Joe Andrieu posted a response to the white paper I released last week. I'm grateful that Joe would take the time necessary to read the paper in depth and offer a long, well-thought out, and helpful set of questions and critique. From his article it's clear to me that Joe understands the problem space well and has a firm grasp on what Kynetx is doing there.
Joe raises a number of questions and points that I'd like to respond to.
First, Joe asks who the target developers are: Web sites or third party services. Or both? Our primary offering is aimed at third party services, but we also recognize the value that Web sites can add by responding to people more appropriately. For example, we have an OEM arrangement with Parity for their RemindMe service. Their customers (i.e. people with RemindMe cards) benefit, however, if Web sites work well within this larger context. Incidentally, those Web sites benefit as well. We believe this dual-use strategy is the right way to go since we want to see the kind of silo-spanning context-aware services that third parties are likely to build and yet know that there has to be a way for the silos to play the game too.
Joe's second question foresees a user experience nightmare with users managing A cards on B sites and getting caught in a crush of A x B "identity ceremonies." Something that isn't clear from the white paper is how this user experience is managed. In most cases (certainly the kind of casual-browsing, context-management activities mentioned by Joe), Kynetx is the relying party--not the individual Web sites. Before data from cards is sent to the site, of course, a separate ceremony establishing a identity session between the site and the person would have to be performed. But this happens only when the user is intent on dealing with that site, not when just cruising around.
This might raise some questions about privacy and security, so it's important to understand in these scenarios that the user data isn't ever leaving the browser. Some session data is sent back to Kynetx servers, but not the data out of the cards themselves.
Joe also mentions in his discussion the idea of user data stores. Yeah. That's one reason I'm interested in first class namespaces in programming languages. We'd love to collaborate with Joe on the idea's behind Search Map and user-driven search since user controlled data stores are important to us as well. I foresee the day when a KRL rule can use and respond to the data in a person's SearchMap. KNS has the ability to link to data stores on the Web and on the user's machine (permissioned, of course) but accessing those in a coherent way within KRL requires more advanced linguistic leverage than we now have. It's on my list...
Joe says that user's do want to manage their context, but they haven't been given the right tools. Fair enough--in fact, I don't think we're actually saying different things. We don't anticipate that people would have no part to play in managing context. We see KNS as a tool for managing context and using it effectively. Right now, Web users mostly manage context in our heads--there is a dearth of tools for helping with that task.
Joe also raises questions about privacy and data rights management of data inside information cards (or OpenID attributes, for that matter). That's a bigger issue that Kynetx alone can solve, but I do think we're in good shape in that regard. As I mentioned above, most of the data stays in the browser and Web sites never see it until the point that the person is ready to take action. Joe uses the AAA and Hertz example. When you use your AAA card at Hertz, Hertz knows you're a member and can tells others. We don't solve that problem, but we don't make it any worse. In fact Kynetx decreases the frequency that you'd have to reveal you're a AAA member while still letting you receive the benefit of knowing what it will get you as you cruise the Web. We allow merchants to respond to you without you having to reveal data to those merchants.
Perhaps's Joe's most important discussion from my perspective is on business model. He's right: CPM charges for ruleset evaluations increases friction at the adoption point and for smaller players. That's a problem and we're open to fixing it. I'm not opposed to more open models--in fact I see great value there.
That said, Kynetx also has to survive and right now that means getting funding. The because of model is great as far as it goes, but I don't find the idea of selling consulting and IDEs to be very compelling. I frankly can't imagine myself sitting with a VC and pitching it. Maybe I'm gun shy or lack vision, but I'm unsure how it would play.
At any rate, I'm anxious to collaborate with Joe and others on this. Our vision is similar and our methods aren't that far apart either. This is a fun time to be working in the Web.
Update: I forgot to comment on Joe's point about centralization. His idea of using a reputation network with strong identity in place of centralized certification is brilliant. We're definitely not looking for ways to make this more centralized. Quite the opposite.