Is this Concerning?

[David Recordon]

Figure this could start an interesting conversation around what is the Open Web and what does it mean to "support it".

From Kaliya Hamlin's blog (http://www.identitywoman.net/?p=777):

OASIS Identity Metasystem Interoperability TC - annouced

Posted on Thursday 24 July 2008

Kermit brought this annoucment to my attention via Twitter.

"A draft TC charter has been submitted to establish the OASIS Identity Metasystem Interoperability (IMI) Technical Committee. In accordance with the OASIS TC Process Policy section 2.2 the proposed charter is hereby submitted for comment. The comment period shall remain open until 11:45 pm ET on 7 August 2008."

It is interesting to see who is behind the effort:.
* Abbie Barbir (Nortel)
* Adnan Onart (Nortel)
* Paul Knight (Nortel)
* Marc Goodner (Microsoft)
* Michael McIntosh (IBM)
* Anthony Nadalin, (IBM )
* John Bradley, (Individual)
* Richard (Dick) Brackney (US DoD - [NSA])

It seems like an interesting addition and in some way "counter balance" to all the activity and energy and people involved with the Information Card Foundation and Open Source Identity Systems work.

The Information Card Foundation launched around the time of Burton Group Catalyst. Here is the Information Card Foundation Community board member list:

* Kim Cameron
* Pamela Dingle
* Patrick Harding
* Andy Hodgkinson
* Ben Laurie
* Axel Nennker
* Drummond Reed
* Mary Ruddy
* Paul Trevithick

Business board members
* Equifax
* Google
* Microsoft
* Novell
* Oracle
* PayPal

OSIS is going into its 4th Interop at DIDW this September. Their is a huge list of participants (far to many to bullet point on this blog).

The good news is that it does what both the ICF and OSIS communities have been saying for a while is that the ISIP (the MS information card guide) needs to be a real standard — not something MS controls. This TC will support this happening.

To me it speaks to the value of the shared community meeting, collaboration and innovation space we have with the Internet Identity Workshop this November 10-12 all the more important.

I have skimmed highlights and links from the OASIS IMI TC below.

The TC will accept as input:
Identity Selector Interoperability Profile specification and associated guides as published by Microsoft, the July 2008 Web Services Addressing Endpoint References and
* Identity Selector Interoperability Profile V1.5, July 2008
* A Guide to Using the Identity Selector Interoperability Profile V1.5 within Web Applications and Browsers, July 2008
* An Implementer's Guide to the Identity Selector Interoperability Profile V1.5, July 2008

Identity specification [4] published by Microsoft and IBM:
* Application Note: Web Services Addressing Endpoint References and Identity, July 2008

OSIS (Open Source Identity Systems) Feature Tests published by Identity Commons.

First Phase of TC Work will focus on producing an Identity Selector
Interoperability Profile and the supporting WS-Addressing Endpoint References and Identity specification.

* Identity Selector Interoperability Profile
* Information Card Format
* Information Card Transfer Format
* Information Card Issuance
* Token Request and Response
* Identity Provider Requirements
* Relying Party Requirements
* Self Issued Identity Provider
* Invoking Identity Selectors from Web Pages
* WS-Addressing Endpoint References and Identity

Second Phase of TC Work will work on how Information Cards work with other common claim dialects like WS-Federation [12]

Ongoing TC Work
The TC shall focus on interoperability test definitions and runs to validate its work on an ongoing basis.

Out of Scope for the TC

The following items are specifically out of scope of the work of the TC:

1. Definition of the form and content of privacy statements.
2. The establishment of trust between two or more business parties.
3. Definition of new key derivation algorithms.
4. Definition of claim type transformation rules or mappings to other formats

The TC will not attempt to define concepts or renderings for functions that are of wider applicability including but not limited to:
* Addressing
* Policy language frameworks and attachment mechanisms
* Reliable message exchange
* Transactions and compensation
* Secure Conversations
* Metadata Exchange
* Resource Transfer

What concerns me is calling this the "Identity Metasystem" while explicitly setting the scope around Information Card technologies with the majority -- if not all -- of the input documents being authored by a single company (in this case Microsoft).

Thoughts?  How might this example shape what it means to support the Open Web?

