The cloud demands identity. Microsoft has a strong, secure, privacy-friendly identity technology that’s open, easy to federate and will transform the Web and the cloud. So why is Windows Live ignoring CardSpace?

OpenID is a great tool for logging in to a Web site that you want to use but don’t need to trust. You wouldn’t want to use OpenID to get into your banking site because it’s just not secure enough, but it’s great for not having to remember passwords for LiveJournal, Dopplr, Plaxo and the like. You log into one site and tell the others to ask that site who you are. OpenID is getting less vulnerable, but it’s simply not intended to protect really important information.

The information card system is secure; it’s protected by cryptographic keys, it’s got a user interface that makes it very clear when you’re being asked to log in to a site, what the site wants to know about you and it lets you choose from a ‘wallet’ of cards to prove your identity. That gives you security and privacy and ease of use together (which improves security by stopping people using the same password everywhere. Microsoft put it into Vista and Internet Explorer 7 as CardSpace (information cards are the generic system and there are implementations that you can use in Firefox and Safari, on Macs and Linux machines, CardSpace is just the Microsoft implementation).

And since then, I’ve been waiting for Microsoft to deliver the next pieces. A token server that a business can use to issue its own information cards, and to validate them so you can use them for access to internal apps, preferably federated so you can also validate partners. And a public service that issues not just the self-certified cards that anyone can create with their public details but managed cards that have useful information that you want to protect. When you wave your passport or driving licence in an American bar, the bar doesn’t – or shouldn’t take a copy of it; they just need to know you’re old enough to have one. Put your birthday into a managed card and you can prove that you’re over 16 for a shopping site without handing over details that could help someone hack your bank account if the site loses its customer details on a USB stick, because the site only gets the assertion that you’re old enough, not the actual day, month and year.

Issuing cards was going to be a function of ADFS at one point, because it fits wither where enterprises store identity information; for development and resource reasons it went on and off the feature list and now it’s going to be a free component in Windows Server 2008 (and maybe other versions), code-named Project Geneva. Currently in beta at www.microsoft.com/geneva, there will be a feature-complete beta in the first half of 2009 and a final version in the second half. It leverages AD and SAML and x509, it interoperates with a wide range of line of business applications and it makes using secure identities easy in a business.

That just leaves a managed card service for those of us who aren’t in a big business and I’m still waiting. And in the PDC keynote today, Microsoft announced that Windows Live ID would be issuing a new kind of identity – but it’s not information cards.

So why is Windows Live ID proudly announcing that it’s issuing OpenIDs but not CardSpace IDs? Is it because OpenID is accepted by a lot of sites? So are information cards, and if you could get an identity you could trust from Windows Live other sites would be more likely to adopt them – because it’s easy to use Windows Live ID instead of running your own username and password system. Is it because OpenID is, well, open?

CardSpace is the most open project Microsoft has ever done. The architect, Kim Cameron, has almost single-handedly changed the perception of Microsoft in the identity community, which isn’t bad for a company that was so roundly derided for Passport. The open nature of information cards “just isn’t up for discussion” Cameron says (before plunging into a discussion with senior VP Bob Muglia about why you can’t constrain the scope of identity to just in the cloud or just on the server or just on the Web or just on the desktop).

Is it because CardSpace 2 is going to better than CardSpace 1? It will let you transfer information cards from one PC to another, and when you go back to a site you’ve used an information card with before, CardSpace 2 will show you the card you used last – which means that even if a phishing site accepts information cards to try and fool you, you’ll be able to tell (and the phishing site isn’t going to get the details out of your card so scammers can’t steal it). But Microsoft has adopted the first version of plenty of its own technologies even when there has been something new and better just around the corner. And issuing managed cards today, cards that have been verified and are backed by an identity provider, would be a huge step forward.

If it’s because Microsoft wants somebody else to issue managed cards because a supermarket or a post office or a government already has relationships with people and systems for handling information – or because they look like a more natural place to prove your identity because they can prove that you have a loyalty card or a post office box or a passport – then I’d say yes, but you can’t wait for that to happen. Once the first managed identity provider proves its value then banks and services that sell you certificates will join in, but you can’t keep on waiting to go first them to go first.

