My primary involvement as a member of the board of the Data Portability Project has been input about XDI as an open standard for portable data. But I’ve always been very enthusiastic about DP’s work on Portability Policies. The DP Project just announced their first Portability Policy deliverable via this blog post on TechCrunch.

On the DP Project board call this morning I shared the view that Portability Policies are an inevitable first step — and a highly welcome one — towards widespread adoption of personal data stores (see my posts earlier this year about PDS here and here). When PDS finally arrive, the irony is that the policy will turn in the other direction, i.e., the individual will have their own data sharing terms and the vendor will be agreeing to those. That’s the essence of VRM.

Iain Henderson of VRM pioneer Mydex is already working on the terms for such an agreement at the Information Sharing Working Group at Kantara.

Bit by bit, the age of personal data stores and personally-controlled data sharing is dawning.

Remember that year-end blog post about how personal data stores (PDS) are closer than they may appear? Now read Phil Windley’s wonderful summary of why it makes so much sense to create a PDX (not really an acronym for “personal data exchange” so much as just a moniker for a global internetwork of PDS).

It’s happening. Look for more news about it by Internet Identity Workshop (May 17-19 in Mountain View, CA). As if you didn’t have enough great reasons to go already.

I’ve been meaning to say this on my blog ever since the opening ceremonies in Vancouver. But since I just had the chance to recreate the experience on the Web, let me say it loud and clear for the record:

kd lang: Hallelujah.

First, my apologies to everyone who commented on Fixing the Google Account Problem. For some reason WordPress stopped notifying me about comment approval (I’m using Akismet but I still find the majority of comments that get through it are spam, so I moderate comments). So I just logged in and found a bunch of great comments, including several that I replied to.

Three clear themes emerge from these:

1. The problem is even worse if Google Apps is involved. Apparently there isn’t a solution to merging a Google account and a Google Apps account yet (which frightens me because I’m about to need to set up my first Google Apps account).
2. Using email addresses as primary account identifiers is problematic, period.
3. Internet identity managment, especially at scale, is hard. A lot harder than it looks.

I’m told the good folks at Google have been discussing this. Please feel free to add more suggestions about exactly what you think they should do.

I receive an email from a friend:

Drummond,
As my Word expert, how do I turn off the “balloon” captioning of redline changes?

I think, “Good question. I have no idea. I’ve often wondered that myself.” I’m about to start typing that answer to his email when I remember The Incredible Internet Answer Machine

I open a browser tab and type into the Google Search Bar “Microsoft Word bal…”

Google’s AutoSuggest completes it to “Microsoft Word balloons”.

I click Search.

In .25 seconds the answer is back and the second entry on the list is:

“How to turn off balloons for comments and tracking changes in Word“

.25 seconds. My brain doesn’t even think that fast.

I know reams have been written about “are we all getting dumber because the Internet is getting smarter?”

But still, it does take my breath away, almost every day.

In another one for the “new heights of irony” file: I was using Gmail this morning and once again wondered about the little orange dot that appears next to the names of some email senders.

I’d wondered at least a half dozen times before what this meant, because when you hover over it, there’s no balloon (there should be, Google).

So this morning I finally asked The Incredible Internet Answer Machine.

I just opened another tab and typed “Orange dot in Gmail” into my Google search bar.

The #1 hit (in .29 seconds) was the exact answer to my question…

…in Yahoo Answers!

(We’re going to have to rename it The Incredible Internet Irony Machine )

BTW, the answer is: Orange means the sender is using Gmail but is in “idle” status because they haven’t looked at their Gmail page in awhile – they are busy using some other browser tab or application. Green = active on Gmail now, Red = busy, Grey = offline.

This may be the only blog post I ever write with no link in it. But, reading today that Avatar has finally knocked off Titanic as the #1 grossing movie of all time, one hardly needs to provide a link to either.

Given my passion for film, I just want to say: hats off to James Cameron. He may not be the most likeable character in the world. But twice now this man has taken me and countless others (a signficant percentage of the human population, in fact) to a place in film an ocean beyond (or a planet beyond) what we have ever experienced before.

Which really is a new place in consciousness, when you think about it.

I thank him for that, and everyone who helped him realize his vision.

