So, about the Internet of Things, as suggested by @tcarlyle, I looked at Everythng. I really liked it, and their basic engine is very interesting. What they are doing in the social area is interesting, as they take a fresh look at advertising (with real interaction). Their offer is definitely worth looking at if you want to do something with objects. And the fact that they are looking in parallel at smart and “dumb” objects makes their initiative even more appealing.

However, I still get the feeling that there is a strong interest in going one step further, really exploring VRM here. For instance, on approach like Onecub, which helps users organize and manage their incoming e-mails from retailers and service providers, sounds really interesting. This kind of engine, connected to Everythng’s “thing” engine, could efficiently link the Internet of People with the Internet of Things, because we certainly don’t want to get unfiltered messages from all the things we know (and their makers/vendors/distributors). By the way, @Onecub, I would love to take a look at your private beta.

In the end, it looks more and more that some experimentation will be possible without necessarily having to go through too much of a backend effort, building on these upcoming technologies. Which brings me to the implementation side, with NFC. I have tried a few applications that perform actions when scanning tags.

The first one I tried was Tagstand’s NFC Tag Launcher. This application seems to work nicely, but it requires to use their own tags (they supposedly ship some free, but only in the US). I did try it anyway, because their application can also perform some actions when connecting to a Bluetooth device or to a Wifi network. That’s actually interesting, as such events can happen when arriving in the car or at home. For me, turning my phone’s loud ringtone on automatically when I get home is useful.

The second one I tried was NFC ReTAG Free. This app does about the same thing as the previous one, but it can do it with any NFC tag, including my old conference badges (and I have enough of these to organize quite a few experiments). This application works fine, and I have been able to associate some behavior to old badges. Sadly, in practice, the app is made less interesting by Android’s design choices when several NFC applications are available. Like in other cases, a chooser is displayed, that allows me to choose in a single click between the various tag-reading applications. However, this chooser does not include an option that allows me to make a permanent choice: a chooser is displayed every time.

If I try to second guess Google’s intentions, I would say that they simply want to avoid applications that would hijack all NFC interactions. However, Google also describes the main value of NFC as the streamlining of the interaction: you read a tag, and you immediately get what you want. In that particular case, this value falls as a collateral damage to another policy.

If we dig a bit deeper, this shows that the preferred model for Android NFC is a closed model, in which an application is associated to a set of tags, issued by the same company. In that case, they will use private NDEF content, which guarantees them that their tags will trigger their applications. Open models, in which a tag can be used freely by several applications (letting a user select a preferred app) is more difficult. I still believe that such applications are very promising for NFC, in particular in publc spaces, but the interaction may not be as fluid, at least to start with.

Now that the Layar app is reading QR-codes, we can see how similar applications may rapidly become the front-end to our smartphones, and NFC tags will be losing some of their competitive advantage if they can’t trigger this app automatically. Let’s hope that this feature will keep evolve in future releases of Android.

Like public tags, there is a strong interest here to have a generic Web platform to handle such thing tags, which would need to follow some basic principles:

• Be thing-centric. The tag must be primarily associated to the thing, whatever it is, and it should be able to provide information about that thing (e.g., link to user manuals, warranty information). On the opposite, the tag should not solely be a direct marketing fixture for the thing’s manufacturer and/or distributor.
• Give power to the thing’s owner and users. The tag is associated to something, this thing is owned by someone, and that person need to have control over the tag. Except from the core thing information mentioned above, the owner should have control on what they want the tag to do. If I want to use the tag conveniently placed on my coffee machine to launch my e-mail every morning, I should be able to do so, as long as I still have a way to access the other information associated to the tag when I want to. And if my daughter wants the same tag to trigger some other default action when she scans it, it’s fine too.

If we combine these two items, we get to an interesting VRM idea: the tag on the thing is the link between the thing’s owner/user and any businesses that may be linked to it, and the user keeps some control:

• The user/owner can contact the businesses if required.
• The businesses associated to the thing can contact the thing’s owner, only as authorized by the owner.
• The owner of a thing can transfer the ownership to another individual, who then becomes the contact for the businesses.

In a world where objects often have a lifecycle involving several individuals, this is a great way for businesses to keep in touch with the actual user of their products, while providing more control to the end users. Like usual, I strongly believe that this interaction strategy is likely to have better returns for businesses than basic “advertising push” strategies. And the service to users is real, even if it is limited to providing access to information related to their things.