I wonder if it’s the legacy of Passport. Maybe the Live team wants to be extra sure they don’t rush out with an implementation that could have problems and create another Passport backlash. Or maybe they aren’t comfortable with the way that CardSpace takes the power of identity away from the provider and gives it back to the user; issuing managed information cards would be admitting once and for all that Microsoft is never going to own user identities in the way that Passport envisaged. Everyone I’ve met from the Windows Live team so far is smarter than that, which leaves me confused. Because it’s ludicrous that Microsoft has a far superior identity technology to OpenID that it’s getting ready to offer to businesses and it hasn’t even talked about how to bring it to everyday Web users who need it just as much.

Step into the rooms of the National Museum of Computing at Bletchley Park and you’re taking a journey back in time. The whirr of paper tapes signals that the reconstruction of the Second World War Colossus is at work, cracking the same teletype codes it was designed to break at the height of the war.

Now it’s a museum piece, a mix of telephone exchange hardware and ancient valves. Even so, it’s still as fast as many of today’s desktop PCs - at least for the one specific task it was designed to handle. You can download an emulator, ready for most desktop PCs. Only the most recent PCs will be as fast - something that goes a long way to show the power of single-purpose computing hardware.

Code breaking may be the key that gets people in through the door, but it’s the rest of the museum’s collection that keeps ypu there for hours. In the rest of the rooms of the museum you’ll find old friends (and old enemies). Amigas sit next to Atari STs, while BBC Micros are ready for you to type 10 PRINT “HELLO”: GOTO 10 just like the old days. There are still plenty of gaps in the collection, but the biggest one is funding.

That’s why we were there today, to hear IBM and PGP announce that they were donating a hefty sum to the museum’s appeal. It’s still nowhere near enough. A new organisation, the museum doesn’t have the hefty bank balances other museums use to manage cashflow and property. They’d ideally like to raise seven million pounds - enough to cover the museum’s annual running costs from the interest. That’s only a pound or so per PC in the UK - something that’s easily affordable for most individuals and businesses. It’s not much to preserve the heritage of an industry that’s done more for the UK economy over the last few decades than anything else.

PGP and IBM have kickstarted a much-needed appeal - now it’s up to the rest of us (and the rest of the industry) to chip in and make sure that the birthplace of modern computing gets the museum it deserves.

I’m guessing that most of you  have already emailed your MEPs with a message roundly condemning the stealth attempts to pass legislation that will allow media companies to disconnect ordinary people from the Internet permanently just for the suspicion that they may be filesharing.

If you haven’t may I join my voice to those urging you to do so? It won’t take long (thanks to the folk at MySociety.org) and it will help preserve your rights online as well as saving the small and medium sized ISPs that do so much to keep Internet access prices competitive. It’s that last bit that’s key to IT professionals - the measures that the legislation proposes are too expensive and complex for most ISPs to implement, which will mean you’ll be left dealing with with just BT and Virgin for your business internet access - and I can guarantee that your monthly connectivity bills won’t go down as a result…

Here’s my letter. Don’t send exactly the same one - it’s your thoughts and words that matter:

I am writing to you as a constituent asking you to exert whatever influence you have with members of the IMCO and IMTR committees of the European Parliament to vote against amendments 2, 3, 4, 5 and 7 that have been introduced into the Telecoms package.

These amendments were introduced under the influence of industry lobbyists whose interests are in the attempted maintenance of obsolete business models that have become unsustainable; not only that, but they are an attempt to subvert earlier rejection by Parliament of explicit legislation to the same ends. The proposed measures are disproportionate, unworkable in practice, violate privacy and personal data security and would lead to entire families being denied access to the internet through the presumed guilt of one member. The European Parliament has already voted against them - they should not be passed by hiding them inside other important and much needed legislation.

Not only are they disproportionate, putting the onus on ISPs to detect and implement the measures required by the amendments is both an unfair measure and technically unfeasable. Many UK ISPs are small or medium sized businesses, and do not have the funds required to invest in wholesale tracking of their users’ actions. The amount of work required to implement these measures is large, and the techniques complex. The only organisations able to do this will be the incumbent carriers, reinforcing what is a de facto monopoly by putting small ISPs out of business.

There is, in fact, no way of identifying the difference between legitimate and illegitimate traffic in the manner described in the amendments. Many users use the same tools that are used to download copyright violations to install Linux, or get updates from Microsoft. If the tools proposed by the legislation aren’t perfect these innocent users will be tarred with the same brush as anyone violating copyrights. Even if it is possible to determine the type of data being accessed, it’s impossible to determine the actual state of the rights associated with it, or the intentions of the rights holders.