--David

[Marc Canter]

I wouldnt worry about any of these goings on.  BigCos have full-time people who go to standards meetimgs - as their jobs.

They need to keep things churning or else they lose their jobs.

Kim Cameron built some coolio stuff at Microsoft and it's getting uptake.  Its way out ahead of what we're doing - and one day we'll apprecaite te groundwork he's laid. The fact that entire legions of people now have conferences, set up orgs and propose standards around info cards - does not mean that Kim is doing teh wrong thing.

What's wrong is burecracy, professional standards committees and teh entire system of corproate identity management.

I bet folks at the Dataportability.org could weigh in on how to set up bureaucracies, governance and have many meetings to discuss proper procedures and elect officers.

Cuase I sure as hell hope OWF ain't gonna do that.

[Ben Smith]

> What concerns me is calling this the "Identity Metasystem" while
explicitly
> setting the scope around Information Card technologies with the majority --
> if not all -- of the input documents being authored by a single company (in
> this case Microsoft).

While an 'Identity Metasystem' may be a luadable goal to aim for, its
reliance on Info Cards at its core is clearly a problem. This makes
implementation/adoption an all-or-nothing option. I am interested in
'Policy language frameworks and attachment mechanisms', but if the
definition and delivery of policy information is tied into Info Cards
then my implementing this relies on my also supporting Info Cards,
along with any parties that I want to federate this information to!

This example teaches us an important lesson about the modularisation
of the technologies that we specifiy for the Open Web, that a
technology should be developed to do a job and do it well, without
reliance on any other specification. The Unix philosophy is well known
and relevant (as it always seems to be).

For example, if OAuth had specifically defined the authorisation of
OpenIDs then it would have been a bit rubbish, and would have failed.
It is correct that now, a while after the creation of OpenID and
OAuth, people are describing how best to use them together.

Obviously, authorship by a single company (especially one with a
vested interest) is a problem, but one not worth my discussing at any
length.

Ben Smith

[James Tauber]

On Jul 25, 2008, at 4:55 AM, David Recordon wrote:
> What concerns me is calling this the "Identity Metasystem" while
> explicitly setting the scope around Information Card technologies
> with the majority -- if not all -- of the input documents being
> authored by a single company (in this case Microsoft).
>
> Thoughts? How might this example shape what it means to support the
> Open Web?
>

How do we balance concerns like this with a desire to be an incubator
for whoever wants to come to OWF to develop a specification?

In other words, how would we (or would we even want to) discourage OWF-
based specifications whose input documents are authored by a single
company?

Having a free market of specifications will very possibly lead to
cases where competing specifications are worked on some of which are
driven by a single company. Do we try to discourage this (at the risk
of it no longer being a free market of specifications) or live with it?

James
--
James Tauber http://jtauber.com/
journeyman of some http://jtauber.com/blog/

[Steve Ivy]

For the purposes of discussion, if a single company wants to put a
specification out there, and disclaim all IPR over that specification,
it seems to me that the OWF *could* accommodate them. Granted, that
isn't to say the result would be practically useful.

On Fri, Jul 25, 2008 at 9:42 AM, James Tauber <jta...@jtauber.com> wrote:

> In other words, how would we (or would we even want to) discourage OWF-
> based specifications whose input documents are authored by a single
> company?

--
Steve Ivy
http://redmonk.net // http://diso-project.org
This email is: [ ] bloggable [x] ask first [ ] private

[DeWitt Clinton]

I sent around some thoughts on this topic to the earlier planning list before we went live, but I think it summarizes my position rather well, so I'll copy it again below.

(The short version being, no -- a single-sourced technology is not sufficient.  Diversity of contributors is a necessary condition.)

But since you asked ... in my opinion, the diversity of contributors is what matters most.  And the means by which that diversity is achieved is absolutely critical.  So yes, until a technology is given a chance to be iterated on and improved publicly, it really isn't open web.  While a group could (and often times should, in the interest of expediency and keeping true to a vision) start with a smaller number of voices involved, it doesn't become open web just because an open IP license was slapped on it at the end.  The technology still needs to be matured out in the open, and the maintainers need to demonstrate the willingness and capability to accept contributions, and to ensure that the opportunity to contribute is granted as broadly as possible.

