One of the more controversial words in the identity space is the word that adorns this blog: own. Some pretty heavy hitters think that the idea of owning your identity is absurd. After some fantastic debates with far greater thinkers than me like Jeff Hodges and Gabe Wachob I can certainly see their point. If to own something is to have exclusive control over it, then, particularly in a online world, the word ‘own’ becomes meaningless. However, it also largely renders the word meaningless in most of the senses in which we are happy to use it.

Probably the clearest example of this is homeownership. If we apply the same rigorous standards one could say that I have purchased a house but not that I own it. The mortgage provider does and if I am unable to keep up with my payments, that house can be taken from me. I don’t own my house without the consent of my mortgage provider. Moreover, even if I have fully paid off my house I need planning permission before I can make significant changes to it. My home could be seized in any number of scenarios and I could be turfed out on the street. Yet despite all this, we are happy to say that we own our home, President Bush declared this month to be National Homeowner’s month and appositely talked about how hard his administration was working to help people keep the homes they own.

It’s clear that when we talk about home ownership we aren’t using the level of rigor that we see in the identity space. Instead own becomes shorthand for a set of rights that while unable to live up to the perfect conception of what own means in reality acts as a common point of understanding. ‘I have partnered with a mortgage provider to purchase property, and as long as I keep up my payments am unlikely to lose it in the near future. I have certain rights over reselling and with the appropriate permissions can make significant modifications to it’ becomes ‘I am a homeowner’.

To use another example, nebulous words such as freedom can also prove to be a useful shorthand for a far more complex idea that does not necessarily bear that much relation to the word. Mel Gibson did not ride up and down the field in Braveheart calling for his men to fight for more localised government of the prevailing feudal system, he asked them to fight for freedom. Nor did he take the time to distinguish between positive and negative freedom as undoubtedly this might have had some limiting effect on tactical options with regard to the English cavalry bearing down on them. Almost any usage of the word freedom wiIl be flawed because of the inherent contradictions within. However, that does not mean it is worthless. It can be a rallying cry, a placeholder for a change or a set of rights that might fall far short of true freedom but nevertheless represents a significant step forward. We understand that there is an emotional understanding of the word that has utility, no matter how far it may be from its idealised form.

I think this is where I come out with on ‘own’. I respect the viewpoint of those who shy away from using it and I think that among certain audiences they are right. However, if we wish to engage, inform and unite a wider range of people around the idea that they should have control over certain achievable components of their online identity, then ‘own’ has value as emotional shorthand for getting from here to there. That’s why I’ll continue to tell people that they should own their identity.

Over subsequent posts I want to unpack what ‘own’ might mean in this context and get closer to a bill of rights for those whose primary online identities are currently locked up in walled gardens. We shall see how much trouble I can get into.

We are often free and easy with the definitions of those things that mean most to us. We all applaud freedom, and yet often do not take the time to distinguish what kind of freedom we mean. It is the curse of all slogans that they somewhat lose their power when accompanied by an asterisk. Over my next few posts I’d like to look at the wider implications of identity and ownership and unpack the asterisk.

Dick Hardt does a far better job than I ever could here of introducing the multi-faceted components of identity in his OSCON talk on identity 2.0 and if you haven’t seen it, you should. The point is well made that our physical identity is a pretty amorphous term that encompasses any number of different aspects from our name and passport to the car that we drive and the same can be said for online identity. For me however, we can distill the core components of our online identity down to the ABC of Identity:

• Authentication - I am who I say I am - my OpenID, my usernames and passwords.
• Brand - My photos, my designs, my words, my friends, my reputation, my choice of services and companies - how I choose to represent myself to the world and how the world in turn chooses to represent me
• Communication -  How I choose to communicate and the identifiers that I use - my cell number, my email address, my IM handle.

The more coherent my identity is across these three facets, the stronger each individual component becomes. If I want to encourage adoption of a new identity component, my task becomes easier if I can link it to one of the other components. The standard username/password set either links brand (nickname) or communications (email address) to authentication. The key representation of my brand on Facebook or Myspace is strengthened by that profile being linked to my communications, messaging occurs between personal brands.

