Gluu Blog

School Ring Federation

2/7/12

At a high level, this blog is about how xdiCoin and XDI messaging could be used to support OpenID Connect 1.0 multi-party federations.

The interactions between individuals and organizations has become increasingly complex. By using xdiCoin for addressing, and XDI for messaging, people or organizations can create data federations. Federations will enable simplification of trust by standardizing the vocabulary, policies and operating procedures for the respective data sharing relationship.

While talking with Denise Tayloe from Privo last week, I realized there is a chicken and the egg problem with identifiers. As soon as kids have a coin, I realized that the most important trust ring to draw is your Family Ring.

The Family Rings solves two problems I’ve been thinking about recently (1) how do my children interact with companies (Lego, Moshi Monsters, etc) (2) how do my kids interact with the school. In order to manage these relationships, the organizations in question need to understand that I am the parent.

The School Ring is my idea to show the potential opportunities for federation. oxPlus is a private social networking application for a K-12 school that we wrote as part of the project with ID3. We are planning to re-launch oxPlus on a new public website. We will re-brand it, and enable open registration (which will help for the OpenID Connect 1.0 Interop).

With open registration, people can obtain OpenID Connect 1.0 credentials and an XDI Data Vault. XDI is used to store the parent child relationships. oxPlus also provides tools to create a school in XDI. Even a homeschooling parent could register their own school, specify that they are the teacher, and point to their kids as the students.

This type of standardization enables kids to receive services (with their parents consent), and for schools to make data available “up the stream,” within the confines of the rules of the federation. This is how governments can get real time test scores and access to richer content. Improved inter-operability would also help students who move to a new district or state, giving the receiving educators a better understanding of a students capabilities on an apples:apples basis.

The Currency of Identifiers

2/6/12

I’ve been procrastinating writing this blog for a while, but after having lunch today with the artist Brian Phillips, he showed me one of his paintings which inspired me to give it a shot. The piece to the left, “Beg, Steal or Borrow” is a good example of his work which usually involves found materials, an uncanny knack for design, and a good sense of humor. I’ve been talking about his huge Viking painting ever since the East tour ended, and I’m hoping that it may end up in my office (which is converting to a part-time Gallery) during SXSW. “Beg, steal or borrow” is exactly how our personal data is currently extracted from us: (1) First our friends “beg” us to get on the latest social network; (2) then these social networks steal our data and sell it on the open market; (3) then we borrow it back from the social networks (if we’re lucky). But maybe the painting also conveys the change that is in the air: if enough people realize that our data is being stolen, perhaps we can recapture some of the value, like the dollars and coins in the figure’s hands.

A new technology has emerged recently which leverages the resiliency of the Internet to enable distributed transactions: bitCoin. One of the features of this technology is that it enables me to tell that a coin has been transferred–that a transaction has occured. After a period of time, enough nodes can confirm this transaction to give me confidence that the transaction is now globally known.

I have proposed to the XDI.ORG trustees that one option is to restructure the XRI global registry based on an “xdiCoin” based solution (see the OX wiki for a slightly expanded discussion of xdiCoin.) A DNS name registration system has even been developed based on Bitcoin called nameCoin, which provides evidence that a digital currency’s use as a registry is possible (in lieu of a central ICANN-style registry).

A coin represents a globally resolvable identifier. It is equivalent to a DNS top level domain, like “.com” or “.ca” If you do not have a coin, you can only be addressed in the context of another coin. Like a dollar bill, the coin has a serial number. Unlike a dollar bill, it also has a user settable name. If you like, you can chose any name that hasn’t already been chosen by someone on the Internet.

There is a different currency for people and other entities like businesses or organizations.

Identity is a currency that has intrinsic value. This is why websites want to know who you are. In the old days, websites would verify your email. But more information is more valuable, so nowadays, it is not uncommon to be asked by websites to provide a mobile phone number to sign up for their “free” services. Google will even verify your postal address. There is a clear market for verified attributes. The more verified attributes we are able to correlate to identifiers, the more value can be obtained (hence Facebook’s optimistic market valuation.)

