Spherical Cow Consulting 
This Is Your Brain On Identity
Posted on December 4, 2022 1 Comment
It all started innocently enough. I’d had an enormously productive few weeks, checked everything off the urgent work list (don’t worry, there’s always more), and I thought to myself, “Self, you know you can get a jump on tomorrow’s to-do list. Why not start a blog post?” And then I stared at the screen. And stared. And stared some more.
So, as anyone does, I went to Facebook to search for inspiration (yes, I’m still on Facebook. It keeps my mother happy.) Of course, inspiration, in this case, means “to search for validation for ending the day a little early and pouring a glass of wine.” Within moments, however, a good friend said, “I dare you to write a post titled ‘This is your brain on identity.’
Challenge. Accepted.
As with anyone of a certain age, the phrase “This is your brain on” autocompletes to “drugs” and brings to mind eggs in a frying pan. Given the last two years, as work-from-home mandates threw the importance of identity and access management into the limelight, this does not seem as wacky an analogy as it could be. The identity industry exploded, and our heads went with it.
According to Fortune Business Insights, “the identity and access management market is projected to grow from USD 13.41 billion in 2021 to USD 34.52 billion in 2028.” Why? Because almost every modern convenience in today’s world requires being online and logging into things. And logging into things means there has to be infrastructure to support everything from cryptographic security to account validation, privacy requirements, and so much more.
If you’re unfamiliar with digital identity, this probably sounds AWESOME! Talk about job security! It’s a growth market, even in a recession! What could possibly go wrong? Here’s where the analogy of the brain being like an egg in a hot frying pan comes in.
Another business analyst firm, Markets and Markets, has its own research on the identity and access market. One of the key points it calls out is that the industry “lacks identity standards and insufficient resources in terms of budget.” My translation of that statement is: “identity management practitioners are expected to do magic with wishes and pixie dust.” IDPro, a professional organization for identity practitioners, has run a skills survey every year since 2018. One of the findings that has always jumped out at me is just how long it takes an identity professional to feel proficient at what they do. Not expert, just proficient. The answer is 2-5 years. So, the industry as a whole has an insufficient level of standardization, is underfunded, and takes years to figure out. Ouch.
I’ve had this conversation before, and this is usually the point where people start to wail and gnash their teeth, crying, “we must make digital identity easier to manage for everyone!!!” I hear that, I really do. But let me ask you something: to get to the world of “easier,” what are you willing to give up? You can’t have a service or even an idea be everything to everyone and not have it be as complicated as the whole of humanity. You have to give up something. Maybe you’re willing to give up convenience to the individual to ensure they have all the privacy controls they could ever want. Or, conversely, maybe you’re willing to let privacy go in favor of just getting access to stuff. There are always trade-offs, and when talking about people’s online lives, those trade-offs keep identity professionals up at night.
Your brain is beautiful. Your brain on identity might need a bit of therapy.
Let’s Talk About Digital Wallets
Posted on November 27, 2022 Leave a Comment
One of the areas I’ve been researching recently is the concept of a digital wallet. At a conference a few weeks ago, someone said, “Digital wallets are great! Everyone understands the concept because we all have physical wallets, and digital wallets just move that concept online.” Hmmm. Let’s just say I have concerns.
There are actually a few ways to describe digital wallets. As an analog to something you put in your pocket is one. As a cryptographically sealed digital container is another. Some describe it as a specialized financial app, and others push those boundaries to say it’s a thing that can hold any digital or digitized credential, from your driver’s license to your graduation diploma. It’s almost like the definition of art: you know it when you see it, but there’s no one definition for it.
In the world of technology, that’s a problem. I admit, I have a strong bias in favor of expecting technical things to have formally developed technical standards. These standards describe precisely how technology works and how it can interoperate with whatever will need to use that technology. And yet, no formal standard exists that answers the question, “what’s a wallet?”
Here at the close of 2022, two tech giants are driving the de facto definition of a wallet: Google and Apple. But others are working in the field, especially in Europe. The European Union has committed to the position, “Every EU citizen and resident in the Union will be able to use a personal digital wallet.” One of the advantages the EU has over other jurisdictions is that they can require that each member state accept the digital wallet technology from any other member state. It doesn’t matter how they implement it, as long as others can use it as well. This requirement opens the door for significant innovation and is an example of the idea, “let the market decide.” Of course, when it’s left to the market, sometimes it’s the best marketing department that wins, not the best technology. It also takes us a step down the path of some deployments “winning” and others “losing.” For those that have “lost,” there may be significant costs in re-writing and re-deploying their technology to match the “winning” side.
