘feed’ really means, and in the process remind people not to forget who the Big Dog is. Yet I just don’t find the effort to be exciting.

I remember when Microsoft entered the browser wars, it did so with such a bang. It brought a lot of innovation to the concept of ‘web browser’: integration with the desktop, DHTML, object models, and even early work with CSS. It was the first browser to drop support for BLINK.

Along the way, though, it also wrecked havoc with its proprietary extensions and implementations–damage we’re still feeling today. Perhaps that’s why much of the positive feedback about the announcement yesterday is more along the lines of, “Wow, Microsoft hasn’t tried to take ownership of RSS. I’m impressed. And it’s honoring the CC license, too. Golly.”

In other words, Microsoft isn’t causing harm with its effort. Whew! Let’s wipe our brows, that was a close one! I ’spect, though, that some of the stronger proponents of this move will be changing their mind on the goodness of this effort in about 2-4 months time. Tops. (Maybe less.)

In the meantime, Atom is moving forward to its first release, and other XML vocabularies are appearing in new or increased uses. Even us bastard XMLers, the RDF clan, are actually doing something useful with our unreadable and indecipherable specification. We just don’t get stage space at Gnomedex.

While Microsoft has stood still, the world has moved on: Gimp, OpenOffice, Atom, LID, podcasting, Mac OS X built on BSD, Ubuntu Linux, NeoOffice, RDF, Firefox, MySQL, PHP, REST, WordPress, even Ajax–light, open, tasty little nibbles in a world suffering a surfeit of heavy metal infrastructures. We’ve moved on.

Microsoft’s RSS team has worked hard, and I respect their efforts. I enjoyed seeing their enthusiasm in the Channel 9 video, and I hope the company gives them space to do something exciting. The photo integration demonstration was one of the more interesting ones, but even that, as they say themselves, is dependent on bandwidth and copyright issues. Also the fact that most folks use PhotoShop or Gimp, though I imagine a plugin could be created to work with these non-Microsoft tools. Come to think of it — you could traverse feeds to pages and scrape the images to pop up into PS or Gimp now, wouldn’t have to wait for them to appear in enclosures. Or Microsoft, for that matter.

Eighteen months to see most of this rolled out is a long, long time. Especially when Microsoft is already eighteen months too late.

Categories
Web Writing

Dusting off the poet

It’s been a long time since I’ve indulged in any poetry at the site. Been a long time since I’ve haunted poets.org to look for just the right verse to suit a picture or a mood.

This week, I oiled my inner poet and set it on its creaky way only to find out that poets.org has undergone a rather significant reorganization. Faced with ‘new’ and wondering if there was anything in there for the inner geek as well as the inner poet, I explored about.

One new feature, or at least, new to me, is many of the poems now is have a topic association. For instance, if a poem is related to aging, other poems related to this topic are listed in the sidebar. This goes beyond groupings of poem by poet, period, and era. It definitely goes beyond keyword searches. It’s given me much thought, and new ideas, in my own continuing search for the case-insensitive semantic web.

The site also has a listening booth, though perhaps it already had this and I didn’t notice. Anyway, the listening book contains readings by poets and readings about poets, including my favorite Dylan Thomas.

Having satisfied the geek, at least for the moment, I returned to the poet, though poet is inaccurate and even a conceit, because I can barely walk and talk at the same time, much less rhyme. If, though, code is poetry, then I wield a mean curly bracket with the best of them. As for loops, you should see me loop–sexiest thing since fishnet stockings.

Returning to my poet, I accessed the improved search engine and searched on the keyword “words”; finding not one but two really great poems from contemporary poets among those returned. Since I’ve been remiss in letting my inner poet out for a walk, I’ll publish both.

Sorry, no photos to accompany the works. The weather continues in the 90s and heavily humid, and I have had no desire to sweat and puddle my way through new venues (though I must break out of my cave tomorrow morning before I bite the cat from cabin fever).

