Tuesday, May 30, 2006

What a nice gesture!

It's easy these says to be somewhat cynical about people and their intentions. That is, until out of the blue, somebody does something for you simply out of the goodness of their heart. Something like this blog comment I received from a friend named 'Anonymous'.
Hi, i was looking over your blog and didn't
quite find what I was looking for. I'm looking for
different ways to earn money... I did find this though...
a place where you can make some nice extra cash secret shopping. Just go to the site below and put in your zip to see what's available in your area. I made over $900 last month having fun!
Friend, thanks for thinking of me.

Sharing with a total stranger what seems certain to be a license to print money, now that's just plain ol' nice!

As a matter of fact, I think I'm going to perpetrate a similar "random act of kindness" and forward on your message to all my friends. I hope it gives me just a fraction of the satisfaction you must get from sharing this inevitably lucrative info.

YACCP - Yet Another Conor Cahill Post

Kim Cameron chides me for what he believes to be inappropriately cast aspersions on Conor Cahill.
I think if Paul had been present at the session he would actually have appreciated what Conor had to say. Objectivity and realism in sizing up deployment blockers, and transparency in setting expectations, is what will lead to success.
A couple of points in my defense:
  1. Conor and I have a long established tradition of casting aspersions on each other. When I think of my involvement with Liberty, I divide it 2 periods - that initial period during which I was too intimidated by Conor's expertise and strongly voiced opinions to challenge him, and then the last couple of weeks.
  2. As quoted by Phil, Conor's statement about non-enterprise deployments could be misinterpreted. Conor doesn't blog so I thought I would give him an opportunity to clarify/expand by commenting on a post of mine. I chose sarcasm and satire in order to goad him over the pain barrier of making such a comment.
  3. This was part of a new marketing campaign by Liberty to put a more human face on the organization. New logo soon.
  4. The end result of an individual so strongly linked with Microsoft's identity strategy defending a Liberty-proponent (rather than laughing with delight over what might appear to be LAP-internal squabbling) and what this might imply for the future (or even just for the sake of irony) must surely justify some small artistic excess in my original post?
I'll be seeing Conor at a Liberty meeting in Washington tomorrow. Can't wait.

Motion sensing for authentication?

Wired has a piece on various potential applications of motion sensors - the latest of which is the Nike shoes/Apple iPod integration.

Why not put a sensor in a hardware token? The something you have would be the token, and the something you know would be some programmed sequence of motions, e.g. left-right-left-up-down.

Might make people look like nervous 3rd base coaches or Catholic priests conducting a Mass. That would be a nice humourous bonus for bystanders.

Or perhaps the sensors will eventually be sufficiently smart to distinguish the owner's gait from that of anybody else? Could it recognize my bad left knee? Recommend appropriate physiotherapy?

Rob Zuccherato - Security in Depth

My ex-colleague Rob Zuccherato at Entrust has started a blog.

Rob's office at Entrust was next to mine and I probably wore the carpet thin walking over to ask him insightful and probing questions about crypto and security such as:
  • 'so if elliptic curve crypto is good, surely circular curve crypto would be even faster and more efficient?'
  • 'So what does RSA stand for again?'
  • 'I've locked myself out of my office, can you phone security for me?'
I expect Rob's blog will serve to reopen this educational channel for me. We'll see how long it takes him to close off comments.

Rob, in your latest post entitled "Does key size matter?", I think you missed a juicy double-entendre. As you blog more, you'll discover that a racy blog title can sometimes drive readership right past the magic '10 hit' threshold. And that's when the money starts to flow.

SDO Tycoon

The popularity of Tycoon games (e.g. Zoo, Rollercoaster, Moon, Mall, Lemonade, Monopoly etc) with my kids makes me think there is an untapped opportunity ....

SDO Tycoon

SDO Tycoon delivers a fantastic standards development experience! Immerse yourself in first-person views as you take your specifications from initial smoke-filled rooms through industry stalling drafts to eventual standards. You control it all!