Once again, I haven’t found anyone doing something even remotely similar to this among all the NFC companies that are popping up everywhere. If you are doing this or know someone who is doing it, please comment on this; I would love to take a look.

My first post will be a rant about something that is very-much holiday-related for me: package deliveries. I am a big-time online shopper, which means that I often get deliveries. And of course, during the holiday season, I get a lot of deliveries, from many different vendors.

Until recently, My deliveries were all coming to the office, as this was a local tradition in our Trusted Logic office. However, now, I work in an office with much fewer people, and sometimes from home, so it is not as easy to organize deliveries at the office. So, this holiday season, I got everything shipped at home.

Of course, I live in a closed residence (some code is required to get in), and my postal address allows you to find my mailbox easily, but not necessarily my house (no street numbers). All of this makes me a perfect guinea pig for testing delivery services.

So far, the best service remains the basic Post Office service. They have the key to the mailbox, so they will use it for anything that fits in it. Just great. Of course, if it doesn’t fit, I have to run to the Post Office and stand in line for a while. Even their express service is worse, because they need a signature. So, if I’m not home, they will not leave the package, however small, and I’m back to the Post Office.

With other delivery companies, things get much worse. First, going to the Post Office is not an option, because their “regional center” is often 30 or 40 kilometers away. Then, they don’t have the key to my mailbox, so they won’t leave a package, however small.

And finally, they call you when they are blocked right in front of a locked gate, or waiting outside your door. Even for me who works close from home, this is not very easy to handle, because we are not always immediately available, and because the guy can’t wait indefinitely. In the end, the “express” package took 24 hours to rush from Hong Kong to Nice, and one full week to get delivered. Not efficient.

So, what’s missing? Let’s consider two things:

• I can’t manage the delivery. I can track the package, I can know that the delivery guy has started and will try delivering to an empty home, but I can’t do anything about it.
• I can’t sign off for a delivery when I am not home. So, the guys won’t leave the package in my mailbox.

Now, if we look at both issues, we easily find out that this is a trust issue: delivery companies are not sure of who I am, so they will not trust me. Why so? Because they are not able to associate me to my package when I am at home, in front of them.

This definitely looks like a problem that can be solved. Companies like TrustFabric already allow you to selectively share information with companies. They don’t support this yet, but there is definitely some information that I would like to share with delivery companies (possibly including a detailed map, GPS coordinates, or whatever may get them to me).

Having this link through a trusted third party also solves the other issue. If I simply associate my TrustFabric account to a public credential (OpenID or similar), I can now login to their site and update the directions for the delivery, to lead them to where I actually am, or to acknowledge the fact that I am allowing them to leave the package in my mailbox without a written signature (a digital one will do).

As TrustFabric and others are getting their offers ready, this is getting closer to reality. Let’s hope for this new year that they will cover this delivery nightmare, and I will not have to do the same rant.

The value of the first wave was in the information itself (static Web, a.k.a. Web 1.0); the value of the second wave was in the sharing of information (social web, a.k.a. Web 2.0); the value of the third wave will be in the personalization of the Web experience. One of the key points is here the selection of information, the curation of information, as we are increasingly overflowed with information and content. Companies like Louis Ray’s my6sense are proposing to do just that.

On his post, Doc Searls compares the client-server relationship to a calf-cow relationship, with a strong dependency relationship between a service provider and its users, as exemplified by Facebook, Twitter, and many more. This kind of relationship puts the entire control in the hands of the service provider, which seems very wrong. Doc Searls’ example of Apple’s App Store conditions is the perfect example of this flawed relationship.

Everybody agrees that the personal Web includes personal mobile devices like smartphones and tablets, combined with contextual information, in particular location information. Personal devices will be important for building the personal Web, but not every application running on these devices belongs to the Personal Web. Old-style social services and information feeds will still be around, but making them “personal” on a mobile device is not sufficient.

A personal application needs to truly aim at providing the user with the best possible experience. In this best possible experience, of course, spam, unwanted ads, and other useless content should be gone. This can of course be considered as a threat to a flourishing business model by mobile marketers around the world. However, some other guys will see that as a wonderful opportunity: how to work with the users to bring them commercial information that they value? After all, most of us are actually considering a few purchases at any given time, and timely information about the offer would have a wonderful conversion rate. Let me take an example: I am currently looking for a bed for my son, because his bad quality bed broke. Today, I have two solutions to get information about beds: (1) take my car and drive around the area looking at furniture stores, or (2) Google what I am looking for, and search individually on each site. Both approaches are terribly ineffective, I just want to find a “bed for a 5-year-old boy, including plenty of storage, and if possible a small pull-out desk”. Well, this search is almost intractable, and I can’t find what I am looking for.