Two pieces of advice:

1. See it in 3D. It doesn’t matter how long you wait to do it. Just see it in 3D.
2. Sit as close to the axis of the center of the screen as you can, i.e., both in the middle of the theatre and at the height of the center of the screen. It really helps with the 3D experience. Ironically in most 3D theaters this is usually the back row or very near it. In other words, the vast majority of the seats are way too close. Go figure.

Every so often you experience a technical problem you can’t find any information about and which takes you forever to solve. Then, after you finally solve it, you are left scratching your head saying, “I don’t get it­—there must be millions of people with this problem—why is there so little information about it?”

Once before, back in 1991, I ran into such a problem with Windows 3.0. After finally solving it, I shared my solution with my friend Seattle Times tech columnist Paul Andrews. He published it in his column, and it turned out that thousands of people had the same problem but nobody understood quite what was happening. So that’s why there was so little information about it.

Now 20 years later, even though we’ve got the Internet and Google and all, I’ve just been through the same experience. And the irony? The problem is with none other than Google accounts—the very accounts that we need from this search giant to access many of the services it offers.

Over the holidays I finally bore down, worked the problem all the way through, and solved it. And throughout the process I was consistently stunned to find so little information available about it, either from Google or anywhere else.

So this time around I’m being proactive about it and publishing the solution right here so it will be easy for anyone to reference. (And, of course, for Google’s own search engine to find — the Internet brings new heights to irony.)

Warning: read this all the way through. The easy fixes are also the ones you may live to regret.

The Problem

1. A friend shares a Google doc with you.
2. You receive an email containing a link to this Google doc.
3. When you click on the link, you are prompted to log into your Google account, but once you do, you can’t get access to the doc because the email address that the friend used is not the same email address you used to originally create your Google account.

Arrggh! (That’s an exact quote from an email I just received from a friend for whom I’m solving this problem by writing this blog post!)

The Simple Solution That Will Get You In Trouble

There is a simple solution for which I thank George Fletcher of AOL, who first explained it to me and others on the OpenID mailing list who were having this problem a few years ago.

The solution is: register a new Google account under the email address that your friend used to share the Google doc with you.

It’s very easy…BUT…read the warning afterwards as to why it’s a red herring.

1. Go to http://google.com.
2. If you are signed in, sign out (top right corner).
3. On the next screen (the plain jane Google home screen), click the Sign in link in the top right corner.
4. On that screen, underneath the login box on the right, click the link “Don’t have a Google account? Create an account now”.
5. Even though you may already have a Google account, enter the email address you want to register for another Google account (the one your friend sent the Google doc too).
6. Confirm the email address via the standard process.
7. When you are done, log in using to this new Google account (using the email address you just registered, not the one for your other Google account).
8. Go to Google Docs (http://docs.google.com).
9. The Google Doc your friend shared with you will be on the list.

Yes, it’s that simple. BUT…

The New Problem This Creates

The reason NOT do solve the problem this way, to which I can attest by long and painful experience, is that while you will now have access to all the Google docs shared with you…you will also have to log in and log back out of each of your different Google accounts in order to access the different sets of Google docs shared with you under your different email addresses.

This might seem like a small pain at first, but believe me, after the 500^th time you will be wishing there was a better way.

There is.

The Better Solution…That Still Isn’t the Right Answer

The “better way” is a standard feature of almost any identity or directory system: aliases. (Disclaimer: I’m in the Internet identity business, so this is the kind of stuff I deal with all the time.) In an identity or directory context, an “alias” is just an alternate name for the same account. And in fact Google accounts supports aliases. What’s interesting, though, is that: a) they don’t call them “aliases”, and b) aliases for Google accounts are completely different than aliases for Gmail accounts.

Gmail accounts, you ask? What’s the difference between a Google account and a Gmail account?

Therein lies a whole ‘nother can of worms (and possibly the reason there is so little information about the Google account problem).

Let me start by explaining the difference (as best I understand it – this WHOLE BLOG POST is an open invitation for the good folks at Google to correct any of my misunderstandings and provide better explanations).

First, a Google account and a Gmail account are not exactly the same thing. The first rule is: every Gmail account is a Google account, but NOT every Google account is a Gmail account.

In other words, if you have a Google account that is NOT a Gmail address, then you have a Google account that is NOT a Gmail account.