Innocent users also face the risk of having their home networks hijacked by third parties without their knowledge - and losing access as a result of third party actions. I’m more technically aware than most people, but it still took several weeks for me to find that someone elsewhere in my street was using filesharing software over my wireless network. Most home users don’t have access to the tools or the skills to find and identify these situations, yet the proposed legislation will make them liable for whatever happens on their home wireless networks.

I’m a technology journalist by trade, but I come from a technical background and helped found one of the UK’s first national ISPs, and also helped build the online presences of many major high street brands. The Internet has provided a boost to the economy, and these measures will reduce access to the Internet and by closing down small ISPs will increase the costs to the very users the European online economy needs.

The committees are scheduled to vote on this package tomorrow, 7th July, and I urge you to do what you can to have these amendments rejected and, failing that, to vote against the package yourself should it be presented for a vote by the Parliament as a whole.

I’m sorry that I’m sending this message with less than 24 hours to go, but I only found out about this today myself: so please do what you can to prevent these egregious and dangerous measures being codified into European law and to ensure that the European Parliament continues to represent the interests of its electors, even where those conflict with the short-term advantage of multinational corporations and their lobbyists.

Yours sincerely,

Simon Bisson

Remember you have a voice and a point of view, and it’s one that deserves to be heard.

–Simon

For years, we’ve been saying that Google would be mad to build its own operating system. It should leave the thankless task to Microsoft and Apple and Linux distributions; you can debate how good a job they do, turn and turn about, but the scale of what a desktop OS needs to do and the range of devices it needs to support is far broader than what you need to do in a browser or on a smartphone. I still don’t think Google has any plans to create its own OS, but it’s pushing beyond the browser as a development platform with Gears and App Engine and the like. Microsoft has a whole range of platforms in the browser, out of the browser and around the browser, from Windows and WPF to Silverlight to SharePoint to Office to SQL Server – to name just a few of the platforms Bill Gates touched on in his last ever keynote at Microsoft TechEd this morning.

Silverlight is a lot of things, from Microsoft’s answer to Flash to Microsoft’s answer to Web based applications. Leave aside the video plugin side of it; the fact that Silverlight 2 (beta 2 due at the end of this week) runs .NET and programs written in dynamic languages on Mac and Linux as well as Windows is the most interesting part. And it’s not just for consumer Web apps; Facebook and Hotmail users aren’t happy with line of business apps in dreary basic grey when they get to work, and Silverlight is an easy way to spruce those up without slaving over a hot CSS schema for hours.

Adobe’s Air tackles much the same problem; how do you make powerful applications for the Web that work online and off, that look good and that work without installing anything (once you have the initial plugin or runtime). Air builds on Flex, so if you’re already writing Flash, you’ve got a head start. But there are a lot more .NET developers writing business apps, so although Microsoft demos consumer apps like the Crossfader social video sharing tool it talked about today, most Silverlight apps might show up at work, using Workflow Foundation and making data from SQL Server look good.

Silverlight is a subset of .NET and Windows Presentation Foundation, so developers are using familiar skills and Visual Studio plus Expression Blend for designers, who get to work on the live project, not in Photoshop mockups.  The visual development tools also appeal to disenfranchised Visual Basic developers who’ve been wondering what Microsoft has done for them lately….  Microsoft VP Soma Somasegar said Crossfader is being built by six developers and two designers in three months, which is more like Internet time than standard Microsoft time scales.

If Silverlight’s so good, why would anyone be creating Windows applications at all? Bill Gates finished his Q&A trying to balance that question. “Yes, you’ll be able to do amazing things in Silverlight, but there will always be things that you can do in Windows Presentation Framework that you can’t do in Silverlight. Why is that so? Well, it’s so because with WPF we get to assume we have the full power of the PC; we’re not just running in a browser environment. So, take things like 3D type things, virtual world type things, take things like ink recognition or playing video back at arbitrary speeds. WPF will, because it can connect in to all of Windows, expose those services and let people do new things.

“We need to keep the Silverlight download to be fairly modest. So, if you think of what that will be versus the entire Windows environment, we have a much bigger runtime to call on. So, we’re not saying that those get absolutely merged, but we will have exactly the right relationship. And even as you’re in Visual Studio or in the Expression tools, you’ll be able to say I want to author for the Silverlight piece and to let you know that if you’re sticking to the things that work in that world.

