Hypermedia and Identity's Third Law

Everyone has tried to build a personal data wallet. Most failed. Why's this time different? Data portability and AI.

Scroll to read

Data wallets are inevitable.

Or at least that’s what people have been saying since 1999. Or 1965? Or 1945??

Everyone has attempted a wallet.

  • Microsoft
  • Sun Microsystems
  • OpenID Foundation
  • Startups like Personal Inc
  • Loyalty like iBotta
  • Plaid

Internet futurists imagined interoperability everywhere, across forms, e-commerce, social networks – everything.

No one has achieved it. A few got part way. Most have died or faded.

So what the heck happened?

And now we’re building a wallet??


In this blog, we study the pre-internet’s imagination of interoperability, a brief history of wallet attempts evaluated under Identity's Third Law, and use the context to motivate why now’s the time for the data wallet to rise.


Interoperability has fascinated scientists and philosophers long before the internet.

In the July 1945 issue of The Atlantic, former World War II engineer and administrator who led the U.S. Office of Scientific Research and Development Vannevar Bush imagined  

Consider a future device …  in which an individual stores all his books, records, and communications, and which is mechanized so that it may be consulted with exceeding speed and flexibility. It is an enlarged intimate supplement to his memory.
Bush was inspired by how the Telegraph could evolve.

Bush believed the telegram could evolve into the Memex, a self contained research library.

Bush explored how content of similar meaning or reference could be composed into “associative trails” of references to books, articles or writings.

Thereafter, at any time, when one of these items is in view, the other can be instantly recalled merely by tapping a button below the corresponding code space.

Twenty years later, the Memex had still not arrived.

In 1965 at the 20th proceeding for the Association for Computing Machinery Swarthmore College alumnus Teddy Nelson believed computing hardware necessary for a memex was available and described a new framework to deliver it.

He proposed an Evolutionary File System “ELS”

a file structure that can be shaped into various forms, changed from one arrangement to another in accordance with the user's changing need.

The system is user-oriented and open-faced, and its clear and simple rules may be adapted to all purposes.

and went on to introduce the idea of Hypertext

a body of written or pictorial material interconnected in such a complex way that it could not conveniently be presented or represented on paper.

[Today, this sounds like context for a language model!] Nelson’s speaking on the topic has evocations similar to vectors e.g., in 1965 at Vassar College

Mr. Nelson pointed out that we often do not think in linear sequences but rather in "swirls" and in footnotes. He introduced the concept of the hyper-text, which would be a more flexible, more generalized, non-linear presentation of material on a particular subject.

In the 60s, this idea evolved into a hypertext publishing project ‘Xanadu’ that went on for 30 years. It proved extremely ambitious – with copyright and royalty built in (reading text would send micropayments to the author!). It was theoretical and complex. Wired Magazine called it “cursed” and the “the longest-running vaporware story in the history of the computer industry.”

In 1990, Tim Berners Lee refined Teddy Nelson’s hypertext (and related hypermedia) as

Human-readable information linked together in an unconstrained way.

in his famous “vague but exciting” “Information Management, A Proposal.”

Berners-Lee explained how his frustration at the lack of interoperability across computers lead to his creation of the web.

“I was frustrated -- I was working as a software engineer lots of people coming from all over the world. They brought all sorts of different computers with them. They had all sorts of different data formats, all sorts, all kinds of documentation systems. And these were all incompatible. So if you just imagined them all being part of some big, virtual documentation system in the sky, say on the Internet, then life would be so much easier.

Well, once you've had an idea like that it kind of gets under your skin.”

While “vague but exciting” in 1990, hypermedia today seems simple. With AI models accepting context of millions of tokens, todays hypermedia appears to have just two components

  • Human readable information
  • AI that remixes information without constraint

Coincidentally, we’ve modeled our data interface (AI over a unified events representation) exactly following Nelson and Berners-Lee’s hypermedia.

Personal hypermedia “hyper-personalization” then has all our Linked Information over the objects

  • sites
  • songs
  • videos
  • stores
  • runs
  • books

that we have

  • liked
  • purchased
  • exercised
  • confirmed
  • played

all linked together in an unconstrained way via AI, constrained only by the prompt and the context you choose to add.

Have you seen my wallet?

If you’re going to build a wallet – an identity with permissioned data – you should have some sense for past attempts and understand why they succeeded or failed.  

In the first section, we encounter the Third Law of Identity, which appears as a pinch point for the success or failure of an identity.