It would be much easier if we had clearer technical and policy guidelines early in the game. I say both technical and policy because this is an area where it is impossible to separate the two. Digital wallets will hold government-issued credentials, like driver’s licenses, as well as credentials from heavily-regulated industries like finance. There must be legal protections in place to protect people’s data. There must also be in place common technical standards to make sure that wallets have all the same safety features (post-quantum cryptography, ftw!) and can be portable when someone changes devices and operating systems.
Most of the standards work I’ve observed so far have focused more on credentials–the thing being stored in the wallet–than the wallet itself. Making sure that digital credentials can be used safely, giving the individual full agency over what information is shared and what isn’t, is enormously important. Though even there, I worry. It’s incredibly difficult to develop a technology that does everything for everyone in a way that all people can intuitively understand. Different cultures, different age groups, different economic status… These criteria are just a few things that influence the concept of “intuitive tech.” I also worry about people who don’t have access to the technology at all: if the world is moving to wholly depend on active Internet connections and ownership of smart mobile devices, we are at risk of leaving so many behind. That’s not healthy for society.
So, digital wallets are definitely something we can expect to see more of in the future. But until they are properly standardized and regulation around the world defines their use, don’t get too comfortable with their adoption. If you’re just a regular person wanting life to be simpler, go ahead and use your favorite app, but make sure you still have the most critical physical credentials (like your driver’s license or a credit card) at hand for when you need them. If you’re in tech, make sure you allow for a backup plan if the wallet and associated credentials aren’t available.
“Why don’t they just quit?”
Posted on November 13, 2022 Leave a Comment
The Great Myth of Job Portability
The news these days is full of announcements about massive layoffs. There are stories about the people left “holding the bag” at companies that are, by all reports, purely toxic workplaces. I’ve seen the sentiment, “why would _anyone_ stay there? They should all quit! That’ll show those horrible bosses a thing or two!” It’s easy to judge from a place of relative stability. If you have a job or have chosen to move on, it’s hard to consider the perspective of someone who isn’t in that same mental or emotional space. At the same time, there are ways to build an escape hatch to get out of the trap of a job you cannot leave.
Golden Handcuffs
One way people get trapped in jobs they hate is through the power of “golden handcuffs.” The idea behind golden handcuffs is simple: a person is compensated in such a way that they feel they can’t leave because they believe they won’t be compensated as well elsewhere. This isn’t just about the salary; sometimes, it’s about stock options or pension plans that promise stability in the future. They believe that by suffering through their job today, they’ll have a much better future (maybe an early retirement or the ability to pay for college for their kids). In a way, these people are caught in a real-life Marshmallow Test.
Imposter Syndrome
Compensation isn’t the only driver to stay at one’s employer. People may feel like they aren’t good at what they do and will be found out if they start interviewing. Others may believe that their experience isn’t applicable anywhere else, so no one would ever employ them. In other words, people experience Imposter Syndrome. Imposter syndrome can be debilitating when trying to find a new job; every failed attempt only reinforces a person’s belief that they aren’t good enough to be anywhere else. Taken to extremes, imposter syndrome requires therapy to get over. Therapy that might only be affordable via employee health benefits. Employee benefits that suddenly become part of those golden handcuffs keeping people in lousy jobs. Life is legit hard.
Introverts Unite
People often say it’s all about who you know when it comes to getting ahead. And, at least in my experience, there’s something to that. It’s much easier to find new employment if you already have contacts with the potential employer. But building and maintaining the human networks to make this happen… is there anything worse for the introvert that just wants to get their job done and not have to deal with the demands of humanity? It’s already draining to be in a bad employment situation; engaging with more people to get ahead is beyond daunting.
Work-Life Balance and Family Ties
But let’s say you’re not an introvert, you have a healthy appreciation for your worth, and your compensation is ok but nothing extravagant. It should be much easier for these people to get up and go! Unless, of course, they have other priorities in their life. The need to keep their kids in a good school system with minimal disruption is incredibly important to many. Or, if it isn’t about kids, it might be about aging parents who need care and will do better with minimal disruption. In this case, it isn’t the golden handcuffs of employment as much as the demands of life take priority over a crappy job.
