Looking through iPhoto today, I came across this picture from PC Forum 2006. This was the afternoon coffee meeting in which the idea of OSIS was born between Mike Graves (Verisign, left), Kim Cameron (Microsoft, center) and myself (taking the picture) was born. I keep being asked that question, and here’s the evidence …

As to the identity of the guy underneath the towel, I can only refer to the speculation here (which has a different perspective than my picture of the same scene).

He writes, in response to posts by Dave Rosenberg and Adam Fields:

A good first step would be a well-accepted service description language for HTTP-based Web APIs. WSDL doesn’t work in RESTian services and there’s no RESTful alternative. Moreover, most people don’t even see the need. Well, read Dave and Adam’s posts–there’s the need staring you in the face. The only way that we’ll get to a place where Web 2.0 apps are more easily integrated is when we have a service interface description language and other metadata standards for RESTful services.

I agree, and have something to propose: the LID, OpenID and XRI digital identity technologies are REST-ful. When we needed to have additional metadata around those REST-ful services to accomplish interoperability and intermediation — just like the case that Phil describes —, the people from these three initiatives jointly constructed the Yadis metadata discovery framework to solve this issue.

.

Yadis is a general-purpose mechanism by which "service types" can be associated with service URIs, such as RESTful identity URLs. It works just fine for digital identity purposes, and there is no reason to assume it wouldn’t work for other purposes. In fact, during Yadis design, we were very concious of the fact that there may be many other applications areas for Yadis that have nothing to do with identity, and Phil’s requirements are examples for those.

And if you think Yadis is not expressive enough, you can always add more meta-data through XML namespaces.

P.S.: I’d love to hear feedback if you use Yadis for purposes other than identity.

He writes:

To me, and therefore (by ego-orginated projection) to every other non-technical person in the world, user-centric identity centers around the first person possessive pronoun: my.

It’s my identity. It is not one conferred upon me by an organization outside myself. It is not a representation of me in a context other than my autonomous and independent self, operating in the larger world we call the marketplace. This is the identity we hope to more fully empower by our various projects.

Hey Doc, I think I still qualify as a "technical person", but I fully agree with you! This is what it is all about; it’s not about protocols and user interfaces and standards and phishing protection and cryptography and what have you. It is about technology allowing my electronic identity to emanate directly from me, not from some kind of, usually self-appointed, "provider" of my identity who somehow is considered to be a more authentic source of my authentic self than I myself.

It is about that quintessential American idea of all power emanating from the people, and only from the people. Not, as I put it in my remarks at Harvard recently, to be at the mercy of some kind of "landed gentry" of identity that says, in so many words: "society will disintegrate unless there is a ruling identity class, without whose consent, you cannot possibly hope to participate in the inter-personal and commercial relationships on the global network called the internet." User-centric identity is fundamentally the same cause that led to the personal computer, from the impersonal mainframe, to blogging, from the Big-3 Networks, and to democracy, from the feudal system. It is A Big Cause!

Throughout history and regardless of domain, whenever people started to route around their particular version of the landed gentry, the resulting freedom has created an incredible amount of creativity, and value creation for a much longer tail than previously imagined. That is the big idea, and the big revolutionary opportunity; if there wasn’t a big opportunity like that, I’d certainly be working on something else… and I’m sure that’s also true for so many others, including Doc!

With many great links is here.

If you care about:

• security in technology
• global security
• international relations and foreign policy
• very unlikely-sounding, but true stories including untraceable poison pellets inside modified umbrellas for assassinations (that actually occurred) and things of that nature
• or you have an opinion on international affairs today, regardless of your particular political views.

I insist that you go out and buy yourself The Sword and the Shield: The Mitrokhin Archive and the Secret History of the KGB (and also Volume 2, if you want a global view.) While this opus was on the NY Times bestseller list, few people seem to know it, and that’s a shame. From the introduction:

In early 1992, a Russian man walked into the British embassy in a newly independent Baltic republic and asked to “speak to someone in authority.” As he sipped his first cup of proper English tea, he handed over a small file of notes. Eight months later, the man, his family, and his enormous archive had been safely exfiltrated to Britain. When news that a KGB officer had defected with the names of hundreds of undercover agents leaked out in 1996, a spokesperson for the SVR (Russia’s foreign intelligence service, heir of the KGB) said, “Hundreds of people! That just doesn’t happen! Any defector could get the name of one, two, perhaps three agents–but not hundreds!”

Vasili Nikitich Mitrokhin worked as chief archivist for the FCD, the foreign-intelligence arm of the KGB. Mitrokhin was responsible for checking and sealing approximately 300,000 files, allowing him unrestricted access to one of the world’s most closely guarded archives. He had lost faith in the Soviet system over the years, and was especially disturbed by the KGB’s systematic silencing of dissidents at home and abroad. Faced with tough choices–stay silent, resign, or undermine the system from within–Mitrokhin decided to compile a record of the foreign operations of the KGB. Every day for 12 years, he smuggled notes out of the archive. He started by hiding scraps of paper covered with miniscule handwriting in his shoes, but later wrote notes on ordinary office paper, which he took home in his pockets. He hid the notes under his mattress, and on weekends took them to his dacha, where he typed them and hid them in containers buried under the floor. When he escaped to Britain, his archive contained tens of thousands of pages of notes.

[What WikiPedia has to say about Vasili Mitrokhin.]

This book is basically an inside history of the KGB from the Russion Revolution in 1917 to after the Soviet Union disintegrated, of course slanted by what Mitrokhin thought was worth risking his life for. And of course, it is a one-sided story as we do not have a similar history for the other side of the Cold War. But:

I’m old enough to remember some of the political events that took place when they took place, and I have to say that I have to revise some of my views on those that I had at the time. Why? Simply because by reading the book I realized that so many other things happened concurrently outside of the public eye, that if I had known, would have changed my perception dramatically.

If you are "only" interested in security on the internet, this book also makes excellent reading about how professionals go about undermining whatever technologies and organizational models we are putting in place. Many of them can be translated one-to-one into the electronic realm, and some of it makes for rather scary reading.

As I said, highly recommended, for many reasons.