<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="urn:composable:very"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="urn:composable:very"
version="1.0"
finalDefault="extension"
<xs:element name="Letter" type="LetterType"/>
<xs:complexType name="LetterType">
<xs:attribute name="value" type="xs:string" use="required"/>
<xs:attribute name="uppercase" type="xs:boolean" use="optional"/>
</xs:complexType>
<xs:element name="Punctuation" type="PunctuationType"/>
<xs:complexType name="PunctuationType">
<xs:attribute name="value" type="xs:string" use="required"/>
</xs:complexType>
<xs:element name="Spec" type="SpecType"/>
<xs:complexType name="SpecType">
<xs:choice minOccurs="10" maxOccurs="unbounded">
<xs:element ref="Letter"/>
<xs:element ref="Punctuation"/>
</xs:choice>
</xs:complexType>
</xs:schema>
I tried to hand him some money but he wouldn't accept it.In-seat Personal Video Systems act as an effective load balancing system for airplane washrooms. When every passenger can choose their entertainment options, you don't get the rush for the facilities that happens when a movie shown on the big screen ends. If passengers could serve themselves their meals from a buffet the load would be smoothed out even more.
Air Canada has outfitted bulkhead seats with airbags. Fitted into the seat belts of those seats, they are designed to compensate for the lack of a tray table in front of you (into which your head would otherwise slam)
I saw the sign below at Ottawa Airport.
Quite the relief as I had been worried about the permanence of that particular piece of nondescript, beige-coloured, industrial carpet
I enjoy watching people come into an airplane and start to peer closely at the number above each row of seats. I think the thought process is something like 'OK, let's see, I'm in row 42 - 2, 3, 4 let me just check my boarding pass, yup, still 42 - 5, 6, 7. 8, oh wait, did I miss 42? Nope, still good - 9, 10, 11, check boarding pass again, 12, 13 .......39, 40, 41, 42, 43, 44, hey just a sec, ....
Flying from YYZ to HKG, missed the North Pole by 120 miles.
As an experiment, turned on my GPS during the flight. Clocked at 850 km/h. That's going to bump up my weekly running total distance and average speed nicely.
Well that's nice but right now I'd much rather have the privacy of one of those fully-reclining bubble first-class seats (I'd even accept a couple of thin blankets covering my stretched out form on 2-3 side-by-side economy seats). Why is the obvious 4th option missing?Fundamentally, ID-WSF is a 'web service framework' and so the preferred channel for provider communication is a direct SOAP call rather than a browser-mediated front-channel. Justification includes:
Send the user to FGP straight away, the FGP sends the user back with the request information, if the FGP requires something over the MRPs say so it has its interaction point right there.
Give us a land of lakes
and a land of snow
And we will build Ontario
A place to stand, a place to grow
Ontari-ari-ari-o !
You can calculate the risk of flying by:I can imagine similar variations in how an SP might determine the risk associated with accepting identity assertions from IDPs.
1. Dividing the number of people who die into the total number of people, which gives you the risk for the average person;
2. Dividing the number of victims into the number of total flights all passengers took, which gives the risk per flight;
3. Dividing the number of victims into the total number of miles all of them flew, which gives you the risk per mile.
Everything sent by this extension goes directly to the Last.fm servers and nowhere elseOf course, the best solution would be for Last.fm to accept a security token attesting to my identity in its API and not require the password itself.
E-Loan Inc. customers worried about safeguards when data get outsourced to India can choose to have loan applications processed domestically, though loans in such cases would take two additional days to close.Not only is the customer given options for controlling how/where their data is processed, but importantly they are explained the consequences of the choices they make.
At first glance I was worried about the privacy implications of OpTag but I'm reassured by the stated motivationOh well that sounds just fine.
Up to 5% of aircraft departure delays are caused by late passengers or late bags at the gate, and the impact of this in missed slots and subsequent costs will increase as the number of flights increases. The OpTag system will enable the immediate location of checked-in passengers who are either missing or late, and thus reduce passenger-induced delays and speed up aircraft turn around.
Users establish personal digital identities and connect with other people, collaborate with them and discover new resources through their connections. Plugins allow users on different social networks to collaborate, and provide specific functionality for tasks like project management, mobile browsing and collaboration through user-controlled wikis.The emerging ELgg support for Liberty Alliance ID-WSF components expands on the existing support for ID-FF (as well as OpenID it would seem).
The fact that it ignores other standards may be true but one of the design goals is to do for data transfer what OpenID has done for single sign-on; light-weight, simple, easy-to-implement, etc. Think of the proposal as a best-of-breed of those heavier technologies.To my mind, best-of-breed implies that the old and new are still of the same breed. But, were OpenID to continue down this road, DTP and the existing XML-based messaging stack would be completely separate species with no chance of successful intermixing.
The same can be said of OpenID as it relates to SAML ...I agree.
Thank-you for your email. I will be out of the office until February 18 2007. I will reply upon my return.It might have worked if the reply hadn't taken 3 hours. If you're going to run a mock MITM attack you have to be faster than that.
