Re: 3 Proposals: session ID, business-card auth, customer auth

On Jul 19,  6:35pm, James Pitkow wrote:
> Now, if you enable mechanisms that permit log files to contain ids across
> sites AND you do not impose a policy to protect users, then the information
> enabling technology called the Web, potentially becomes a disabling
> technology.  To me, the Web is about information exchange, not information
> concealment, elitism, or "I'll give you this only if you give me that."

I'm getting uncomfortable that you are attaching
your policy to technical capabilities.  The information
provider and the customer should negotiate policy.  The system should
have every capability that's possible and practical in such an arrangement.  

Why should I not be able to say: "Here's the deal -- 
I need certain info from you if you
want the service I provide."  Because the information
that you provide me is valuable, I can provide
you with a valuable service. I don't see that as elitist.
That's information exchange, as you tout it.

The Web is going to have a hard time if its designers believe
they can implement a certain kind of policy by making it 
impossible for two parties to trade information reliably
and efficiently.  

Obviously, there are times when you want to be anonymous
and times when you want to be known.  Both parties need to
be in sync at the end of the negotiation.   I like Dan's
proposal, and would find it very useful to ask for and
receive that information from users, even if I had to
give away a cheap radio to get it.:-)  If *you* as a user
don't want me to have it, and don't trust me with it, fine.
We can argue over my terms.  However, if *you* as a designer
of session protocols or ID mechanisms say that I shouldn't
ever have it by design, then you are being overly restrictive
and the Web becomes, as you call it, a disabling technology.

> Interestingly, it seems that companies on the Web are asking for more 
> information about the effectiveness of their advertising then they can
> get now.  When I buy a magazine off a newsstand, no one knows how long
> I looked at the pages, what my name is, etc.  Instead, companies make
> their decisions based upon reliable estimates of subscription rates and
> the demographics that compose those readers.  How effective is
> an ad in Time?  Measure it empirically for me over every issue.  

That's a fairly simplistic view, Jim.  Aren't we all asking for
more information than we can get now?  It is based on the strange
belief that if you know more, you can direct your actions more
effectively.  Businesses believe that
the more they know about their customers, the better they can
serve them.  If they don't have direct contact with the customers,
they pay lots of money to conduct surveys of prospective or
actual customers to learn as much as they can.  Why did you do
your WWW survey if there wasn't value in knowing more about Web

Besides, I'll bet you subscribe to a few magazines, several of
which are free because you give them lots of demographic information
on the subscription form that allows the publisher to portray
you as a CPU-intensive kind of guy. 

Forgive me, I'm a publisher.

Dale Dougherty (
President, Songline Studios
Publishers of Web Review (
Affiliated with O'Reilly & Associates, Inc.
101 Morris Street
Sebastopol, CA 95472 

Received on Wednesday, 19 July 1995 20:28:17 UTC