This has wider implications for consumer adoption of OpenID. One of the key barriers to adoption raised by critics is that for mainstream users the idea of typing in a URL in order to log in to a website is too much. The argument is that the ‘cognitive load’ of typing in a URL is substantially greater than typing in your email/username and password.

However, the cognitive load springs not solely from the problems of typing in a URL (though the complexity of the URL plays a role); the issue is one of emotional rather than cognitive load; the URL as authentication is often totally divorced from the other components of their identity. If, for example, http://johnsmith.myopenid.com has no relation to my brand and I can’t use it to communicate, that URL has little emotional resonance and means that typing in this random URL to authenticate who I am is less intuitive.

If we really want to see OpenID adoption take off, we should look less at throwing up a multiplicity of buttons to ease the flow and look more at how we can build the links between authentication, brand and communications. This could be done by mainstream brand repositories like Myspace becoming OpenID providers, and myspace.com/johnsmith becoming the place where my brand, communication and authentication come together in one URL that represents the totality of me. Focused OpenID providers like JanRain could build out what are currently fairly bland profile pages to make them more full-featured strengthening that expression of my brand. One might argue that with Livejournal, this was the original promise of OpenID. However, we still run into the problems of centralizing your life on a URL that you don’t control.

Domain-centric identity solves this problem to a great extent: If Johnsmith.com is the home for my brand, the domain through which my email and other communications flow (john@johnsmith.com) and OpenID providers provide domain delegation, I can create a flexible, permanent home for my identity centered around a URL that represents me with an experience that no longer feels fragmented or divorced from who I am. Instead of typing in john@johnsmith.com, I am merely typing in johnsmith.com. It does us good to remember that OpenID holds more than the promise of one password, it holds the promise of being one person.

I learned from Carsten Potter that myOpenID has just launched myOpenID for Domains. The new service makes it even easier for you to make your domain your OpenID. As I’ve said before, using domains as OpenID URLs is essential for personal ownership of identity online. Congrats guys, a great move.

OpenID is pitched as an open and decentralized identity system, designed “not to crumble if one company turns evil or goes out of business”. This is great for the system, but still fails the user if their identity across the web is tied  to that evil/bankrupt company. The system persists but the user is screwed.

The ‘big wins’ for OpenID thus far have been the decision by Yahoo, AOL and Google (well, Blogger) to become OpenID providers. It could now be assumed that most people online would have some kind of OpenID whether they knew it or not. This was a great step forward for encouraging relying parties and OpenID’s standing in general. However in the rush to embrace a URL-centric identity and tell people to make their Google/Yahoo/AOL URL their OpenID, we seem to be forgetting that it matters what kind of URL we use. It’s not enough that one URL is able to represent and authenticate who I am across the web, that URL should be in my control and portable, so that I am able to change my provider should I find out that they have been collaborating with oppressive regimes or their servers run on the blood of baby seals. We don’t need URL-centric identity, we need domain-centric identity.

With URL-centric identity we are locked to a particular provider, stuck with the unattractive choice of staying with that company no matter what it does (or does not do) or performing the laborious task of going into every site that we have ever associated with that OpenID and making the necessary changes. The system is set up to encourage stasis. With domain-centric identity, I control the URL that represents me. If my current OpenID provider provides poor security, fails to keep up with the pace of innovation or engages in practices I dislike I can change providers simply and easily. My identity is in my hands and the system is set up to encourage innovation and competition for my business.

Some might argue that people don’t care about who their OpenID provider is as long as it’s secure, but recent experience suggests this isn’t true. The SXSW OpenID panel saw a surprising number of questions fielded about the idea that OpenID seems to be moving towards an oligarchic version of Microsoft Passport in which two or three big companies controlled our identities. The less than comforting answer was that two companies is better than one. The potential acquisition of Yahoo makes that answer sound even more alarming.

Kaliya Hamlin recently wrote a post titled ‘What about Flickr?’ discussing the consequences of Microsoft owning Yahoo: ‘now with this hostile take over situation with MSFT it could be owned by THEM. It is really devastating to think that all the energy I and others put into this space would be owned by THEM.’  For Kaliya, the nature of the company that provides the service is as important as the service they provide. How would she feel if she used Yahoo as her OpenID and it was suddenly owned by THEM too?