If identity is a currency, how can it be inter-operable? Currencies enable financial markets to inter-operate. Could identity currency enable websites to inter-operate? Coins take the complexity of macro-economic principles–for example the complexity of government policies and procedures as managed by the Federal Reserve Board–and distill them into something that a child can understand: a shiny round metal object that enables you to buy stuff. Wouldn’t it be great if identity were that simple?

Coins would enable people, organizations or other entities to stake out their portion of the Internet. They would have something they “own”, that is backed by the integrity of the system that regulates it. Attribute providers would have a starting point to bootstrap their various verification processes, which would differ depending on the type of coin: organizational, personal, or other.

I think this vision is aligned with the direction that many identity gurus think the market needs to transform: to a more open system of assured attributes rather than assured identities. By monetizing identifiers, perhaps the invisible hand of the market can achieve the socially desirable end to allow the recapture of value inherent in the content, networks, and other data that make up the digital infrastructure of a modern person or other entity.

As one last note, the goal for a solution like xdiCoin would be to issue an almost unlimited supply of coins. There should be no value to squatting on persistent non-re-assignable identifiers (i.e. long numbers).

XDI for Healthcare

2/3/12
XDI technology promises to solve several critical data federation challenges–security, inter-operability, and portability. By adopting XDI, cloud service providers could enable information to be made available more seamlessly to the people who need it, while allowing individuals to maintain a high level of control concerning access to the data. Neil McEvoy, an identity and personal data expert who is starting a new Kantara Initiative working group on Cloud Identity Best Practices, encouraged me to write a white paper on how data federation could be applied to use cases in the healthcare industry. He writes in his blog that technical standards will be critically important in healthcare because “these are the means by which patient record data is exchanged between different systems”

In the diagram above, using XDI, the patient would be able to view information from the health institution, create a local copy of the information, and share the information with his doctor by allowing access either to his personal data store, or authorizing the doctor to access the information directly from the health institution.

If XDI is secure enough for healthcare, it will be secure enough for lower value transactions like social networking and Internet messaging. The next goal for the Canada Healthcare project is to figure out how XDI could be used to map existing standards like HL7.

The Ring

1/31/12
So far no one likes the “Matrix” except for me. My next idea–The XDI Ring–is inspired from multiple sources: (1) John Swanger’s series of circles (see image); (2) Singly’s logo; (3) Google Plus “Circles”. Swanger is one of the more cerebral painters I spoke with on the East tour. He is pushing the boundaries of both technique and ideas–trying to do more with less, using found materials, exploring the texture of paint as an aesthetic. Some of his paintings are not immediately accessible without understanding the goals and constraints of the project. The series of circles, which are large works 5-6 feet square-ish canvases, are all powerful images, painted with the world’s most comfortable paintbrush–Swanger’s flat bottomed sneakers. The imperfection of these circles, made literally from one man’s footprints, provide perhaps as good a metaphor for the Internet’s fourth dimension as we may find. Like Swanger’s footprint-rings, our digital lives are the footprints of the people, places, and organizations in one or more of our networks. Some of these footprints are front and center, some obscured by older connections, and others are almost completely hidden.

The XDI Ring, as an Internet scale trust model, is perhaps the widest circle possible. If information had mass, The XDI Ring, connecting billions of people with terabytes of data, might attain unimaginable vastness–a “Ring World”, reminiscent of Larry Niven’s 1970 science fiction novel.

In addition to portraying the idea of community, rings advertise long term commitments, for example marriage rings or class rings. XDI infrastructure, which enable people to link together different contexts, can serve a similar purpose. For example, enabling me to maintain my own personal identifier=schwartz, but also to link up my work identifier @gluu*mike, and my alma mater @washU*michael.schwartz-91.

By assembling points into a circle, we have created a polygon with infinite “sides” or potential interfaces. At the same time, the overlapping rings of a Venn diagram form an easy way to identify the intersection of data, enabling us to appreciate the things about us that are the same.

Webs are complicated structures. Its incredible that a spider with a pin-head sized brain can create these complex but efficient lattices many times their size. Rings are exactly the opposite: they provide an easy path to follow, and imply curatorship. For example the “Ring of Fire,” is a linked list of chile websites. By clicking on the “Ring of Fire” icon, you are navigated to the next site in the Ring. Social Networking extends this capability by enabling you to create a personal “circle of trust.” The Ring is user-centric, where you are the curator of your online world.