“Silverlight will probably have almost everything WPF has today, but WPF will keep getting richer and richer as we go forward.”

That’s the Microsoft dream and it’s one direction things could go. Google is pushing in completely the other direction. Last week at Google IO, Chris Prince and Aaron Boodman (better known as the designer of the Greasemonkey Firefox extension) were explaining why they don’t want you to think of Gears as taking Google applications offline. Yes it does that, but actually Google wants it to give Web apps to have access to all the capabilities of your PC the way desktop apps do. Why shouldn’t the browser get the power of your 2GHz processor and your 300GB hard drive? Why shouldn’t they be able to send you notifications in another window or show a progress bar? Why can’t you access USB drives from inside Gears or use a GPS to tell the Web app where you are?

Google filed its name off Gears so that it has more chance of becoming a standard, either as part of HTML 5 or by becoming ubiquitous as a plugin in its own right. Personally, I’m not going to be installing it on any machine I use.

It’s not just because it has no way to limit the amount of disk space it’s going to take for its local database (used by MySpace to give you search across the whole site without having to take up space on their data centre for those pesky index files). It’s only partly because it’s going to be able to use your GPS or other tools to get your location and there is currently nothing to warn the user and no options for choosing if and when Gears can get your location. Google seems committed to harmonizing with whatever standards HTML 5 includes for the things that Gears does, and I’m not the one who will have to detail with duplicate APIs from Gears and HTML 5 to do the same thing – that’s a problem for Web developers to juggle. And the fact that Web sites like YouSendIt already have real progress bars without needing me to download a plugin is a quibble rather than a complaint.

Mainly, I won’t use it at this point because of how Chris Prince explains why he thinks Web apps are so good in the first place. “Everything in the browser is inherently safe,” he said at Google IO. “There is no cost to install a Web app, you’re not afraid to click a link, and you can navigate away with no fear it will take over your machine.” Compared to the near-paranoia that’s is Microsoft’s attitude to the Web, from the phishing filter to the way IE doesn’t get the same privileges as a desktop app to the security-first attitude that permeates the company, calling the browser ‘inherently safe’ seems a little laissez faire to me.

Adding binary data files to JavaScript will certainly make for more powerful apps. Some of them might be Trojans; if Gears gets everything Google talked about that would be able to scrape files off a USB stick, record you talking with the audio APIs, add in your physical location and do whatever you can think of with it all, good or bad. If I’m not too busy playing with whatever features the Web app disguising the Trojan has I can navigate away from it – but if it’s using Gears to run offline, has it gone away?

The browser sandbox limits the features on my system that Web apps have access to. That’s a pain when you want to build a better app in the browser – but it’s a security measure if you want to build a better way of attacking my system. I asked Chris Wilson of the Internet Explorer dev team if I was being paranoid – he was the one who’d raised the issue about privacy with the GPS location in Gears at the end of the session. Maybe, he suggested - but with the number of security issues it raises, Gears isn’t going to be installed by default with IE any time soon…

On the Internet, nobody knows you’re a dog. You can put up a Facebook page, send spam, pretend to be a bank; as long as you can read distorted characters, you can leave comments on a blog under any name you choose (I’d like to see at least one Mickey Mouse commenting to this post). Passwords are well past their sell-by date but proving your identity securely matters more and more. Identity online covers everything from throwaway accounts on forums to online banking and no one system is every going to ‘win’ - but they can learn to work together.

You can buy a hard drive from any vendor you like; as long as it fits in your PC and uses a standard interface, your operating system will take care of accessing the hardware and loading the drivers, leaving you to enjoy the storage space. The identity metasystem will do the same thing for user information, identity providers and sites that accept user details in the form of information cards. The terminology comes from Microsoft, the impetus comes from a wide range of customers and the technology comes from everybody from Oracle to Sun, IBM to Novell, the Liberty Alliance to the Higgins Project. Does it all work together yet? Not quite - but the Project Concordia interoperability workshop that opened the RSA conference today was a step forward.

Not least because for the first time Sun demonstrated an information card logon that used no Microsoft software at all; Sun’s Pat Patterson showed a system using OpenSSO v1 build 4 - which Sun will ship in the summer as Federated Access Manager 8.0, with an Oracle identity provider and Novell’s identity selector to deliver the same experience of logging in with an information card as a Vista user gets on the system using CardSpace.