Of course, that is what VRM is about. Together with personalized curation, this is an important part of the Personal Web, but there is more into it. In particular, I want to regain ownership on my data, because it is mine. And I want to decide with whom I want to share it, and be able to change my mind.

If we go beyond VRM applications, the Personal Web will affect all aspects of computing. Let’s consider one of my favorite examples, Java Card 3.0 Connected. So far, this technology has failed to find a market. The main idea was to sell super-SIM cards to MNOs, allowing them to push more (static) content and more (social) services to their (captive) users. It didn’t work, for many reasons, but mostly because “smartphones ate our market”.

Java Card 3.0 Connected has some advantages, though: it is local, it is secure, it provides a Web interface. And it is really personal, in particular when it sits in a mobile phone. So, maybe that we can try to find someone (MNO for a SIM, but maybe also a phone manufacturer for an embedded SE, or anybody else for a secure SD Card) who would like to exploit this personal, interactive, secure token to bring elements of the Personal Web to their users. Plenty of applications are possible; the business model don’t necessarily exist today, but the space will be taken before the business model is ready.

So, let’s see who takes the space …

Why Flattr? Well, I looked around, and I really liked the idea behind it. I decide on a fixed amount on money to spend every month, and this amount is shared between all the items that I “Flattr” during a given month. The amounts don’t have to be enormous (minimum is 2€ per month), but the idea is here to regain power over our consumption of information.

Also, Flattr is also getting in the real world, with the possibility to use QR-code tags on physical items, allowing for instance visitors to show their appreciation for a work of art they see somewhere without necessarily buying it. This is supported by an Android application, which is even better.

Now, the question is to know whether what revenue Flattr will bring me compared to Google. My Adsense revenue was really small on this blog, around 20€/year, which basically paid for the hosting. Of course, that’s not the real reason for maintaining this blog. And actually, this is one additional reason to move to Flattr: in addition to the potential revenue, Flattr gives me the ability to get some information about the users who like what I write, share ideas with me, and other “social” advantages.

I’ll keep you updated on this. If I have the courage, the next step is SEO. For some reason, it has always been hard for me to become interested in this, but I would really like to see if this can make me climb up the charts. Also on the stack, the global look and feel of the site is becoming far from perfect, and the latest additions aren’t really well integrated; expect a few experiments in the coming weeks.

Even though I was not writing actively, I have spent a lot of time thinking of the business side of things (must be an age thing). Over the year, I have developed a passionate view of user-centered businesses, and more generally, of the fact that business does not necessarily have to be evil.

Reading about VRM, and regularly reading the Harvard Business Review has helped me develop a few new ideas. In particular, reading Umair Haque’s The New Capitalist Manifesto has been one of the highlights of 2010, because the book does not simply mention has business should be better, but it also shows how some businesses are already benefitting from being better, and that feels really good. If you want a bit of that feeling, reading the book is the best way, but you can also take a lookat the book’s blog.

The next part is to apply all these nice principles. I don’t know yet where and what my 2011 job will be about, but I will definitely spend some time and energy on that, and I hope that I will be able to share some of these thoughts here. But here are a few ways to start rebooting our business of smart cards and mobile security, by reminding a few things:

• Real people don’t really care about security. This doesn’t mean that we shouldn’t care about it, it means that we should naturally include it in products that real people want to use. Security is not a selling point, and bad security is not always considered an issue.
• Our mobile device is our personal device. We use our mobile phones for a lot of things, and that’s why these devices can be used to do even more. Our mobiles are our most personal connected object, let’s make it our root of trust.
• A mobile is more secure than a PC (today). Yes, using SIM cards and Trusted Execution Environments is important; but today, our mobile devices remain much more secure than our (Windows) PC, at least because they are less targeted. This may change, but it gives a nice window of opportunity for pushing interesting trust-related products with little security headaches.
• Over 90% of the people of the world are poorer than we are. Not everybody has an iPhone, but most have a mobile phone. Most don’t have bak accounts, but they have money. All of us need to exchange, to communicate, to trust, etc. We just have different ways. Let’s not just consider the habits of the rich.

So, I wish us all to remix all of this into fresh technical and business ideas, and to make something out of these in 2011.

Plus, of course, the usual wishes for health, wealth, and most importantly, happiness, extended to all the people you care about. And to spice things up, let’s hope for some good, disruptive change that will make our lives better.

