With the new year coming up, I’m feeling motivated to blog a bit about where I see 2idi going in the next year. The first quarter of next year will see the launch of the “Global Registry Services for I-Names and I-Numbers” (GRS) by Cordance and Neustar, under the governance of XDI.org. At that point, the EGS program will officially come to an end, and global i-name resolution will be transferred to the Neustar authority servers. 2idi plans to continue to offer i-broker services to the EGS registrants, and will very likely be grandfathered in as a global i-names accredited registrar.

Meanwhile, under the covers changes have been brewing. We have had a year of real life experience with i-names, and we’ve come to some tentative conclusions. The most important of these conclusions is that selling identity services to end users is still a very immature market, and may take longer than we thought to become viable. Meanwhile there are compelling opportunities in the immediate future, through which we will develop required infrastructure, while at the same time providing much needed services, educating and inspiring end users, and sustaining our business.

The real interest in identity services that we are seeing right now is from organizations and businesses who see it as a means to accomplish two things. The first serves an immediate need, to glue web service applications together within and across organizations.

Imagine that you are a non-profit organization that has created a website where you can sign up members, and allow them to log in and create a personal profile. Now you wish to provide them with collaboration tools - blogs, wiki, mailing lists, etc. There are many excellent open source versions of these tools, so it would be pointless to recreate them yourself, except for one reason: you want your users to be able to log into the main website, and then access these tools as logged in users. The user experience should be that it’s all part of the same organizational website.

Third party authentication (an i-broker) solves this problem. Log in at any entry point in this constellation of online tools, and your experience is that you are logged in everywhere. Each tool has a menu of links to the other tools and the main website, and each one of these external menu items encodes the i-name you logged in with. When you arrive at another part of the site, the presence of that i-name in the link triggers an authentication redirect to the i-broker. Because you are already logged in, the i-broker instantly redirects you back to the application — the experience is that you are just logged in everywhere. (The exact methodology is described at http://ibroker.idcommons.net/moin.cgi/SingleSignOn - it will be evolving in the near future.)

In most cases, you will also have a need to ascertain that your user, now that you are sure of their identity, is authorized to access the particular service. This can be accomplished as a background request between applications and the main site, but for this to work, you must have robustly identified your user first, in a way that the authorizing agent understands. I-names and their associated i-numbers make this easy. (I-numbers are non-reassignable permanent identifiers.)

There is one more point I’d like to make about this, and it is the part that excites me the most. There is no reason why gluing applications together as I have described cannot happen just as seamlessly across organizational boundaries when desired, enabling various organizations to work collaboratively on projects in a very agile manner.

rent a car bulgaria

The second opportunity is more forward looking - to bust community based reputation out of the single web service jail.

I have described how robust identity facilitates authorization across applications and even across organizational domains. Authorization can be thought of as a very limited form of reputation. If org B asks org A if a certain user is authorized to access a wiki, a positive response is in effect saying that this user is a member in good standing of org A - a little chunk of reputation.

It’s an easy leap to imagine aggregating my membership-in-good-standing in various organizations with my seller’s reputation on Ebay, my reviewer’s reputation on Amazon, and my proxies on Smartocracy to produce a kind of community credit rating (or Whuffie, if you’re a fan of “Down and Out in the Magic Kingdom”).

Of course, this is very sensitive and must absolutely be under the user’s control. There are parts of my life that I may not wish to share in other settings. There is a balance that free societies must achieve between what others must be able to know about you to make an informed trust decision, and what you must be able to keep to yourself in order to live your life as you choose. 2idi is dedicated to guiding the evolution of this technology in a direction that supports this balance.

There is a lot of architecture and coding work happening behind the scenes right now to facilitate these possibilities. We see community i-brokers being less monolithic, more modular, and more distributed and tightly bound to specific organizations while able to share authentication with each other under the user’s control. We see various services as modules, talking to the i-broker but not part of it. I’ll be blogging more about the specifics in the near future.