Microsoft Passport

On October 11, 1999, Microsoft introduced Microsoft Passport

a single sign-in and wallet service for communication and commerce on the Internet. By creating a single Passport “identity,” users can easily access information and purchase goods on multiple Web sites using a single login and password.

This new service allows online shoppers to purchase items with ease, eliminating the need to repeatedly type the same shipping and billing information when ordering products or services at different Web sites.

Passport’s [gives] consumers the ability to use their Passport identity across many Internet sites, not simply within a proprietary network, and a server-side design, which provides consumers access to their Passport anytime, anywhere, using any Internet device.

In addition, Passport takes a stronger stance on privacy and security. Passport ensures that its members always control the information stored in their Passport, and which Web sites receive it. Moreover, Passport requires all participating sites to adopt privacy policies that conform to industry-recognized privacy standards.
“The user is in complete control of the information he or she supplies to Passport — and the user also actively controls with whom that information is shared.

In practice, it seems like Microsoft Passport was really a single sign on service with a promise of privacy.  Passport managed to accrue big partners like eBay, Costco and Barnes and Noble.  

But following a series of security breaches, rumors of anti-competitive business practices like blocking non-Internet Explorer browsers, and a complaint filed with the FTC concerning alleged false representations of data collection, by 2005 its last major partners had jumped.

Passport also arrived at a time when people still believed in the Golden Rule of Cookies

The golden rule of cookies is that they are only sent back to the same web domain as they came from. This is important to remember, because it’s the only thing that really protects you from having all the web sites you visit swap information about you.

But swap information the internet did. Huge Data Management Platforms were built specifically to do this, and are now hooked into major enterprise CDPs.

We wonder how writing on Passport might have been different if folks knew what cookies became.

Kim Cameron, Microsoft’s Chief Architect of Access did a post mortem on Passport. He didn’t believe Passport’s troubles came from people not trusting Microsoft (millions of people had accounts!) but rather a consequence of the Passport’s positioning with respect to the Third Law of Identity that stipulates

Technical identity systems MUST be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.

Cameron came to believe that Passport violated this third law for two reasons:

The first was that web sites didn’t really want Passport mediating between them and their customers. And the second was that consumers didn’t see what Passport was doing there either.

Cameron concluded the postmortem

For now, I leave it as an exercise for the reader to explore the applicability of this law to various potential candidates for provision of identity.
Sun Microsystems

In September 2001 Sun Microsystems and an alliance of 30 others including General Motors, eBay, Nokia and later AOL launched a counter to Microsoft’s passport.

They called it Liberty Alliance

Federated identity will enable the next generation of the Internet: federated commerce. In a federated view of the world, a person's online identity, their personal profile, personalized online configurations, buying habits and history, and shopping preferences are administered by users, yet securely shared with the organizations of their choosing. A federated identity model will enable every business or user to manage their own data, and ensure that the use of critical personal information is managed and distributed by the appropriate parties, rather than a central authority.

Liberty Alliance grew to 150 members. That said, it required expensive coordination between multiple parties, slowing its adoption relative standards like OpenID that would later emerge.

Entities involved in a ID-FF implementation.

Relative to sites or applications managing their own authentication, Liberty ID fails Cameron’s Third Law, as it lacks a necessary or justifiable role in mediating identity.

Open ID

On May 16, 2005 Brad Fitzpatrick proposed yadis Yet Another Distributed Identity System. The history of OpenID is well-documented. Its Attribute Exchange capability could enable social network interoperability, where a user could direct certain attributes saved in one social network profile and point them to another.  

While technically feasible, this never happened. Dare Obasanjo explained in 2007

The primary reasons for lack of interoperability are business related and not technical.

Why would Facebook implement a feature that reduced their user growth via network effects? Why would MySpace make it easy for sites to extract user profile information from their service? Because openness is great? Yeah…right.

Openness isn’t why Facebook is currently being valued at $6 billion nor is it why MySpace is currently expected to pull in about half a billion in revenue this year. These companies are doing just great being walled gardens and thanks to network effects, they will probably continue to do so unless something really disruptive happens.

It turns out Facebook had over $1T worth of reasons not to do this. Particularly with major social media networks, OpenID fails Identity’s Third Law because OpenID has no necessary or justifiable reason to mediate auth to platforms like Facebook when Facebook could just do auth itself, especially given implications of openness to its network effects.

Personal Inc

In 2009, Personal Inc launched their life management platform. While not explicitly an identity layer, they enabled users to collate their data and permission it to services, friends and family.

