When you don't have anything nice to say, well then perhaps its time consider a career as an analyst.
Wednesday, October 31, 2007
On Facebook
Andre gives his assessment of the differences he sees between MySpace & Facebook.
For myself, Facebook is
a communication channel whereby friends & colleagues interact with myself in such a way that their messages are uniformly tagged so as to facilitate appropriate processing.
I don't like the implication
of Ashish's comment on my daughter and the choices she makes for boyfriends.
My sweet little girl does indeed have a 'whitelist', it's just a very very long one.
And it's not like Ashish's boy hasn't been know to 'sow his wild oats'.
My sweet little girl does indeed have a 'whitelist', it's just a very very long one.
And it's not like Ashish's boy hasn't been know to 'sow his wild oats'.
Attribute Context?
The ongoing Cardspace assurance thread with Pam, Gerry, and Kim hilite for me the fact that two different sources of the same attribute, even if they have the same value, can engender totally different levels of assurance in that value. The 'how you got it 'matters'.
Vittorio sums it up
As yet, AFAIK, there is no standardized syntax by which these differences might be described - something equivalent to SAML's Authentication Context but for attribute statements and not authentication statements (pause here for somebody to mutter to themselves 'Well identifiers are just attributes after all').
Beyond syntax, what of a framework for attribute assurance? OMB m04-04/NIST 800-63 explicitly state that attribute assurance is out of scope for that work.
Vittorio sums it up
.. a date of birth gathered during some questionnaire or a date of birth certified by an authority carry different business weight ..
As yet, AFAIK, there is no standardized syntax by which these differences might be described - something equivalent to SAML's Authentication Context but for attribute statements and not authentication statements (pause here for somebody to mutter to themselves 'Well identifiers are just attributes after all').
Beyond syntax, what of a framework for attribute assurance? OMB m04-04/NIST 800-63 explicitly state that attribute assurance is out of scope for that work.
Tuesday, October 30, 2007
Reconciliation.NET
I've long enjoyed Vittorio's Vibro.NET, so I was interested to see him post a comment on a thread between Ashish and I on how a Cardspace (or more generally, any ID system) RP might reconcile the profile data they already have with that they might ask for through a card.
Vittorio links to a long piece of his called 'The Tao of Claims' in which he
Vittorio proposes a principle of
1) the RP can't store the profile data
2) the RP can store the profile data
3) the RP can store the profile data but wants to ensure that it has the freshest
For the 1st and 3rd, Vittorio argues that the RP can legitimately ask for the profile data each time through claims in a card. I agree.
For the 2nd, Vittorio asserts that it doesn't make sense for the RP to ask each time, rather it should just authenticate the user and get the other data from the existing profile. I agree.
SignOn.com is Case 2 and so, by Vottorio's criteria, should not be asking for profile data in the card each time. But I think Ashish will agree that they shouldn't be doing this, but rather that they feel they need to to get the UI functionality they want for the account page.
Note: Of course, Ashish can also argue that Vittorio's principle 'ask through cards only if you can't otherwise determine' gives SignOn.com the moral authority it needs - it wants a human recognizable card mnemonic, and can't get it otherwise.
Vittorio links to a long piece of his called 'The Tao of Claims' in which he
describe(s) why claims are important for every developer and architect (not just the security expert), and I provide some heuristics for helping everybody to reason about claim based systems
Vittorio proposes a principle of
You want to receive in form of claims what you'd have an hard time finding out by yourselfApplied to the issue of whether an RP should be asking for profile data, Vittorio identifies three scenarios and uses the above principle to assess the relevance of the RP asking for profile data through card claims.
1) the RP can't store the profile data
2) the RP can store the profile data
3) the RP can store the profile data but wants to ensure that it has the freshest
For the 1st and 3rd, Vittorio argues that the RP can legitimately ask for the profile data each time through claims in a card. I agree.
For the 2nd, Vittorio asserts that it doesn't make sense for the RP to ask each time, rather it should just authenticate the user and get the other data from the existing profile. I agree.
SignOn.com is Case 2 and so, by Vottorio's criteria, should not be asking for profile data in the card each time. But I think Ashish will agree that they shouldn't be doing this, but rather that they feel they need to to get the UI functionality they want for the account page.
Note: Of course, Ashish can also argue that Vittorio's principle 'ask through cards only if you can't otherwise determine' gives SignOn.com the moral authority it needs - it wants a human recognizable card mnemonic, and can't get it otherwise.
'S' for Selleck?
Paul announces that Higgins (update: begins to) supports SAML 2.0.
I see the relationship this way - SAML as the sexy Magnum to the long-suffering Higgins - the latter providing important client support to the former. (we're currently casting for an identity initiative to play Rick)
And the 's' in 's-card' can stand for 'Selleck'.
Trompe-l'url
This makes me think of an identity parallel.
Trompe-l'url: an identifier technique involving extremely realistic characters in order to create the illusion that the referenced objects really exist, instead of being mere URI representations.
Tags: trompe-l'oeil
Monday, October 29, 2007
A rules sheet would be nice
Identity - The Board Game.
Take your identity initiative from smoke-filled back rooms to product!
Move your playing piece around the board from far-away meetings to IOP events to conferences as you make deals with opponents and partners.
Avoid the 'Privacy Review' or 'Stagnant Blog' spots or get sent back to the start! But no need to worry, draft a quick whitepaper and only miss a single turn (extra points if you can use the 'Buzzword du Jour' indiscriminately throughout).
Be the first to reach the goal of 'One TRILLION enabled identities'.