A Quick One Before I Go by David Lehman

There comes a time in every man’s life

when he thinks: I have never had a single

original thought in my life

including this one & therefore I shall

eliminate all ideas from my poems

which shall consist of cats, rice, rain

baseball cards, fire escapes, hanging plants

red brick houses where I shall give up booze

and organized religion even if it means

despair is a logical possibility that can’t

be disproved I shall concentrate on the five

senses and what they half perceive and half

create, the green street signs with white

letters on them the body next to mine

asleep while I think these thoughts

that I want to eliminate like nostalgia

0 was there ever a man who felt as I do

like a pronoun out of step with all the other

floating signifiers no things but in words

an orange T-shirt a lime green awning

How can you not love a poem that has a line like o was there ever a man who felt as I do like a pronoun out of step with all the other floating signifiers? This poem should be required reading for everyone who has found the truth. Then it should be required for everyone who thinks they have lost it.

All She Wrote by Harryette Mullen

Forgive me, I’m no good at this. I can’t write back. I never read your letter.

I can’t say I got your note. I haven’t had the strength to open the envelope.

The mail stacks up by the door. Your hand’s illegible. Your postcards were

defaced. Wash your wet hair? Any document you meant to send has yet to

reach me. The untied parcel service never delivered. I regret to say I’m

unable to reply to your unexpressed desires. I didn’t get the book you sent.

By the way, my computer was stolen. Now I’m unable to process words. I

suffer from aphasia. I’ve just returned from Kenya and Korea. Didn’t you

get a card from me yet? What can I tell you? I forgot what I was going to

say. I still can’t find a pen that works and then I broke my pencil. You know

how scarce paper is these days. I admit I haven’t been recycling. I never

have time to read the Times. I’m out of shopping bags to put the old news

in. I didn’t get to the market. I meant to clip the coupons. I haven’t read

the mail yet. I can’t get out the door to work, so I called in sick. I went to

bed with writer’s cramp. If I couldn’t get back to writing, I thought I’d catch

up on my reading. Then Oprah came on with a fabulous author plugging

her best selling book.

Another brilliant line and somewhat, oddly sad: I regret to say I’m unable to reply to your unexpressed desires. But now I have a highly original way of apologizing for unanswered email. What is your excuse?

Categories
Standards Technology

What do you want from digital identity

Recovered from the Wayback Machine.

I removed the last paragraph from my last posting. It added nothing to the discussion and was unnecessarily snarky. Still, doing so doesn’t impact on the message threaded throughout the post that *I’m not supportive of universal (read that ‘federated’) digital identities.

I don’t believe there is a system that can’t be cracked. What I do believe is that there is a tradeoff between the willingness to spend time and energy in cracking a system, and how universally it’s used. One overall, agreed on universal digital identity system that every major financial, economic, government player has bought into seems to me to be a mighty big target. It’s not so much that it represents a widely used identity infrastructure; it’s that behind the infrastructure is some very tasty data.

Additionally, I’m not sure that there is demand for this type of overall identity. In the midst of these discussions, Johhanes Ernst posed the question: why do we want digital identity? Is it for seamless enterprise wide access? Is it to facilitate commerce? Eliminate the existing highly fractured state of security, with implementations that range from heavily robust to wide open?

I personally favor the concept of ’single sign-on’ where I can use the same name and passwords at different sites, without having to re-input my contact information, and without having to remember different connection information with each. Even then, I would most likely only use something like this with sites where the cost of exposure of the data is minimal. Though it would be tempting to want to store my credit card on my machine, and have a remote system handshake with my local computer to exchange the information without me having to do so, I don’t find the fact that I have to re-input the data with each purchase to be an overwhelming burden. Not to the point of storing this information on my machine–whether it is my dual Windows/Linux machine, or my Mac.

Work on enhancing the security of our data exchanges is a goodness; but the farther from my machine I can store sensitive data, the happier I’ll be. In this discussion, rather than focus on separating the specification of a security infrastructure from the implementation, I’d rather discuss separating the storage of the data from the transport.

(Of course, some companies require that you store your credit card information on their machines, but I don’t know how something like InfoCards would eliminate this–unless part of the architecture also provides an ‘on-demand’ request for the card information from the site back to us. )

To answer his own question, Johhanes sees digital identity as a way of empowering people:

So let me tell you what excites me about Digital Identity: it is the transformational power that Digital Identity can bring — assuming it is done right — to empower individuals and groups in ways that are highly desirable but impossible without. Or, in plain language: the new products and features that only can be built with Digital Identity and will be built as soon as we have it. And we will never look back.