The second rule is: BOTH a Google account AND a Gmail address can have an alias. BUT THEY ARE NOT THE SAME THING, AND NEITHER CALLS THEM ALIASES.

I am not making this up. An alias on a Google account (and remember, every Gmail account IS also a Google account) is another name for the entire Google account. But for Gmail, an alias is ONLY an alternate email address that you can send or receive email from using your Gmail account. A GMAIL ALIAS IS NOT A GOOGLE ACCOUNT ALIAS. A GOOGLE ACCOUNT ALIAS IS NOT A GMAIL ALIAS.

Is that clear as mud?

Now, adding an alias to a Gmail account is quite easy, remarkably powerful (most people have no idea how much flexibility Gmail offers to manage your email for any number of email accounts), and surprisingly poorly documented. I just spent 10 minutes searching Gmail for help on this just to see if there was a Gmail help page I could just link to.

Nope.

So here’s how.

Instructions for Adding an Alias to Your Gmail Account (but NOT for your Google Account Even If It Is a Gmail Account!)

1. Login to your Gmail account.
2. Click the Settings link in the top right.
3. Click the Accounts and Import tab.
4. In the second section, Send mail as, click the button labelled, Send mail from another address.
5. Enter the email address as instructed.
6. Google will send you an email with a link you must click to verify you own the address.
7. Go to that mail account, find the mail, click the link (it all takes about 30 seconds).

You’re done. Go back to your Gmail Settings page, click the Accounts and Import tab, and the new email address will be listed in the Send mail as section. You can now send email from this email address by choosing it in the d“From” rop down box in Gmail. (See the help link for more info about the different ways you can send mail from a Gmail alias.)

You can add as many email adddresses as aliases to your Gmail account as you want (at least I couldn’t find documentation about a limit). But keep in mind that all of these will ONLY be Gmail account aliases, not Google account aliases — and having them as Gmail aliases does nothing to solve the Google account problem.

So you have to go through a different process — even with the same set of email addresses — to make them Google account aliases. (For example, I have the same four email addresses as BOTH Gmail aliases and Google account aliases.)

The following instructions apply for adding an alias to ANY Google account (whether or not it is a Gmail account), BUT—and this is a big BUT—if your Google account is NOT a Gmail account, keep reading afterwards about why this can come back to bite you.

Instructions for Adding an Alias to Any Google Account (Even If It Is a Gmail Account)

1. Go to www.google.com/accounts. That is the home page for configuring any Google account. If you’re currently logged into Google, Google figures out which Google account you are using via a cookie in your browser. If you’re not logged in, they’ll prompt you to login, and the Google account you will be configuring is based on the email address you use to login.
2. Once you are logged in, confirm it is the correct Google account by checking the email address in black text at the very top of the page (on the left side of the block of links in the top right corner). If this is the right account, proceed. If this is not the right account, meaning you want to add an alias to a different Google account, then sign out (upper right corner), then sign back in under the email address for that different Google account.
3. Under Personal Settings in the top center of the page, the entry at the bottom of the column will be Email addresses. If you have not yet added any aliases to this Google account, you will see only one email address—the same email address as at the top of the page. It will have the grey words (Primary email) next to it. This is the “primary key” for this Google account. You can’t change it! See the warning below.
4. To add an alias (do you see the word “alias” anywhere near here? Or anywhere on this screen? Does Google give you any clue that this is where you should go to access such a feature??), click the Edit link below this email address.
5. On the next screen (https://www.google.com/accounts/EditUserInfo), you will see two blocks: Edit personal information and Add an alternate email address to your account. You want this second block.
6. At the bottom of this second block is a text box labeled: Add an additional email address. Enter the email address you want to add as an alias (the one to which your friend shared the Google doc you can’t access) and click Save.
7. The next screen will tell you that you’ve been sent an email to verify that address.
8. When you receive the email, click the link in the email.

Congratulations, you have just set up that email address to be an alias for your existing Google account.

The benefits?

1. It no longer matters which of your two email addresses your friends share a Google doc with. Either way, the Google doc they shared will show up in your Google docs dashboard at http://docs.google.com. As far as I know, this is true for all the email addresses you add as an alias (again, I don’t know if there is a limit).
2. You no longer have to log in and out of two different Google accounts. All your Google docs will be there in your one master account. Hooray!