Finally, the Ring is re-assuring in that it provides a sustainable cycle. Its important to be able to break down networks, not just to create them. Believe it or not, I don’t need every file I’ve produced in the last 20 years. Why waste the energy carrying it with me. If we are going to organize our data, we also need to purge from time to time. XDI graphs have rich support for metadata, so we can store information like : delete after 10 years if I never look at it.

The Matrix

1/27/12

I’ve been struggling to find the right metaphor to describe the network of XDI connected endpoints, something equivalent to “The Web.” This blog will make the case that that name should be “The Matrix.”

Thanks to Hollywood, we all know that the Matrix is some high tech thing you “connect to.” The concept is already in the vernacular. In the movie of the same name, Neo uses connectivity to the “Matrix” to supercharge (at least in cyberspace) his super powers.

The idea of a Matrix creates an accurate visual metaphor for interconnected-ness. One of the innovations of XDI-based networks is that by globally addressing data, it enables you to both publish the data that you hold, and reference the data held by others. The promise of the Matrix is connection to all your data, wherever it exists, including myriads of “personal data stores” that may exist on your personal or cloud network.

In the movie, the “Matrix” was also a means to enslave people. However, the XDI Matrix will have the opposite effect–it will help free us from our dependency on big brother. It will enable us to hold our own data, connect to our friends securely, and to build new tools which benefit us, and satisfy our curiosity.

The Matrix will help us to organize, share, and better utilize the mountains of data which needs to be organized and processed to be made into usable knowledge. Data is like a library: without the shelving and cataloging, its just and un-organized piles of books.

The qualities the Matrix would add to those of the Web are (1) consistency (2) security (3) persistence (4) federation (5) psudonymity (6) semantics.

Consistency
URI’s and email addresses have become very unstable identifiers because they are tied to the network. For example, I’ve had six different email addresses in the last 15 years. I still get a lot of email under the old email addresses. (PS: if you are out there, please stop emailing mike@ziacom.us!!!). If there was a layer of abstraction for my email address, for example =schwartz/email, your email client could be a little smarter, and look up the current smtp address at which I would like to receive mail. Even if I could remember the URI of my headshot, it would probably change in the next year. How about =schwartz/headshot

Security
To date, there is no Internet standard on data security. SSL only protects transmission across an unprotected network. LDAP ACI’s are not part of the standard, so every LDAP server has a different implementation of security. XACML provides a mechanism for centralizing authorization decisions–it is not a mechanism to store complex dynamic business objects and relationships. XDI “Link Contracts” provide a metaphor for specifying who has access to my resources under what conditions.

Persistence
As Drummond Reed has pointed out in greater detail, its dangerous to trust network identifiers. If I login to my bank website as mike@spacelab.net, and then spacelab.net is registered by a different company, there might be a valid mike@spacelab.net who is not me! The Matrix uses persistent identifiers. As a carbon based lifeform, I am limited to around 8 characters. However, computers can lookup, on the spot, my longer persistent identifier. How these identifiers are “mined” will be the topic of a future blog.

Federation
A federation is a group of autonomous entities that cede power to a central authority. That power is the trust model: the standards and conventions that enable the network to inter-operate. But everyone controls their own data in the Matrix. You talk to others on an equal footing. How much to trust these identifiers will be handled in the open market. Any organization can start a registrar to associate identifiers with attributes. Registrars can follow one procedure to verify attributes of businesses with @ XRIs, and a different process to verify attributes of people with = XRIs.

Psudonymity
Kaliya Hamlin made an excellent point this week that pseudonyms are driving crowd-sourced content on the Internet. XRI is not inherently identity based technology– association of an XRI with an identity is optional. Also, XDI Link Contracts enable you to release the minimum amount of information.

Semantics
In order to make sense of mountains of data, and to enable agents to act intelligently on my behalf, I will have to organize it. Semantics technology enables XDI to leverage current advances in the best data structures for knowledge management.