Game includes 2 IPR dice and 'Dial-a-Convergence Setting' spinner.
Take your identity initiative from smoke-filled back rooms to product!
Move your playing piece around the board from far-away meetings to IOP events to conferences as you make deals with opponents and partners.
Avoid the 'Privacy Review' or 'Stagnant Blog' spots or get sent back to the start! But no need to worry, draft a quick whitepaper and only miss a single turn (extra points if you can use the 'Buzzword du Jour' indiscriminately throughout).
Be the first to reach the goal of 'One TRILLION enabled identities'.
Game includes 2 IPR dice and 'Dial-a-Convergence Setting' spinner.
Saturday, October 27, 2007
What's next?
Given the trend exemplified by this, should I be taking flying lessons?
And if I'm the one to tag my bags, can I be the one to kick them around? To lose them?
And if I'm the one to tag my bags, can I be the one to kick them around? To lose them?
Seven Laws of Beer
Friday, October 26, 2007
Cover your Butts
In combination with prescribing where people can't smoke outside, Tokyo is prescribing where they can.
<aside>Seeing the obvious camarederie of smokers huddled around a smoking station makes me think I should pick up the habit - I bet you make some good friends standing around in the rain. Maybe there is a market for a social network specifically for smokers? Key would be that the social network of 'Smoke Buddies' you establish would be portable across to the 'Lung Cancer Network.'</aside>
The fact that anti-smoking policies aren't consistent across different city wards creates problems.
The crackdown also has caused a problem for neighboring Bunkyo Ward as now smokers walk on the Bunkyo side of the boundary line so they can light up. They then leave their butts behind.
Perhaps a lesson here for various global governments defining assurance levels for e-authentication. Define them to be compatible, or be ready to deal with the resultant trash.
Tags: Tokyo smoking, NIST 800-63, assurance levels
Dear Abby
Gerry takes a hard-line on Cardspace assurance. Of self-asserted and managed cards respectively, Gerry writes:
Well, it depends on just who the user is claiming to be. If they are claiming a specific identity, (e.g. "I am the famous advice columnist Ann Landers") then I agree that self-asserted cards don't cut it - it could be Ann's copycat sister Pauline actually making the claim and the RP wouldn't be able to tell the difference.
But, if the user is making no claim to a specific identity, but merely just that they are the same as before, then self-asserted cards can of course provide real assurance to the RP (with normal caveats about stolen laptops).
Only in the later case there can be a reasonable level of trust by the RP that the user is actually who he/she claims to be
Well, it depends on just who the user is claiming to be. If they are claiming a specific identity, (e.g. "I am the famous advice columnist Ann Landers") then I agree that self-asserted cards don't cut it - it could be Ann's copycat sister Pauline actually making the claim and the RP wouldn't be able to tell the difference.
But, if the user is making no claim to a specific identity, but merely just that they are the same as before, then self-asserted cards can of course provide real assurance to the RP (with normal caveats about stolen laptops).
Tags: Cardspace, assurance, Dear Abby, Ann Landers
Re:Re:Reconciliation
Responding to my complaint, Ashish explains SignOn.com's Cardspace implementation.
Alas, no free beer for me. I have no ideas beyond those Ashish lists, and rejects in favour of the model (surprisingly) selected by Ping's usability trials (other than relying on Cardspace itself to tell the user which cards have been presented to SignOn.com, as it is capable of).
I do believe however that, long term, the solution is untenable and that something needs to change in Cardspace to better support Ping's 'My Account' use case. Asking users for profile data when what is really needed is the card name (or some other non globally unique index) would appear to dance uncomfortably close to flouting some identity laws.
If you (or anyone else) have a better idea to address this, please share and beers are on us next time we meet.
Alas, no free beer for me. I have no ideas beyond those Ashish lists, and rejects in favour of the model (surprisingly) selected by Ping's usability trials (other than relying on Cardspace itself to tell the user which cards have been presented to SignOn.com, as it is capable of).
I do believe however that, long term, the solution is untenable and that something needs to change in Cardspace to better support Ping's 'My Account' use case. Asking users for profile data when what is really needed is the card name (or some other non globally unique index) would appear to dance uncomfortably close to flouting some identity laws.
Where's the beef?
I'm listening to Roger open the Liberty Alliance Deployment Workshop at Shinegawa InterCity Hall - as hosted by the Japan SIG.
Roger nicely describes two key Liberty initiatives - Identity Governance Framework and the Identity Assurance Framework. (recognizing the need for standardized templates for such activities, work is underway to define an Identity Framework Framework).
I will be presenting Advanced Client.
Shabu-shabu to follow.
The last two seem somewhat strange without Conor's presence - shabu-shabu because the man eats only meat and so would love a dining experience focussed around it, and Advanced Client because it was Conor that defined the meat of the specifications (others providing the, arguably more important, garnishes).
Roger nicely describes two key Liberty initiatives - Identity Governance Framework and the Identity Assurance Framework. (recognizing the need for standardized templates for such activities, work is underway to define an Identity Framework Framework).
I will be presenting Advanced Client.
Shabu-shabu to follow.
The last two seem somewhat strange without Conor's presence - shabu-shabu because the man eats only meat and so would love a dining experience focussed around it, and Advanced Client because it was Conor that defined the meat of the specifications (others providing the, arguably more important, garnishes).
I think I'm coming down with something
Scientific American (thanks for the loan Peter) has a piece of the potential for shrinking down chemistry labs for performing medical tests to chip size.