Now for the final gotcha. You can do all the above and still end out with a royal headache one day because of the following rule Google explains when you register an alias as described above:

You can use alternate email addresses to sign in to your Google Account, recover your password, and more. Alternate email addresses can only be associated with one Google Account at a time.

In other words, for good security reasons, you can only add an email address as an alias to one Google account at a time. On the surface that doesn’t appear to be an issue…until you circle back to what I explained above…that every Gmail address is also a Google account. By simple deductive logic, you arrive at this conclusion:

You cannot add a Gmail address as an alias to ANY Google account!

In other words, at Google, all email addresses can all serve as primary keys for Google accounts BUT only only non-Gmail accounts can serve as an alias (a secondary key).

So it boils down to this: if have a Gmail account, or ever plan to get one, then you are forcing yourself into the multiple-Google account problem for life UNLESS…

…you make your Gmail account your primary Google account.

Yup, that’s the secret. As long as you make your primary Google account a Gmail account, you’ll never have the problem of wanting to use Gmail but finding yourself forced into the multiple-Google account problem.

What To Do If You Already Have the Multiple Google Account Problem

Okay, say you’ve already fallen into this trap. You did what I did several years ago: created your own non-Gmail Google account using a non-Gmail email address so you could access Google docs under that email address. Then later you started using Gmail, and so now you have at least two Google accounts (and maybe more). And people are constantly sharing Google docs with you under one or the other of the two (or more) email addresses, and you are driving yourself nuts logging in and out of Google trying to remember which email address was used to share which Google doc.

But you CAN’T take your non-Gmail email address and make it an alias to your Gmail Google account (as I advise) because your non-Gmail address is already a Google account.

How do you fix it?

The answer is: a) completely undocumented (at least I couldn’t find it), and b) scary as hell.

That’s why I’m writing this blog post. There’s no reason Google needs to make this so hard. Why they haven’t written it up in one of their generally decent Help articles I have no clue. I even wrote one of my identity friends at Google to ask him. His answer was essentially, “This is just too hard for most users to understand.”

Well, that may be true, but IMHO it’s not a reason to withhold the documentation. The users who are experiencing the problem are highly motivated to understand it, and in fact the solution is pretty easy once you know what it is.

It’s just scary.

In brief, the way to make a non-Gmail Google account an alias for your Gmail account is to first delete the non-Gmail Google account.

Completely. Kaput. Gone. Which, as you might suspect, would ordinarily mean YOU LOSE EVERYTHING ASSOCIATED WITH THAT ACCOUNT.

How’s that for a scary thought? Honestly, that’s why I held off fixing this for so long. Who wants to bother with working around that?

Luckily, the workaround is not that hard once you know what it is and you are sure it is going to work. That’s the other reason I’m writing this blog post: I could not find anything posted anywhere – or even get it confirmed by those I knew at Google – that this procedure would work and everything would be okay in the end.

But I finally got so tired of the problem that I just did it, and I’m happy to say it works just fine.

So: please read and follow the instructions below carefully. I don’t want anyone coming back and telling me that they lost precious data because of my advice that they delete their Google account.

Part One: Share (or Otherwise Backup) All the Data in the Google Account

1. First, make sure you have at least one other Google account (preferably a Gmail account—see above—however this procedure should work with any other Google account. In these instructions I’ll assume this other account is a Gmail account.)
2. Go to the home page of the Google Account you want to delete at  https://www.google.com/accounts/ManageAccount.
3. Make sure this is the account you want to delete by checking the correct email address in black text at left end of the links at the very top of the page.
4. Under Personal Settings, click on the Dashboard link (second one down) called “View data stored with this account”.
5. This helpful utility (created for personal privacy management) will show you all the data you have at Google associated with this account. Now comes the hard part. You need to go through every Google service on this list, then go through any associated documents or data files for each of those services, and share them with your Gmail account. Even more importantly, if you are the owner any document/file, then transfer ownership to your Gmail account. If you don’t own a document/file (someone else shared it with you), don’t worry, you can’t lose it when you delete this Google account. But, as long as you have Edit privileges on the document/file, share it with your Gmail account just so you don’t have to go back to the original owner and ask them to reshare it later. If whomever shared it with you DIDN’T give you Edit privileges, just contact them and have them share it again with your Gmail account.
6. Did I say do this for EVERY document/file in EVERY Google service you use? Go back to your Personal Dashboard and check it again.
7. IMPORTANT: as a final check, log into your Gmail account and VERIFY that all the docs are shared. If you own the document/file, VERIFY that your Gmail account is the new owner.
8. Check everything one more time. If you are unsure than anything has been shared and will not go “poof” when you delete this Google account, just download a copy to your local hard drive (or email it to your Gmail account). Like I said, never come back to me and say you lost any Google data because of this blog post.

