Thursday, August 30, 2007

Ou est le metro?

To give myself some small sense of how confused users will be when confronted with mashed-up identity systems, I've created an account at OpenID France.

Canadianness notwithstanding, "Je ne parle pas le Francais".

Even though there was only a single system in play, I expect that the frustration I felt from initially trying to present my OpenID there (unsuccessfully, I eventually realized it's a FOP (French OP) and not a FRP) is representative of future user confusion when confronted with new & unfamiliar identity UI (granted that most users will not chant poorly-pronounced French-Canadian curses referencing Catholic icons under their breath in order to deal with said frustration).

Ah, OK, so this card thingy carries my OpenID thingy (which sometimes I just type in?) and its a managed thingy I think whatever that is, and because the card thingy has a pin thingy assigned I have to sign-in to the OpenID thingy both here and when I get sent over to the OpenID place when normally I just do that once but thats OK because I've used my cat's name for both, and by the way WTF is a SAML?

And everyone a password

From 'Ads of the World'

Tuesday, August 28, 2007


Filter for Free Porn

From Vikram, news of an interesting initiative from the Australian government.

I know that I personally spend an inordinate amount of time searching for free porn so this filter would definitely be of interest to me (once all preset 'wombat' and 'koala' keywords had been removed).

Monday, August 27, 2007

Structured Information?

From Jeff, a sample of an OpenID token

<openid:OpenIDToken xmlns:openid="">

now that's some XML! With the logical pieces marked up in this manner, I would quickly whip up some XSLT to do some powerful processing of the token contents. For instance, color everything red. Or make it blink.


See if you can read this without looking for parallels in today's Identity.

I do my find my identities at different sites getting 'jammed up', and then I have to open up the cover to free them. Ink gets everywhere.

Friday, August 24, 2007

Fluid Rebranding

Motivated by this, I am contemplating updating my brand and market symbol to better reflect what I 'bring to the table'.

Leading candidate right now is BEER. Also considering GIN. More market research is required.

Thursday, August 23, 2007

Notification Spam

Facebook's list of notification-worthy events is quite long. My list is different


From MSNBC, this piece on parents buying domain names for their kids (and even choosing names based on availability).

A little bit of HTML redirection and these kids will be off to the login races as soon as they can say 'user-centric'.

I shouldn't judge. Hell, I named my daughter after an identity protocol. Ophelia Pauline Edna Nicki Irene Daphne loves her name. There is that Samantha kid in the neighborhood that teases for her lack of a certification program though.

Tuesday, August 14, 2007


Chris Ceppi questions the appropriateness of using attention data to build profiles.

I believe the Attention Trust equation of

How I Browse + What I Say + What I Read = Me

ignores an important factor - the 'Bullshit Factor'

How I Browse + What I Say + What I Read * (Who I am trying to impress) = Me

I might casually leave a philosophy tome from Wittgenstein out on the coffee table to impress visitors but that doesn't mean I'm going to read it.

Ever insightful, Monty Python had this to say on the issue
I drink, therefore I am.

Thursday, August 09, 2007

Eclectic Avenue

I was reading a LinkedIn profile of somebody who shall remain anon. Under 'Interests', they described their musical taste as 'eclectic' - citing various strangely named artists as evidence.

Why should I believe such a self-assertion, especially when the claimed attribute in question is generally considered a 'good thing'?

It's easy to claim eclectic musical taste, just as it's easy to claim a wide & varied range of reading material (I'm flipping back and forth between Proust & Homer's Iliad as I write this). Both claims are like a personal profile saying 'attractive' - sure, sure, I believe you but show me the head shot anyways.

Now, if the claim for eclectic were supported by demonstrated variety in listening habits, that might be a different situation. For instance, if the user's play list showed they listened to Bjork's Greatest Hits, followed by Debussy, I might start to believe that their taste was indeed eclectic. Bad, but eclectic nevertheless.

Seems to me that this sort of attention data (for which the effort of spoofing would be greater than any value derived therein) is therefore somewhere between self-asserted & 3rd-party asserted identity in terms of it's 'believability' (all else being equal).



Wednesday, August 08, 2007

Sneaky Deity?

The same analysis could spot fused identity URLs and thereby refute ID'ers (Identity Designers).

Social Selectivity

I wish social sites forced me (and others) to apply some level of selectivity in creating my network.

Lots of cell providers are offering plans where the customer gets unlimited calls/chats - but only to a prescribed set of friends/family members. As the size of this social network is constrained (and there is a cost to the customer), the customers will choose its members carefully. Also, knowing that they were selected/invited with care, its members would (might) appreciate the honour.

Would that the same effect applied in social sites, where there is almost no cost for sending an invite. To the sender that is, the cost (of reading the email, trying to remember a relationship, logging in, accepting the invite, etc) is borne by the invitee. I bet few people get invites from un (or barely) known strangers to join such a 'calling circle'.

I predict that, eventually, providers will offer tiered discounts to 'friends of a friend'. For instance, I'd get free calls to my 1st tier 5 friends, 50% off for the 25 members of the 2nd tier, etc. I expect I'll have to pay full rate to call Kevin Bacon.

Tuesday, August 07, 2007


Are there no standards for Captcha difficulty?

Some are trivial, others (like this one from Facebook) have me squinting at the screen trying out different letters.

Do sites go through a 'Catcha Complexity Review Process' before deciding on the appropriate difficulty?

Do we need syntax to describe the things ala SAML's Authentication Context for describing how users login?

Get your own cool friend

Perhaps I'm imagining things, but I see a definite trend towards establishing Facebook accounts amongst my identity-focussed colleagues.

I can't think why, Facebook offers me nothing I want, or don't already have elsewhere, and just about everybody else I know says they created an account only grudgingly (or for 'research') but hey, you can't fight trends.