Add WiFi & Liberty Alliance Advanced Client functionality, and there are untold opportunities for hyperchondriacs.
Imagine shrinking the beakers, eyedroppers, chemicals and heaters of a chemistry lab onto a little microchip that could dangle from a key chain.
Add WiFi & Liberty Alliance Advanced Client functionality, and there are untold opportunities for hyperchondriacs.
Tuesday, October 23, 2007
More footprints than an podiatrist's office
In commenting on a whitepaper from Microsoft, Tom Maddox writes
Strange that, everywhere I look, I see footprints.
Good things are afoot in the realm of identity and privacy, and though the footprints are small and few at this point
Strange that, everywhere I look, I see footprints.
FIFA (Federated Identity Football Alliance)
Phil has pics of the First Annual Liberty Alliance TEG Football Match.
Not many men can get away with the 'one white sock' look as well as does Conor.
Not many men can get away with the 'one white sock' look as well as does Conor.
Sunday, October 21, 2007
IP trumps PI
Saturday, October 20, 2007
Personal Threat Advisory
My Personal Threat Advisory (PTA) for Saturday Oct 20/2007 is
Not much
I'm not discounting the various threat advisories of various global governments, but should they be the only data points on which we assess risk (of air travel and other activities)?
Are not our own experiences meaningful input to the calculation, especially if such HUMINT were to be aggregated?
My own low PTA for today was weighted down (a good thing) by the sight of a Moslem woman in a hijab sailing through security ahead of me at Ottawa Airport - the scarf clearly not seen as sufficient criteria for specialized attention.
I'm hoping for an even lower PTA tomorrow.
Not much
I'm not discounting the various threat advisories of various global governments, but should they be the only data points on which we assess risk (of air travel and other activities)?
Are not our own experiences meaningful input to the calculation, especially if such HUMINT were to be aggregated?
My own low PTA for today was weighted down (a good thing) by the sight of a Moslem woman in a hijab sailing through security ahead of me at Ottawa Airport - the scarf clearly not seen as sufficient criteria for specialized attention.
I'm hoping for an even lower PTA tomorrow.
Friday, October 19, 2007
Delegating Medical Procedures
My wife is an RN, and received a monthly newsletter with an interesting discussion of 'Delegation' from the College of Nurses of Ontario.
Full article here but my hilites:
Full article here but my hilites:
- the responsibilities for both delegating and accepting delegation are listed.
- some medical activities (e.g. prescribing a drug) cannot be delegated by a nurse.
- delegation chains are constrained.
- nurses must be appropriately certified for delegation. Different nursing classes can either delegate and accept delegation, accept delegation only, or do neither.
- the possibility of delegating authority to perform some act to an 'Unregulated Care Provider' (UCP), e.g. directing a family member how and when to change a dressing when sending a patient home.
Thursday, October 18, 2007
HP to launch Gwen Stefani Camera at Liberty Alliance Event
This reporter has been told that Gwen Stefani may speak at next week's opening plenary for the Liberty Alliance Tokyo meeting - this part of the launch of HP's Stefani-designed "Harajuku Lovers" camera.
If not Gwen speaking for HP it will be Jason Rouault. Tough call.
Rumour has it that, should the camera sell well, the next stage in the partnership will be a Gwen-branded version of Select Federation.
Super-kawaii!
Stay anonymous with the iPhone
Protect yourself against biometric surveillance while using the iPhone with Phone Fingers.
Shown is the ribbed model. I believe an edible model is in the works.
Shown is the ribbed model. I believe an edible model is in the works.
Compartmentalization
From Boing Boing, EatMeCrunchy.
That's how social personas should work - compartmentalized but allowing controlled mixing. And no soggy invites.
MyOpenID & Infocard
As announced by JanRain, you can now use an Infocard to authenticate to MyOpenID.com.
As for SignOn.com, the mechanism is to 'add' a personal card to the existing password protected account. It's not easy to find the function, you have to navigate down through 'Account Settings -> Authentication Settings -> Add an Information Card'.
It's the logical place for the function (along with changing password or adding a cert), but it's not a page users will see often. That's probably appropriate as it won't be a common operation but maybe a link from the main sign-in page would be useful.
I tried adding the same card that I added to my SignOn.com yesterday, but was hit with the following
I saw the same error when I tried to log-in using the registered card (thinking that the addition might have been successful notwithstanding the error). No luck.
The issue is also pointed out in comments on the JanRain announcement page.
As for SignOn.com, the mechanism is to 'add' a personal card to the existing password protected account. It's not easy to find the function, you have to navigate down through 'Account Settings -> Authentication Settings -> Add an Information Card'.
It's the logical place for the function (along with changing password or adding a cert), but it's not a page users will see often. That's probably appropriate as it won't be a common operation but maybe a link from the main sign-in page would be useful.
I tried adding the same card that I added to my SignOn.com yesterday, but was hit with the following
I saw the same error when I tried to log-in using the registered card (thinking that the addition might have been successful notwithstanding the error). No luck.
The issue is also pointed out in comments on the JanRain announcement page.
Tags: OpenID, Infocards, MyOpenID.com
Biometrically Opposed
With a Chumby, Liberty Liberty Alliance Advanced Client, openLiberty, and a whole bunch of programming expertise I don't have, I could build me some cool identity apps.
