Let's JAM!

IIW 2009

I'm Jessie Morris, aka JAM. This was my first year at IIW and man was it a blast! I was here with Phil Windley. I actually work for him. But that's topic for another story.

IIW stands for Internet Identity Workshop. Here, people talk about, discuss and decide what the standards for identity on the internet will be. Since this is my first year, I have a lot of catching up to do. The fact that I'm only 17 years old also leaves me slightly thin in this regard. But I learned a lot.

I learned all about OAuth, OpenID, Identity Cards, WRAP, and several other different authentication techniques. The one that I thought was the most interesting came from HP Labs and Alan Karp. He asked the question, "What is the most important thing to know when a request comes into a service?" A lot of people respond, "Who is making the response?" While this is a good question, it's not the best question. According to Alan it's, "Should I honor this request?" This cuts out the service from having to figure out the ACL and trying to identify the user. Authentication matters, but the service doesn't need to know about it. I wasn't able to go to the WRAP session, but after talking to him earlier today, he mentioned that that was basically what WRAP was.

I also conducted a session. It was my first conference ever and I conducted a session named, "Email sucks, so what's next?" In it, me and 5 or 6 other people talked about what is flawed about email as well as what it does correct. Here were some things which we came up with:

  • Good - Distributed
  • Good - Standardized
  • Bad - Hard to prove authentication
  • Bad - SPAM!!
  • Good - Used by nearly everyone
  • Bad - Not real time
  • Good - Easy to use
  • Bad - No way to enforce "no forwarding" policies
  • Bad - Not designed for a lot of uses, i.e. public threads.

We came up with a small plan as to what we wanted to do. Who knows if that will get anywhere, but it's still interesting to think about. What we came up with was something similar to Wave, but with better "access controls" and we wanted it to be peer to peer.

All in all it's a great conference. I had a blast meeting new people. I learned lots, both about identity and about helping with a conference. I also leaned that programmers seem to love Diet Coke! I am definitely planning on going again next year!