Sxore is disappointing not in itself, but mainly because it comes from Sxip, the very company whose mantra is “user-centric identity, decentralized identity”. We are looking forward to take a look at the very promising and upcoming release of Sxip 2.0, but with Sxore they missed the opportunity to test Identity 2.0 against a real-world problem.

I’m afraid we’ve been involved in a much larger topic than the one we intended to address.

Often I struggle to find the right words for my posts … just to discover that someone else already wrote with a brilliant and remarkable style about the very same stuff that I’m mumbling about.

It’s the case of my previous post “Identity is not reputation” confronted with James Kobielus post “imho identity privacy reputation” (November 2005).

Our original proposal was trying to convince identity providers to add reputation management as a built-in application within their systems. That was wrong. As Phil Windley said in a recent post

[…] reputation is computed from identity and transactional data.

Our recent proposal (a schema for handling the reputation of people posting comments to blogs) was based on the assumption that reputation management should be tightly coupled with identity management.

UPDATE - We received lots of brilliant feedbacks about our proposal. A revised version is now available [here][98] with more “philosophical” background [here][99].

In my [previous post][1] I mentioned a [recent article from Dion Hinchcliffe] [2] that is based on the following assumption: anonymity is extremely difficult to handle (look at what happened with the

Few days ago Massimo Mantellini brought to my attention this Wired article from cryptography guru Bruce Schneier. It’s a brilliant short essay that explain how bold is the error of those confusing anonymity with accountability and how important is the quest for accountable systems, especially those accessed by anonymous users.

If someone isn’t accountable, then knowing his name doesn’t help. If you have someone who is completely anonymous, yet just as completely accountable, then — heck, just call him Fred. History is filled with bandits and pirates who amass reputations without anyone knowing their real names.

Then I came across this post from Dion Hinchcliffe. Dion has a completely different vision and is ready to give up anonymity for the sake of preserving the writeable web!

Of course, there will be attendant problems with this approach including a rapidly vanishing anonymity on the Web. But that just might remain a nice artifact of being a read-only Web user.

I don’t believe anonymity is just a “nice artifact of the read-only web”, it’s an important part of our everyday life. Most of our time we are in an anonymous mode: when we walk the streets of our towns, when we pay cash our newspaper, when we attend the Sunday Mass, when we watch tv at home, ….

But Dion wishes for a different world:

[…] controlling anarchy on the writetable Web might be as simple asking that folks flash their Identity 2.0 credential right before they change something on the Internet. This ensures their personal identity is attached to the change. And creating a verifiable chain of evidence might be all it takes for people to act more responsibily. Wiki vandalism, comment flaming, and other forms of anonymous mischief on the writeable Web may be eliminated forever when you know that your ID will be attached to it in perpetuity, affecting your hireability, possible suitability for public office, and more, forever.

How scaring! Thankfully the day after I could read Rob Hof post about the same topic and it was a real relief. Suddenly I felt less of an anarchist …

Some people—perfectly good people with insightful opinions—simply don’t want to be identified in some circumstances. Their employers may object. They’re worried about government intrusion. Maybe they’re just shy.

I always thought that Identity 2.0 should give us more freedom, not “creating a verifiable chain of evidence” for anything we do online. I always admire the pragmatic and sensible approach of Dick Hardt to identity, in his answer to Rob he says:

A goal of Identity 2.0 is to mimic aspects of identity transactions that work well in the physical world. We all have different personas depending on context. I present different aspects of myself depending on wether I am interacting with my mother, my friends, my employees, a server at a restaurant, or my banker.

Right, but please remember that for the server at the restaurant you often are just a perfect stranger and hopefully an accountable one!

While showing your identity is easy (exhibit an ID card, logon to a web site), proving your accountability is more difficult and needs more complex infrastructures (technical or social) like the nexus of your professional relationships or the eBay feedback system.

No wonder that there are more people working on identity and much less on accountability. But we need both.

PS - Clipperz, not this blog but the service we will soon reveal, will definetely be an anonymous service. One like you have never seen before. And you can hold us accountable for providing you with real anonymity!

(thanks to Google Image)

Riya is a service based on facial recognition technology that enable user to spot known people in their photo collections and automatically add tags. See this early review from Techcrunch. I’ve requested an invitation to Tara Hunt, Riya chief blogger, and I’m looking forward to test it on my 2 thousands wedding shots.

But wouldn’t be nice to use Riya as a single sign-on (SSO)platform?

Imagine a web service XYZ that, during the creation of your account, asks to submit a pictures of your face. Then, any time you need to authenticate with XYZ, you can fill in the usual username/password form, or just stare into your webcam. The webcam sends your face straight to a Riya server, meanwhile the XYZ login page send a request to Riya to check if there is a recent pictures of your face matching the face associated to your account in the XYZ database.

The sensitivity of service XYZ will determine how aged could be the picture in the Riya server in order to succeed in the authentication. Less than five seconds for an online banking service, one hour for your web based email, one month for your social bookmark site. (of course given that all requests come from the same IP address)

Since most of our laptops, desktops and mobile phones are equipped with a camera, this scenario could be not science fiction.

[Clay Shirky][1] was the first to [come up][2] with the idea of “augmented tags”.