Microsoft showed CardSpace sending SAML 1.1 and SAML2 tokens to a WS-Federation system. Ashish Jain of Ping Identity demonstrated a system using an information card from Sun to log into Gmail, running Vista in a virtual machine on a Mac talking to a Linux system. And systems from Ping, SymLabs, FuGen and Shibbloeth talked to each other and to Sun, Oracle and Microsoft systems using WS-Federation and SAML, transferring not just the identity of the user from a managed information card provided by a trusted identity provider rather than one the user had created themselves but also information like whether the user had provided a password or a smartcard rather than just clicked on a link.

Who needs that heterogenous a system? General Motors for a start, which is why Bob Haar, an IT architect at GM was chairing the workshop along with Microsoft’s Mike Jones and Eve Maler from Sun. Jones repeated what Microsoft is hearing from customers; “Some of the more interesting business discussions have been about risk. Certainly in the automotive industry, a decision has been made that there’s both at least cost savings and possibly minimisations of risk by going to federated authentication for collaboration with suppliers. Think about how many companies are involved in building a GM automobile or a Boeing airplane; it’s mind boggling.”

Haar explained that in a little more detail. “We think the federation gives us more control in real time to monitor and control access. There are legal and contractual aspects of setting up the business relationships and supporting for activities about auditing - if there’s a question about who changed this financial data or when it came through the federated environment, we have to have systems and procedures in place to make that happen.”

Sun’s demo didn’t use any Microsoft products at all and Patterson took something of a cheap shot by apologizing to Microsoft for that. Mike Jones smiled back and said actually, Sun had given him two of his three wishes. “I said three years ago we’ll know the metasytem is succeeding when interactions occur that use no Microsoft software, where Microsoft receives no revenue and Microsoft has no idea the interaction is taking place.” Today, the point is for the companies to be talking so they can make this all work. When it does all work, Sun wouldn’t need to tell Microsoft anything to have happy customers who could use CardSpace against a system that uses Oracle to issue identity information to connect through to another system that uses ADFS to do it. Assuming ADFS could issue and understand identity beyond Active Directory…

There isn’t a name for the next version of ADFS, or a shipping date but Microsoft promises, it will issue and consume information cards. This has gone in and out of the feature list for the next version of ADFS as shipping schedules and priorities shifted, but it’s back on the table says Jones - and Visual Studio will get tools for working with identity. “We probably wouldn’t have gotten permission to show SAML2 token support in the next version of our identity server products if we were not going to put tools into deployers hands to easily build and consume these tokens. We get that until it’s easy for developers to do this, a lot won’t. We’re looking at federation and information cards not as separate things but as parts of a spectrum people can deploy as it makes sense for them.”

Standards are good, runs an old joke; that’s why we have so many of them. Whether it’s a proprietary approach that’s become popular enough to document or a philosophical difference in approaches, there’s hardly anything in technology that you can’t do in two completely incompatible ways by following different standards. What’s happening in identity is a remarkably grown-up approach to tackling a problem. When did you last see Microsoft, IBM, Sun, Novell and Oracle playing nice together without government interference? Instead of expecting to own the marketplace, all the major players are putting in the effort to get their systems working with each other and with the standards. Imagine if all the effort spent arguing about whether OOXML and ODF could both be ISO standards had gone into writing translators to move documents between the two.

But once it’s easy for a service to accept identity logons from a variety of information providers, what is the user experience going to look like? The test sites had buttons to log on with every combination of service and they exposed the debug information so you could see what was happening; real sites won’t have that. But they shouldn’t have umpteen buttons to choose which information provider I want to use either; that way madness and another set of chances to get me to do something insecure lie.

Every credit card I have has its own branding, and there are plenty of different card readers in shops, but they all have a slot I put the card into and a keypad where I type in the PIN. I don’t have to press a button saying I want to use a MasterCard or an Amex card before I start - I put in the card and the reader works it out, hides the process and asks me for the important thing, my PIN. Sites using identity should do the same thing. Don’t give me a button for OpenID or SAML or Ping or Oracle or whatever underlying identity system I’m going to use happens to be, and make me click it and then click again to pick an information card. Use the same identity selector I’m going to give you my information card in; that way your Web site doesn’t have to have five otherwise identical pages and CardSpace or the Higgins identity selector or whatever the experience is on my OS and browser can do the hard work. All I have to do is say yes, I do want to use this information card with this site and you can concentrate on building something that works better because you know who I am without either of us having to care about passwords.