First, the upcoming Nexus S will support NFC. This is big, because one of Google’s objectives (the main one?) with Nexus phones is to provide a reference design for Android devices. And now, NFC is part of that reference design (and of Gingerbread, Android’s upcoming release).

Then, Eric Schmidt talked about NFC. He started by a tag reading demo; of course, it didn’t work, because the network was too slow (typical in such environments). He gave a little description, and then switched to contactless payments, even mentioning the use of a secure element. Now, that was nice: Google is not only thinking about reading tags.

Later in his speech, he mentioned how the combination of location-aware, tag reading and mobile payment could change the way commerce works, using terms that would have been largely appreciated at a NFC conference.

To please me even more, he even threw in a mention of voluntarily provided information, which is of course limited by the fact that Google is an unlikely VRM supporter. But yes, if the system is able to integrate that I am actually looking for a new pair of pants, it may provide me with very useful information.

Finally, Eric Schmidt went as far as mentioning security several times, and even saying that “the technology has to be secure,” which is nice to hear for many of my colleagues. And his reason is rather simple: there is money involved directly, so security is a must.

One of the best parts of his vision is to remind us that mobile is personal, secure, and an aggregating technology. So when we think about what we can do with NFC or whatever we add to that, we need to figure out what it brings to the big picture, and how the technology can best be used with all the other mobile technologies.

OK. Enough ramblings. Here is an approximative transcript of what he said about Android (a bit raw, so if you have 10 minutes to spare, take a look at the video):

Q: There has been a lot of talk about a new operating system aligned with a potential hardware device, coming from Google. We’d love to see it if that was possible.

ES: OK. How about instead a demonstration of some software.? So, I happen to have here an unannounced product that I carry around with me. That is an Android device, and we have taped over its origin.

You see, this is a placemark [showing a placemark panel, obviously with a tag in it]. The neat thing you could do with this new technology called NFC (which stands for Near Field Communication), and we think that Android should support that. It’s been around for a while, by the way.What you do is, these are chips that are embedded in things, eventually in clothes to prevent people from stealing. These chips are senders, and we are incorporating support for the reader-writer, so the way it works is you turn this thing on and you basically just tap like that, and it tells you, in the particular case, where you are.

What’s neat about the NFC chip is that the whole notion of location takes an entirely new meaning, because now I can just tap, I don’t have to take a picture, I don’t have to scan a barcode.

Q: So this is basically gonna be in presumably many of the new Android phones.

ES: It’s actually gonna be in the new operating system called Gingerbread that comes out in the next few weeks. So we think that the overall mobile market, which is already extraordinarily excited about these payment systems, will benefit from having those, because it is a secure element, and the secure element really is very hard to steal if you will.

Q: So, the secure element allow you basically to do payment.

ES: One way to think about this is that is that it will replace your credit card. The term of the industry is called tap and pay. The theory of the case is that you will be able to take these mobile devices from everybody, to walk into stores, do commerce, you’ll be able to figure out where you are, again, with your permission, all that kind of stuff.

Q: Effectively, bump for everything.

ES: Yes, bump for everything, and eventually, replace credit cards.

Q: It also turns the phone into a much more powerful form of identification.

ES: It’s an example of what I have talked about for a while, which is “mobile first”. I don’t think that people understood how much more powerful these mobile devices are going to be than the desktops. You think of the desktop machine as having all this power and tremendous network, beautiful screen, but because these things are so highly personal, and because they are location aware, …

Q: They also have network

ES: Yes, with LTE networks coming to the United States, first in the world, for a change, roughly in January-February around the country, it is a really really god day for mobile.

Q: With the theme of points of control, it strikes us that one of the points of control is having tons and tons of credit card numbers; Amazon has tons, Paypal has tons, Apple has a lot. Combined with this kind of technology, it strikes me that it could possibly change the game. Do you agree with that, and where does Google stand with that.

ES: Well, we see ourselves as a technology provider in this, we’re not trying to compete in those spaces, but ultimately this technology is personal, it’s secure, and it’s an aggregating technology. So it makes sense that you put everything in it and carry it around. It has to be secure, because it’s obviously going to be used as money repository.

Q: But still, if you are doing payment, somebody is doing the payment processing.

ES: There are industrial partners for all the initiatives in the industry, with very sophisticated payment processors, and regulations, and all

Q: You expect to be a partner there rather than …

ES: Absolutely.

Q: But you do have Google checkout.