Wednesday, October 17, 2007
Cardspace LoA
In discussing Cardspace's relaxation of the SSL requirement for RPs, Pam writes
Typically the LoA an RP can ascribe to a credential is determined by a number of factors, some technical and some not (i.e. business & legal). A self-asserted card would appear to deprecate all the non-technical factors, as there need be no partner IdP with which contracts would be signed (presumably Microsoft has appropriately covered its legal butt with a disclaimer somewhere in the shrink-wrap trail so they aren't in the liability mix)
If nothing else, a managed card would seem to have more moving parts that could impact assurance.
We now theoretically will have three different assurance levels going, based on three different ssl certificate levels (no certs, regular certs, and HA certs).For there to be 3 Cardspace assurance levels would imply that the LoA is the same for self-asserted and managed cards. Is this the case? If authentication (and not the transfer of other attributes) is the desired function, can an Infocard RP have the same level of assurance (i.e. confidence that the individual presenting the card is the valid one) in the two different models?
Typically the LoA an RP can ascribe to a credential is determined by a number of factors, some technical and some not (i.e. business & legal). A self-asserted card would appear to deprecate all the non-technical factors, as there need be no partner IdP with which contracts would be signed (presumably Microsoft has appropriately covered its legal butt with a disclaimer somewhere in the shrink-wrap trail so they aren't in the liability mix)
If nothing else, a managed card would seem to have more moving parts that could impact assurance.
Tags: Cardspace, Level of Assurance
Reconciliation
SignOn.com allows you to use either a password or Infocard to authenticate (and can now (indirectly) distinguish between the two to SPs through PAPE).
Before you can use an Infocard to authenticate you must 'register' the card - which entails sending the card to SignOn while simultaneously authenticated through the password (effectively federating the new card to the existing password account, although you won't hear it called that).
The fact that the existing account already has profile information, and the card being registered into that account may have (not contain) some, creates some disconnects.
For instance, SignOn.com stipulates that first name, last name, and email address are required fields within a registered card. But, Sign.com already has all 3 pieces of profile within my existing account - I provided them on the initial account set-up.
I was forced to edit the card before sending it to SignOn.com - including the email address that SignOn.com already had. Given that the user is necessarily logged in at registration time, couldn't the card registration page be dynamically built so as to present a customized list of required attributes?
The fact that SignOn.com asks again for the information rather than rely on that already in the existing profile creates its own problems, because the first & last name values I have 'in' the card is not the same as that already in the account profile. What's more, when I now see my profile page, the information I shared through the card has been discarded, or at least isn't been displayed.
My takeaway, SPs (as SignOn.com is acting as in this case) must be able to reconcile identity obtained from multiple sources - from the user themselves, and from different IdPs. And reconciliation includes not asking for the attribute if you already have it (unless the associated metadata like freshness and assurance is insufficient).
Before you can use an Infocard to authenticate you must 'register' the card - which entails sending the card to SignOn while simultaneously authenticated through the password (effectively federating the new card to the existing password account, although you won't hear it called that).
The fact that the existing account already has profile information, and the card being registered into that account may have (not contain) some, creates some disconnects.
For instance, SignOn.com stipulates that first name, last name, and email address are required fields within a registered card. But, Sign.com already has all 3 pieces of profile within my existing account - I provided them on the initial account set-up.
I was forced to edit the card before sending it to SignOn.com - including the email address that SignOn.com already had. Given that the user is necessarily logged in at registration time, couldn't the card registration page be dynamically built so as to present a customized list of required attributes?
The fact that SignOn.com asks again for the information rather than rely on that already in the existing profile creates its own problems, because the first & last name values I have 'in' the card is not the same as that already in the account profile. What's more, when I now see my profile page, the information I shared through the card has been discarded, or at least isn't been displayed.
My takeaway, SPs (as SignOn.com is acting as in this case) must be able to reconcile identity obtained from multiple sources - from the user themselves, and from different IdPs. And reconciliation includes not asking for the attribute if you already have it (unless the associated metadata like freshness and assurance is insufficient).
Tags: Infocards, SignOn.com
I wish I could look forward
to looking as chipper as this after Saturday's 12-hour flight to NRT in economy.
Is it the thought of being photographed that perked her up?
Is it the thought of being photographed that perked her up?
Tags: NRT, Japan travel
More Infocard Permutations
Pam's jubilation (trust me when I say that we Canadians are not typically this happy - about anything other than hockey) inspired me to reinstall Infocard functionality into Firefox and not rely on IE7 for experiments.
I had previously attempted to make sense of the various permutations of card stores, card selectors, and selector selectors before so was interested to see how things were now.
So I followed Pam's links to IgnisVulpis to get the IdentitySelector
and openinfocard extensions.
Things are far more stable and smooth (and still very cool) than when I last played but nevertheless some oddities.
1) While both extensions show in my Firefox 'Add-ons' window
I don't see OpenInfocard in 'Tools -> Options'? Is the duplication of functionality on this screen related to this?
2) I verified that both selectors worked (the page was customized appropriate to the prefs stored in the card) against the demo managed card SP (get your card here) but did see the following with the openinfocard selector:
3) Cardspace and the openoinfocard selector use slightly different terminology, e.g. 'Use this Card' vs Cardspace's 'Send'. Is this intentional?
4) I'm sure this reflects my lack of understanding as to how the crypto works but it surprised me that I had to install the managed card twice, once for Cardspace and once for openinfocard. I had imagined that both selectors would work from the same card store?
I had previously attempted to make sense of the various permutations of card stores, card selectors, and selector selectors before so was interested to see how things were now.
So I followed Pam's links to IgnisVulpis to get the IdentitySelector
and openinfocard extensions.
Things are far more stable and smooth (and still very cool) than when I last played but nevertheless some oddities.