Way back when consumer digital maps were new, I went in to see the Dorling Kindersley World Atlas on DVD. We were looking at the California map and I wanted to see where the Apple headquarters were. I said ‘Cupertino’ and the helpful PR said ‘OK but I thought we could finish the demo and then have lunch’. We looked at each other blankly for a little while; they’d heard a rather curt ‘cup of tea now!’ rather than a place name. Even if you know you’re talking about location, there’s room for error. When you put San Jose into Dopplr, you get 25 places, none of them in California.

Fire Eagle - Yahoo’s new location service, which will act as a universal broker between location services like the Loopt system Google Maps uses on mobile phones and services like Dopplr - is trying to be smarter about identifying what you type. It knows that Grand Canyon is a place. And if my GPS has sent one location and I’m typing another in on the Web, it doesn’t just take the latest update.

It knows that my GPS co-ordinates in Campbell are actually inside the better-known San Jose area, so it can pick the most accurate designation. But if the last place my GPS knew I was before the batteries ran out was 60 miles away in Southern San Francisco, Fire Eagle will say I’ve moved on.

As a geek, I’m delighted. I’ll have much more chance of having an interesting conversation if a friend can see I’m not just in California but in San Francisco, not just in San Francisco but at the Moscone Center, not just at Moscone but leaving the press room and heading for the West Hall. I want the friend travelling from New Zealand for the Web 2.0 conference to know exactly where I am. I want my editor to know pretty well where I am, although if I’m interviewing a source in the bar rather than writing up copy in the press room I might want a fudge factor of 50 feet. My sister wants to know which state and maybe which city I’ll be in. The PR person trying to reach me probably only needs to know which timezone I’m in.

But do I want every Facebook user - including the burglar who’s spotted we look at a lot of new smartphones - to even know I’m out of the office? My personal blog is more likely to have a photo of the drawer unit I decoupaged at the weekend than of the drawer unit in place, with two monitors and a scattering of mobiles on it, for much the same reason; or if it has the more revealing image, I’ll be limiting it to ‘friends and family’ via settings on Flickr and LiveJournal.

Actually, of course, I’ll have to do both, as the two sets of identities don’t match up. If LiveJournal users annoyed at the way the new Russian owners of the site have handled introducing adverts on all free accounts migrate to other services, it will be even harder to include the people I want to publish to, because the only cross-site identity that’s really in use is OpenID and it’s not ready for primetime.

For one thing it’s not supported by every site (or even a large proportion of them), and there’s a mix of support for the older, less secure OpenID 1.1 and the newer, stricter OpenID 2. And even with the newer, stricter OpenID 2, OpenID isn’t secure; it’s vulnerable to attacks from either end of the connection, and the middle - that’s because it’s little more than a simple, lightweight way of saying ‘that URL over there? It’s me, that is’.

It doesn’t say what the URL you’re pointing at is, only that it’s some URL that supports OpenID. Mary.WeHackYouForMoney.com is a valid OpenID (well, it would be if I paused to register the domain and set up the OpenID code).

Open ID is good for the simplest of single sign-on systems (for more complex enterprise SSO, take note that IBM just bought Encentuate). It lets me say, without an API, that the me on Facebook is the me on Flickr, LiveJournal, LinkedIn and so on (because I have to tell each site to accept the OpenID request from the next one, so I must have the username and password to get into each previous account).

Anil Dash of Six Apart (former owners of LiveJournal) mentioned to me at Etech 08 that several large customers (for values of large enough to run Oracle)  are using Open ID for employees and partners so they can prove they work for the company in online discussions. Proving identity is a nice idea; but Open ID just proves they have access to a domain that sounds about right. To have an Internet-wide identity system that will let me choose friends  across a mix of sites and services, there’s going to have to be something a little stricter, like SAML, WS-Federation.

Identity systems like Higgins, Bandit and Microsoft CardSpace could all work together to let me pick an information card with the information I want to assert about myself and an identity provider I want to have back it up. Then you’d know that Experian says I’m on the electoral role and IT Pro says I’m a writer here - and when you choose to let me see where you are in the world you’d know who you were showing your itinerary to.