Create your SDO
  • Pick an IP policy (use the built-in random number generator if you can't decide)
  • Set membership dues (too cheap and anybody can join, too pricey and you'll be accused of exclusivity)
  • Choose a timeline (that meets your product development cycle)
Enjoy realistic SDO experiences
  • Peak in on private meetings with the Closed Door Cam
  • Write specifications with the Easy Spec Template
  • Experience real meeting room atmosphere with the patented Stuffy Air™ face mask (USB connection required, not approved for use in Canada). You can actually hear the yawns! (sound card required)
  • See realistic room views - including blurry slideshows, attendees doing email and more ...
  • Travel to exotic locations, enjoy the vistas of the 'Ride from the Airport'.
A huge array of diverse contributors — everyone is unique!
  • Create your membership and add them to your SDO
  • Assign them to groups. Have a blast watching them struggle to write a charter.
  • Adjust the degree of politics - fine tune between two levels - 'High' and 'Freakin High'
  • Deal with different personalities, make friends AND enemies!
  • See animated individuals (including facial expressions!) exhibit sometimes intelligent behavior, both individually and as a crowd.
Add the new 'Liason Pack' or 'Conformance & Interoperability Module' for unprecented complexity.

Monday, May 29, 2006

Your mileage may vary

mySociety has some interesting maps that display the time it takes to travel from one part of the UK to another by public transport.

Instead of displaying how to get from A to B, the maps show where you can get to in a given period of time. Effectively, they show the real distance (in terms of time lost to the trip) between two points rather than the geographic distance.

I can see something like this for 'community distance' on the Web, where the realities of the social topography impact the ease with which two users find each other and then connect.

I may be the fabled 6 degrees away from George Bush but that's not to say our intermediaries would be willing to provide introductions (well at least most of my friends wouldn't broker trust for him, I can't speak for his friends doing the reverse).

Sunday, May 28, 2006

Wheat and greet

The invention of agriculture over 10,000 years ago spawned major changes for human societies, including:
  1. food surpluses
  2. the rise of large states & large-scale wars between them
  3. public servants & politicians
  4. vastly increased populations
Farming also allowed/forced people to settle in one place for significantly longer periods of time than had ever before been possible for hunter-gatherers. What had been small bands of hunters & collectors with populations likely numbering fewer than 100 became villages and then cities of thousands.

Compared to the gathering lifestyle, farming society brought people into contact with far more 'strangers', ie. those with whom they were not directly related or socially connected. Instead of dealing with the same small personal group from birth to death, the first farmers would have been constantly confronted with 'business partners' with whom they had no previous relationship. When dealing with these strangers , alternative mechanisms were necessary to replace trust based on personal experience - most notably money replacing mutual obligation and reputation replacing personal experience. The old traditions didn't scale.

As the Web becomes more about connecting people to people than people to data, we face the same challenge - just like those first agrarians we deal more and more with people with which we've never met before, and are unlikely to meet in the future. Whether it's a financial transaction or a romantic one, we need help in determining whether to proceed if we can't rely on trust based on personal experience (online or otherwise).

Agriculture emerged in the Fertile Crescent. It's doubtful that Iran and Iraq will be the centers of development of the mechanisms emerging to meet these requirements for online strangers.

Saturday, May 27, 2006

Is the medium the message?

Sxip is bragging about the download popularity of Dick Hardt's Identity 2.0 presentation.

I love Dick's presentation, it's been a breath of fresh air in the stagnant swamp of bulleted Powerpoint (or Open Office) decks we live in. Importantly, I'm sure it's made many others either revisit old decks and consider how they might be spiced up or motivate them to try a different approach in new presentations.

It had that effect on me, I experimented with the Takahashi (not Lessig) method of deck development for two different presentations - a Liberty People Service Webcast and another on the connection between federated identity and ID-Theft. Neither had the ooomph or pizzaz of Dick's (nor the resultant popularity) but it was fun to try something new.

Almost a quarter of a million downloads - impressive. And that's not even counting the widespread P2P sharing that I'm sure is prevalent.

But, given the novelty of the style, and the liklihood that some people are downloading and viewing out of curiousity about that style (rather than an interest in identity, I know I forwarded the link to non-identity friends/colleagues) - I wonder if downloads is the best metric for the impact of the Identity 2.0 deck?

Maybe a histogram of daily seaches on 'identity claim' or 'Gastown' from before and after Dick's OSCON session? (I expect a plot of 'Canadian Dick' would be skewed by this year's election.)

Thursday, May 25, 2006

He said she said

In a comment to my previous post, Conor Cahill clarifies his meaning
That wasn't an exact quote, but pretty close. The point I was trying to make was in response to a question along the lines of "why don't we see liberty everywhere since it's been around like forever (4 years)".

My answer was along the lines of "while you don't see Liberty implemented all over the place in an ecommerce type environment you do see it in a large number of enterprise environments, especially enterprise reaching out to relying parties" (again, not a direct quote as I can't remember exactly what I said minutes ago, much less hours ago).