1) While both extensions show in my Firefox 'Add-ons' window
I don't see OpenInfocard in 'Tools -> Options'? Is the duplication of functionality on this screen related to this?
2) I verified that both selectors worked (the page was customized appropriate to the prefs stored in the card) against the demo managed card SP (get your card here) but did see the following with the openinfocard selector:
3) Cardspace and the openoinfocard selector use slightly different terminology, e.g. 'Use this Card' vs Cardspace's 'Send'. Is this intentional?
4) I'm sure this reflects my lack of understanding as to how the crypto works but it surprised me that I had to install the managed card twice, once for Cardspace and once for openinfocard. I had imagined that both selectors would work from the same card store?
Monday, October 15, 2007
Broken identity Laws?
From Boing Boing, a series of Slate articles on why not all US laws get enforced.
If I had to vote for a 'Law of Identity' that would be unenforced, it would have to be the one about transporting gulls across state lines for immortal porpoises.
If I had to vote for a 'Law of Identity' that would be unenforced, it would have to be the one about transporting gulls across state lines for immortal porpoises.
Tips for Travelling to Japan
As I prepare for next week's Liberty Alliance & NTT meetings in Tokyo, I looked back on the Japanese language & custom tips I had jotted down for myself from my last visit.
- Writing 'Domo Arigato Mr. Roboto' on the last slide of a deck is NOT considered appropriate for formal business meetings.
- Knowing how to ask 'Excuse me, where is Ibaya Street?' is very useful when you are trying to get to Ibaya Street. If that ever becomes the case I am well prepared.
- Subway attendants will let you past the turnstiles without paying if you look sufficiently confused.
- 'Honoured Colleague from Canada' is pronounced 'Gaijin'.
- 'Yakitori' is not a description of the Ontario election results.
HealthVault (Liberty Style)
Seems appropriate to trot this out.
It's a graphical portrayal of an e-prescription scenario, as enabled by Liberty Alliance Id-WSF. Before Dr Jones can write Adam a prescription, she needs to access his records and determine if there are any contra-indicated drugs.
In this scenario, HealthVault would be merely one of many health record providers.
We could update this to reflect advanced client functionality (e.g. blood pressure data securely shared from an identity enabled cuff) and social (e.g. spouses able to renew prescriptions for each other?) aspects.
It's a graphical portrayal of an e-prescription scenario, as enabled by Liberty Alliance Id-WSF. Before Dr Jones can write Adam a prescription, she needs to access his records and determine if there are any contra-indicated drugs.
In this scenario, HealthVault would be merely one of many health record providers.
We could update this to reflect advanced client functionality (e.g. blood pressure data securely shared from an identity enabled cuff) and social (e.g. spouses able to renew prescriptions for each other?) aspects.
Time & Space
In an article entitled "Technology lessons from the Iraq war", Slate discusses the importance of time & space for the US forces in fighting the war in Iraq - specifically how to choose the optimal of the two co-ordinates in defending against the enemy.
As an example, given the advantage that Improved Explosive Devices (IEDs) provide in space (e.g. the ability to precisely place the explosion) and the difficulty of protecting soldiers & vehicles against such powerful blasts, the temporal axis may be the better choice on which to focus (e.g. by preventively detonating the IED before the enemy had planned).
Acknowledging the risk of unintended offense by seeming to equate human lives to web surfing efficiency, the time & space shifting analogy seems appropriate for federated identity.
As a trivial example, SSO shifts the 'where' of authentication from an SP to an IdP. And, once authenticated to that IdP, subsequent SSO to different SPs can benefit from that authentication earlier along the 'when' axis. Release of identity attributes may require real-time consent from the user, or may rely on consent obtained earlier - such consent effectively persisting forward into the future along the temporal.
In Kim's latest contribution to the 'Identity Oracle' saga, he presents a scenario of an identity requestor, rather than directly asking for Kim's identity attributes, instead querying
Instead of the requestor performing the "examine current list of prescriptions and look for drug interactions" calculation, the attribute provider does the job, the calculation shifted in both time & space. If the requestor cares only about the answer and does not need the actual identity attributes (i.e. list of meds) for any other purpose (which will not always be the case), then the principle of minimal disclosure suggests that it should receive the refined identity, and not the raw.
Unrelated, any real-world identity system has to account for an implicit meta-question for the above
As Kim points out, it's not just identity operations & calculations that get shifted from place-time to place-time - liability will likely also be reapportioned amongst participants, with costs adjusting accordingly. As the risk of giving a wrong (and dangerous) answer is higher if the IdP is doing the drug-interaction analysis itself, the IdP will want to protect itself with an appropriate level of insurance.
As in in sugar and oil, the more refined the identity, the more expensive.
Exercise for statisticians: As the Oracle can answer only yes/no to the drug-interaction query, the chance of a false-negative with life-threatening implications for Kim is 50%. True/false?
As an example, given the advantage that Improved Explosive Devices (IEDs) provide in space (e.g. the ability to precisely place the explosion) and the difficulty of protecting soldiers & vehicles against such powerful blasts, the temporal axis may be the better choice on which to focus (e.g. by preventively detonating the IED before the enemy had planned).
Acknowledging the risk of unintended offense by seeming to equate human lives to web surfing efficiency, the time & space shifting analogy seems appropriate for federated identity.
As a trivial example, SSO shifts the 'where' of authentication from an SP to an IdP. And, once authenticated to that IdP, subsequent SSO to different SPs can benefit from that authentication earlier along the 'when' axis. Release of identity attributes may require real-time consent from the user, or may rely on consent obtained earlier - such consent effectively persisting forward into the future along the temporal.
