Friday, November 30, 2007

Now it's personal

It just occurred to me that, as Blogger now supports OpenID authentication for comments, this blog (and consequently myself) now become an OpenID Relying Party.

Up till now the ongoing thread on the need (or even 'morality') of whitelists or blacklists for OpenID has been abstract for me. I've had an opinion but the issue didn't hit home in any personal way. That's all changed.

I'd like to not have to actively moderate comments for this blog (it takes up a solid 30 secs of my day). Theoretically, by requiring someone to authenticate with an OpenID in order to post a comment, I might be willing to allow such authenticated comments to be automatically published without my intervention.

Currently, Blogger gives me blunt control over accepting OpenIDs, it's on/off.

But, as a potential consumer of authentication assertions from various OPs, a consumer willing to base a 'business decision' (publish or not publish comment) on the authenticity of those assertions, should I not have the right to be selective about which OPs I choose to 'partner' with? After all, if a bad comment makes it through the filter, it's my own reputation that suffers (please, no snickers).

Maybe I wake-up one day on the wrong side of the bed and decide 'Damnation, today, I'm blacklisting!'. Or instead decide "Any OP that does 'pape.phishing-resistant' is good enough for me".

Isn't it my right as a relying party to decide who I rely on?

New wallpaper

OpenID for blog commenting!

As per Blogger in draft, Blogger now supports OpenID authentication for post commenting.

I enabled it for this blog.

This is an exciting new application of OpenID. It's when a technology is applied in ways unforeseen by its original designers that you know it's reached some sort of tipping point.


Wednesday, November 28, 2007

My cup runneth over

In a post entitled A Cup of Tea / Dynamic Federation Ashish performs what can be the trickiest part of any identity operation - introductions.

SAML. Meet OpenID; OpenID. Meet SAML.
Once all interested parties know about each other and their intentions and capabilities, things get much easier.

But it's not like OpenID and SAML have never met before....

Ashish, I confess the Zen thing totally lost me. Is it OpenID's cup that needs emptying, or SAML's? Or is it that Andre is meant to be Nan-in?

Vanity, thy name is .... Reverend?

From the Toronto Star, a story about a retired minister who had her vanity license plates yanked by the Ontario Ministry of Transportation.

The plates read 'REV JO'.

An application to renew them was rejected because the 'REV' was deemed to imply that the ministry endorsed either or both of excessive driving speed or Christianity (or fast Christians perhaps?).

Apparently, the 'JO' was not considered offensive.

I can only hope that someone with the same diligence and highly attuned political correctness is monitoring the creation of vanity URIs.

YouTube as IdP?

Passfaces and Vidoop both rely on a user's ability to recognize graphical images in order to authenticate.

How long before it's videos?

It could take Vidoop's revenue model to the next level.

I'm sure it will be attempted, but I'd bet it would be horribly unusable - just imagine the cacophony if the sound was turned up.

Tuesday, November 27, 2007

Annoying Social Meme

Post a picture of your workspace (or not). I guess if I really cared I would 'tag' people. Perhaps you can tag yourself?

Yes indeed, those walls are unfinished. In the depths of winter I either wear half-gloves or dip my hands in the hot tub at regular intervals.

I do believe I am a better person for the discomfort.

Nebulous Pontification

I suspect Ping's Patrick Harding is referring to me (or my ilk) when he says in the inaugural post of his new blog (with a wonderfully creative play on words in the title 'The Patrick Harding Blog')
My goal is to make sure there is a practical aspect to this blog rather than a bunch of nebulous theorizing. In the event that I am forced down the path of pontification I will promise to at least warn people up front.

I actually considered calling this blog 'Nebulous Pontification' but preliminary search tests returned too many French bridge links.

Patrick is Australian, but quite smart nonetheless (I feel comfortable saying this as I myself am part Australian - having lived there as a teenager, drank beer there as a recent university grad, and been jet-lagged there as a business traveller).

Consequently, I will be reading Patrick's posts going forward.

He is off to a fine start I think

Post # 2 - he discusses the relevance of user-centric identity within the enterprise and comes to the conclusion - 'not much', citing the seeming incompatibility between the a user desiring control over their identity and an enterprise with the same desires. Umm, junior file clerk or the CIO, who wins?

Post #3 - he presents a proposal from Ping for so-called 'Dynamic Federation', essentially tweaking SAML 2.0 for faster & easier federation between partners (taking a page from OpenID's book by having the user facilitate IdP discovery).