Bracing for the Future
I don’t have advice for people in the midst of chaos. I can’t even imagine the turmoil right now, and working through your options and concerns is likely better handled by a professional coach or therapist. That said, I do have advice for how to be in a better position to respond in the future. And it all starts with the hot topic of personal branding.
Companies like SimplyBe. are amazing when it comes to professional help with getting your professional image sorted out. This isn’t something just for celebrities and public speakers! Personal branding is about taking control of how you are perceived online. One of the best pieces of advice anyone will give you when it comes to personal branding is that it has to be authentic to who you are. So, while it provides the framework for taking control of your online persona, it still works in in-person interactions because it is all about you at the end of the day.
Every day, I post something on social media (I am really loving Mastodon right now). I’m not trying to get new contracts (though I wouldn’t say no to one that’s interesting). I’m not trying to (always) be a serious professional. I’m posting links to articles I find interesting, favoriting posts from other people, and posting photos of my cats. I’m showing up as a real person on a growing network. I try to do the same on LinkedIn (but with fewer photos of cats). The point is my name is out there, and people remember me as an interesting person. That’s the first step in building and maintaining a human network that will help me find new freelance (or employment) contracts in the future.
As someone who enjoys freelancing, I am fine living with the chaos and uncertainty of contract work. But then, I don’t have kids. I’m slightly extroverted. I deal with imposter syndrome like everyone else. Still, I also have a great coach (thank you, Lisa Kollisch!) to help me consider my work life more clearly. My life has different constraints and goals than people who feel trapped in their current places of employment. The advice I offer above has worked for me, but only pieces of it may work for you, and that’s ok. Take what helps, ignore what doesn’t, and keep breathing. You can get through this.
It’s a Wrap! Keeping Track of What You Learn From Your Clients
Posted on August 29, 2022 Leave a Comment
As a freelancer, do you ever stop and write down what you learned from a project as it closes? What made working on that effort awesome? What do you want to make sure you never have to deal with again?
Project managers often (but not always!) include a “lessons learned” exercise at the conclusion of a project. Agile fans might call this a Retrospective. Cybersecurity professionals often end an incident response with an After-Action Report. Regardless of what it’s called, the purpose is to capture what they’ve learned to improve their efforts the next time. Put that way, how can a freelancer not do this when it comes to their contracts?
Fortunately, no one ever has to see your records but you. This is probably a good thing if you’ve had some, shall we say, ‘character-building’ clients. While noting something like “Client X was as organized as a bunch of weasels on crack” might be very meaningful to you, it’s not exactly ready for public consumption. Still, it serves a purpose. When you are in a dialogue with a potential new client, making sure you understand how they are organized or how they expect you to help them get organized is obviously something you’ll want to remember to do.
Or, let’s say you had some assumptions about how a group would handle consensus. You may or may not have control over that if you are in a supporting role for your contract, but if you find this was a pain point for you, write that down. I often find assigning the old Dungeon and Dragons classifications to a project’s structure and scope to be both personally amusing and meaningful. “Lawful evil project chair” tells me the chair created order and destroyed dissenting opinions, which is not my idea of a good time. That said, a “Chaotic neutral client” tells me the client listened to everyone, but probably decisions weren’t so much a thing.
When you develop a proposal, this list can help you frame what you’re willing (and not willing) to have in scope . It’s all up for negotiation, of course, but you can make your expectations clear and up for discussion in advance. Keep your list of what works for you and what doesn’t in mind as you look for new clients; stress is easier to manage if what happens during a contract is what you expect and not something that goes in an entirely different direction.
Photo by Juan Rumimpunu on Unsplash
Index Cards – They Never Go Out of Style
Posted on August 10, 2022 Leave a Comment
Long ago, probably when I was in middle school (so, around 12 years old), my teachers introduced me to the power of index cards. Whenever I was researching for a paper or studying for an exam, the process started by taking notes on index cards. Each card would have its own fact and source. At the end of the research process, I’d draft an outline for what I wanted to write, then lay out all my index cards in the order I needed to make and support my arguments.