In Kim's latest contribution to the 'Identity Oracle' saga, he presents a scenario of an identity requestor, rather than directly asking for Kim's identity attributes, instead querying
Can Kim take drug X without fear of drug interactions?
Instead of the requestor performing the "examine current list of prescriptions and look for drug interactions" calculation, the attribute provider does the job, the calculation shifted in both time & space. If the requestor cares only about the answer and does not need the actual identity attributes (i.e. list of meds) for any other purpose (which will not always be the case), then the principle of minimal disclosure suggests that it should receive the refined identity, and not the raw.
Unrelated, any real-world identity system has to account for an implicit meta-question for the above
Is drug X on Kim's formulary?
As Kim points out, it's not just identity operations & calculations that get shifted from place-time to place-time - liability will likely also be reapportioned amongst participants, with costs adjusting accordingly. As the risk of giving a wrong (and dangerous) answer is higher if the IdP is doing the drug-interaction analysis itself, the IdP will want to protect itself with an appropriate level of insurance.
As in in sugar and oil, the more refined the identity, the more expensive.
Exercise for statisticians: As the Oracle can answer only yes/no to the drug-interaction query, the chance of a false-negative with life-threatening implications for Kim is 50%. True/false?
Tags: identity oracle
You call that a peak?
Friday, October 12, 2007
Thursday, October 11, 2007
Wednesday, October 10, 2007
Please turn off all super high lumens projectors
From Ludo, Sun's somewhat ironic green advice from CEC 2007.
Do we now need to offset our phone calls? IMs? This post?
Love the jeans, just the right touch for a CGO.
Do we now need to offset our phone calls? IMs? This post?
Love the jeans, just the right touch for a CGO.
Tags: carbon offset, CEC 2007
Monday, October 08, 2007
Do you feel lethargic?
News of an upcoming NTT DoCoMo phone.
The sensor can tell whether you're walking, running, climbing stairs, or resting....
Any phone tracking my stress levels in Tokyo would see Everest-like peaks at the time of train & subway travel. Perhaps it would learn to play soothing music at those times?
Of course, the value of such a device increases significantly were all that health data to be accessible for more refined analysis off the phone. If only there were a standardized, secure, & privacy-respecting framework by which this might be accomplished ...
Enter, Liberty Advanced Client, stage left, trumpets blaring.
Separately, the possibility of tracking employee sloth helps to explain why my Tokyo bosses are promising me a new "state of the art" phone that I will "not want to ever leave my side".
Trotskyism
Stalin: All right, let's get started with this call. Everybody on?
Kamenev: Uhh, I think we're still missing Trotsky...
Stalin: Why, did he not get the invite? What time zone is he in? Mexico right?
Kamenev: Yes Comrade, we sent the invite, but he isn't on Skype.
Stalin: Well that's no good, we can't have petty bourgeois individualists each deciding what IM app to use, can we?
Kamenev: No Comrade, I'll have the problem dealt with.
Kamenev: Uhh, I think we're still missing Trotsky...
Stalin: Why, did he not get the invite? What time zone is he in? Mexico right?
Kamenev: Yes Comrade, we sent the invite, but he isn't on Skype.
Stalin: Well that's no good, we can't have petty bourgeois individualists each deciding what IM app to use, can we?
Kamenev: No Comrade, I'll have the problem dealt with.
Friday, October 05, 2007
Drummond, it's Hailstorm
Drummond recommends Joe's review of HealthVault.
I assert/claim that Drummond has mixed-up FII (Failed Identity Initiatives).
Joe Andrieu, one of the leaders of the VRM (Vendor Relationship Management) community, has posted a good initial assessment of Microsoft’s first foray (post-Passport) of storing personal data for consumers via their Health Care Record initiative.
I assert/claim that Drummond has mixed-up FII (Failed Identity Initiatives).
HealthVault
HealthVault Connection Center sounds like a perfect application of Liberty Alliance Advanced Client (I believe the appropriate metaphor for the likelihood of this relevance being explored further involves aerodynamically enabled swine)
The API documentation suggests a very static trust model, i.e. application developer who wants to interact with a user's health data stored in HealthVault registers the application information and the public key associated with the private key they'll use to authenticate to HealthVault (similar to OAuth's model).
Similarly, at registration time, the appn developer is expected to supply
What happens if the application's needs and/or purposes change?
It's not clear how the user's identity is expressed within the messages to and from HealthVault. Is it a WS-* mechanism?
I assume the SDK documentation would explain but I'm not willing to have my Vista certified as genuine just so as to perform the SDK download.
Unrelated, is there any company more diversified than Fabrikam? They are now making medical devices!
The API documentation suggests a very static trust model, i.e. application developer who wants to interact with a user's health data stored in HealthVault registers the application information and the public key associated with the private key they'll use to authenticate to HealthVault (similar to OAuth's model).
Similarly, at registration time, the appn developer is expected to supply
End-user-facing text that describes the reasons for needing access to the data types that the application is requesting access to.and
the type of access that the application requires (read, update, create, delete).
What happens if the application's needs and/or purposes change?
It's not clear how the user's identity is expressed within the messages to and from HealthVault. Is it a WS-* mechanism?
I assume the SDK documentation would explain but I'm not willing to have my Vista certified as genuine just so as to perform the SDK download.
Unrelated, is there any company more diversified than Fabrikam? They are now making medical devices!
Federasaurus?
Andre boasts about Ping ID's 'dynamic federation' ideas.