Bonza stuff.

I will however predict that, before long, Patrick will discover that it is not easy to maintain such a high level of insight & expertise (as evidenced here) and will then descend to the sort of nebulizing theory he is so scornful of as a rookie blogger. At that time, expect embedded YouTube videos of historic Australian beer commercials or equally inane content.

I'll take this opportunity to submit an alternative blog title (admittedly without the pizazz of the current choice)

  • Between a Rock and a Harding Place

A Dark Day

Leaving Sydney Airport 19 years ago at the end of a 5 month trip, I purchased an over-priced souvenir 6-pack of Australian beer.

Yesterday, confronted by a wife with no sense of nostalgia and focused solely on 'getting rid of clutter', I poured them out.

The empty cans now stare at me reproachfully as I type, tears falling gently onto the keyboard.

I do indeed 'feel like a Tooheys or two'.


Ransom 2.0

Monday, November 26, 2007

Perhaps we have it backwards?

There is irony in always thinking about identity systems that can enable meaningful control by users over their identity attributes, and then coming across this.

I suggest there should be a set of companion sites, including

Hey, can I get that $1m you owe me?

James McGovern asks me
I wonder if Paul has any thoughts on how to hold identity providers liable if you are a relying party?

With the caveat that I am not a lawyer and nor do I play one on the Web ....

Indemnification MAY be an important issue, but ultimately what the RP wants is to transfer risk such that whatever amount remains is acceptable. If the existence of an indemnity from the IDP to the RP helps to this end, then it could be relevant.

Note: I think James conflates indemnification & 'IDP liability'. If the IDP screws up, it may indeed be held liable, but this is likely irrespective of whether the RP & IdP have an indemnity clause in their agreement. Additionally, there is no requirement that any indemnity the RP receives for harm it suffers need come from the IdP - there already exists quite a large business for 3rd-party indemnification.

But indemnification is not the only mechanism by which the RP can mitigate risk. Nor is it always appropriate.

With respect to James' assertion that the conversation on liability hasn't yet occurred, I draw his and the reader's attention to the work of the Liberty Alliance's Identity Assurance Expert Group.

From the recently released 'Identity Assurance Framework':

A CSP may be liable solely under the terms of an existing agreement with a relying party for losses suffered by the relying party where the cause is attributable to conduct by the CSP that was carried out in material non-compliance with these business rules or with certification requirements. Conflict resolution will be directed to the appropriate Federation Operator. A CSP may offer credentials at a band of monetary recourse set independently from levels of assurance. A CSP shall disclose the monetary recourse it will or will not make available with respect to IAEG credentials and any applicable terms or limitations governing the recourse according to Table 5.1

Band Amount
No recourse Zero monetary recourse
By agreement By agreement of the parties

By coincidence, there is a webinar on the Identity Assurance Framework this Thursday. Register here.


Bi-lin-gu-an-them-o-phob-is-m, n.,

1) The fear English-speaking Canadian's have of being seen on camera as only mouthing the French parts of the national anthem at sporting events.


I wasn't planning on making any online purchases today but, given that it appears to be a certified holiday, perhaps I need to reconsider?

Will there be a 'Check Order Status Wednesday' two weeks hence? Or 'Cancel Order in Outraged Huff When Customer Service Tells You it Hasn't Actually Shipped Friday' in three weeks?

A Tudor Social Network (Graph)


The definition would suggest that it might be applicable to some social applications, e.g. "Please provide your friend's sobriquet."

A sobriquet is a nickname or a fancy name, usually a familiar name given by others as distinct from a pseudonym assumed as a disguise, but a nickname which is familiar enough such that it can be used in place of a real name without the need of explanation.

Admittedly, there is potential for confusion amongst some demographics
Hell yes, I'm sober, and I don't see what business it is of yours whether I am or ain't!

Sunday, November 25, 2007

These must be worth something?

Early millenium conference swag.

The shirt saw some initial wear for a few years, but has since been relegated to the bottom drawer.

The .net My Services tee is pristine - unblemished by wear of any kind.

I looked and looked but couldn't track down my Passel or DIX hoodies.

Name your Poison

or axe I suppose.

Legend has it that Charles II learned of the execution in 1649 of his father Charles I by the English Parliament when his private chaplain walked into the new King's room in Holland and addressed him as 'Your Majesty'.