If OpenID was designed so that no one company owns the identity management system for the web, making a domain your OpenID ensures that no one company owns your identity for the web. The easiest way to make your domain your OpenID at the moment is through delegation, and Simon Willison has written a handy guide on how to make that happen. For those without domains, chi.mp will be providing them for free later on in the year.

Delegation and domain-centric identity means greater competition and innovation between providers not just to attract new entrants to the market but to retain current customers. It means I have sole control over who I am across the web. If the OpenID community really wants to put people in control of their identity online, there should be less talk of signing up with behemoths and more talk of delegation, less talk about Yahoo OpenIDs and more talk about our OpenIDs.

In the 1990s the cell phone number was the key component in our virtual identities. That number was the unique identifier that represented us, and was the main conduit of communications with our friends. We were asked to leave our name and number, as if both held equal claim to us. However, throughout the 90s and beyond, that number locked us in to a deal with a specific carrier. To change providers you had to jettison your old number, your old identity, and start again afresh. The price of this freedom was paid in lost friends and missed opportunities.

Much of the role of the cell phone number as the centre of our digital identity has been usurped by our social network profiles. Our unique identifier is now our URL, messages that once might have been SMS texts now find themselves on our Facebook walls or in status updates and the profile has become the main conduit of communications with our friends. Our digital identities have become much richer with the web of content and relationships our profiles display and yet the same problems remain. Our profiles lock us in to a specific provider and to change means jettisoning everything and beginning again with nothing.

The fight to make our cell phone numbers portable, to be able to change service providers without paying such a heavy price, seems remarkably similar to the fight to open up the social networks that we see today.

Throughout the 90s there was a rising tide calling for the right to take your phone number with you if you changed providers. The carriers saw number portability as a threat to their valuations and lobbied against it furiously; without it there would be few ways to compel subscribers to stay with their service. They knew one thing: lock in the number, lock in the value; export the number, export the value. They feared a commoditized, cut-throat world where the business of today could vanish by tomorrow.

Today, the social networks’ value is derived from the content (be it your words, photos or friends) with which it is populated. They also know one thing: lock in the content, lock in the value; export the content, export the value. There’s little chance that a $15bn valuation at such variance to performance could be sustained in an open interoperable world, and one might actually have to go back to calculating valuation in far more boring ways like as a multiple of revenue.

This is the crux of the problem that the large-scale social networks face, they know that calls for openness will only become more strident over time and that to survive in the long term they must open up. And yet if they lose the vendor lock-in and thus potentially have to recalculate their valuation, their investors will be out for blood. Stuck between a rock and a hard place, they suggest palliative measures such as widgets being available across multiple networks and mutual email exchange between oligarchs. None of which really gets us any closer to an open interoperable network where we can move our identities to whichever provider best satisfies our needs.

In 1996, the FCC mandated that all cell phone numbers should be portable, and then the fight began in earnest. The carriers claimed that of course they would like numbers to be portable, but there were huge technical barriers that would cost $1 billion to implement. Unsurprisingly, these technical barriers turned out to be less than insuperable and the $1 billion estimate turned out to include such costs as retraining sales representatives.

Next they claimed that there was no demand as large volumes of subscribers were already switching carriers despite the lack of a persistent portable number. This was something only a few people really cared about and thus there was no need to spend money on a demand that didn’t really exist.

We seem to be seeing very similar arguments coming from the major social networks today. Facebook representatives regularly claim that they want to move towards openness but technical barriers and privacy problems are slowing them down. Technical barriers and privacy problems that smaller more nimble systems without the access to Facebook’s funds and engineering talent seem to have dealt with without issue.

We are also told that people enjoy being able to cut free from their old identities and begin again afresh. Apparently, being able to move your friends and content around with you to whichever service you want them to be on is a non-problem only found within the geek community, and those who push for it need to step outside the bubble. The same viewpoint suggests that people ‘enjoyed’ the opportunity to dissolve old social connections with the change of a phone number and found that a benefit of switching carriers was the ability to start again with a blank slate. Just who is in the bubble here?