Part Two: Delete the Google Account

1. Go back to the home page for the Google account you want to delete: https://www.google.com/accounts/ManageAccount.
2. MAKE SURE this is the right Google account by confirming the email address in black at left end of the links at the very top of the page.
3. Next to the My products header (the second horizontal section down the page), click the Edit link. This should take you to https://www.google.com/accounts/EditServices.
4. The second option on the page is to Delete Account. Choose that option and follow the instructions to confirm you want to permanently delete this account (and wipe that sweat off your brow). Seriously, if you’ve shared or backed up all the files associated with this account, you’ve nothing to fear. It’s just like reformatting a hard drive <ouch>.

Once you’re done, take a deep breath. Wait 15 minutes. (I don’t know if you actually have to wait this long, but I figured it’s long enough to wait for Google’s servers to go through all their account deletion machinations.)

Part Three: Add The Alias to Your Primary Google Account

1. Log back in to your Gmail account (or whichever Google account you want to make your primary).
2. Follow the instructions earlier in this blog post to add the email address (for the Google account you just deleted) as an alias to this Google account.
3. Once Google confirms it as an alias, you’re done.

Problem solved.

Why It’s Still Not Perfect: A Final Warning

It’s worth pointing out that privacy, not just security, can be an issue with account aliases. Sometimes you don’t want someone to know you are using Gmail address to do all this cool stuff. But if your Gmail account is your primary Google account (as I advise), then take note of the following warning:

Note: In some Google services, if you share your alternate email address with your contacts, they might be able to learn your primary email address.

In short, Google hasn’t fully figured out yet how to provide you with completely separate personas on the Web. In my personal opinion, they would be well-advised to do so. It’s not easy — acheiving this level of privacy can be as hard as acheiving corresponding levels of security. But Google has the talent and, I believe, the motivation to attain this goal. I hope they consider it soon.

Joe Andrieu has a wonderful way of cutting the Gordian knot on complex socio-technical topics, with clear prose, compelling arguments, and clever illustrations that explain why you should look at something decidedly differently.

Now he wields that knife on the very knotty “problem” of data ownership.

I passionately agree with Joe (and his Kantara Working Group co-chair Iain Henderson) on this subject; I suspect it’s because my perspective on it was long ago warped by the lens of XDI, which itself is a new way of thinking about data.

Turn the telescope to look at personal data from the standpoint of who controls its  sharing with whom, and many pieces finally come into focus.

Keep that in mind as we move into an XDI-enabled world.

There’s an excellent thread going on among the MyDex team about the accelerating shift towards cloud computing and what this means for the individual. I strongly recommended to them Nicolas Carr’s The Big Switch for a discussion of this very subject.

Arguably, we as individuals need the cloud even more than companies do. On the whole, we have less ability to maintain our own “individual piece of the cloud” than a company does. We have neither the capital, the expertise, nor the ability to persist across major changes (all but the very smallest company can persist when an employee leaves or dies, but when an individual person dies, their world of information disintegrates very quickly).

Google and other cloud-based service providers have recognized this. Given the proper safeguards* (see huge asterisk below), the advantages to individuals maintaining their personal data store of all their personal data assets at one or more cloud service providers are enormous. The latest example: watch the migration taking place from Intuit’s venerable Quicken franchise of desktop personal money management to the cloud-based equivalent at Mint.com.

Mint.com’s advantages are so compelling – all your data is automatically backed up, automatically accessible from any Web-connected device, automatically updated from any of your (supported) financial accounts, automatically able to send you important alerts and reminders – that it makes desktop money management look as antiquated as 5-1/4 inch floppy disks. (Remember, there was a time when 5-1/4 inch floppy disks were manna from heaven.)

If you need any further proof of this paradigm shift, Mint.com was acquired by Intuit last September.