I also went on to explan that in my opinion the reason that you don't see it (or any other SSO solution including MS's Passport or AOL's SNS) everwhere is that SPs didn't see a significant benefit from it and were afraid to let someone else (the IdP) potentially get in the middle of their relationship with the customer.

This is changing now because of the need for strong authentication and anti-phishing/IDentity Theft. SPs are much more interested in this stuff nowadays then they were 3 or 4 years ago.
Unable to resist an opportunity to dig at Conor, our Liberty colleague from Ericsson, Carolina Canales-Valenzuela added
I usually tend to not participate in blogs, but here I cannot refrain - specially in a discussion where my good friend Paul is telling my good friend Conor that he is wrong :-).

Conor's phrase "again, not a direct quote as I can't remember exactly what I said minutes ago, much less hours ago" clearly confirms my theory that sometimes he doesn't listen to himself :-).

About the issue under discussion, I have some friends who claim that 4 years is a very short period for adoption and deployment of any new technology. This clearly applies, for instance, to the telco world, see UMTS or IMS deployment.
I believe that some of these identity management solutions have gone too far too quickly, it is like planting a seed in the desert. However, the time is coming.....

Conor Cahill - Deliciously Wrong

I like and greatly respect Intel's Conor Cahill.

That's why it is so &#*^%$@*& sweet to be able to point out whenever he makes a mistake.

Phil Windley describes an identity panel on which Conor (and other identifiable luminaries) sat.

Conor is quoted (loosely) as saying:
there’s no large eCommerce implementation of Liberty. SSO hasn’t been adopted outside the enterprise
Au contraire my Irish friend.

There are 'millions and millions' of Liberty-enabled commerce identities.

I could give Conor the benefit of the doubt and choose to believe that his comments were misinterpreted. But that's not how friendship works is it?

Will there be 3rd party Infocard designs?

I wonder if Microsoft will ignore, inhibit or encourage the creation of 3rd party graphical designs for Infocards?

A card for every hobby.

Given the importance Infocard places on the interface, and the user's presumed reliance on its integrity, is it conceivable that arbitrary images within that interface would somehow enable phishing?

Perhaps an animated GIF that simulates some piece of the Infocard GUI, i.e. a trust dialogue telling the user to ignore all other trust dialogues? Is there an attack here?

Wednesday, May 24, 2006

Cruiser-centric identity

Nike has created running shoes that will wirelessly interact with an iPod mini in order to provide inspirational messages and music.

The shoe insert also appears to track distance and speed. When synced to a PC, the data is pushed to the Nike site for recording and competitive comparison.

This is perfect, I had been searching for a mechanism by which my ability to lie about how long and fast I run would be taken away from me.

Tuesday, May 23, 2006

Oh please .....

Makes me think of that Seinfeld episode where Kramer provides a movietime service

'Why not just tell me the name of the identity attack you're seeing?'

Monday, May 22, 2006

User-centric physical security?

I'm trying not to think too closely about the parallel to this by which identity data would be kept protected and close.

An unlikely place for identity thieves to look. Keep your credentials, profile, and other identity in the compartment.

Images of Papillon keep forcing their way in.

Sunday, May 21, 2006

8th International WWW Conference

I attended the WWW8 Conference in Toronto in '99.

The list of topics from the proceeedings that warrant Program Committee Vice-Chairs is telling
  • User Interface
  • WWW Performance
  • Searching Querying, and Indexing
  • Browsers and Tools
  • Electronic Commerce and Security
  • Hypertext/Hpermedia
Not an identity to be seen.

In retrospect, the panel with the topic of 'Why are all these Internet companies worth so much?' should have been a warning.

Friday, May 19, 2006

Trans-Canada Highway - a Forced Analogy

Infrastructure Canada has a history of the Trans-Canada Highway that seems to parallel the current identity world.

The Trans-Canada Highway joins all ten provinces - stretching from the Pacific to the Atlantic, it's 7,821 kilometres long. When the project was begun in 1949, the fundamental question was 'Where should the road go?'
In the past the provinces had decided the route their highways would take. Unfortunately, these provincially planned routes did not usually link up with one another at provincial borders.
Not particularly interoperable
If the Trans-Canada Highway was going to stretch from one end of the country to the other, it needed to be organized to ensure that it connected at provincial boundaries. However, since highways are the responsibility of the provinces in Canada the federal government could not simply tell the provinces where to build their roads.
No overarching authority
Agreeing on a point of connection between each of the provinces was further complicated by each province’s desire to connect their major cities to the Highway. The federal government tried to get the provinces to design the “shortest practicable east-west route”, but this was sometimes impractical.
Different requirements
Ultimately the Trans-Canada Highway changed from a single roadway into a road network to accommodate the needs of the provinces and their major cities.
A compromise solution

You can drive from one side of the country to the other - but the trip will take you over a wide range of jurisdictions, road surfaces, and terrain. The 'highway' is not a single stretch of tarmac, it's the system defined by agreements between consituents, the knitting together of multiple component highways of different capabilities (4-lane freeways vs 2-lane rural routes) and the common experience of the green markers to provide a reassuring sense of consistency.

