It’s about time I did this … Let’s start with Wikipedia’s definition of reputation:

Reputation is the general opinion (more technically, a social evaluation) of the public toward a person, a group of people, or an organization.

Following the link towards social evaluation, we learn:

The evaluation of an entity x is "a belief of an evaluating agent e about x’s usefulness with regard to a goal p".

So, in order to determine the reputation of, say, a person x on the ‘net, we need:

• agreement on the person (x)
• agreement on the goal (p)
• a set of entities (e) that are, or have evaluated the usefulness of x with respect to p.

For example, let’s take the blog comment spam problem as an example. For this example, the goal p could be stated as "permit as many blog comments as possible on my posts, while keeping the amount of spam down as much as possible." In order to determine whether or not I (or my software, on my behalf) should let a new comment through, I thus need to be able to:

1. determine who submitted the comment (x)
2. determine a suitable list of entities (e) that have an opinion on the reputation of x
3. obtain their evaluation
4. form my own opinion, based on the evaluations of the entities e, potentially taking into account the reputations of the various e’s.

YADIS/OpenID/LID directly address the first of these. Unless I can be sure who x is whose reputation I am trying to determine (i.e. I need to be sure that nobody can pretend to be somebody else), no reputation approach will get very far. YADIS/OpenID/LID provide a number of the facilities to do so, e.g. based on shared Diffie-Hellman secrets or decentralized private/public key pairs, either browser-based or software-agent to software-agent.

YADIS and LID also address the second: with the LID FOAF profile, or by making FOAF a YADIS service, I can determine a list of entities, provided by x, who I could consult to obtain their evaluation. (example: some person x commenting on a technical article could point to having been a book author or blogger at O’Reilly, which would increase their reputation among most technical people).

On the third item, one could easily build an additional LID profile that allowed reputation queries on the entity’s identity URL. Nobody has done this yet, as far as I know, but doesn’t appear to be very hard.

Compounding scores is a bit trickier and outside of the realm of YADIS/OpenID/LID. But that’s where the core problem of reputation services is, not in the previous three items, which essentially represent the necessary foundation before reputation services can really be built. Fortunately, this foundation is rapidly becoming a reality… dear reputation guys, I hope you are not re-inventing the identity wheel but focus on the actual reputation bit!

Esther Dyson invited me to join the roundtable she’ll host at the upcoming PC Forum on:

The accountable Net: Trust, reputation and identity

Other participants will be from TRUSTe, Karmaphere, Attentiontrust as well as Verisign and Microsoft.

I quite enjoyed being on a panel last year at PC Forum and feel honored to be on again this year.

Some of the talk to build and open-source version of InfoCard has come in the open today with IBM and Novell’s announcement to support project Higgins, a brainchild of Paul Trivithick, John Clippinger and Mary Ruddy. Congratulations, guys!

While we’re on the subject of conferences, I’m also going to speak at Mix ‘06, Microsoft’s "72-hour conversation" on technology in Las Vegas.

I’ll be joining Kim Cameron and a few other people on a panel titled:

Today’s Identity Crisis, and the Identity Metasystem on Tuesday, March 21, at 1:30 pm.

Thanks, Kim, for having me!

I realized that some people might interpret (construe?) yesterday’s post about InfoCard Issues as some kind of attack. This is not my intention. There are many things that are right about InfoCard, and I definitely want to acknowledge that, and publicize that.

So here is my current list. If you have comments or things to add to the list, please leave me a message.

• InfoCard is timely. As the number of website registrations (and corresponding scams) keeps going up as it does, we need improve security across the board, and InfoCard certainly can help with that.
• If things keep going well, Kim and his colleagues at Microsoft will have done us all (and I mean the entire industry) a great favor. There are some things that only Microsoft can do in this industry. This is one of them, which is why I agree with Kim that there is a great opportunity here to get this right. (and which is the reason I point to the things that might be going wrong.)
• The visual metaphor of cards for InfoCard, while not new, is a good one for the kinds of use cases that InfoCard is after.
• Starting from a list of principles (his laws) was a very good approach to take to come up with a design. Lots has been written about those, and I don’t think I need to add to those.
• Building on top of standard protocols was the right choice. Not too long ago Microsoft would have built its own protocol, and it’s a sign of the times, and of the influence of people like Kim, that that ain’t so any more.
• Microsoft is not the sole identity provider, as they were in case of Passport.
• Last week, I saw Kim demo how to use InfoCard to log into Word Press. He said it took about a 100 (I think that’s what he said) lines of code in PHP and he was going to publish that code on his blog. If it is indeed that easy for a LAMP-based app to make use of at least some basic features of InfoCard, that’s a great thing and takes off a lot of the WS-* concerns about InfoCard (see also Julian Bond’s enthusiastic comment)
• This week’s positioning of InfoCard in the press was very clever. Instead of even talking much about identity, it was essentially positioned as a password manager with a pretty GUI. That might make some people uneasy, but I think it is a good way of educating the public.
• Of course, after Scobleizer Kim has probably done more than anybody at Microsoft in recent years to reach out and have a dialog with the market. I’m sure he’s getting a least some grief internally about that, but it’s great he is doing it. Certainly I have benefitted from that, and many others.

I’ll add to this list as I think of more …