For Charles, the name was enough, no additional explanation was required. The name made it clear that his father was dead and that he had assumed the crowns of England, Scotland, and Ireland (this disputed of course by Cromwell and co.)

Another (more likely apocryphal) legend claims that Charles, in a last desperate attempt to save his father's life, sent to the parliamentary captors a signed blank sheet of paper, in order to allow them to write in their own terms for the release of Charles I. Seems a shame that modern crypto won't support this use case.

Friday, November 23, 2007


My brother's family is moving to sunny Austin, TX.

Not actually sure what made me think of that.

Wednesday, November 21, 2007

More Identity Management for Indoor Rowing

My son was creating an account in order to record his rows for the Concept2 Holiday Challenge.

After successful account creation, he was shown the following

I was curious to know how they might ascertain my presence so I followed the link in the message.

In order for your child to enjoy all of the features of this website, including training logs, online ranking, and challenge honor boards, your child may wish to create an online "ranking and logbook profile."

The registration process begins when you child visits the new profile section of the online ranking. If based on your child's reported birthdate, we determine that the child is under the age of thirteen (13), then we will not store personally identifiable information associated with your child. This means that only the first letter of their last name will be stored, that no email address will be associated with your child's profile and that no city information will be recorded.

If you, as a parent or guardian, wish to have your child's full last name, and home city displayed on publicly accessible ranking web pages, honor boards and other Concept2 associated web pages, you must indicate your consent by entering your credit card number in the space provided and checking the appropriate consent box. Your credit card number is neither stored nor processed in any way - however it will be analyzed to determine that it is a valid credit card number. The use of a credit card number is necessary in order to comply with the terms of COPPA.

I confess I had never heard of COPPA before. It was written in 1998, probably time to update to reflect new reality. COPPA 2.0?


I wonder if Joni cites her friendship with me in order to up her 'geeky' score, as I do for her for my own 'cool' score?

From Pat

I definitely would not have missed this except for this super important thing I had to do on my last night in Tokyo, i.e. sleep.

I do wish though that I had stuck with my recorder lessons.


Play the cards you were dealt

Update: Drummond corrects me, diagrams revised accordingly below.

Higgins has created a taxonomy of i-cards.

I believe the following captures the relationships as expressed.

In his recent announcement of about upcoming SAML support in Higgins, Paul suggests the possibility of an 'S-card', shown here

Where an S-card would be some XML instance pointing at a SAML IdP including necessary endpoints for the client to send/forward SAML protocol messages, with metadata about what identity attributes that IdP can provide, possibly with particular policy characteristics (e.g. security and/or authentication mechanism etc). Sounds likea a profile of SAML metadata.

NTT's SASSO 'SAML IDP on your phone' model balances things out nicely.

Tuesday, November 20, 2007

Identity is Elemental

Dow Chemical's 'Human Element' ad campaign (you know, I have to admit I was a little unsure of what to think about Dow because of the whole Bhopal thing but that was before I knew they valued humans!) prompted

My 'atomic weight' estimate, i.e. that a typical user will have more than 100 identities is, admittedly, less than scientific. Tell it to Mendeleev.

Jung & Trendy

Update: in a comment, Mike clarifies the address and the nature of the CardSpace integration. It's a downloadable shopping application. I'm even more interested to see how CardSpace works in a non-browser scenario but highly doubt I'd get it installed & working without translation assistance ("Ich möchte ein Bier, bitte.")

Mike Jones lists Cardspace sites, including - a German retailer (actually it's that is the retail site).

Wanting to try out a production deployment of Cardspace, and feeling the need to update my wardrobe before IIW 2007b, I navigated through purchasing a stylish black & white pullover (only 29.99 euros, scarf not included).

Acknowledging that my Deutsche stretches just far enough to order beer at Oktoberfest and so I may well be missing some menu option, I can find no mention of a Cardspace option on the log-in or registration pages.

Not to say there is no reference at all to Cardspace.

So I got that going for me

As of today, Japan has begun fingerprinting and photographing arriving foreign travelers.

I'd be worried about the implied increased processing time except for the fact that I'm told that the list of exemptions includes:
  • persons engaged in diplomatic activities.
  • persons under 16.
  • special permanent residents.
  • persons invited by the Japanese government
  • tired Canadian persons engaged in identity standards activities.