ES: Remember, Google checkout is just a piece of this. Payment processors do something different. They actually deal with the merchants, moving the money around, you know with fraud and so forth. The reason why this NFC dhip is so interesting is because the credit card industry thinks that the loss rate is going to be much better, because they are fundamentally more secure. And ultimately, the money that brings us all to this wonderful venue comes out of commerce in one way or another; advertising in Google’s case. My guessis that there will be 500 new startups in the mobile payment space as these platforms emerge, with all these new and interesting things that we can do.

Q: What I’ve been fascinating by is the idea that this is gonna change is shorten the loop between the search and acquisition of a product. Right now, we see this in buying an app: you search for the app and then you buy it on the phone. But this really makes it possible in the real world. You can search for something, and …

ES: But, forget search. Well, I shouldn’t exactl say that, but that’s a joke. Imagine I am walking down the street, and instead of typing my search, my phone is giving me information all the time, and it happens to know that I need new pants or something. You can imagine all sorts of linkages between autonomous search, and location-based search, where you are, where your favorite stores are, what your preferences are, again if you opt in to these situations. Its likely to drive a very very large mobile commerce business and mobile e-commerce business. And the scale of commerce is 14 trillion dollars, which is the global GDP, so some large amount of money is to be gotten in these new platforms over time.

Q: And you can really how this could be a fabulous tie with groupon, because it tells you that there is a crowdsourced offer.

ES: Again, if you look at groupon as a very good example of a very very successful local merchant, they today use e-mail as their primary acquisition mechanism, but they have competitors which are using other techniques. What we know is that people like a deal.

Q: One last question on Android. What are you dissatisfied about with regard to the platform, and what do you think need to be fixed, if anything.

ES: You score Android against the historically leader in the space, which is the iPhone, and I do this as a proud former board member of the Apple world. There is a set of things that the iPhone really did a brilliant job of bringing out in a closed system. Brilliant design, the app store, the platform and so on. So most people judge Android by how we are doing relative to that. And it’s clear that from a reach, choice, and so forth, we are in great shape. The next real focus is at the applications layer. So I think that if I want to be critical, I would have liked to put more emphasis on the application side earlier. It’s hard, because remember, the application decisions are made based on developers, who do it based on volume. So you have to establish volume first, which is something that I think we have done with Android. And for all of these players at the third-party level, and again I know that we have a lot of developers here in the audience, it’s fundamentally about the math of the platform. So we understand platforms very well, we think that Android will be, if not the leading platform, a leading platform.

Q: That brings up a question that I have been thinking about. As there are more and more applications, it becomes a search problem to figure out which one to choose, and that’s one of your sweet spots. But you don’t have some of the same mechanisms for identifying the best apps. How are you thinking about search as a competitive advantage as the application space grows, where the Android Market is the Google of the app space?

ES: We don’t think of it as a competitive edge, we just try to do it better, and the competitive environment will win. As a comment, I think people are obsessed with the competitive landscape, where what they should really be focusing on is how much bigger the market is getting. And because it’s, including the leadership that you guys did with Web 2.0 so many years ago, this is a very large universe, that is getting much larger very quickly, bringing more and more people into it. So the competition is healthy, what’s really happening is you’re growing the market. So with respect to the applications and application search, there’s all sorts of interesting ways of doing that; Admob, for instance, is doing on the order of a billion ad impressions a day now, and that kind of information, in theory, is useful as part of a search problem, because ads have a real value, and we really believe that. There are many many ways in which the information people are using, usage patterns, can be used to provide better choices. But you’re correct that these markets tend to overcorrect; They have millions of apps, whatever, but then ultimately, the leaders emerge.

Q: One of the things that Steve and Apple did right is the about divorce from the carriers, the ability to pretty much say: I don’t want your stuff on my phone. Do you think that Android is ever going to be truly free of that …

ES: I certainly hope so, in the sense that the Android model is different from the Apple model, very distinctly on pretty much every point. It’s open system vs. Closed system, and closed systems have their advantages, and open systems have their advantages. Google made a bet on open systems. We are willong to let the vendors, the carriers, and so forth, set their pricing, set their distribution terms, and so forth. I think that ‘s the right model.

I would love to have access to my supermarket bills in an Excel sheet. This would definitely allow me to better know what items cost me the most, or how I can save some money. I could also use that data to provide information back to my supermarket (like, “That item disappeared, I really liked it”, or “That brand is great, give me more”); I am sure that they would love that. Of course, I could provide the exact same information to their competitors (they won’t like that). I could also consolidate the information from all vendors and give it back to all vendors (now, they may like that). Basically, VRM could be good for businesses as well.