The ideas for more dynamic federation (as I currently understand them) are interesting, but I'm having trouble reconciling the 'only from Ping' with
with 'partners' implying as it does diversity of federation solutions?
Quibble, I don't believe the proposal streamlines SSO per se, but rather the prior 'trust provisioning'.
The ideas for more dynamic federation (as I currently understand them) are interesting, but I'm having trouble reconciling the 'only from Ping' with
a game-changing new set of features coming from Ping to completely streamline how to perform single sign-on with partners
with 'partners' implying as it does diversity of federation solutions?
Quibble, I don't believe the proposal streamlines SSO per se, but rather the prior 'trust provisioning'.
Tags: Ping, SAML, federation
Thursday, October 04, 2007
History T'ID'bits
King Solomon: There is only one fair solution, the baby must be split in two, each woman receiving half of the child.
Mother 1: It shall be neither mine nor yours - divide it!
Mother 2: Couldn't we just do a DNA test?
Mother 1: It shall be neither mine nor yours - divide it!
Mother 2: Couldn't we just do a DNA test?
Collateral Damage
As OpenID struggles with the implications of trying to straddle the HTTP & HTTPS worlds, this news (first announced by Kim back in June) from the Cardspace team.
I don't fault Microsoft for adapting Cardspace to support the low-sensitivity end of the 'spectrum' but I do wonder if they will revise their marketing collateral accordingly. May I suggest:
I don't fault Microsoft for adapting Cardspace to support the low-sensitivity end of the 'spectrum' but I do wonder if they will revise their marketing collateral accordingly. May I suggest:
Windows CardSpace is client software that enables users to provide their digital identity to online services in a simple, (appropriately) secure and (sometimes) trusted way
Tags: Cardspace
The Future of Ignoring People
It's not things I want to be able to ignore, it's people.
As it is, if I want to apply a block for a particular individual across various applications, I have to create multiple ignore rules for RSS readers, social invites, IM etc. As an example, it was easy enough for me to create a Thunderbird filter for removing posts from particular bloggers to an aggregated RSS feed, but that filter doesn't keep my Inbox clean. I also sometimes read the RSS feed in HTML, so to protect myself from contamination, I had to duplicate the filter as a Greasemonkey script that removed all offending posts from the page.
Forget the burden of maintaining my social network across applications, I'm spending too much time maintaining my anti-social network. And as I age and become more irritable and less open to diverse opinions, I can only imagine that this will become more relevant to me.
I want a universal social blacklist. As a first step I want to block any attempted interaction with myself from colleagues, bloggers, & spammers. In stage 2 we'll move onto journalists & politicians.
There may even be instances in which I would want its contents made public (likely with myself anonymized). I know I'd be personally interested to know how many people have me on their blacklist (a theoretical possibility of course).
Let's call it inattention data.
As it is, if I want to apply a block for a particular individual across various applications, I have to create multiple ignore rules for RSS readers, social invites, IM etc. As an example, it was easy enough for me to create a Thunderbird filter for removing posts from particular bloggers to an aggregated RSS feed, but that filter doesn't keep my Inbox clean. I also sometimes read the RSS feed in HTML, so to protect myself from contamination, I had to duplicate the filter as a Greasemonkey script that removed all offending posts from the page.
Forget the burden of maintaining my social network across applications, I'm spending too much time maintaining my anti-social network. And as I age and become more irritable and less open to diverse opinions, I can only imagine that this will become more relevant to me.
I want a universal social blacklist. As a first step I want to block any attempted interaction with myself from colleagues, bloggers, & spammers. In stage 2 we'll move onto journalists & politicians.
There may even be instances in which I would want its contents made public (likely with myself anonymized). I know I'd be personally interested to know how many people have me on their blacklist (a theoretical possibility of course).
Let's call it inattention data.
Bring Your Work to School Day
I went to my 8 year old's 'Meet the Teacher' event last night. Walking around the classroom, I saw two bright posters - one entitled 'My Schema' and another entitled 'My Attributes'.
The first has all the kids listing their own schema, those background concepts that they use to organize information as they read.
The second poster had each child creating a piece of art with their name, playing with the different attributes (e.g. colour, size, rotation, size, font, etc) of each letter.
There was even a brightly bordered class creed laying out how everybody in the classroom deserved to be treated, to which each kid had added their signature. The lawyers always get involved.
The first has all the kids listing their own schema, those background concepts that they use to organize information as they read.
The second poster had each child creating a piece of art with their name, playing with the different attributes (e.g. colour, size, rotation, size, font, etc) of each letter.
There was even a brightly bordered class creed laying out how everybody in the classroom deserved to be treated, to which each kid had added their signature. The lawyers always get involved.
Wednesday, October 03, 2007
Nothing Sweeter
than doing an end-around a form fill to surreptitiously download a whitepaper.
A little bit of 'View Source', grep on 'hidden', et voila
The sweetness quotient is only increased by the fact that it's a whitepaper from a security firm.
A little bit of 'View Source', grep on 'hidden', et voila
The sweetness quotient is only increased by the fact that it's a whitepaper from a security firm.
Tags: TriCipher
Delegation
In order to ensure we're on the same flight for an upcoming ski vacation, I offered to book reward travel for a friend. Sequence went something like
Me->Friend: I need your account & password to book reward travel.
Friend->Asst: Please give Paul the info.
Asst->Me: Here is the account number.
Me->Asst: I also need his password.
Asst->Me: Here is password (it is Friend's phone number)
Me->Asst: I should have guessed.