If you prick us, do we not breed?

It seems Microsoft does not believe we Canadians have children.

Perhaps this is part of 'the plan', discourage non-Americans from population growth by turning off for us all software features that facilitate family-based identity management? Brilliant!

For myself, simply knowing that I'd be on my own in the raising of additional offspring makes me feel less inclined to do my "bit" for Canada.

Or maybe this is directly at Kim's instigation? Some long festering grudge against his homeland? Was he forced to go to the States for some two-tier medical procedure and carries his resentment to this day?

Thursday, May 18, 2006

YAMAI - Yet Another Misconception About Interoperability

Eric Norlin posts on Verisign's just announced PIP.

Eric emphasizes PIP's support for Yadis.
And since it works with YADIS, its not simply limited to OpenID (or LiveJournal) sites.
I don't think so (at least not for this version)

YADIS allows a Relying Party, when presented with a URI corresponding to a PIP-hosted identity, to determine which URI-based identity protocols PIP supports by obtaining a descriptor document. But, at least currently, PIP only supports OpenID so any descriptor document that PIP serves up can only indicate OpenID support. If you look at the YADIS Resource Descriptor for Verisign's PIP, you see
<?xml version="1.0" encoding="UTF-8"?>

<Service priority="10">

<Service priority="20">

Nothing but OpenId. So, while it may be nice for a LID (or other system)-based RP to retrieve this XML and discover this fact, it won't magically enable that RP to communicate with the OpenID-based PIP.

YADIS, like WSSOMEX enables identity suite capability discovery (ISCD? sure, why not), not identity suite interoperability.

Put another way, simply knowing that you and your spouse are incompatible will not magically make you compatible (but it could save you big bucks in marriage therapy bills).

TSODI - Episode #27 - Part 1

Aldo interviews Johannes Ernst, Dick Hardt, and John Kemp on the topic of user-centric identity in this week's episode (mp3).

At the start of each episode, Aldo reads out the names and introductions of people who have added themselves to the SODI Frapper Map in the past week. A noteworthy addition to the map is Seung-Hyun Kim, a South Korean IDM researcher. His introduction includes:

I am working at ETRI, the Electronics and Telecommunications Research Institute. Our team is named as the Digital ID Research Team, developing systems that follow standards such as Liberty, SAML, ID-WSF, and XACML. I have been certified through the first SAML 2.0 interoperability test from Liberty Alliance in 2005. We now supply the Ministry of Naitonal Defense with the system ... this will be used by over 230 cities in Korea, that means that 48 million Liberty-enabled identies will be created.
In the interview itself (and vastly oversimplifying) I saw what seems a fundamental divide when the interviewees were asked to give their definition of user-centric identity.

For Dick, user-centrism boils down to how the identity is communicated from identity provider to identity consumer - the user must be an active intermediary in the flow in order to apply their release policies (my interpretation being that back-channel SOAP messaging on the user's behalf would be ruled out as deserving the user-centric description). John takes a broader view, user control is the key aspect of user-centric and a user can still have meaningful control even when not directly involved in the identity flow.

Hopefully this distinction is explored further in Part 2.

DRM - Disc Recordings Management

Instructions for pirating a vinyl record.

This would be easily prevented by embedding 1" perpendicular 'anti-copy pegs' into the original (which would of course stop the owner from the fair use of actually playing the record but that's been my experience of DRM anyways).

Tuesday, May 16, 2006

Fishing for dolphins

Dolphins apparently use unique whistle vocalizations to identify themselves to others. Kind of like Roger Whittaker's Durham Town.

The story has been blogged here and here. The paper that presents the research touches on a number of identity aspects to the story that I haven't seen discussed elsewhere:

  1. The whistles actually convey identity, i.e. it's not the sound of the dolphin's voice that others recognize, it's the pattern of the whistle itself.

  2. A consequence of the previous is that it would be possible for one dolphin to impersonate another by using that dolphin's unique signature whistle. It seems they do this.