And if you’re still expecting CardSpace to make the same mistakes as Passport and pass your details on from every site using it to Microsoft… About the same time IBM bought Encentuate, Microsoft bought Credentica; not so much for the UProve software as for the maths behind it. This is a provable protocol that lets you outsource information provision without letting the information provided out of your system. Instead of boning up on CardSpace and SAML, you could say to your usual IT consultancy ‘bill me for a CardSpace system that proves my employees work here’. The information provider would assert that your CTO was your CTO, but it would never get his name to pester for a new contract. The information provider wouldn’t see my travel dates or my list of who I count as a friend. Identity, location - and a bit of privacy.

I’m not a big Facebook fan. Part of it is that I’ve seen a lot of online communities, from Usenet and the uniquely British CIX to AOL and Web forums and IRC and LiveJournal andLinked in - and the evolution of online behaviour that occurs in all of them is the same. Food fights and virtual flowers replace SIG files and ASCII art but a me-too meme is the same whether it’s plain text or fancy CSS (and don’t get me started on second life because that’s a whole ‘nother rant).

But I’m not an online Luddite. I live in email and IRC. Simon and I met online (in a virtual bar,  when it took a really long time to explain to people what a virtual bar is. Online interactions can be efficient, lightweight and productive or rich and deep. Being able to find and connect to people you know is both fun and useful. Sharing what you do online is all fun and games until someone finds out what you’re buying them for Christmas (or in a Love, Actually manner, what you bought for someone who isn’t them).

Facebook has scaled back its Beacon advertising programme and issued a disingenuous ‘my bad!’ apology that still makes it sound more like a feature for users than a revenue stream for Facebook.  After all, the apology doesn’t say you can opt out of having what you do on partner sites like Blockbuster sent to Facebook in the first place. It says “If you select that you don’t want to share some Beacon actions or if you turn off Beacon, then Facebook won’t store those actions even when partners send them to Facebook.” Facebook could still use the details to optimise the ads you and your friends see, and there’s nothing in the privacy settings to let you turn that off.

I’m not the only one who thinks this is irresponsible. There’s been a lot of complaining going on - from a VP at Microsoft who reports to Ray Ozzie trashing both Facebook and Blockbuster publicly to the sterling efforts of Valleywag -the Silicon Valley equivalent of Private Eye - to find out exactly what information Beacon does and doesn’t store. There’s been some back and forth between Facebook and Harvard’s 02138 magazine over whether it was OK to put court documents about damages to the college house where Facebook was written and Mark Zuckerberg’s response to the Harvard disciplinary committee online or whether that was an infringement of privacy (Facebook took the magazine to court and lost).

But while I’ve been excoriating Facebook for not buying a clue about how to treat information users never gave it permission to publish, it struck me that maybe we should be thanking them. After all, Facebook has done more for public awareness of privacy issues than any number of well-meaning campaigns. A bit like HMRC and data security, Facebook has made sure that people all over the world care a little bit more who knows what about them. It’s an excellent time for Ask to launch its new privacy feature, AskEraser, where you give up the personalisation search engines thing we want in favour of the privacy some of us actually prize.

The option has been in development for a while - it takes time to code these things up - so the timing is just luck for Ask. It’s an opt-in system, so you have to click and turn it on and accept a cookie that says nothing but ‘privacy please’ - and if you try to use a feature that relies on personalisation you’ll get the option to turn it back on. Ask promises that details like your IP address and search terms will be scrubbed off the system swiftly. They’re not expecting enough people to choose the option to cause problems with the analytics they use to tune searches based on how people use the results.

If I was searching for something I really didn’t want anyone to know about, I’d use an anonymising proxy. Ask will still have some information about you that lets them comply with legal demands. But this is an excellent opportunity for people to show that actually, we don’t care if your company thinks using us to market to our friends is just the same as me saying voluntarily that I like to shop with John Lewis for the service, support and never knowingly undersold bit, we’d like to choose who we have those conversations with and when. If what I have to hide is Simon’s Christmas present or just my personal business, why should you get to broadcast it without permission to make money from it?

Facebook has made a lot more people consider what’s personalisation and what’s an invasion of privacy. Head over to Ask.com and you’ve got a chance to have your view counted.

-Mary