PayPal X Innovate is around the corner

It’s nearly time for the second annual PayPal X Innovate conference — October 26 and 27 at Moscone Center in SF. The PayPal X developer network has not only the coolest domain known to humankind, but it also hosts the Innovate conference, which is all about making the future of money happen.

Praveen Alavilli has slipped me a great discount code for y’all to use: “LETSINNOVATE” will get you $100 off the registration fee.

Ashish Jain and I will be there talking about identity services progress and plans, and also listening intently: we’d love to talk with online retailers and e-commerce developers about how you see digital identity playing a role in your apps and your payment needs.

Folks from Janrain will also be there, discussing social sign-on trends in retail. They’ve posted an excellent roundup of everything you can hear and experience at Innovate, and they also share some news about the OpenID Foundation’s new Retail Advisory Committee.

See you there!

Personal RFP Model and Information Sharing Report

The Kantara Information Sharing group, led by the intrepid Joe Andrieu and Iain Henderson, has been doing a ton of work to make the business justifications for Vendor Relationship Management scenarios concrete and and the use cases actionable.

The group has two documents out for review, and seeks your input. (I’m really tardy blogging this; comments are due tomorrow, but I’m sure they’d be welcome even coming in a little late…) See Joe’s writeup for document links and descriptions.

Here’s a taste of the pRFP document:

Sally uses a Personal Request for Proposal (pRFP) to solicit offers for, negotiate, and purchase a new car through the MyPal pRFP Broker. She has previously researched her options and made up her mind about the kind of car she wants to buy. She has also secured financing and credentials asserting that fact. Sally’s information is maintained in a personal data store which provides it on demand for use by service providers and vendors. On the Vendor side, Frank at Chryota of London responds to Sally’s Personal RFP (pRFP), using a hands‐on approach that integrates CoL’s CRM system, MyPal, and Chryota Manufacturing’s CRM program HEARING AID, which is managed by Jimmy.

The Info Sharing Report is interesting too, but in a totally different way; it’s chock full of interesting statistics and trends around the cost of acquiring customers and the privacy pitfalls of the current ecosystem.

Check ‘em out, and send in your thoughts.

Identity tweetup at OASIS conference next week

Ian Glazer and I were planning a get-together next week at the OASIS Identity Management conference in D.C., and he suggested we make it a tweetup (bona fides established here). So if you’re in town because of the conference, or just…around, join us at Buffalo Billiards next Monday at 6ish.

The agenda looks solid, and since it’s arranged in a single track, should get some intensity going. I’m looking forward to participating in the privacy/identity/cloud computing session led by Jim Harper on Monday.

The conference hashtag is #oasisidm (RSS). If you can’t make it out, you can at least follow the fun from home.

(For all pool hustlers flying in, remember: cue sticks are prohibited items…)

Making identity portable in the cloud

Yesterday I had the opportunity to contribute to BrightTALK’s day-long Cloud Security Summit with a webcast called Making Identity Portable in the Cloud.

Some 30 live attendees were very patient with my Internet connection problems, meaning that the slides (large PDF) didn’t advance when they were supposed to and I couldn’t answer questions live. However the good folks at BrightTALK fixed up the recording to match the slides to the audio, and I thought I’d offer thoughts here on the questions raised.

“Framework provider – sounds suspiciously like an old CA (certificate authority) in the PKI world! Why not just call it a PKI legal framework?” Yeah, there’s nothing new under the sun. The circles of trust, federations, and trust frameworks I discussed share a heritage with the way PKIs are managed. But the newer versions have the benefit of lessons learned (compare the Federal Bridge and the Open Identity Solutions for Open Government initiative) and are starting to avail themselves of technologies that fit modern Web-scale tooling better (like the MDX metadata exchange work, and my new favorite toy, hostmeta). PKI is still quite often part of the picture, just not the whole picture.

“How about a biometric binding of the individual to the process and the requirement of separation of roles?” I get nervous about biometric authentication for many purposes because it binds to the bag of protoplasm and not the digital identity (and because some of the mechanisms are actually rather weak). If different roles and identities could be separated out appropriately and then mapped, that helps. But with looser coupling come costs and risks that have to be managed.

“LDAP, AD, bespoke, or a combination?” Interestingly, this topic was hot at the recent Cloud Identity Summit (a F2F event, unlike the BrightTALK one). My belief is that some of today’s tiny companies are going to outsource all their corporate functions to SaaS applications; they will thrive on RESTfulness, NoSQL, and eventual consistency; and some will grow large, never having touched traditional directory technology. I suspect this idea is why Microsoft showed up and started talking about what’s coming after AD and touting OData as the answer. (Though in an OData/GData deathmatch, I’d probably bet on the latter…)

Thanks to all who attended, and keep those cards and letters coming.