I thought this, at first, had to do with authenticity, and establishing that we’re who we say we are. However, from the examples Johhanes lists, this doesn’t seem to be the case. Examples, such as Marc Cantor’s digital lifestyle aggregation, where all of our digital devices work out how to integrate themselves; and Johhanes own company’s software, which …is aware of the user’s immediate situation, and proactively supports them in that situation, instead of being just able to offer a bunch of remote websites that are very clueless about the user and thus not very helpful.

I don’t know that we need digital identity for the latter — I have extensions added to my browser that lets me know when a site has RDF/XML I can examine, or a syndication feed I can link to. I’d rather passively put easily discoverable information out on a site using established ‘hooks’ and then use generic discovery tools to find this data elsewhere, then build something in them reflecting my identity.

I don’t think the power of the internet is based on the concept that eventually, everyone will know your name. I think it’s based on the fact that everyone doesn’t know your name.

*There goes my planetary status on Planet Identity I imagine

Categories
Technology

You want we should what?

I’ve briefly mentioned Microsoft’s InfoCards, and chances are you may have heard snippets of it elsewhere. InfoCards is the company’s planned implementation of a digital identity infrastructure it terms “Identity Metasystem”.

Johannes Ernst of LID fame provides a good, plain language description and scenario for the concept. Though much of the details are still unknown, we do know that it’s possibly dependent on certain desktop and browser objects, is dependent on SOAP and what is known as the “Web Services Stack”, including WS-trust, WS-Security, WS-Policy, WS-Addressing, and several other services.


Reading all of this, Julian Bond responded with:

So:
– User end requires Longhorn or an XP upgrade
– Depends on SOAP and the WS protocol stack
– Uses HTML OBJECT tag wth DLL support
– Multiple commercial licensing but with probably no open, free, license.

What’s sad about this is that Microsoft cannot separate the standards process from it’s commercial business. It’s completely unable to take a view that a larger market raises all boats. So I’m not at all surprised at the approach and I also predict loads of noise and very little implementation leading to another failure. I think the rest of us can safely ignore what they’re doing. While at the same time borrowing from all the excellent work that people like Kim Cameron are doing on the fundamental analysis of Identity.

And in a later post, he continues:

I’ve written here and on Kim Cameron’s and Marc Canter’s blogs that InfoCards is doomed because MS cannot implement a standard that is genuinely open. They’re completely stuck in architecting something that relies on ActiveX, Internet Explorer and the WS-Stack of SOAP protocols. It’s completely understandable why they do this. But it’s also just about guaranteed to fail. The reliance on ActiveX and IE rejects macs, linux and firefox on the desktop. The reliance on the WS-Stack rejects PHP/PERL/Python on the server and it probably rejects Java as well because interop with plain old SOAP is patchy let alone the full stack. Basically, if you don’t use an MS development environment you can pretty much guess it won’t work. And compatibility or at least the ability to interop with things like SAML, PingID and Liberty is a noble goal, but I wouldn’t bet money on it unless I could afford large numbers of Accenture contractors.

Kim Cameron, the Microsoft architect behind the concept of ‘meta-identities’ responds, refuting some of the technical concerns that Julian expressed:

InfoCard does depend on SOAP and WS. But creating an interoperating stack is not difficult. People on non-windows clients will have open source implementations available to them. Such implementations are being built today (some exist).

As regards the license:

Again I will say that the IP will be available in a royalty-free license. We are working on using an existing license that is well accepted by the vast majority of people building software today.

However, much of Kim’s response seems to focus more on the fact that Julian has challenged InfoCards, rather than on specific issues. He writes:

I just don’t get Julian’s vibrations. We thought long and hard about how to make the client tremendously open to a plurality of identity technologies and operators. We’ve put it out there. It doesn’t require anyone to lay down their existing protocols – use whatever works for interacting with conventional clients. But let’s give the end user a better, safer and more comprehensible mechanism for taking control of her identity.