This has a practical consequence for the foundation as well.  I suspect that we all hope that many established, but presently proprietary, technologies will be taken through the OWF incubation process.  That incubation will ensure that the public has the opportunity to comment on and contribute to the technology.  And importantly, during incubation the maintainers must also demonstrate their own ability to attract and sustain that diversity.  Combine that open development process with sound IP policies (to ensure that what is open, stays open) and just maybe we'll have a few more technologies to embrace into the open web.

And for those that don't know the OAuth story that Phil alludes to, it is a good example of the open web in action.  Development started out first face-to-face, then moved to an invite-only mailing list (not exactly confidential, Chris invited 51 members!) to get something concrete on paper before going fully public.  It then moved over to the current list, a list that anyone can ask to join, and it now stands at over 500 members.  Several months of public development later and 1.0 Final was released with a remarkable 17 authors listed.  Not bad for a short little specification developed as a grassroots effort.  The archives at http://groups.google.com/group/oauth/ are quite revealing about how people came to learn about OAuth and began to participate and contribute.

Compare this with say, Google simply applying an open IP license on AuthSub and renaming it Open AuthSub.  Not a bad thing, per se, but it wouldn't have been open web, not without the same discipline that OAuth went through.

So yes, I do think development process matters a great deal.  A license alone does not make the open web.

Would the OWF accept a single-sourced project into incubation?  Definitely, provided the owners demonstrate the will to open it up to others.

Will it graduate if it remains single-sourced?  Not a chance.

Cheers,

-DeWitt

[Stephen Paul Weber]

> For the purposes of discussion, if a single company wants to put a
> specification out there, and disclaim all IPR over that specification,
> it seems to me that the OWF *could* accommodate them. Granted, that
> isn't to say the result would be practically useful.

Isn't that what happened with Microsoft and the ECMA when it came to
OOXML? Just dump the spec and run. Not sure there is value in that
sort of thing.

As has been said, if we have an open process and someone else wants to
use it because it's good and manage it themselves, cool. Knock
yourself out. Not sure it would be worth OWF resources.

--
- Stephen Paul Weber (Singpolyma)

Web: http://singpolyma.net/
Twitter: http://twitter.com/singpolyma
IM: singp...@gmail.com

[scottw]

DeWitt - please could you define "Graduate"?

For example, would a spec, once contributed to OWF for incubation,
then be unable to be submitted at any point by anyone to an open
standards body, such as IETF? Would this be prohibited under licensing
terms? How would such submission then be supported?

[Chris Messina]

Agreed. We don't want to become a dump for [open] specs.

This is why I come back to the Creative Commons analogy (only because it's informative, nor normative -- i.e. serves as an example we're probably more familiar with than the unknown). Creative Commons doesn't dictate what art or creative expressions can use their licenses. Anyone can. But for projects that are taken under the CC organization, clearly some heuristics are applied, sometimes evenly, sometimes not... it does, and in some ways, should, depend on the nature of the project being considered and the types of individuals involved.

That said, we should be as open as is sensible, feasible and adds value to the overall proposition of the OWF... and no more.

;)

--
Chris Messina
Citizen-Participant &
 Open Source Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private

[Danese Cooper]

IMHO, this is one of the great things about emulating Apache. The
Incubator was in part designed to avoid exactly this behavior (which
Apache suffered a couple of times before it got wise).

Danese

[Brad Neuberg]

Quick question about specs graduating. If something graduates, does that mean that OWF endorses them?

[Chris Messina]

Of course we'd need to define what "endorsement" means or entails -- but I think that a baseline definition of having "graduated" is that all the IP for a given specification complies with or is governed by a set of known/published OWF agreements...

Chris

[Elias Bizannes]

Some pretty interesting insights shared about the future of OWF,
thanks.

But back to Canter's point, and as has been raised by others in the
threads, OWF cannot avoid a formal process for decision making.
Bureaucracy has negative connotations, which in reality is simply
cattle herding for humans, who in group settings, can be a pain in the
arse. I'm very much a people person, but damn I hate people.