The same problem, the same arguments and the same intransigence. The carriers fought tooth and nail to appeal the FCC order and it took seven years for number portability to become possible. Even after that, the carriers went out of their way to make the process difficult for their subscribers: AT&T customers complained that taking their number from AT&T to another carrier was taking several days, instead of the two to three hours it was supposed to take and that AT&T’s customer service representatives were not being helpful, with hold times on phone calls often lasting hours.  We’ve seen a similar philosophy behind the roadblocks put in place for those wishing to delete their Facebook account and there seems to be no rush on their part to improve this situation.

What made persistent portable identity possible in the cell phone sphere was overwhelming pressure from outside forces, in this case the FCC, and even then it took years. It seems that it will take a similar timeframe and measure of external force to compel the social networks to open up too. This time, though, that force is more likely to come from open networks invading market share, rather than from government intervention. However, the social networks can take a measure of comfort from the carrier experience too.

Since number portability was introduced, subscriber churn has not been as great as many feared. Customer service, price and network availability, strategies that facilitate rather than exploit their subscribers, have become the keys to retention. If the social networks were to open up, they might have to face more competition on quality of provision and innovation, but for the market, the users and their own long-term success that’s no bad thing.

It took Europe 800 years to break the stranglehold of the feudal system, and the social networks six years to bring it back.

The feudal system gave Europeans their identity: you were a landowner or you were a serf. One was more fun than the other. Serfs were bound to the land, without freedom of movement. Their homes and belongings were property of the feudal lord and their labors lined someone else’s pocket. A serf could escape, but they would have to leave with nothing, never to see families and friends again. The barriers to freedom were intentionally high.

In the last few years the online world has seen the rise of personal identity. We are no longer just pistonheaddave or topcattone, anonymous monikers for flaming or gaming; we are Dave Morris or Tony Haile, we Google others and expect to be Googled, our flirting and romance is just as likely to take place online as it is in a bar. There are people whose perception of who I am is governed 20% by a shared flight and 80% by my facebook page. However, these identities that define us so much are bound to the company in whose site they were created, just as serfs were bound to the land in which they were born. We own nothing and if we leave we leave with nothing. Welcome to feudalism 2.0.

I don’t have the freedom to move the facets that make up my online self from Facebook to LinkedIn or Myspace, my content and relationships are the property of Facebook, as are the words exchanged with friends; I can’t message my Myspace friends from Facebook. My content is their content, my relationships are their relationships and my communications are their communications. I can escape and start a new life somewhere else, but if I do I do so faceless, barren and alone. My identity becomes fragmented as I move from site to site hemorrhaging the words, photos, messages and relationships that make up so much of my identity online. Old friends communicate with the ghosts of profiles past, not knowing that I have slipped away and begun (again) with nothing.

I don’t want to be too quick to judge the social networks, they have every right to do what they do, and we wouldn’t use them if they didn’t provide a valuable service. Going further, many would say that this post is a story about a pain that simply isn’t there. Most seem not to mind that who they are is owned by Mark Zuckerberg or Rupert Murdoch. However, might it be that, like the serf whose horizons did not extend beyond the fields his father tilled, we’ve not yet been able to conceive of anything better?

We need an Enlightenment online. An evolution of personal identity that says I’m free to throw sheep at people on Facebook or explore new bands on Myspace, but my content, my contacts, and my communications are in my control not theirs. I want people to be able to connect and interact with me  through one unique identifier that doesn’t change, no matter where I choose to host my identity. I want to own my identity, I’m tired of being owned.

A group of us have started Chi.mp to try and jump-start this evolution of identity. We are building a Content Hub and Identity Management Platform that can be deployed on any domain and puts the individual in control of their own identity. People using Chi.mp will have identities that are importable, exportable, interoperable, portable and most importantly theirs. By deploying it on the domain of your choice you can move from Chi.mp to another identity provider without losing the unique signifier that represents you. Oh and if you don’t have your own domain we’ll give you one (like everything else) for free. We’re turning the social networks inside out and making the Internet the Platform again.

This blog is an opportunity for some of us within the team, in particular Josh Porter, Brian Oberkirch, Myles Weissleder and myself, to delve into the area of identity online and engage with those who are interested in domain-centric identity and Chi.mp. After all, persistent identity online is the opposable thumb of the Internet; hopefully now we can all catch on. . .