Has there ever been a group less like the originally targeted demographic? My little network is geeky with a capital 'G'. We are the anti-thesis of cool college students. We surely understand more about the identity issues Facebook creates than WTF most account holders are even talking about - or the social reality in which they live.

Let's face it, my network is doing nothing to help my 'cool factor' (which will only drop precipitously whenever Conor creates an account). These people are holding me back from reaching my full social potential (admittedly as does my wearing of cardigans and the need to go to bed at 9.30).

Except for Joni, my token cool person. Joni stays up late, is a musician, and drinks martinis. Joni is cool with a capital 'C'.

Joni is my 'bridge' to coolness. Through her, I'm connected to the great unwashed (but socially current) masses. Through Joni, I learn about 'tracks', how to say 'wassup', and when to wear scarfs.

Like at Remagen, I will defend this bridge against any who would see it as their own easy route to the other side. You know who you are.

She's my cool friend, get your own.

Exit Strategy

Perhaps not coincidentally, two key contributors over the years to Liberty Alliance's technical frameworks are stepping away from identity, standards, and HP.

Both are filling their time around thermals, Robert Aarts flying them, Greg Whitehead causing them.

Both obviously had a well-defined exit strategy.

Google Maps Game Idea

Show the same highly zoomed-in, randomly-chosen map to two (or more) people.

The goal is to identify the world locale. Scoring system based on both speed (the faster the better) and zoom (the higher the magnification the better).

IDDY 2.0

Liberty Alliance Announces IDDY Awards Ceremony at DIDW 2007

This is not your normal identity award - it's much bigger than that. I wish there was a word to describe how big. And how unique. And new. A word (or perhaps a prefix) that would make clear that this award transcends boundaries, transcends particular technologies, even transcends politics and competitive standardization strategies.

Oh wait, there is such a prefix. How could I have missed it.


Fineprint (candidate implementations must use Liberty Alliance-defined protocols)

Sunday, August 05, 2007

I guess I was wrong

As both Dave and Pam disagree with my claim that the Catalyst Cardspace Interopathon was not a demonstration of a metasystem, I defer to their expertise & judgement. I guess I was wrong.

Now I see interoperable metasystems every where I look:
  • Just made myself a pot of metacoffee, using a standardized metafilter in a metabrewer. No metamilk so drinking it black.
  • Kids are watching a metavideo on the metaVCR (using the metaVHS tape standard, metaBeta having been defeated. I wonder what will happen between metaBlu-ray & metaHD DVD)
  • Family likely to ride on a metatrain next weekend, the metagauge wars long ago resolved in favour of 1435 mm.

My wife finds my new habit of prepending 'meta' on the front of every second word both charming & humourous. Perhaps I'll go make up the guest room metabed with the metasheets as a precaution though.

Friday, August 03, 2007

Email security


Dear Babington,

I hope this message finds you well (i.e. not diced up into quarters :-) )

It has been pointed out to me that the last message I sent you regarding the 'project' was encrypted using an insufficiently large cryptographic key.

While I am sure there is no cause for concern (Walsingham and his Protestant lackeys couldn't decrypt their way out of a paper sack) I shudder to think what might be the consequences were they able to either read our modify our correspondence....

Consequently, I suggest we increase our security measures. Perhaps move to WEP?

Better safe than headless eh? :-)


Mary, Queen of Scotland & England

p.s. the 'crypto' reminds me, I heard a good one the other day about my royal cousin, a crypto catholic, and a leper. Remind me to tell you when we next meet.

p.p.s. Might you have that 2 shillings I lent you? Times are tight here....

Modal dialogs

are all the rage for log-in.

Just in the last 2 hours, I came across two, that from Anywhere.FM pictured here

Is there irony in the use of a visual paradigm that might actually simplify a phisher's life (by giving them license to both blur the page details that might alert the user and that removes the burden of building fully functional (i.e. clickable) pages for authentication? If I was a phisher, I'd take a screen capture of the real site, add a grayish & partially-transparent layer in Photoshop, and be off to the races.

Doth not a metasystem make

7 Identity Selectors, 12 IDPs, and 25 RPs ....

Describing the Burton Group User-Centric Identity Interop at the Catalyst Conference in June, Bob Blakly writes

After the event, it can accurately be said that there is a running identity metasystem.

As key a milestone the Catalyst event was for demonstrating interoperability within the Cardspace/WS-Trust world, it demonstrated nothing beyond that world.

Even Microsoft includes 'multiple technologies' in its definition:
The Identity Metasystem is an interoperable architecture for digital identity that assumes people will have several digital identities based on multiple underlying technologies, implementations, and providers.

The event was specific to a single protocol. There have been numerous single protocol demonstrations of similar interoperability for SAML & ID-WSF over the last few years but nobody felt compelled to apply 'meta' as a descriptor (although I expect the marketing people wanted to).

Bob does acknowledge that the metasystem he refers to is early days and that the event identified a number of issues that the community of selectors, IDPs, and RPs need to resolve. My objection to the use of 'meta' is not that what was demonstrated is not fully-formed & complete, rather that, even once these issues are resolved, the result will be 'merely' a system - as the issues he hilites (e.g. card acquisition & presentation) are all specific to the Cardspace 'biosphere'.

These are important issues, but different than those that confront the metasystem.

Wednesday, August 01, 2007


There should be a name for this social effect, is there?

Paul Downey
's picture of me in front of a screen shows Eve in the act of taking a picture (of me in front of the same screen).

If only Eve's photo had happened to catch somebody else taking a picture of me in which they captured Paul D. taking his photo of me etc .... we'd have a wonderful little social network (centered on me which is even more wonderful).

Evenning Things Out

From Paul Downey, a pic of Eve talking to the 'Venn of Identity'.