I think we’ve seen only the very start of this paradigm shift of migration of personal data and personal data services to the cloud. And I don’t believe it will be take than a year or two until it becomes the norm. Check back here in January 2012 and let’s see where we are.

*HUGE ASTERISK: I don’t mean for one second to gloss over the topic of the safety (umbrella term for security, privacy, and control) of personal data in the cloud. I spend a good part of my day job as Executive Director of the Information Card Foundation on this topic, and it is the entire premise of emerging VRM service providers like MyDex. It is so deep and rich of a topic that I believe before long it will result in a whole new branch of the law.

According to Facebook founder Mark Zuckerberg, yes. See the video with your own eyes and read the ReadWriteWeb analysis of the interview he did with TechCrunch’s Michael Arrington.

Is the age of privacy really over, or does Mark Zuckerberg just want it to be over?

Myself, I don’t think so. Istead what’s headed for extinction are companies that try to make their money by convincing people they need less privacy.

Watch this space – more coming on this topic coming soon.

I recommend Doc’s new post that explains the essence of what’s behind VRM. It’s a big vision, his, but Doc has a way of framing the future that makes it look inevitable – all that remains is the question of “how close is it in the mirror”?

I’m betting that this object is closer than it appears.

I could spend this entire week doing nothing but reading and posting about good post-holiday reading of recent blog posts. My theory is simple: over the holiday break, people (well, most people – not me this year) have time to take a breather and write down something that’s really been on their minds.

And because they are not rushed, they have time to condense and sharpen their thoughts, and the result is a rash of excellent blog posts.

A wonderful example is Will Norris’ post about identity and identifiers. He speaks from long experience (and he’s worked on several identity protocols, including OpenID and SAML, as part of the Shibboleth project).

Read it and weep (if you have a recyclable OpenID).

(Aside: Although, as Will’s article intimates, XRI architecture solves this problem at the structural level, the implementation of XRI across OpenID 2.0 sites and libraries is currently very uneven. So IMHO realistically a full solution to the recyclable identifier problem with OpenID is still another protocol generation away.)

This entire fall has been intense with work, thus the paucity of posts here. The holidays brings a welcome respite and a chance to catch up with a few key mental threads.

One of them is the growing awareness of the need for what the VRM community calls personal data stores (PDS). The concept is relatively simple: an online store for your own personal data — anything from classic PII (personally identifiable information), such as your identity and contact data, to any other data that you generate or control (files, blog posts, pictures, papers, music, videos, etc.)

Three things have surprised me about PDS:

1. How generally accepted the notion is by almost anyone who spends much time online, even folks well outside the identity community. It’s a relatively intuitive idea as soon as you understand the basic premise that individual people should have their own data source online.
2. How many names have been applied to the same general concept. As I indicated, PDS is only the term applied by the VRM community. The same general concept has been called probably a dozen other names. Here’s an excellent blog post by Mark Dixon that calls it a Personal Identity-Persona Service and a Security Identity Bank Vault.
3. How hard it is to implement. Though there have been several attempts, such as the Mine! Project, nothing has come remotely close to catching on yet.

I have several theses as to why this is so (and yes, the need for a Internet data sharing standard like XDI is high on the list), but I’ll save those for another blog post.

Here, I’ll just conclude with a simple prediction: it’s a threshold problem. Once the first practical solution for PDS starts to take hold, it will catch on and grow just like the first social networks did. The only question is what application will provide that initial traction.

I don’t know why — maybe it’s just the fall weather — but the privacy temperature is changing. We’re in a period of global warming towards privacy as a key component of Internet identity infrastructure. Part of it is my work at the Information Card Foundation on the Open Trust Framework (read this white paper if you haven’t seen it yet). I’ll be blogging more about that soon.

But another sign is this superb post by Bob Blakley on what’s at the heart of privacy and privacy protection. As one of the technologists that’s spent a decade working on technological solutions to privacy, I can’t endorse Bob’s conclusions strongly enough. It’s a social problem, one that technology can only help create the social cues and custodianship to help with.

But read Bob’s post to see how well he frames the problem and what technologists can and can’t do to help.

Someday I’ll tell the rest of the story about why I’m posting the following link. But for right now, let me just recommend you read it.

I was never particularly close to John Hughes movies — though I did like The Breakfast Club — but that’s not the point of this story. It’s a story about John Hughes as a person, and the difference it made in one girl’s life.