They got great press, including from The Economist and Time Magazine, who described the service

Personal is a highly encrypted cloud storage service where users are the only ones with the key necessary to decrypt their data. You can manually upload documents as well as email passwords, account numbers and addresses.

CNET went on to describe the platform

The idea with Personal is that you file these items into "gems" like, "beverage preferences," for example. Then you can recall them when needed, and more importantly, share with others when they need them. For example: You can quickly give the babysitter access to the alarm code gem.

But there was a problem. Onboarding. CNET explained

But there's a big problem with Personal: Data entry. It is a total drag to collate all this data. And I think the response rate when people request gems from other people (as in the dinner party scenario above) will be too low to make the system truly useful.

This onboarding hump could doom the company”

Personal violated Identity’s Third Law in a new way: Friction.

Personal implicitly asked users to frontload friction of entering information manually that they’d only maybe use in the future. Why use Personal to communicate your beverage preferences to your friend when you can just text them “yeah i like diet coke.”

Personal Inc just didn’t have justification to mediate these communications and, as such, failed Identity’s Third Law.


iBotta is a cash-back app that rewards users for everyday purchases founded in 2011. iBotta is not a typical identity layer, but we include it because it associates data – purchase receipts – to user identity that interoperate with brand offers.

In April iBotta IPO’d to a nearly $3bn market capitalization. Investors were most excited about its retail performance network IPN, an apparent data consortium over retail partner authenticated identity that allow CPG marketers ability to reach consumers. This performance network acquires identity not by signups to the iBotta app but rather by usage of its retail partners sites. This B2B2C motion enables more scalable identity acquisition than iBotta app alone, which grew at about 19% YoY last year according to their S1.

iBotta does not fail the Third Law of Identity. With the iBotta app, iBotta delivers savings to consumers across brands they love. With iBotta IPN, iBotta delivers its CPG customers access to offer savings not only on its app surface but on the surfaces of its retail partners, all in a white labeled way. In the latter case, iBotta inherits identity provided by its partners. In both cases, iBotta is justfied and apparently necessary in mediating identity because it independently collates data across fragmented partners and experiences; and provides relevant offers over this combined data that'd be more difficult and expensive to build in a decentralized way. On the other hand, the iBotta wallet is limited to interoperating over brand offers, not personalization generally.


Plaid is a safer way for users to connect their financial data to third party apps, founded in 2013. Its founding and history are well known. It is justified and necessary in mediating identity because building individual banking integrations (in a safe and compliant way!) is costly for any application it serves. On the other hand, its interoperability is limited to data from financial institutions.

Hypermedia and Identity’s Third Law

Identity solutions of the past apparently failed because of the Third Law of Identity. The identities that failed didn’t have a necessary and justifiable place in a given identity relationship.

They either weren’t necessary

  • Microsoft Passport
  • Sun Liberty Alliance

or they weren’t justifiable

  • OpenID
  • Personal Inc

because of business reasons or friction.

Cameron left an exercise to the reader to apply this law to potential candidates for provision of identity.

Today, we take up this exercise. We identify two critical trends that unlock new possibilities for an identity candidate.

First, data portability laws are on the rise. Users globally have a growing right and ability to access data about them.

Paths to onboarding data are in increasingly lower friction. Manual data entry for only a single data point (“I like diet coke”) is being replaced with automatic data collation from modern and automated auth flows.

While in 2007 Facebook eschewed OpenID’s Attribute Exchange, under today’s laws, Facebook no longer has a choice. Neither do any Gatekeepers.

Global law and new efficiencies in data connections satisfy the Third Law’s justifiability requirement.

Second, with AI hypermedia is now  possible. But hypermedia requires access to consumer context from across silos.

Silos of consumer context from a Tim Berners Lee Ted Talk in March 2009.

A personal hypermedia packaged in an identity (a “personal data wallet” or "hyperpersonalization" via headless personalization) satisfies the necessary requirement in that it enables access and inference from context from across silos. Without such an identity, services must run on first party data that's increasingly "meh" and at risk from the death of cookies.

This contrasts with the incentive asymmetry of OpenID where OpenID providers benefit more from mindshare and lock in without delivering a corresponding benefit to those who accepted. While there was a long list of OpenID providers, a list of organizations accepting OpenID was nowhere to be found.

On the other hand, providing access to a personal hypermedia resolves this asymmetry: trading a third party identity for ability to provide superior service.

With data portability mandated by law and AI-unlocked hypermedia, an identity layer for personalization has a new chance to rise.

We're excited to make it happen.

See what Crosshatch can do for your business.

Crosshatch for businesses

Collecting our thoughts

an internet
Made for you