  3. The identifiers are both global (e.g. a dolphin uses the same whistle to identify itself to all other dolphins) and persistent across the lifetime of the animal. Apparently, privacy is not a big concern at the moment. This will likely change as more and more get 'fished'.

I don't know art but I know what I remember ..

An interesting idea for a hardware token.

I suppose it could be phished through some PBN (paint by numbers) attack.

I definitely wouldn't want to wear it around my neck.

Beer 2.0?

Dave Kearns believes that 'Canadians are smart about identity'.

Canadians love it when Americans pay attention to us (but not to our softwood lumber or beef), so this prompted me to search on 'canadian identity complex'. The results led me to Kaliya's previous post on the subject of Canadian Cultural Identity.

The theory seems to be that Canadians pay attention to identity because of two forces - our proximity to the US is an external push threatening to squash us as a distinct culture/society, and the English/French divide is an internal tidal pull threatening to tear us apart. We are squeezed from North to South and torn apart from East to West.

It seems fitting that these forces are best summarized by a beer commercial (which seems strangely similar to another 'identity-focussed' presentation that has emerged from Canada).

Wednesday, May 10, 2006

Dignity & Power Cords

If somebody ever invents a way in which to plug in your laptop to power extension cords at a meeting/conference without the completely dignity-robbing act of crawling under tables ....

Actually, I'm about to present at the OASIS Symposium - shouldn't there be some sort of support staff to plug it in for me?

World's first demo of Liberty People Service

My colleague Yuzo Koga posts (in Japanese) about the world's first demonstration of a Liberty People Service implementation at the RSA Japan conference

My fluent skills in Nihongo allow me to provide the following translation:

Can you please tell me where is Shinjuku Station? "RSA Conference Japan 2006" Good morning, how are you? I am well thank you. "Liberty Alliance Project" Does this train go to Akhibara? "ID-WSF People Service" I'd like a beer please.

Tuesday, May 09, 2006

Identity Selector sequence

An interesting animated sequence portraying an identity selector in action. Before releasing some identity to a Service Provider, the user is given the opportunity to view the identity that will be shared, and to edit this set. Normal stuff.

What I find interesting is how the mock-up also shows how the SP can 'make its case' to the user by describing how the services being offered may be contingent on what identity pieces are shared. So, for instance, when the user decides not to share their email address with the SP, the available levels of service (each with different permissions attached) the SP is willing to provide changes accordingly. With knowledge of the consequences of withholding particular identity bits, the user is able to make an 'informed consent' decision about its release.

But I don't know of any identity protocols that explicitly support the SP providing this sort of 'offer' information when it requests identity from an IDP. Are there?

Given that the demo portrays a Shib-based system, perhaps Sibboleth added this piece to SAML? I've never heard of such an extension. More likely is that the SP has simply communicated these rules to the IDP beforehand so that the IDP effectively advertises the policy to the user. Not a particularly dynamic model.

You can't get there from here

New York Times has an article on Boeing's new 787 Dreamliner.
The 787 is designed to carry 220 to 300 people on routes from North America to Europe and Asia. Boeing is counting on it to replace the workhorse 767, which is being phased out, and, it hopes, a few Airbus models as well. Its advantages go beyond fuel efficiency: Boeing designed the 787 to fly long distances while keeping passengers relatively comfortable.

That approach grows out of another gamble by Boeing — that the future of the airline business will be in point-to-point nonstop flights with medium-size planes rather than the current hub-and-spoke model favored by Airbus, which is developing the 550-seat A380 superjumbo as its premier long-haul jetliner. Flying point to point eliminates the need for most passengers to change planes, a competitive advantage so long as the Dreamliner is as comfortable and as fast as a bigger aircraft.
The SAML/Liberty architecture is often equated with a hub and spoke identity model - the user gets to their SPs through their IDP, the IDP is presented as some undesired interloper (think Chicago O'Hare) sitting in the middle of the actually desired interaction (getting from the East coast to the West).

Why is there an IDP in the mix? Shouldn't a user be able to simply take off from any dinky airport and land anywhere else - no need for a 'hub' in the middle.

Sounds great. But, maybe airports would be concerned about the aircraft safety processes of the various other airports that they would be expected to accept flights from. Would you want planes of unknown structural integrity landing on your nice new runways? Who is to say that their landing gear will work, or that they won't spray oil on your tower. As an Air Traffic Controller, would you accept some rickety Cessna coming in on a wing and a prayer (literally)? Maybe you would, but I bet you'd route them out to Runway 04/22R out on the edge of the field.

