Morgan Stanley has published a very detailed report on the state of the mobile internet. Best of all, for free. (How did that happen? But then, I’m not complaining …)

Out of the hundreds of slides, I’m quoting two which speak for themselves. Notice that ARPU is going down at the same time many markets are saturating and new competitors show up. Be afraid, carriers, be very afraid.

It was at the end of 2004 when I decided to start telling the world about this silly little idea I had had about a year before: give every person on the internet a URL that they could use to identify themselves to any website. Fully decentralized, no permission needed from anybody, under control of the user and so simple to implement and host, it could literally be everywhere.

This week the OpenID Foundation announced that now, exactly 5 years later, more than one billion identity URLs (now called OpenIDs) are operational on the internet. Not bad, I’d say. From 1 to a billion makes a compound annual growth rate of something like 6300%, over five years.

Time to compare the original vision with what it turned out to be. Well, some salient aspects of it anyway:

I did not run for the OpenID Foundation’s Board of Directors this year. I think I’m done there: I’m more of an inventor and innovator and entrepreneur than somebody excited about the daily grind of non-profit work of getting those billion OpenIDs used more every day, one day at a time.

Looking backwards, I think I need to be supremely amazed that this “silly” idea has had such amazingly powerful legs to walk that far. To be clear, if I hadn’t thought of it (and my wife Tammy hadn’t prototyped it), somebody else would have within a couple of years, most likely. And many, many people brought their ideas into the picture without which we would not have come to where we are. Thank you all, this is a story of collective barnraising. Success always has many fathers parents, and I mean that sincerely; in this case probably about a dozen. But still, it’s amazing to look back and trace a straight line over 5 years to the idea of the barn in the first place, and its basic architecture. Here it is, the barn, 5 years later, a billion strong. Not many times that anybody can claim to have had a hand in sparking something that became billions.

The jury is still out whether any meaningful money can be made around this. But I’m getting more optimistic: a billion is hard to ignore, in particular if all major players are on board, which they are. So going into 2010, I’m feeling like it’s time to do some serious business, and I think I know just where to start (contact me if you like)

So far, so good

Happy Holidays to you all!!

I wanted to write about this for a long time. A wait in the doctor’s office has its uses …

Here is an example scenario from the real world:

Like many schools these days, my son’s school has a website where teachers enter current assignments and grades, and students and parents like me can check on student progress. Of course, access to any one student’s information must be limited to those people who are allowed to see it, such as his teachers, the student himself and his parents. To solve this problem, at the beginning of the school year the school provisions an account for each new student, and an account for his parents, and assigns a username and a password to each of them. Then, the school prints out a sheet with the account names and passwords and hands it to the student, who is supposed to not show it to anybody and give it to his parents.

Yeah, right. If your kid is anywhere like mine, both of these “supposed to” are major hypotheses with wholly uncertain outcome.

Even if the sheet eventually reaches me, I now need to remember a new username that I don’t relate to (some funny number, the school can’t know what I usually call myself on-line) and yet another password.

Unfortunately, this anti-pattern of provisioning an account with a credential and then distributing account identifier and credential to the supposed user is very widespread. Just think of banks: “Here is your new account number and you’ll receive the PIN in the mail”. While the postal service is undoubtedly more reliable in delivering the credential to me than a middle schooler is, having the (necessarily unencrypted) credential traverse via an essentially unsecured (and unreliable) channel is the same, avoidable problem.

The solution? It’s an underappreciated feature of OpenID that allows us to turn this situation around:

Let’s say I have an OpenID; most people do these days, whether they know it or not. When my kid registers for school, I not only hand over information about my name and address and emergency contact information as I do anyway, but also my OpenID. There is nothing secret about that OpenID, so there is no problem. The school provisions the account, adding my OpenID to the Access Control List. That’s all. No new username, no new password.

Using OpenID, I now can securely access the account, nobody else can, my kid does not need to deliver any confidential information, and I don’t need to remeber any more usernames and passwords. And the school does not need to print sheets, reset passwords and help all those parents who, mysteriously, never received the sheet with the usernames and passwords because it was thrown out with the lunch wrapping paper or grabbed by some other kid when mine wasn’t looking.

Same thing for the bank. Which is more secure: letting me access my banking account with my, say, Yahoo OpenID, or sending me my password in the mail? Thought so …

Time to get rid of the credentialed account provisioning anti-pattern.

Or should have said “spot the similarities”?

Today, two pieces of news came in right after each other:

• The US Federal Government’s Beacon Community Program has been given $235 million of taxpayer money for “… interoperable health IT and standards-based information exchange within and among providers, hospitals, and populations” “within 15 diverse communities throughout the United States” (see announcement).
• Also, Yahoo announced that they will “deeply integrate” their properties with Facebook’s in order to “provide one place for people to access information and stay in touch with the people they care about most” for their user base of “500 million” (see announcement). No money will change hands as far as I can tell.

Here are the questions:

• How come it needs $235 million of taxpayer money for a mere 17 communities to make some (limited) amount of progress on exchanging data, if Yahoo and Facebook can roll out these kinds of integrations for more people than there live in the US on their own dime?
• How come the $2 trillion+ healthcare industry does not do these kinds of strategic projects on their own? Nobody could reasonably argue the business case in healthcare (save percentage of the $2 trillion) is smaller than Yahoo’s and Facebook’s (a percentage of their revenue, which is in the $10 billion ballpark).

The detractors will say: these things are not comparable, and the announcements have nothing to do with each other. And go back and lobby for more government handouts right after, I presume.

Having worked both in a web 2.0 kind of information interchange environment (e.g. OpenID and friends, in recent years) and a healthcare and “deep semantics” environment (e.g. via our InfoGrid project, for a long time), I beg to differ. Most of the technical hurdles are the same, most of the organizational hurdles are, and while healthcare cares more about security, the web 2.0 world cares more about real-time data exchange, for example. On balance, a wash.

So here’s the challenge to the government that is spearheading health IT, for better or worse (and I am planning to submit this as a comment to Dr. Blumenthal’s blog as soon as I have it up here):

I assume we all agree that an environment in which leading-edge companies innovate on their own to the benefit of their customers is better than one in which the government has to spend large amounts of money to drag along kicking and screaming “participants” — as it is so common in health IT. How do we turn US healthcare IT from the latter to the former?

Or, to put it differently: what is the administration doing so the next Mark Zuckerberg starts a “Healthbook” instead of a “Facebook” and revolutionizes, with the corresponding benefits for everybody, healthcare IT instead of social networking? If the $235 million were spent on that question, now that’d be something!

See my post here.