If it's a legal entity, it will need a board. That's fine, but as soon
as talk about having a community that drives the actual foundation,
things start to get complicated. Accountability, authority, and
credibility suddenly start to give you head aches. Overall, the
credibility of OWF depends on the balance, and having examined this
myself in recent months with the DataPortability Project, I can assure
you it's not easy nor straightforward.

I'm happy to contribue, if need be, on the process requirement as the
DataPortability Project has invested over 100 man hours on developing
a formal decision making process based on the collective wisdom of
people with experience in the area. The OpenID foundation was
investigated in our review and we also had on the team the executive
director of Liberty Alliance, who was also involved in the Identity
Commons set up I believe. Believe it or not, our model actually is as
light weight as possible, and is based upon Robert's Rules of Order
which most US instututions use as a framework but adapted for our
requirements as an online community with no membership in the "paid my
dues" sense.

Using the ASF model is a good base, but don't forget, it has a unique
culture. What might work for ASF for code, doesn't translate one for
one with what (I think) this Foundation is set up to do. As Ben Laurie
said, "The lesson the ASF learned is that you actually do have to
require governance and process or you end up with some very
dysfunctional projects." [1]. That's exactly what happened with us at
DataPortability[2], and it cost us months of productivity with petty
arguments that I hope OWF doesn't have to experience.

[1] http://groups.google.com/group/open-web-discuss/msg/8adbb7d6d7d18175
[2] http://liako.biz/2008/07/the-dataportability-governance-framework-a-template/

[Eran Hammer-Lahav]

I don’t think the foundation will endorse or certify anything. I think individuals will endorse it and then hopefully companies by implementing it. Graduating means it was done in an open way, got reviewed by enough people, and is legally free for adoption.

EHL

[Eran Hammer-Lahav]

Seems like many people you interact with have a similar reaction... :-)

EHL

On 7/25/08 10:36 PM, "Elias Bizannes" <elias.b...@gmail.com> wrote:

[Aaron Cheung]

The headaches at DP stem from complications of the leaders, *not*
the community, to set the record straight, from my perspective.

Nine months passed, and DP can't even decide whether to form a
non-profit or not.. and you just seemed to have said DP supporters
cost DP months of productivity with petty arguments.. so, the DP
leaders are holier-than-thou? com'on.. don't take this kind of
attitude to contaminate a new place.. /ac.

[Marc Canter]

one thing I feel confidant in - the founders of OWF won't let that happen.

:-)

[David Recordon]

Thanks for the vote of confidence, though let's focus on what we all can do to make OWF successful. :)

[Elias Bizannes]

Apologies, I didn't mean any malice. I simply wanted to make the point
that 'process' needs to be formalised, or OWF will suffer a lot of
things we had to learn the hard way.

[David Recordon]

This is how I see another analogy with Apache.  There is the Apache license if you want to use it anywhere and then there is the incubator within the Apache Software Foundation.  I think we should have the same sort of thing.  IP documents if you want to apply them to your own work whether it be an open specification or not.  Then the incubation process which helps create successful communities and specifications.

--David

On Fri, Jul 25, 2008 at 1:37 PM, Stephen Paul Weber <singp...@gmail.com> wrote:

[David Recordon]

Agreed that we need to have some processes.  I think people have ideas in their heads and this list is helping to start get pieces down.  From there we'll need to actually write them up, but with the goal of remaining as lightweight as possible.

[Phil Wolff]

So, picking official OWF projects reminds me of the traditional VC-style gauntlet with gates and screening of potential candidates that fit the firm's idea of a winning startup for their portfolio. Startup teams compete for the pool of resources (money, advice, process, connections, reputation) by trying to squeeze their ideas into the form that fits the VC portfolio.

Anyone survived or failed that sort of gauntlet?

Lessons learned from VCland we can apply to designing the OWF project pipeline?

[Eran Hammer-Lahav]

You can look at it this way as picking official projects, but in practice this is just about asking for help. Getting through the process of making specs requires lots of experience. We are going to find people with that experience willing to help. These people will decide which projects they want to help. I don’t envision a process in which me as a member want to mentor your spec, but the membership votes against me doing that.

EHL

 <http://wiki.dataportability.org>