This is primarily a (technical) usability release with many small changes in the Service Provider Interface Toolkit (aka SPIT) API, contact page enhancements including a new reply capability, and a normalized i-number database (harmonizing the first three versions into what we believe is a solid fourth version of the i-number specification). In addition, this blog is i-name enabled (via the SPIT API and a Wordpress plugin that Mike wrote) allowing comments from anyone with an i-name.

Big shout-outs to Michael Mell and Victor Grey who led the way towards the creation of what may be the last pre-SAML F/OSS (Free and Open Source Software) i-broker code releases. Look for big things coming down the pike as we upgrade our single sign-on protocols to be SAML-2.0 compliant. (And for those looking at the UI and not seeing much -if any- improvement, have no fear as that’s where we’re headed with the next release.)

As usual, the code can be downloaded from our subversion repository using the commands found at this link.

2idi is committed to the creation of a free and open source implementation of a dataweb services provider, also known as an i-broker, unencumbered by intellectual property or other restrictions. Simply put, in order for people to have control, they must have a choice regarding not only who can see their data, for what purpose and how that data is used, but also where it is stored and by whom it will be managed. So our software MUST be open source in order to ensure that our customers have that choice. If we did anything to “lock in” our customers, it would be against this very purpose.

It is through this transparency that we plan to prosper - by creating a brand that is stable, secure, open and thus deserving of trust. We understand that anyone making disclosures of personal or otherwise sensitive information must feel safe from harm, real or imagined. Once people have a place they can trust, they can choose to “open up” in order to receive desired services, make better connections and work together more effectively.

Our goal is to make this technology so safe that even we - the owners of this system - could not pry into people’s lives - or retrieve their Real Names - without their consent. Such trust and safety offers unparalleled opportunities for matching, social networking, cooperation and true, permission-based marketing in ways as yet unavailable without total loss of control over one’s personal information.

All of our “proprietary” software extensions will be licensed under the Affero General Public License that will guarantee that even our premium services are not capable of locking in our customers should they choose - for whatever reason - to migrate their data elsewhere. We plan to gain our customer’s trust because we are trust worthy.

2idi has actively engaged with partners spanning the corporate and non-profit worlds to get them up and running with our free and open source code base. Our plan is to see some other i-brokers in operation this summer, which will help to fulfil our purpose of giving people increased choice.

Technical highlights of this release:

• We can now register community i-names and i-name enable sites
• Single sign-on has been substantially revamped, including:

• simplified installation for service providers
• a new single-click logout process
• architectural changes for increased SAML interoperability

Code and developer information is available on our wiki. Contact us via our @2idi*contact page.

• I-name single sign-on (ISSO) is fully functional and ready to be integrated into other service providers. Watch this space for news of sites that go live with ISSO.
• Community registries are enabled and ready to go. This means free i-names for communities! The UI to administer these still needs some work, but we can authenticate community i-names wherever global i-names can be used.
• More modular code base. The resolver, service provider interface toolkit, and various services modules have been separated from the main branch. And install script has been written and the code has even been known to run on Windows 2000 Server and IIS (not always sure that is a good thing, but hey - we’re into inter-operability).
• And many more code tweaks and features aimed towards portability and general usage. (We still have some UI areas then need to be factored into e.g. MVC hint hint )

The code is all still beta, but i-names created now will be usable for as long as you wish to keep them. With this release we start down the path towards being a fully decentralized platform with no required central points of control - other than local authorities that you and your communities may agree upon.

Where are we going with this? Our goal - first and foremost - is to create a system that gives people total control over their identity related transactions. Beyond that, check out our open source vision. Let us know if you’d like to help!

Our commitment is to creating tools that create a win-win for the world - giving people control over their personal information while lowering barriers to entry for service providers, through single sign-on and i-broker negotiated data sharing. We will also be working closely with Identity Commons to develop mechanisms for community feedback and chaordic governance so that we can create the most useful tools. There’s a lot more coming down the pike - stay tuned!