Asst->Me: It needed to be something I could remember.
.
Me->Site: I am Friend and this is how I prove it.
Site->Me: Looks OK, welcome Friend
Me->Site: I, Friend, want to book this flight on points.
Site->Me: Sure thing Friend, how do you want to pay the taxes?
Me (thinking): Don't have Friends credit card, I'll use my own and Friend can pay me back (hopefully).
Me->Site: Here is my credit card info.
Site->Me: Hey, nice try Friend, but that's not your card.
.
Me->Friend: Book it yourself Mr. "Big Shot, look at me, I have an Assistant"!
Me->Friend: I need your account & password to book reward travel.
Friend->Asst: Please give Paul the info.
Asst->Me: Here is the account number.
Me->Asst: I also need his password.
Asst->Me: Here is password (it is Friend's phone number)
Me->Asst: I should have guessed.
Asst->Me: It needed to be something I could remember.
.
Me->Site: I am Friend and this is how I prove it.
Site->Me: Looks OK, welcome Friend
Me->Site: I, Friend, want to book this flight on points.
Site->Me: Sure thing Friend, how do you want to pay the taxes?
Me (thinking): Don't have Friends credit card, I'll use my own and Friend can pay me back (hopefully).
Me->Site: Here is my credit card info.
Site->Me: Hey, nice try Friend, but that's not your card.
.
Me->Friend: Book it yourself Mr. "Big Shot, look at me, I have an Assistant"!
Cardspace Usability?
Mike Jones thanks Ashish for his letter, and asks for similar feedback from others.
Of Ashish's items, the first three (and presumably their placement reflects priority) are usability issues, e.g. too many clicks, too slow, and confusing UI. (I have my own nit.)
It would be fascinating to learn what Microsoft's own usability tests for Cardspace have unearthed. Do users like the card metaphor? How many cards before they get confused? What is the best way to help users choose a card in a given context when multiple cards are applicable? How do users react if a Cardspace authentication fails?
Have such tests been done? Or for the other compatible card selectors?
Such a report would have made a great submission to DIM 2007.
Of Ashish's items, the first three (and presumably their placement reflects priority) are usability issues, e.g. too many clicks, too slow, and confusing UI. (I have my own nit.)
It would be fascinating to learn what Microsoft's own usability tests for Cardspace have unearthed. Do users like the card metaphor? How many cards before they get confused? What is the best way to help users choose a card in a given context when multiple cards are applicable? How do users react if a Cardspace authentication fails?
Have such tests been done? Or for the other compatible card selectors?
Such a report would have made a great submission to DIM 2007.
Tuesday, October 02, 2007
Cronto
From Simon Willison, Cronto.
While the idea is cool, Contro's technology is neither standardized nor novel.
Cronto’s technology uses a unique authorisation code for each separate transaction, based on a challenge-response mechanism.
While the idea is cool, Contro's technology is neither standardized nor novel.
Trip the Flight Fantastic
TripIt allows travelers to organize all the individually booked components of a trip (e.g. flight, hotel, car rental, exotic dancers, etc) in one place.
The recommended way to get started is for you to forward your email itineraries to a TripIt mail address. From the mail, TripIt extracts (scrapes) all the details and builds you a cohesive view of your plans. Apparently, it's this mechanism that sets TripIt apart from other services.
I was about to try it for an upcoming trip to Tokyo for a Liberty Alliance meeting when it occurred to me to check just what sort of personal information was in the itineraries I would be forwarding. I'd be giving them: Fullname, Email, Home Phone, Work Phone.
Not like it's credit card info, but I figured I'd check out their privacy policy anyways.
It seems strange to me that they don't specifically call out the email forwarding mechanism (that which supposedly distinguishes them?) as a channel by which they collect PII, and instead hi-lite surfing stats.
I think I'll give it a try after suitably obfuscating my phone numbers before forwarding the itineraries email.
The recommended way to get started is for you to forward your email itineraries to a TripIt mail address. From the mail, TripIt extracts (scrapes) all the details and builds you a cohesive view of your plans. Apparently, it's this mechanism that sets TripIt apart from other services.
I was about to try it for an upcoming trip to Tokyo for a Liberty Alliance meeting when it occurred to me to check just what sort of personal information was in the itineraries I would be forwarding. I'd be giving them: Fullname, Email, Home Phone, Work Phone.
Not like it's credit card info, but I figured I'd check out their privacy policy anyways.
When you register with TripIt, we ask for the basics including your name, email address and password and allow you to provide us with other information including your travel information, history and preferences.
For all TripIt visitors, not just registered users, we collect information such as IP address, browser type, domain name, access times, duration of visit, referring URL, platform, new and repeat information, time stamp and exit page information.
It seems strange to me that they don't specifically call out the email forwarding mechanism (that which supposedly distinguishes them?) as a channel by which they collect PII, and instead hi-lite surfing stats.
I think I'll give it a try after suitably obfuscating my phone numbers before forwarding the itineraries email.
Tags: TripIt, privacy policy, travel planning
Monday, October 01, 2007
Steadily Dwindling Authority
Over the last 3 weeks, this blogs Technorati ranking has dropped from 99 to 83 - this consistent with an overall decrease in readership. My angel investors are not pleased.
At this rate, soon I'll be like an OpenID OP, no authority at all.
Time to change the colour scheme - never fails to boost numbers.
At this rate, soon I'll be like an OpenID OP, no authority at all.
Time to change the colour scheme - never fails to boost numbers.
Subscribe to:
Posts (Atom)