Ian
1. The golden rule: treat others as you would want to be treated.I try to follow #3 in all aspects of my life.
2. Control: SOTG takes real effort.
3. Heckling and taunting are different.
4. SOTG is compatible with championship play.
5. Don't "give as you got."
6. Breathe.
7. When you do the right thing, people notice.
8. Be generous with praise.
9. Impressions linger.
10. Have fun.
3: Consumer associates with server (option 1) - In order to communicate securely with the server, the consumer gets an association with the server discovered in step 2, using an existing association if it is available, otherwise visiting the server and using Diffie Hellman to negotiate a shared secret with which to sign communication.As written here, the consumer uses an existing association in order to get an association? I believe the intent of the above para is something more like
If necessary, the consumer establishes an association with the server discovered in step 2. If the consumer already has an association with the server, or is capable of dumb-mode only, it MAY skip this step.2) Step 4 indicates
The OpenID server URL accepts a query, containing all the information the server needs to check the user's identity and redirect the user back to the consumer. The server checks the authentication of the user. If the user is signed in (has an auth cookie) and has already authorized sending their identity to the consumer, step 5 may be skipped.and Step 5 includes
The user authenticates to the server with a cookie or a username and password, and the server asks the user for permission to send their identity information to the consumer.Both steps refer to the user authenticating to the server and the result is confusing. I think the intent was more something like
Step 4 - user agent is redirected to server (along with information the server may need to direct the browser back to the consumer)
Step 5 - user authenticates to server, either with existing cookie or, if not present, with a password etc. At this point, the user is asked if they consent to their identity being sent to the consumer. If the user has already authorized identity being sent to the consumer, this previous consent declaration may be used.
While multiple screen names can be tracked at home, the company is working on a tool to associate different screen names across school and home to notify parents.A not insignificant piece of SAML 2.0 deals with the establishment of connections between such disconnected accounts in order to facilitate subsequent identity-driven interactions, whether those transactions be SSO, attribute sharing, or 'dangerous chat language notification'.
Who said anything about doing this without the knowledge of the kids? SAML could definitely be used in an underhanded way to establish the connections between IM accounts (just as IMSafer can be run in covert mode - the FAQ 'advises' parents to tell the kids it's installed). SAML can also be used in an open, privacy-respecting user-centric manner to do the same (like the multiple identifier model above in which the kids could be involved in the establishment of the identifiers and so be completely 'in the loop'.) Is there any identity system that we can't say the same thing about?
Isn’t the whole point of the Laws of Identity that people should not have there identifiers aggregated across contexts without their knowledge.
How do you know what IM accounts to monitor?Now that's informed consent!
When a user on a computer onto which you have installed the IMSafer client software uses IM, we automatically detect it and start monitoring the account. You don't have to do anything. How nice is that?
It has my blood type on it but I don't know why?KCP: I had the feeling at Digital ID World that some people are using the term user-centric to describe sort of the next big thing after federation, implying that federation was yesterday. Doesn’t that worry you?
Durand: That’s my point. However, I understand the marketing aspect of it. Its about creating a new category and dominating it and attempting to disconnect it from the prior category. That’s all happening on the marketing front. I just don’t want the technicians and customers to buy into the marketing jargon that’s been fairly self-serving for those that are looking to create a new sandbox to sell from. The reality is that when we’re talking about identity you can’t have a break in the chain. Identity transactions are going to be chained together and most of them either start or end in a business, so you can’t separate the business infrastructure from the consumer infrastructure in terms of the ability to do business with the business. It’s just one big continuum and if we need to add capabilities such as privacy and user mediation in the transaction, then so be it, but that’s not something completely separate.
An SP may wish to provide basic personalization services to its visitors/customers without requiring them to have an account at the SP or even identify themselves at the SP. Hence a user may anonymously share certain attributes with such SPs. For example, an SP may not require any sign-in by the user on their initial visits. Nor does the SP require the user to have an account at the SP. Yet, the SP may want to provide basic personalization based on attributes such as preferred language, gender, geo-location, time zone, etc. The user, when visiting the SP, may see content personalized to the user's preferences. Such personalization is the value-add provided by such SPs to attract customers and increase airtime and online time usage.This use case, the derived requirements, and the resultant support in WSF may not fit the image of "hard-coded federations" that some seem to have about the Liberty Alliance's architecture.
Note the anonymity is intended to protect the identity of the user. The SP never gets an identifier for the user, not even a repeatable pseudonym. Therefore, even if the user re-visits the SP a minute later, the SP would not know if it is the previous user visiting again. However, such anonymity (privacy) does not exist if the user willingly gives the permission to anonymously share his/her PII (Personally Identifiable Information) such as social security numbers, driver's licenses, passport numbers, etc.
Jeff Hodges and Scott Cantor have released an updated version of their HTTP POST "SimpleSign" Binding. I guess if I was married to someone known as a 'she-wolf' I might be looking to stay over the Saturday night whenever possible as well.
During his reign, Edward II lodged at more than 4,000 places in England.
While multiple screen names can be tracked at home, the company is working on a tool to associate different screen names across school and home to notify parents.If only there were technology to help.
The caveat here is that active federation implies that the user is an active participant in the flow of identity (if not necessarily aware of it because of stored privacy policies). So, active federation requires that the user be 'online' (e.g. be sitting at their desk, looking at their phone, or having inserted their USB dongle into an airport kiosk).
I would argue that active federation is superior to passive federation when the requirements of user-centricity are to give the user the ability to independently enforce control and privacy stuff.
I guess the user would see the same interface at any other site that implemented Whobar.
