In Context

• April 2-3: Oxford Internet Institute: A Policy and Legal Framework for Identity Management, Oxford
• April 14-16: NIST: ID Trust 2009: On the “Comparative Identity Systems” panel (14th), Gaithersburg
• April 20-24: RSA 2009: San Francisco
  • 20th: “Harnessing the Power of Digital Identity: 2009 and the Promising Road Ahead” workshop
  • 21st: “Fostering Collaboration and Opportunities in Identity Management” panel
  • 24th: ICF F2F Board meeting
• May: 5-8: European Identity Conference, Munich
  • Attending the first meeting of the ICF’s new German chapter!
  • On the “Take a Card: Information Cards as Enterprise Authenticators” panel
• May 18-20: Attending the Internet Identity Workshop, Mountain View
• May 27: Presentation on Information Card & OpenID at From GateKeeper to InfoValet: Work Plans for Sustaining Journalism
• June 24-25: Aspen Institute Workshop for Advancing Enabling Policies Toward an Identity Ecosystem, DC
• July 29-31: Catalyst09, San Diego
• Sep 14: DIDW, Las Vegas
• Sept 28-29: Tao of Attributes, NIH, Washington, panel
• Oct 12-13: Engaging Data, MIT
• Oct 19-22: DMA09, New York, panel

This press release from TRUSTe mentions the results of a recent survey (since they don’t support I-Cards or OpenID+AX you’ll have to fill in a form to get the survey . Here are a few nuggets:

“…two out of three consumers are aware that their browsing information may be collected by a third party for advertising purposes.”

As expected. But here’s the interesting part:

“…consumer discomfort with behavioral advertising declined year over year (from 57 percent in 2008 to 51 percent in 2009)…”

and:

“…although consumers worry about protecting their private information online, they are growing more accustomed to behavioral targeting,…”

Because, its all about relevance:

“…some even preferring to be served targeted advertisements from brands they know and trust over irrelevant, intrusive advertisements. In fact, 72 percent of those surveyed said they found online advertising intrusive and annoying when the products and services being advertised were not relevant to their wants and needs.”

But the key challenge is privacy:

“Even though consumers want customization in their online experiences, they also fear an invasion of privacy. Half of all consumers still say they are uncomfortable with advertisers using their browsing history to serve them relevant ads, and many make concerted efforts to achieve anonymity when surfing the web.”

And that, my friends is why I believe so strongly that we need to shift control to the individual over their online identities, profiles, and social relationships. If I consent to release it to ad network A or brand B, then the privacy issue is off the table by defintion. Privacy is all about you deciding who can see what about you. As I said at a behavioral tracking conference last year “spying [behavioral tracking] is okay, as long as you’re spying on yourself”. And then you decide what to reveal about yourself.

Here’s an idea that will let your trusty selector log you in to the other 99.999…% of sites that don’t yet support I-Card, OpenID, SAML, Facebook Connect, or Google Friend Connect.

One of the long term goals of the Higgins project is to provide universal login. This is the ability to log you in to almost any website or app (aka Relying Party (RP)) using a variety of methods including I-Card (as defined in ISIP 1.5 and soon here-ish), OpenID and username/password.

As a step towards universal login, I’ve written up this summary of password cards based on input from many folks. The basic idea is to enhance the Higgins browser extension with “password manager” capabilities, and to enhance the selector such that it can store your usernames and passwords as claim values on personal cards, and to do so with special care to prevent phishing attacks.

As I mentioned here, I see this work as a step towards convergence on single browser extension that “just works” (universal login). Beyond un/pw and I-Card we’d like to integrate support for what the IDIB folks, Axel Nennker, and others are doing with OpenID. And then there’s SAML.

Odd as it may seem, by embracing passwords, we’ll help eliminate them. Or at least I hope so.