To conclude, the Matrix is not the Web, although it is built on web technology. The Matrix is the next evolutionary transformation of the Internet to serve its constituents–the users who connect to it–collectively empowering us to reach new levels of collaboration, productivity, equality and peace.

XDI: The Fourth Dimension

1/24/12
A tesseract

This blog is in honor of Madeleine L’Engle’s Wrinkle in Time. My wife and I were trying to explain the idea of a fourth dimension to our daughter (and to ourselves). After considering the tesseract (the illustration to the left is what the 3D shadow of a 4D cube would look like), we ran into a video of Carl Sagan explaining the unlikely scenario of a 2D circle being picked up and dropped by a mischievous 3D object: Sagan says we cannot imagine a fourth dimension, but we can think about it, which got me thinking what if XDI is the fourth dimension of the Internet?

In a literal sense, the Internet has three dimensions of global addressing: (1) ip (8.8.8.8) (2) dns (www.google.com), and (3) URI http://www.google.com. An XRI address that resolves to URI would add a fourth dimension. The first dimension enabled routers to connect on wide area networks. The second dimension enabled IP services to stay connected even if the IP address on the server changed (as long as they could resolve the updated IP address). The third dimension enabled the creation of the “Web.”

But how can we explain the benefit of a fourth dimension, to a three dimensional world? “The Web” is a fantastic metaphor that enabled people to grasp the power of the third dimension, before the promise was actually realized. What is the easily graspable term for the Internet running on XDI?

Neil McEvoy suggested to me today that the term already exists: the Cloud. The Cloud is the next generation “Web.” Its a game changer for business: “leverage the cloud, or you’ll lose your competitive advantage” say the pundits.

The Cloud has the ability to transform both our business and personal use of the Internet. The hard marketing work has already been done: so maybe its time to jump on the bandwagon?

Does XDI become part of the cloud stack, as HTTP became part of the web stack? That does seem to be the direction. And if I were a two dimensional object, I’d have to say that things are looking up.

XDI Man

1/17/12
The McNay Art Museum in San Antonio has a fantastic children’s art program. They work with local artists and teachers to develop classes that enables kids to emulate the techniques or styles of artists currently on exhibit. Before we moved to Austin, we were regulars at these classes, and frequently the grown-ups get involved. The work above was probably the first time I thought of the idea that art could be a useful tool for evangelizing XDI. The funny thing about this painting is that the original is backwards (i.e. the XDI graph is going from right to left). A quick “flip horizontal” in photoshop fixed the digital version.

I was trying to get a simple idea across in this picture: that we all have our own personal graph. In the realm of XDI, this simple idea is one of the most confusing. And yet it’s one of the most fundamentally important innovations: that context is important.

Let me give an example: my phone number. In my personal graph, my phone number, let’s say =schwartz+phone!, might be 555-1212. In your personal graph, =schwartz+phone! might be 999-1515. But how can this be, it’s the same XRI? The answer is: context.

In XDI, we can each hold a copy of (part) of the global graph. Once we have access to get data, there is nothing to stop us from making a copy of the data. This enables our computers and devices to access data without being connected to the network. And there is nothing wrong with this. The question can be restated as follows: =schwartz+phone! according to Mike is 555-1212; =schwartz+phone! according to you is 999-1515.

Both statements being true—until you try to call me, which illustrates the challenge of caching. As data ages, it becomes increasingly inaccurate. My mobile phone probably has dozens of incorrect phone numbers cached from years past. Its up to the client applications to get updated information. And here is where XDI can help. Because the graph is based on a standard persistent naming convention, its easy for client applications to figure out where they need to go on the network to get the latest update.

So its ok to have a local copy of =schwartz+phone!. If you want to find out from the authority (me!) my latest phone number, its best to use the network. And here’s the beauty of it: =schwartz is globally resolvable. So not only might I have changed my phone number, I might have changed the location of my personal datastore. But your phone can solve the problem without a hitch: resolve the XDI endpoint of =schwartz, and then make an XDI $get request for =schwartz+phone!.