We could even go further than that, by using that data to claim coupons or more, i.e., to initiate new transactions (like, “I bought 8 packs of your cereal, and I want to claim the free sample of your candy bar”). Of course, such a use is a bit more complicated, because the transaction data needs to be somehow trusted.

The manifesto also contains a part that explains how we move from a large number of relationships to a smaller number of relationships, and an even small number of transactions. We can very easily see how this applies well on relationships between humans; however, it does not really apply to commercial relationship between a vendor and a customer. The manifesto provides a clue about achieving that:

Companies need to adjust their behaviour and the flow and exchange of data between vendors and customers needs more level and balanced. The defining characteristic of such relationships is that both parties are comfortable with it, and mutually benefit from it.

One obvious part of the deal is here that vendors need to change their behavior, and act with customers in a way that makes them comfortable. In a security jargon, we would rather use the word trust: once trust is established, the comfort is there. This is easy to achieve on the B2C Web, because the receiving party is a human being, whose trust depends on more or less tangible items. However, there is also an opposite direction: vendors must be comfortable with their customers.

In that opposite direction, the vendor is often represented by some computer, especially on the Web. Computers are very different from humans, in that they don’t establish trust in the same way. They usually require a formal authentication, they verify the origin of the data, etc.

That kind of trust will be required if we get into models where the data that we get back and consolidate from different vendors can be used as the basis for a new transaction, possibly with a new vendor. In such a case, the vendor would need to verify the information in order to be “comfortable” with it.

More generally, our personal information, and in particular our voluntarily provided information, can be much more valuable if it can be trusted. In a basic example, claiming that I am 18 is an interesting way to filter minors, but backing up this claim with an id and a proof of authentication is even stronger. If I can apply similar treatment to all my personal information, then this information will be trusted (by remote computers, by strangers, etc.), making it far more valuable.

Can we work out something that achieves this with our typical “trust device”, i.e., a mobile phone and a few smart cards? We can at least try, just like people are working in marketRIOT’s MINT project to identify and recommend formats to represent data. Comment or contact me if you know of such projects, or if you are interested to start something.

But the thing that really attracted me is a quote from the CEO of On-Demand Books, Dane Neller:

“We believe this is a revolution. Content retrieval is now centralized and production is decentralized.”

Hmmmm. So, Google has the contents. Fine for me, as they give me a simple access to a massive amount of content. Of course, book printers have the printers. Fine for me as well, as their printers are far more efficient than mine in all aspects. But how is the link made? Who forwards the content to the printer? Who certifies that the content is actually free of rights? And if it isn’t, who certifies that I have the right to print a copy of it?

Google can do all of this, of course. But now, this is not really fine for me, as it gives too much power to Google. It is perfectly OK to have Google certify that the “free” content they provide actually is, but it should also stop there. I don’t really want them to make the link, and I also want to be able to print content from other origin, and in particular, books that I buy, and books that I write (one so far, with my daughter, available at Lulu).

So, our first problem is the missing link. And here, we get very close to VRM. Since we want to interface any (printable) content with any printer, this link must be something that we, as users, control. If books are published in an open format, I can perfectly imagine a small widget or mobile application doing just that: getting content from a content source, and forwarding it to my printer of choice.

Things that are quite similar are starting to pop up, like the systems that use OAuth. However, in such cases, a bilateral agreement is required between the content provider and the service provider. So, we are not yet giving back the power to the user. But of course, as soon as we remove this bilateral agreement, an issue of trust surfaces: how do I know that the person who requires the service actually has the right to use the content. Well, that will be discussed in another post.

Our second problem is that book printing is just a very simple example. Photograph printing is another one; many times, I have wished to be able to print a few pictures and distribute them on the spot rather than psting them on some virtual wall. And we can even extend the same idea to cases in which the notion of content is more general, as well as the notion of service.

Now, I can take back my Java Card hat. In the near future, there will be embedded Web servers everywhere around us, providing a wide range of content and services. You can call that Java Card 3.0, Web of things, Ambient intelligence, but it is basically the same thing: We have content providers (the thermometer), service providers (the thermostat), and a link between them. I like to think that this link can be my mobile phone, and I can use it to associate a new thermometer to my thermostat. The funny thing is that the problem is exactly the same as above, and that at the center of it, we have the same old issue: trust.

Of course, there are other issues. But hey, I am not a web services guy, I am a security guy. So I see security problems. I like this one, and I’ll get back about it.