Manage your online identity.

The Harvard Business Review has posted an interactive case study entitled “We Googled You“, in which a potential employee’s search engine results affect potential job placement.  It’s a thought provoking piece, and there’s interesting discussion going on over at danah boyd’s blog.  She responded to the case with an interesting, measured essay; my comments are in the thread.

We’ve noticed another site using MicroID in the wild. We now proudly name Wink.com alongside our earlier early adopters at http://claimid.com/microid. To make sure your link is verified, please confirm the format of the URL you’ve put on your claimID page is the same as listed on our MicroID list. Either the codes match or they don’t - so check it close.

Wink.com describes themselves as ‘the people search engine’.

Wink allows you to verify other site information via MicroID, as well as entering your actual login/password credentials for sites like MySpace and LinkedIn. If you trust Wink.com with your credentials, these both serve the same function.

Remember that finding someone and verifying who they are should be an organic human process and you should probably depend on more than one source (like any research you do). MicroID allows this kind of triangulation, and does it in the clear. Please continue to encourage the other sites you use to publish MicroIDs so you can build your own reputations online - so you can take the good things you do and say on one site with you to other sites.

In unrelated news, IIW2007 was a great success and Fred and I met a few new faces and reconnected with some older ones. The identity space is still picking up speed and with a flurry of new projects showing successful interoperability with Higgins and CardSpace and OSIS, the energy is really starting to compound. We’re proud to be a part of what is happening.

We’ve got a busy week ahead!  Team ClaimID will be hanging out at the Internet Identity Workshop - say hello if you’ll be there!

Yesterday, the announcement that Sun would offer “trusted” OpenID’s to its employee network has created a bit of buzz around the identity blogosphere. To break it down a little, two particularly interesting points emerged. First was simply the idea that Sun would support and offer OpenID’s was noteworthy - they stand with Microsoft and AOL as large vendors embracing OpenID in one way or another. Second was the assertion of a trusted OpenID space. As Tim Bray wrote:

What’s more interesting is that we’re rolling out an OpenID provider, but with a twist: You can’t get an OpenID there unless you’re a Sun employee, and if someone offers an OpenID whose URI is there, and it authenticates, you can be really sure that they’re a Sun employee. It doesn’t tell you their name or address or anything else; that’s up to the individual to provide (or not).

…

The applications are obvious; if anyone wants to offer deals or special treatment online to Sun employees, well, that’s easy now. (I know of at least one company named after a fruit whose online store offers a nice Sun employee discount based on knowing a “secret” URL; this would have to be a much better alternative).

Phil Windley asks the right questions:

Still, I like that Sun’s taking OpenID seriously. Ignore the employee status as URL issue and just concentrate on the asserted strength of the authentication process, if you like. Even so, there are still some flies in the ointment.

• First, how do we know this is true, except that Tim says it?
• More importantly, how does a machine know it’s true?
• How do we avoid huge whitelists of machines who’s OpenIDs we trust (or blacklists of machines we don’t)?

While a number of individuals took umbrage at some of the language and assumptions Bray made in his post, JanRain CTO Michael Graves ultimately sees it as a positive event.

At any rate, it’s worth noting here that Sun’s announcement is proof positive that solutions to big problems often start out small (see Tim’s closing line of his post). Sun’s deployment of openid.sun.com isn’t a silver bullet for the problems of internet identity — not by a long shot — but this is a practical, simple step forward that, embraced widely by other organizations, will effect long-sought improvements in trust and trust and identity as building blocks for network applications.

I see this as a positive as well. When major vendors start adopting and running open-source, public domain projects like OpenID, there’s generally a halo effect. Of course, the politics of the project get more complex, but that’s to be expected. Ultimately, the challenges of enforcing and trusting domains seems a lot like some of the exceptions people raise to the MicroID standard, but with good policies, I believe its a solid direction. Certainly, one can imaging higher-ed institutions implementing something like what Sun has done, which is something I’d love to see.

The Wall Street Journal has written an article entitled You’re a Nobody Unless Your Name Googles Well. This front-page article has been syndicated to many newspapers around the country, causing substantial buzz. It reflects somewhat of a new reality - that your “search identity” is a resume of sorts. In fact, many employers place a large amount of credibility in search engine results, which is troubling as you don’t have presentational control over your search identity (or what people write about you).

There are a number of companies struggling with this problem currently, and ClaimID is one of them. Techcrunch profiled a number of identity search engines, and services like Reputation Defender can be retained to monitor your identity online. Put simply, there are a number of companies addressing the problem of identity from a number of different perspectives, and the market has not spoken in any particular direction.

Identity is one of the internet’s last great unsolved problems. The reason this is the case is not because of lack of effort, but of the sheer complexity of the problem. Identity search, for example, attempts to disambiguate name-based entities. Essentially, it attempts to tell one John Smith from another, an extremely difficult challenge (many Ph.D.’s have been written on this challenge), and the models we have work best in constrained environments, not the internet.

Beyond the problem of name-based entities, there’s another big problem with the net - the stuff you’ve done but your name doesn’t show up on. Sure, a search algorithm can do basic cocitation analysis to guess at stuff “related” to you, but it won’t find a good deal of the stuff you’ve done, nor will it understand the relationship. The company you worked at, the project that you worked on that was written up in the newspaper that doesn’t mention your name…all of these things present identity search some very serious, potentially unsolvable problems. A computer would need to pass a turing test to fully address this problem - Bayesian models can only take us so far.

The approach that seems to be popular in identity search is a hybrid of search + claiming. Knowing that models will never fully disambiguate or find any one individual, the search engines allow individuals to claim related results, creating a dossier of sorts. Of course, this is the approach we’ve always taken in ClaimID - you know yourself, and we’re not going to try to design an algorithm that knows you better than you do.

Of course, part of me wants to believe that these companies can do it better. I want to see a company come along with an approach that is revolutionary, that promises real results. I believe that the challenges of managing search identity present the information sciences one of its greatest challenges over the next ten years. People need these solutions, and the market is not going to get smaller. But what exactly are the solutions people need?

Outside of the magic laser beam that erases links you hate and raises your favorite links to the top, I think we’ve got to take a reality based approach. Research and work on name-based entities will continue making the models better. Standards and open-source approaches are a must, as identity simply cannot be centralized. The market has proven this again and again. Identity must be decentralized. Finally, we must accept some realities. Largely, people will have their identity searches be mediated by Google. (Google sends a tremendous amount of identity search to ClaimID, with Yahoo search owning a very small part of our traffic.) People will also need trasportable, web-wide solutions. The idea of fixing identity in one place is fine, but what about the rest of the internet? For many, Google is the internet, so we’re just playing in their playground.

As you can see, there are some tremedous challenges in this sector. However, that’s what makes this sector exciting and interesting - its one of the last places on the net you can make real change that will make people’s lives better. And is there a better goal than that? It has certainly kept us motivated here at ClaimID. Ultimately, identity is a solvable problem. Major vendors like Google, IBM and Microsoft might have to start paying better attention, and upstarts certainly will contribute to the discussion. I look forward to the progress to be made in this sector…it will be interesting to watch over the next ten years.