Another way to look at this issue is to browse the LDAP persistence implementation of the OpenXDI server. In the screenshot to the left, I have expanded the LDAP tree so you can see the root node of each person’s personal graph, represented by the x=() node. The root node doesn’t exist in some central location on the Internet… every person’s graph contains the root node. Similarly, if I had expanded the nodes further, you might see duplication for the node x=@gluu–as two people might have information about that organization. In XDI, clients can be programmed to use context to take the most appropriate action (fail, proceed, warn, etc).

Besides building a better contact management application, how could context be useful? Recently Givoanni Bartolomeo, a member of the OASIS XDI technical committee, described a similar problem the linked data community is trying to address. For those of you who don’t know, there are billions of linked data “triples” that have been published by governments and other organizations: for example, meteorological information, agricultural data, economic data. Linked data has enabled the publication of lots of useful non-confidential data. The challenge is how to resolve triples published from different sources about the same data? For example: The University of Rome is Good; The University of Rome is Bad? How do you differentiate two contradictory triples. This is another example of how context makes all the difference, and we’re hoping that the use of XRI’s to provide the context might help build a bridge between the XDI and RDF communities.

The Mush

1/3/12

One of the things that I enjoyed about the East Austin Artist Studio tour was the diversity of venues. Joe Krupa who painted this canvas titled “The Mush”, was showing his work behind the Austin Lumber Company on 5th Street. It was great to see that a gung-ho art student could find a place to show his work and test the market first hand.

In case you are wondering, those are alien hieroglyphics. The first thing I noticed about The Mush was that it said OX, OX, OX, OX, OX on the bottom. It actually said “XO, XO, XO, XO” but I turned it upside down, and Joe had no objection.

It is sort of a stretch, but I thought this image of alien hieroglyphics might be a good starting point for a layman’s discussion of semantics.

Semantics is a very abstract concept (the study of meaning???) and it can be difficult to understand why semantic organization of data is useful. The short answer is that if we store the data the right way, we can ask very specific questions, or even empower an app to take certain actions automatically on our behalf.

One of the side benefits of semantics is that we can use our own words to describe our data. And not surprisingly, using our “own words” helps us give information meaning. If we are aliens (or art school students) than semantics using alien hieroglyphics are helpful.

However, the main advantage of semantics is being able to sensibly organize data.
To me, the most important application for semantics is authorization: the ‘who’, ‘what’, ‘where’, ‘when’, ‘why’, and ‘how’ of access to my data. However the potential to use semantics for a variety of purposes is one of the great promises that has motivated the architects of XDI since its inception.

A recent publication by the Canadian Government, best practices for cloud computing, describes a “Mountain of Data”:

“The amount of data needed to track … is enormous and growing. Mountains of dynamic information confront IT operations and cannot be managed on the level of just a dashboard or metrics. Available monitoring systems often yield too much data that translates into a lack of usable information. To properly manage all the data … [it] needs to be dynamically analyzed according to intelligent parameters.”

Ironically, its not just organizations managing their cloud infrastructure that are confronted with a mountain of data–our personal IT infrastructures are also creating a mountain of data: pictures, tweets, emails, social network posts, documents, appointments, financial information, health information, government filings… the list goes on. And what about referencing the data of our friends, family, organizations and business contacts? And more and more silos of content are appearing (each with their own proprietary APIs).

If we could organize our data in a standard manner, computers could become better agents for us to address the task of processing our personal data mountain. I was reading today an NYT article about a new social network called Path. The article praises Path because “You’re not going to see the glurge and hurge of illiterate rage and hash tag garbage.” To me, this statement is an indication that the current infrastructure is not scaling well. Do we need to create a new social network (with a respective new silo of data) each time our old silo gets overburdened with spam? Our ability to come up with highly relevant personal services (like Path) is one of the keys to increasing the productivity of our society. But we need to provide a way for these services to integrate into our life so the value can be captured.

I’ll post more specific semantic issues later in this series. But hopefully the next time you hear someone mention semantics (or the semantic web…) you won’t look at the person like they are an alien!