After I read it — and almost started crying myself — I noticed it has a whooping 1151 comments.

Read it and you’ll know why.

We’ll Know When We Get There: Sincerely, John Hughes

At the Glue Conference this week I’m enjoying a great set of speakers lined up by Eric Norlin on the topic of how everything in the networked universe gets glued together using Web 2.0 tools and beyond. (The talk Mitch Kapor gave this morning was worth the trip all by itself.)

In a few minutes I’ll be on a panel called Implementing the Open Web. In chatting with Lloyd Hilaiel of Yahoo, Kevin Mullins of MIT, and Phil Windley of Kynetx about this topic last night, we hit on one key point that Phil articulated this way: “People tend to conflate ‘open’ with ‘public domain’, i.e.,  that anything that qualifies as open must be freely available to all.”

It struck me how true this is. It reminds me of the Richard Stallman quote describing open source (cited in the Wikipedia Gratis versus Libre article): “Think free as in free speech, not free beer.”

In terms of data on the Open Web, what this means that even though a particular pool of data may be available via an open standard, publicly-accessible interface, it does NOT mean this data must be publicly available to anyone. If that were true, the whole concept of a personal data store — a key premise of VRM (Vendor Relationship Management) — would not be possible.

So what makes any system or node participating in the Web “open” is not that its data is public, but that the metadata and services for accessing it are available via a publicly discoverable, open-standard interface. The public discovery portion of this is the goal of the XRD work now underway at the XRI Technical Committee at OASIS (based on the original XRDS work – see this blog post by Eran Hammer-Lahav of Yahoo to understand the differences). The open standard portion is the output of IETF, W3C, OASIS, and all the other SSOs (standards-setting organizations) for the net. (The potential of the Open Web Foundation, once it finishes its bootstrap stage, is to make this process of creating open standards even more lightweight and distributed.)

This combination – open discovery of open interfaces accessible over open protocols – is the DNA of the Open Web. And it applies equally to both public and private data. In fact it can finally open up what might be called the Permissioned Web - the Web of all all data that any one party has permission from other parties to access.

That would lead us to the need for integrating identity and permissions with the data, which brings us to the motivations for XDI as a semantic data sharing format/protocol – but my panel is about to start so that will have to be another post.

One advantage of having a 13-year old son is that you have an excuse to go see a summer blockbuster movie on the very first night it comes out.

I never did that as a kid, which is one reason I let my son (and his biggest ally in such guilty pleasures, my wife) talk me into it.

And boy, was it worth it. I love films, especially world class dramas, but there’s something extra special about a Hollywood popular movie that somehow turns fun into its own high art. The first Pirates of the Caribbean, the original Spiderman film (and to a lesser extent the third), and last summer’s Dark Knight all fit this bill.

Now you can add this Star Trek. Where exactly they found the energy, humor, and drive in this film I have no idea. How it plays gently, lovingly, and brilliantly off the original while at the same time channelling its own unique spirit and energy still has me doing a mental whistle each time I think about it.

This one will be a good old-fashion b-l-o-c-k-b-u-s-t-e-r at the box office. But don’t go see it for that reason. Go because it will make you happy that so many generations can enjoy a story for so many generations.

Having just been to RSA, which is the essence of a trade show, and being about to go to Gluecon, which I’m hoping will be the essence of a conference, I find the distinction between conferences and trade shows that Eric makes in this blog post very useful.

Of course, the most conferency conference is an unconference like the Internet Identity Workshop. If you’ve never been to an unconference like this, you MUST try it. (Warning: you’ll never want to go back.)

When I told a friend that I was “adding yet another hat” by taking on the Interim Executive Director role at the Information Card Foundation, he said I had so many hats it reminded him of this children’s book. I haven’t read it (and probably won’t — my kids are into Da Vinci Code and Ender’s Game now).

Quite a few of those hats came from helping start  non-profits in the Internet identity industry. However this is the first time I’ve stepped into the E.D. role, and all those hats are part of the reason. I really do feel it’s time to move the industry towards convergence. I believe a selector-based identity model can get us there, and I’ll be reaching out to all the communities I’ve been part of — and others I haven’t yet been part of — to help get us there.

Look for lots of new things coming out of the ICF in the next few months.