At its highest level, the outline followed the “tell them what you’re going to tell them, tell them, then tell them what you told them.” Introduction, Detail, Conclusion. Those index cards saved me a lot of time in the writing part of the process because I had noted precisely where the fact came from, so I could go straight back to the source if I needed more information. I could create a footnote citing the original source with ease. Research came first, then analysis, and usually, the conclusions were pretty obvious and backed up with lots of little cards to point the way.
It sounds like a crazy amount of work up front, but it’s a great way to organize material. I have no idea if people are taught this way anymore, but I’ve found reason to come back to it as a developmental editor and technical writer for my clients. I don’t use physical index cards anymore, but the concept still applies when using online whiteboard tools like Miro.
One of my clients suffers from the issue of having too much experience in their subject matter area. This sounds like an excellent problem to have until you’re trying to make a point that is backed up by neutral, third-party data, but all you have is someone’s personal assertion that “this is my experience, so I know it to be true.” They know what they think the conclusions should be, so for them, it’s a question of finding information to back up their ideas. In one way, it’s like having a hypothesis and then looking to see if the data backs up that idea, so this isn’t entirely wrong, but it does make for some interesting challenges when trying to write a paper.
In this case, I created two virtual whiteboards. The first included sticky notes that named all the source material on one side and the findings, presumably derived from that material, in larger boxes next to them. The second included more sticky notes that named all the findings found on the first whiteboard and all the conclusions in larger boxes next to them. I presented these whiteboards to the client during a call and said, “let’s map this out – take each sticky note and drop it on whatever finding or conclusion it’s intended to support.” The sticky notes can go in multiple boxes, and at the end of the exercise, every finding must have at least one source material sticky note, and every conclusion must have at least one finding.
The nice thing about this is that it takes all the debate about the text up a level. It’s not about arguing as to whether anything is correct or not (though we’ll certainly get to that), it’s about whether the assertions can be backed up at all. Trying to do that when everything is in a 50-page wall of text is really hard. Making it visual helps the client see the gaps and helps me as the writer get a better sense of what the client is thinking as they make their arguments.
I hope you found this helpful! Let me know in the comments if you’d like more tips like this one as part of my blog.
Featured Photo by Kelly Sikkema on Unsplash
Embracing the Uncomfortable
Posted on March 5, 2022 Leave a Comment
Over the last few weeks, I’ve been exploring social media in entirely new ways. I’ve learned a few things along the way: 1) I have a long way to go to use hashtags effectively, 2) my video processing skills are laughable, 3) I feel ridiculous on TikTok. So, why am I spending so much time on platforms I would otherwise never use?
It’s all about going where the people I want to reach are hanging out.
My passion project, Identity Flash Mob, aims to make information about digital identity and related technology easy for everyone to understand. It’s not for my fellow techies. It’s for my mother, my siblings, my college friends, all those people who are using technology every day but who aren’t themselves in tech. Writing blog posts (which I do, because I enjoy writing and it helps me organize my research) is great and all, but my audience doesn’t read blog posts. They don’t go to Medium, they are barely on Twitter, they’re not even always on LinkedIn. So, where the heck do they go?
They go to TikTok. They go to Instagram. They go to platforms with color, movement, and a quick endorphin fix as the scrolling feeds their brains like a sugar rush. And there is nothing wrong with that. (OK, yes, actually I think there’s a lot wrong with that, but that’s not a problem I’m going to try to solve.) Regardless, if I want to get a message out to them about what the latest tech trends are all about, I need to go where they are. And that means embracing the fact that I’m hugely uncomfortable on those platforms and will do it anyway.
That said, embracing the uncomfortable doesn’t mean not trying to do better. I have social media homework every day where I’m scanning these platforms for what works and what doesn’t, and I’m doing a lot of web searching to find tips on how I can improve my video quality, my scripts, and my images. I can see the improvement–slow, incremental improvement–which helps keep me going. The trick is not to get too hung up on the search for mastering social media, because I have to prioritize time spent on my paying gigs as well as time to research the next IFM topic.
I’ll get there, to that place where I can proudly say “Look, I did a thing and it made a difference!” Of course, it’s Saturday morning and I’ve been online for three hours scheduling blog posts and their amplification moments, scrolling through Instagram to see who else I should be following, and researching the next thing (which will be something to do with artificial intelligence and machine learning). So I can definitely say that getting to that place takes up almost every spare moment I have. But the discomfort and the time will be worth it.
