I stumbled into the European Identity Conference 2010 actually only by accident, more being a web developer than an enterprise IT guy (although having to do with it in terms of connecting e.g. Plone to an LDAP server in our bigger clients). But I don’t regret that I actually did!
What made me go there were actually two (related) things:
- The opportunity to meet one of my co-podcaster at Data Without Borders finally in person, namely Eve Maler
- The opportunity to attend the workshop on User Managed Access, a Kantara Initiative workgroup which I was involved with quite a bit at it’s start (and which is chaired by Eve).
I then ended up attending also the actual conference as I got free entry for being a blogger and podcaster from the open web standards field (thanks, kuppingercole!). It didn’t stop there, though, because soon I was also sitting on a panel on data portability with Eve and Drummond Reed (me for being a former board member of the Data Portability Project) and suddenly also on another one with Eve again and Andreas Reisen from the Ministry of the Interior of Germany. The topic of that wasn’t really clear until shortly before and it turned out to be Post Privacy (I guess I had some influence on this).
Especially this last panel turned out to start a very interesting discussion (also thanks to moderator John Hermanns), but more on that later.
What I learned
First of all I learned that the UMA specification compared to back then when I left is not really easy to understand. To prove that I did some rough implementation the following afternoon. It also means that I probably will be more active again in the workgroup. What surprised me a little though was that UMA actually got quite some interest which I didn’t expect as I saw it more as a web standard. But enterprise and web seem to converge and this is a good thing!
I also met other UMA participants I only talked on the phone with yet, esp. Domenico Catalano, Iain Henderson, Maciej Machulak and Hasan Akram.
From Iain I heard about another interesting topic actually, which is that both big parties in the UK had citizen control over their data in their programs. According to him they don’t really know what it means in practice but he and his company MyDex (and others) are there to help with Personal Datastores. I didn’t really gave a chance to interview him on how this would work in practice but I think he would make a great guest in Data Without Borders, so we probably will invite him soon. I should add that Iain also thinks about using UMA for this purpose.
Then there was the actual conference. Unfortunately I didn’t have the time to follow everything and so I wasn’t following much on cloud computing (and I wish more people in the IT scene would actually do live blogging or at least twitter). So I learned a lot about which how claim based access is a done thing (at least according to Kim Cameron). I learned that OpenID has usability problems (not really new) and how they could be solved (new), I learned about the germen eID card and all the world wide non-interoperability of internet authentication. I learned that instead of PowerPoint you should start with Word (ugh? I would say: Use proper tools for online collaboration, not something for writing letters. Talk to me if you want some ideas ;-) ). I also learned that IT guys are sometimes having complexes, too (I remember a slide saying „IT guys are not dumb!“ and people complaining how everybody beats on them).
What I missed: The Web
What I missed though was more talk about web standards. There was hardly any talk about e.g. OAuth (although it won an award last year), WebFinger, XRD, LRDD, Salmon, the connect mechanisms of Twitter and Facebook etc.
Along with that was social media was only used rarely. I can say that I was the most frequent twitterer there while only maybe 10 people twittered here and then. I am not sure if any blog posts except mine actually have been written. I even heard the phrase „I will be the last person to use Twitter“. So do enterprise IT guys live in some hole? Is it too different? Is their usual environment so controlled that they fear to do such things?
Some conversation I head during lunch seems to point into this direction as somebody explained to me how it feels strange if some client suddenly twitters about one of their meetings. Moreover companies have the problem of data leakage into Facebook, Twitter and LinkedIn (the latter seems to be the mostly used tool for social activities online).
I guess there are interesting times ahead when companies need to find a way to handle that. One way might be to forbid it but stemming against the internet revolution so far hasn’t worked, so good luck with that! Lets hope they think about more useful strategies which embrace the web and not fight it. There at least seems to be some interest in using social media also inside the company. A very interesting topic where I also have lots of ideas on.
What could be different?
The EIC 2010 was a well organized conference with interesting topics (and good food). Some things could be more experimental though in my opinion.
So here are some ideas:
First: Look at IIW and see how a barcamp style conference just works (I’ve never been there but I know that Barcamps work). So I would really like to see more flexible structure in place. Take the post privacy panel for instance. This mainly was setup spontaneous and I personally would have had lots more topics I would have loved to discuss with people in some sort of session. Yet there was no time or space for it. What we had were mostly one-to-many talks which are good for an introduction of a topic but not for a good discussion of it.
So make it more Barcamp-style! Maybe not the whole conference but maybe parts of it, e.g. one day.
Second: Then try to invite more web people. The web is different in that things need to be simple on the web while not being too simple (read: insecure). And something enterprise IT needs is simple. Moreover it would be great if there wouldn’t be two groups of people working on several very similar problems each on their own.
Third: Put up Twitter Walls. Explain what Twitter is, encourage people to use it and also to blog about it. Attracting more web people will actually help this.
Fourth: Record also the smaller rooms or let people (like myself) record it. So much information seems to be gone now if you haven’t been there, esp. the panel discussions.
Fifth: Put the materials on the web for free. My opinion: You go to a conference to share with the world. So share it with the world!
As Martin Kuppinger did a keynote on 5 trends in various topics I, too, will leave it at those 5 points. I learned a lot (and if it’s just how enterprise IT ticks) and might even come back next year :-)
Here are my blog posts about the conference so far:
- UMA Workshop at European Identity Conference
- Kim Cameron on Minimal Disclosure
- 5 Quick Wins to Leverage Your Existing Identity Infrastructure Through Convergence (Martin Kuppinger)
- National ID Card – Privacy by Design
- Improving the Security and Usability of OpenID
- On national electronic ID cards, Interoperability and Trust Frameworks
- User Managed Access – a workshop and a prototype
More posts might actually still come, I have lots to talk about! (but actually would need more time).