In this, Julian, why not work with us? The laws are not abstract things. This is the time when we need to change the Internet so it comes into accord with them. Not every aspect of these proposals may be exactly as you would wish. But please consider the great complexity of “weaving” a solution here, garnering support across all the consitutencies, and consider again why you would walk away from this opportunity.

In some ways, Kim’s response to Julian reminds me of the response (or lack of one) to the recent challenge to Creative Commons: how could we possibly challenge something so overwhelmingly good?

(Personally, I’ve always thought that challenges are best when made before the champagne is popped, rather than after, but that’s me.)

Regardless, like Julian I’m hesitant about buying into a universal digital identity system of which key components of said system are held by a single non-public entity. This is my concern about using LID, as lightweight and open as this system is; this remains an even stronger concern with InfoCards.

It’s not that I believe that Microsoft is inherently evil. How can I? I spent a great deal of my professional life working on Microsoft-related technologies. In fact, much of my livelihood in the past was due, directly or indirectly, to Microsoft. If I call Microsoft ‘evil’ than I must take responsibility for having spread evil, and the use of evil.

No, I don’t think Microsoft is evil, but I do think the company is arrogant–an arrogance reflected in the company decisions. We have only to look at how long Internet Explorer lived in the crippled 6.x version after Microsoft achieved success over Netscape, to realize that though the company is inspired–brilliantly at times– by competition, it becomes complacent, even lazy, when said competition is routed.

Now Microsoft is asking that we buy into a proprietary architecture governing a technology as sensitive as digital identities, with only a given assurance that the company will act benevolently. More, the company is asking that we believe it will act consistently. Though it may apply a liberal software license that allows others to implement the architecture, there’s nothing in a royalty free license to prevent Microsoft from implementing a sudden and not necessarily backwards compatible change in direction–as was demonstrated when the company rolled out .NET.

Joining the dialog, Doc Searls wrote a post titled Some Questions of the Identity Metasystem. Specifically, he addressed the issue of separation of specification and implementation:

I think what we have here (looking at Johannes’ and Julian’s posts, which are representative of questions I hear quite often elsewhere) is an insufficient distinction between an open environment (Identity Metasystem) and one vendor’s implementation inside that environnmemt (InfoCard). Because both come from Microsoft, it’s easy to conflate the two.

From the beginning of these conversations, Kim has made it clear to me that he (and Microsoft) want to see other implementations on other platforms, to demonstrate the open and inclusive nature of the metasystem, and to invite more implementations into the marketplace.

I have no doubts that Microsoft wants acceptance and adoption of this system within the open source and other environments. There would have to be implementations in other platforms for some major players in the commerce market to buy into the infrastructure. Though I don’t care for SOAP, and am disconcerted by the heavy metal of web services necessary for the implementation of this Identity Metasystem, I do understand the concerns that have been expressed with alternatives, such as HTTP and SSL. Given time I do think we can overcome the current technical obstacles integrating the Web Services into open and lightweight environments such as the ones running this weblog.

The issue, though, isn’t the technology; it’s not even the license. It’s the surprising fact that in all of this discussion, there seems to be an assumption that the average person is willing to input sensitive information, such as the following, into a digital identity–a digital identity which will then be stored on in their internet-enabled personal computer, bits of which to be passed around from site to site:

Full name
Home and Work address
Family member information
Credit and Debit cards
Bank information
Driver’s license and passport
Date and location of birth
Access names and passwords, as well as other digital security data

-and-

History of activity, including:

Purchases at all online stores
Membership in various organizations, online or off
Trip and traveling information
Political and social activities
Friends and associates

Microsoft’s old foray into digital security, Passport, was rejected because the data was centralized and outside individual control. Now the data is distributed, tucked away into individual machines and under the control of you and me. Being distributed, though, does you no good when your computer is wired to the world and the back door is open.

When Longhorn is released with InfoCard as part of it, it will effectively be the target of every hacker–benevolent or not–in the free and not so free world. Microsoft is banking the success of InfoCards on a corporate belief that its engineers can create what is, in effect, a crack proof system. It, and those others who implement the “non-Windows” components of this new Identity Metasystem, are also banking on the fact that we agree.