Can a Freelancer Actually Have a Side Gig?
Posted on February 17, 2022 Leave a Comment
Why yes, yes she can.
And in my case, that side gig is something I’ve been working on with my friend Laura Paglione since July of last year. Who knew it could take so many months to get a ‘simple’ idea off the ground?
This all started when I threw open the virtual doors to everyone in my network and said, “you are all interested in this thing I’m working on (web browsers, cookies, and federated identity). Rather than try to have a million one-off conversations, how about y’all join me on an informal call and I’ll share what I know and we can all talk about it.” I expected fifteen to twenty people to actually show up, and I was entirely fine with that.
Seventy people later, the session was a smashing success, I enjoyed the informality of it, the participants learned a lot, and my sweetheart said, “you just had an identity flash mob.”
🤩🤩🤩🤩
Why yes, yes I did. And the idea for Identity Flash Mob (IFM for short) was born. A way to share information on technical topics like digital identity, standards development, and anything else we think relevant to people *not* in the industry.
While the original flash mob event was absolutely by and for techies, when I brought the idea to Laura, we agreed that it would be so much more fun (and potentially helpful to the world) to focus on a much bigger audience. People like my mother, who likes to call me with questions like “what is the metaverse?” Or Laura’s daughter, a digital native who likes to learn via infotainment. And maybe even my techie friends will learn something (or send their parents, neighbors, and kids to me so they can stop acting like an all-things-Internet help desk).
Great idea, fun name, excellent way for me to spend time learning things I need to know more about anyway… and really intense in getting off the ground.
About fifteen years ago, I would make lovely handwoven scarves and try to sell them online. What I learned from that experience is that to be a successful seller of handwoven goods, you have to be at least as good if not better at photography as you are at weaving. Similarly, kicking off a business about making tech-topics more consumable to the world means you have to be at least as good at marketing, branding, video production, writing, and social media management as you are at the tech topics.
Working with Laura on the ideas and a fabulous group of people at SimplyBe Agency on the marketing and branding has kept all my spare hours pretty busy. And we’re so close to making this a Real Thing that people can subscribe to on Patreon so they can be a part of a Slack community, follow on Instagram, and even watch video clips on TikTok. Blog posts are going up every week, and maybe someday we’ll even have a podcast.
Everyone should have a passion project. It might be something you do that builds on what you do for a living. It may be something you do entirely outside of work. IFM is my passion project. It gives me the creative license to do all sorts of crazy things with what I learn from my consulting and contracting work. It also makes me better at my regular gigs as I bring back what I’m learning from my tech topics to my work.
So, if you miss my blog posts, head on over to IFM. You’ll find a lot of my writing there. Or, for giggles, go find IFM on Instagram or (soon) TikTok and see what silly things I do when given an idea and a video camera. And if you have a passion project you’d like me to follow, drop me a note on Twitter because I’d love to see what other people are doing.
You Don’t Have To Be Good At Everything
Posted on July 9, 2021 Leave a Comment
I am good at a lot of things when it comes to my career. I’m good at developing adaptive processes, managing people, and organizing activities. That said, I’m not good at creating formal, strict processes, working alone, and operational task management. I can’t begin to tell you how powerful it is to finally figured out that I don’t have to be good at All The Things. That’s why I always work in a team!
tl;dr – it’s ok not to be good at all the things when you surround yourself with partners and teams that are good at (and enjoy!) the things you’re not.
So, where did this amazingly obvious revelation come from? It came from an opportunity to work with my friend and fellow freelancer Laura Paglione on a new project. I’ll share more on that project in a bit; the relevant part here, though, is around how Laura calmed me down. I was having a minor freak out about moving from organizing the project behind the scenes to turning the project into a real-world, in-person, OMG-people-will-be-physically-present event.
I said to her, “I’m good at the organizing and planning. It’s the execution I’m freaking out about.” Her response? “Execution is definitely my jam.” Pause for a moment as I smack my head on the desk a few times at missing the obvious. I knew that if anyone could help turn this crazy idea into a better reality than I can imagine, it’s Laura!
This revelation is more than just a “Laura is awesome” moment (though she absolutely is; if you get a chance to work with her, you should take it). It’s also a bit of “and I am not too shabby either” because I’m the one that invited her into my idea. I recognized my strengths and weaknesses and found a partner that could balance the work.