Rx for the Internet

12/22/11

We hate to throw things away at my household. So when my wife suggested we use our expired meds and vitamins as art, pills became the medium for a weekend found materials project. The above “art work”, inspired by the diagram below it, was the result. All the other materials were also found: a scrap of plywood, spray paint from the previous occupant of our house, decade-old epoxy that we’d had in a utility drawer, and re-purposed scrap paper printed on an abandoned laser printer (connected via a pricey wifi print server…)

I’d been kicking around the idea of using XDI graphs as art with some artists on the East tour, and this project seemed like a good chance to test that theory. I first looked at some of the graphs that I had created for the oxPlus project, but they were too big for my scrap of wood. My next idea seemed better. I decided to use the first XDI sample graph created by Drummond Reed to define the building blocks for XDI: the contextual, relational and literal arcs.

XDI is not really that hard. Anything unfamiliar seems difficult. If I can make an XDI graph out of pills, how hard could it be? We will never make XDI experts out of the world, however, popularizing some of the high level concepts is still useful. My goal has been to evangelize “the graph”–a new metaphor that will help people think differently about their data.

The graph gives us the right model to control access to parts of our data “tree”. Most people are familiar with the idea of tree based access control, for example “folders” on the file system. The graph preserves this metaphor.

A key innovation is the XDI relational arc, which gives us a way to link data that is outside our graph. Context is important. If I tell you that my bank account has $1 million in it, its not quite as meaningful as when the bank verifies that information. The ability to control access to information both inside, and outside of our graph would revolutionize the capability of the Internet.

I’d like to see future art that conveys the ideas of XDI in a less literal way, but showing my pill diagram has been helpful. When I show the original and the pill version, it seems to resonate more with people. Perhaps because its a more fun “analog” presentation. Or perhaps the idea of pink antihistamines tablets providing the context does make sense to people who are allergic to our current Internet identity infrastructure.

XDI as Art

11/26/11

The past two weekends concluded the East Austin Studio Tour, an annual event where 300 local artists open their studios to visitors to show and discuss their art. “East” is a genius marketing idea, but most of the visitors to East are not buyers, but people looking for great ideas, entertainment and inspiration. If you spend time on the tour, you are struck by the energy, talent and effort exerted. Its fun, thought provoking, and after biking for two solid days, its even great exercise.

Art is a conduit for ideas. Can Art help get the message out about XDI? This was a question in the back of my mind as I toured some fifty studios over the course of four days.

One of the most challenging goals for XDI is to convey the idea that people could benefit from something called a “personal graph.” Explaining the idea of a graph is not that hard. Everyone is familiar with the idea that you could create a graph of your connections on a social network, and that these graphs would probably be interconnected. The idea that you could secure your graph is a little more difficult to explain. The idea that the graph can be explained as a collection of subject-predicate-object triples using something called semantics is conversational suicide.

Walking through the Hope Gallery on Sunday, I was immediately struck by Jean-Pierre Verdijo’s work. He is a self-proclaimed muralist with a minimalist approach: Egyptian hieroglyphics meets abstract painting. I was impressed with his aesthetic sense, the ideas behind his work, and the ingenuity of his technique–who needs a canvas when you can stitch together bamboo floor mats?

It was hard not to get excited about the above painting. Its a great example of a graph that people can understand. But at the same time, its an amusing, ridiculous graph that makes you laugh. The technique of the painting takes a back seat to the message.

As Mr. Verdijo delivered the work to my office on 6th Street, he mentioned that some of the Facebook staff were also intrigued by the painting. Hopefully, they will commission him to undertake many more in the series–I’d like to see more Verdijo graphs than Jasper Johns flags. I hope its also a sign that Gluu is on the right track. Although my personal goal for starting Gluu, and for participating in the development of XDI was not to “take down” Facebook, it has certainly occurred to me that if XDI were successful, it has that kind of destructive potential. Recently Bill Boebel, formerly of Rackspace, asked me why Facebook would adopt XDI. My answer was that they wouldn’t, but that the Internet (with XDI) will make Facebook look small, just as the Web made America Online look small. Through standards, social networking will achieve its real potential, not just the baby steps that we’ve currently taken to share our pictures and activity streams.

So Facebook, if you want the first Verdijo graph painting, its for sale: the price is $1 million. But if you want to adopt open standards that enable us to get control of their personal data: that would be priceless.