Buy or Build

Don Schmidt defines federated identity as
an approach to identity management that allows one organization to grant or deny access to its protected resources based on digital identities managed by another [trusted] organization. The key point is that the resource provider relies on an externally managed identity, rather than creating another locally managed identity for the subject requesting access
My thoughts:
  1. an exclusive focus on 'grant or deny access' seems too narrow as there are lots of other ways that the identity requestor might use the externally managed identity it receives beyond access control, e.g. simple customization like a 'Hi Bob' welcome screen.
  2. stipulating 'organization' would seem to preclude those cases where the user hosts their own identity attributes (e.g. CardSpace personal cards, Liberty ID-WSF clients). But perhaps that is the intent?
  3. is specifying 'trusted' meant to rule out the opt-described OpenID dynamic model? Even in this case, I'd argue that the RP trusts the OP (it is willing to accept the OP's claims after all), albeit probably not very much.
Nevertheless, I completely agree with Don's key point, that federated identity involves/requires identity outsourcing - essentially, an RP decides to 'buy' identity rather than 'build' it, and thereby enjoys some reduced set of responsibilities (and possibly associated risk) for identity operations.

By this criteria, of course all key identity initiatives, as they all make possible the 'buy' option, can be described as 'federated'.

One Shibboleth down, only a few more to go.

Monday, November 19, 2007

20 Questions (is 19 too many)

In "The One Percent Doctrine", there is a story of a US Intelligence Officer meeting with a Soviet counterpart during the Cold War.

Each was allowed to pose exactly one question to the other, who would be 'honour' bound to either answer truthfully, or not at all. Nice model, if not prone to abuse.

Business partners considering federated identity operations between themselves get to ask far more than a single question when attempting to assess the 'assurance capability' of the other. They can ask about identity proofing, authentication mechanisms, audit etc - the list is long.

The value of an assurance framework like that of the Liberty Alliance is that partners need only pose a single question when considering doing federated business with another, that being
"What IAF assurance levels do you support, and how can you prove it?"

OK, two questions, but still an improvement. And without even needing Stoli.

More Display Token

Kim defends CardSpace on the issue of the Display Token.

Personally, I think it's a UI issue. The concern would be mitigated if the identity selector were to simply preface the display token with a caveat:

The following attributes are what the IDP claims to be sending. If you do not trust your IdP, do not click on "Send".

If the UI doesn't misrepresent the reality of what the DisplayToken is (and isn't), then we're hunky-dory.

And of course, CardSpace is not the only WS-Trust based identity selector in town. The other selectors are presumably under no constraints to deal with DisplayToken in the same way as does CardSpace?

Shame & Embarrassment (the good kind)

As there is no better motivator than the fear of shame and embarrassment for failing, I hereby publicly commit to the "8th Annual Holiday Challenge" Row Challenge from Concept2.

<Assertion>From US Thanksgiving 2007 to Christmas Eve 2007 inclusive I will row over 200,000m. </Assertion>

My 11 yr old son Quinn is targeting 50,000m.

Dopplr Journal

I like Dopplr's Journal as a reminder mechanism of relevant transactions for my account.

Of course, should all such services provide a similar notification, I'd soon be swamped and would create an email filter to protect myself.

But, were such services to instead send their activity logs to an 'audit service' of my choice, it would be much more manageable (as well as enable a more holistic view of the big picture).

Let the cries of 'panopticon' begin.


Hard to replace

I received this automatic notification from OASIS regarding a membership change for the SSTC.

When you lose a contributor as important as Test, everybody else has to pitch in to fill the void.

Thursday, November 15, 2007

There are none so blind ...

From Science Blogs

Virtual Threads

This virtual world is meant to teach young adults about money management and investment
we will be introducing Stagecoach Island jobs, credit cards and loans as a way for you to learn more about money management and earn more virtual money so that you can build and play more in world!
This story (thanks Robert) hilites that virtual worlds can have virtual crime (a different crime dramatized here).
Dutch police have made their first arrest of an online thief -- a 17-year-old accused of stealing virtual furniture from rooms in the Habbo Hotel -- a popular teenager networking Web site.

This article presents how virtual identities can be stolen just as easily as the more typical financial-centric versions.
the trials of a 13-year-old girl who recently had her avatar stolen in the casual anime-styled MMO Gaia Online

A virtual world with a goal of educating people on money is incomplete unless also educating them on current risks of losing it.