And that’s the trick to feeling proud of what I can do – I can organize and identify the right people to make a project amaaaaazing. I build up strong teams because I need those teams to do my best work. My suggestion to you is, if you haven’t had time to sit yourself down with a beverage of your choice for some thinking time, do that. Think about what you’re really good at and what you should look for in partners or teammates to complete the puzzle that is your work, project, or life. Then invite those people to a videoconference social call and drink that beverage with them. Between you, you will be able to make plans to take over the world.
Where Did All the Energy Go? Working with Volunteers
Posted on June 21, 2021 Leave a Comment
Have you ever noticed how many people, at least in Western cultures, think money is kinda dirty? That there is some kind of nobility about working towards a greater good without monetary compensation? An idea that people spend time on only because they believe it is good, fun, or otherwise meets some kind of intrinsic need is an idea worth exploring.
That said, intrinsic motivation for some amorphous award is really hard to stay energized about. Suppose an idea ends up taking years to reach fruition or, worse yet, turns into an operational workload that never ends. In that case, people will slowly drift away, either to look for the next thing that will tweak their dopamine levels or to focus on whatever brings more visible and immediate rewards.
Most of my work involves those marvelous people, those volunteers, who are willing to spend time on an idea without direct monetary compensation. Volunteers are the lifeblood of professional organizations, cross-industry collaborations, and so many more groups. Keeping them engaged for the long haul is really, really hard. And I have to admit it feels occasionally uncomfortable being a paid contractor for volunteer efforts. As it turns out, though, that’s one of the most powerful things to help volunteers be successful.
There’s a good reason for that, too. The trick to keeping volunteer groups engaged is that the effort has to meet some bar for “fun” and the group has to show progress. Having someone fill the roles of the project manager, the admin assistant, the facilitator/moderator, and the line manager for a group that probably doesn’t formally have any of those things is a Big Deal. In other words, having someone who will, come hell or high water, organize all the support work to make sure it happens when needed because their livelihood depends on it can make these kinds of groups do All The Things.
The secret sauce, though, outside of organizing All The Things, is to make sure that the work retains an element of fun for the volunteers. A dry rendition of a Gantt chart at each meeting is the anti-fun. A cheer about gold stars being awarded for work on time is far more entertaining (even better if you can actually hand them out). People HAVE to feel good about their participation, and that, more than anything else, is what an organizer like me must bring to the table.
Idea + Fun + Visible Progress = Volunteer Energy and Participation
But There’s No Pressure: Organizing and Facilitating a Virtual Workshop
Posted on June 4, 2021 Leave a Comment
Earlier this year, a team within Google reached out to me for advice on engaging with the people in the IAM field who would give them the feedback they needed to progress their WebID project. Since WebID is all about federated identity on the web — one of my favorite topics — and the engagement would let me use my human network to good effect, I was more than happy to work with them on this project. The problem we’re all trying to solve is complicated: being able to login to a site via a third party (e.g., going to a service and using your Google account to log in, or going to a scholarly journal and using your university account to log in) uses exactly the same browser features that ad tracking networks use. As far as the web browser is concerned, there’s no distinguishable difference between the two activities. If you block one, you block the other. Oops.
Fast forward about six weeks from that initial conversation with Google; that’s when the WebID team and I decide it’s time to have a workshop. We need more input, but we need it in a way that we can act on it, and not everyone understands or agrees to what problem, exactly, we’re trying to solve. And, hey, what could possibly go wrong in a workshop? (Hint: So much. So much could possibly go wrong.)
Here’s the thing about organizing a virtual workshop on the topic of federated identity on the web: the people that need to be involved come from EVERYWHERE. I’m talking about people that understand the use cases in the e-commerce world, workforce identity, government identity, academic identity, further broken down into organizations that host identities (identity providers) and organizations that rely on those identities (relying parties or service providers). Every sector and every business model has scenarios that must be considered when determining how federated identity should work on the web. And these use cases are Very Important to the organization bringing them to the table.
That introduces the first level of tension: on the one side, you have web browsers feeling the pressure to prevent hidden tracking of users. Lots and lots of pressure. They have to do something, or they could end up in front of lawmakers for aiding and abetting Bad Behavior. On the other side, you have organizations with all those use cases where they legitimately need the tools that just happen to be used by trackers. They need to know that either the functionality they use to get people logged in will continue to exist OR they need to know exactly what will change, when, so they can update their products and services. Updating products and services can take years; changes to browsers to prevent hidden tracking can happen in months.