That said, if I never fly through O'Hare's Terminal 2 again, that will be just fine.

Monday, May 08, 2006

Lounging around

Travelling through Toronto to San Francisco, I expected to have to log-in to my DataValet account in order to access the free Wifi in the Maple Leaf Lounge at YYZ. I've long relied to Firefox's ability to store details for accounts such as this cause there is no way I'd remember otherwise.

Instead, this time, I was given the option of using either a cell phone number or my Aeroplan number as account and no password.

Next time I'll read the agreement to see what I've agreed to allow them to do with my number.

Saturday, May 06, 2006

Identity Disclaimer

Given that there is a proposed new disclaimer for the internet itself, perhaps we need something comparable for identity.

Your identity is precious, share it on the Web at your own risk. Many sites will ask you for it, you almost certainly should decline. If you do decide to share, do not place any great hope that you can control the uses of your identity information once you click the 'Send' button - it's gone. Repeat after me - 'gone'. If you provide your email address, you should proactively add the site to your email filters 'spam list' because, regardless of what you told them, they will probably send you 'newsletters'. You should never give your real identity, instead make up the details of your life - it works for you in the bars, why change? If you provide your shipping address, expect that it will be sold and you will subsequently receive junk mail alerting you to 'incredible time-share opportunities' (do not buy into the Poconos - it's a bubble and your investment will be lost). When asked to provide a password, chose something easily memorable - hackers will appreciate the courtesy and possibly do less damage. And you know those people that say that the risk of giving your credit card to a restaurant waiter is greater than sharing the number online - well those people probably bought into the Poconos Bubble. The Web is no place for your identity, keep it in your wallet.

Thursday, May 04, 2006

Identity and Reputation and Opinion

Johannes likes Phil Windley's distinction between identity and reputation:

Identity is my story about me.

Reputation is your story about me.

I think this is a bit of an over simplification in that it doesn't capture the collective aspect of reputation. I'd say that a single user's 'story about me' is opinion rather than reputation. It only becomes reputation when combined with the opinions of others.

So, my mod would be:

Identity is my story about me.

Opinion is your story about me.

Reputation is the aggregation of the opinion of a number of others.

Visual Cues for Wikis

Phil Windley discusses the possibility of using visual metaphors on Wiki pages as cues to the readers.

A simple thing you could do is to “age” pages so that page color changes the older and staler a page is. Using a visual metaphor gives information without making an explicit reputation claim.
At the Liberty Alliance meeting last week in DC, we joked about something similar for Wikipedia - a scale against which the left/right bias of particular pages could be set. Something comparable to Homeland Security.

Wednesday, May 03, 2006

How did they hit on 92?

I just completed the 2006 Canadian Census online.

As befitting a country with two official languages, there were the expected many pages of questions covering what fraction of the time I spoke English/French at home, at work, in public transit, in private transit, on the toilet etc.

At the end of the survey, each member of my household was given the opportunity to opt-in for the public release of our data at some point in the future - specifically 92 years from now.

I gave my consent just so I won't have to deal with them pestering me when I'm 134.

I think we need a Canada specific Identity Rights Agreement policy & identifier.

SXIP 2.0, We Hardly Knew Ya

Eve Maler reports from IIW that:
The new news here was that SXIP is moving its DIX standardization effort into a form that is built on top of SAML — he called it a “user-centric profile of SAML”. This is great news, and I’m eager to see how this is shaping up; John Merrells is doing a session today on that.
It definitely is good news. Begs the question, if DIX was to be SXIP 2.0 standardized, but is now to be a profile of SAML 2.0, where does that leave SXIP 2.0?

But will they be able to swap songs?

Trapped Australian Miners get iPods

I wonder if some wit preloaded this Johnny Cash classic.

Unexpected Search Results

When searching on "Liberty extensions" I was not expecting this.

I resent the 'stunt' characterization - they should try writing specs balanced on each others shoulders!

Monday, May 01, 2006

Location-based poetry

James Kobielus has written a peom entitled Geo. When I saw the title I confess I thought it would be about geolocation - maybe the privacy aspects. It isn't.

But it did get me thinking that maybe there is a business plan for geolocation-based poetry delivery. If I'm walking downtown, some futuristic haiku gets delivered to my cell, if strolling through a forest, a peacful sonnet. Or, if inactivity can be inferred, an iambic warning against sloth. Endless possibilities.

The advertisers would abuse it of course.