Digital identity, the semantic web, and Internet governance

Consider Eliyon, a company that's gathered public information about more than 22 million people to support sales, recruiting, and other applications. As it turns out, I am several of those people. In addition to my current title, InfoWorld Test Center lead analyst, I show up as executive editor of Byte Magazine and contributor to Linux Magazine. And while those were once accurate descriptions of me, I have never been a member of Blue Titan's board of advisors, and I am not the inventor of RSS.

It's true I could register with the site, coalesce my correct identities, and purge the wrong ones. But authenticating with a credit card in order to update a profile that Eliyon owns is a nonstarter for me. Back in June, on my weblog, I suggested the alternative that would suit me: I'll maintain my own profile on the Web and syndicate my data to anyone who needs it.

Semantic Web naysayers think people and organizations can't be bothered to assert machine-readable facts about themselves. And, today, that is undoubtedly true. But when others assert facts about you -- as they increasingly will -- the tide could begin to turn. Individual acts of self-defense may ultimately combine to bootstrap the semantic Web. [Full story at InfoWorld.com]

I was reminded of the twin themes of this column -- digital identity and the semantic web -- when Sean McGrath pointed to John Sowa's essay The Law of Standards which states:

Whenever a major organization develops a new system as an official standard for X, the primary result is the widespread adoption of some simpler system as a de facto standard for X.
My guess is that we'll see a de facto alternative to the W3C's proposed semantic-web standards -- Web Ontology Language and RDF. Likewise, having spent more hours than I care to admit poring over specs and architecture diagrams from the Passport, Shibboleth, Liberty, and WS-Federation projects, I suspect (as does Doc Searls) that some other identity standard will prevail.

As Doc's article noted, two grassroots alternatives emerged at the DigitalID World conference this fall: IdentityCommons and Sxip Networks. Both, in different ways, aim to empower me to assert facts about myself and to control the syndication of that data. In the case of IdentityCommons, I buy this service directly, licensing a permanent i-name through which I co-ordinate the activities of identity providers and service providers. In the case of Sxip, the service is free to me as an individual -- it's the identity providers and service providers who pay a licensing fee.

In both cases, the reference business model is explicitly that of DNS.

IdentityCommons: "The i-names will eventually be similar to DNS names in pricing, for people in the $10/year range." [IdentityCommons' Owen Davis: ITConversations interview]
Sxip: "Our business model is that member sites pay a fee along the lines of a domain name registration to be part of the network, and a home site pays a fee along the lines of an SSL certificate to be part of the Sxip network." [Sxip Networks' Dick Hardt: ITConversations interview]

As we contemplate the invention of new DNS-like systems, let's bear in mind this wonderful quote from former UUNet chief scientist Mike O'Dell, which I found by way of Tim O'Reilly's blog. In an email to Dave Farber's mailing list entitled "DNS Governance" - the 4 bugs, O'Dell wrote:

the first bug was creating a structure which *needs* governance

the second bug was creating a monopoly to own the structure

the third bug was creating yet another monopoly to provide "governance"

and the fourth bug is not adopting distributed system technology to render the other three bugs irrelevant.

Admittedly that last bit smacks of handwaving. I have no idea whether, or how, "distributed system technology" might finesse the governance issue. But it's a challenge worth pondering.


Former URL: http://weblog.infoworld.com/udell/2004/12/07.html#a1128