But wait, there’s more! “Tracking is bad and an invasion of privacy” is like motherhood and apple pie. Of COURSE that’s true, right? Well, um, no, not always. Let’s say that we have a really security-conscious user named Chris. During his workday, Chris logs into several cloud services as part of his job. And, at the end of the day, he wants to log out from all of them by going to his identity provider and saying, “log me out of All The Things.” That only works if the identity provider knows what services Chris logged into. There are other examples, but the point is that the problem we’re all trying to solve isn’t clear, so any “solution” is going to really irritate the snot out of someone else.
With this kind of tension, all of which I knew about before the workshop was even proposed, it felt like it would take a minor miracle to have the workshop be productive and not turn into a mud fight.
Pro-tip #1: if you know you’re going into a big meeting with the potential for explosions, try and engage with the people most likely to explode before the meeting! Get their input, tell them what you’re trying to accomplish, and work with them to figure out how to raise their point most constructively.
The first step in a workshop like this is to determine who really needs to be there in order to make it worthwhile. In this case, people who could talk about the main browsers were critical: Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari. If we couldn’t get all, we needed to at least get most. People who could talk about the issues that large-scale identity providers were anticipating were also critical: Google Sign-In, Facebook, Microsoft Identity. If we had more time, we also wanted people who could present major relying parties in the workforce, in higher education, or in other sectors. We also wanted people who could talk about the specific protocols currently in use. And hey, wouldn’t it be great if we could also get people who could represent legal requirements. And, wow, we’d love to have these other groups, and these, and these, and maybe those, and a few of those…
Some keywords in the previous paragraph are “if we had more time.” As we put together the list of “who needs to attend,” we took a good hard look at “and how much time do we have.” That introduced some major constraints on what we would be able to discuss and therefore limited the required attendee list. I’m not sure why this is, but people who can handle three full days of in-person conferences generally can only handle three hours of videoconferencing. We decided to split the workshop into two three-hour chunks, across two days. The first day focused on presentations, to make sure everyone was coming from a common baseline of information, and day two was all about discussion.
Pro-tip #2: Be realistic in the time you have for the agenda, and make clear at the beginning and end of the meeting what items will not be covered this time, leaving the door open to the next meeting where you will put those topics at the top of the list.
My favorite part of the workshop had to be how we got to the discussion part of the show. During day one, I encouraged everyone to add questions to a tool called Slido. People could view the questions and vote on which ones they wanted us to discuss on day two. At the end of day one, we did a quick walk-through of the questions, noted where they fell in terms of popularity, and I got them ready for day two. Clean, organized, and everyone had a chance to offer input. Yay!
Pro-tip #3: Make sure everyone knows how to ask questions. Repeat yourself after each presentation on how to ask questions. Add it to the agenda. Add it to the notes. Put it in whatever backchannels you are using for side conversations. People need to feel heard, and getting their questions out there is a big part of that.
The other tool I used to organize the discussion on day two was Zoom polls. These polls were the highlight of my week! Most of them were written on the fly and allowed every single participant to offer their input. Rather than trying to guess consensus when only 10% of the people were speaking up, seeing the numbers right there on the screen really kept us on task and made it clear where there was alignment so we could stop talking and move on, or where there was not alignment and needed quality time.
Pro-tip #4: In any large gathering, there will be a relatively small number of people confident enough to speak up. They are important, but so is everyone else in the room. Figure out how you’re going to get input from the folks who aren’t confident in speaking up.
By the end of the workshop, we managed to clarify the tension around describing the problem we were there to discuss, agree to form a new W3C Community Group, have people sign up to work on the charter, and identify the next six topics that need to be addressed. For a group that hadn’t met before, on a topic as complicated as this one, it was one heck of a constructive workshop.
The only downside for me to the workshop was that I personally couldn’t pay much attention to the presentations. While others were talking, I was checking two Slack channels, multiple direct messages, the live scribing notes doc, and the zoom chat, and watching the clock. My role was to keep things moving while keeping things calm and productive. I owe several beverages to those people who stepped up to take notes during the workshop. They gave me and all the others who couldn’t make it an opportunity to catch up later on what was really an epic event.