Wednesday, November 14, 2007

Confidence game

Change-raising is a scam that depends on the victim being confused by two simultaneous transactions.

I guess the identity version would start with a requestor sending:
Excuse me, can I ask you to change a shipping address for two email addresses and a nickname?

Redmond Trains Monkeys as 'Identity Assistants'

Tucked away in a deserted building in the farthest corner of the Redmond campus is a laboratory that Microsoft doesn't want you to know about.

Guarded by soldiers with orders to shoot intruders on sight, the lab, referred to as the 'Monkey House' by those few who are privy to what goes on there, holds an awful truth.

These grainy pictures, smuggled out at great risk by "Leon" (not his real name), an employee whose conscience will no longer allow him to look away, show that truth - monkeys being trained to act as Primate Identity Assistants (PIA)- animals trained to sit by a keyboard for hour after monotonous hour to facilitate the flow of identity attributes through Microsoft Cardspace if and when their master is unable to do so.

Using a combination of electroshock therapy and forced watching of past Bill Gates TechEd key notes, the monkeys are trained to act as proxies for their masters whenever those humans are unable or unwilling to sit in front of a PC to mediate the flow of identity attributes through Cardspace.

The monkeys are taught to recognize particular SP identifiers, and to click on appropriate card icons if and when that SP should ask for identity attributes. If they pick the right infocard for a given context, they are rewarded with bananas; if they click on the wrong card, the "Laws of Identity" are recited to them at ear piercing volume through headphones. Said Leon, "They learn pretty quick I tell you".

It is believed that PIA are Microsoft's answer to criticisms that Cardspace, while useful for those attribute sharing use cases in which the user initiates the flow by their own browsing activities, is unable to adequately address those other use cases in which the user is 'offline' and therefore unable to participate in the flow.

Notwithstanding the attractiveness of the idea of 'identity assistants' - the conditions under which the monkeys are trained appears to violate ethical guidelines for animal experimentation. "The conditions are just squalid" reported Leon. "I mean, there are piles of feces everywhere, food scraps, dirty cages - it's just horrible. And that's just the technicians, the rooms where the monkeys live & train are almost as bad".

When informed of the lab and its activities, local SPCA representative Sara Thorne was appalled. "That is just so cruel, to make poor animals sit in front of Vista's Cardspace all day. I mean, the usability is just not there yet, is it?" she cried. "We will definitely be conducting an investigation".

XACML Use Case

Wired reports on an Operating Manual for Guantanamo Bay prison camp
The manual shows how the military coded each prisoner according to the level of access the Red Cross would have. The four levels are:

* No Access
* Visual Access -- ICRC can only look at a prisoner's physical condition.
* Restricted Access -- ICRC representatives can only ask short questions about the prisoner's health.
* Unrestricted Access
Were such rules captured in XACML, then automatic logging in support of audit would be ... oh wait, that's right, audit was deemed out of scope.

ID (the other kind)

PBS Nova last night aired Judgement Day: Intelligent Design on Trial.
NOVA captures the turmoil that tore apart the community of Dover, Pennsylvania in one of the latest battles over teaching evolution in public schools. Featuring trial reenactments based on court transcripts and interviews with key participants, including expert scientists and Dover parents, teachers, and town officials, "Judgment Day: Intelligent Design on Trial" follows the celebrated federal case of Kitzmiller v. Dover School District.

For me the highlite was how the school board had their petard hoisted by the hasty cut & paste job performed on the ID text book 'Of Pandas & People', in which occurrences of 'creationism' were hastily replaced throughout the book with 'Intelligent Design' and occurrences of 'creator' with 'intelligent agency'. Perhaps the switcheroo might have worked to convince readers that the book was more than merely creationism relabelled, except that in one occurence the proofreader screwed up and "cdesign proponentsists' slipped through. I find it wonderfully ironic that the type of copying error on which gene-based evolution often works contributed to the Dover plaintiffs winning their case against ID.

Intelligent Design reminds me of Voltaire's quip describing the Holy Roman Empire, namely that it was 'neither holy, nor Roman, nor an empire'.

Tuesday, November 13, 2007

Not captured with a mobile phone camera


Session Management

David searched on 'OpenID' & 'SAML' on the Agenda Builder page for Gartner's Identity & Access Management Summit happening this week.

His results are shown below

Ironically, when I performed my own search, I was rewarded with hits.


Social guilt

Combine Dopplr with carbon offsets and you get Offsetr.
The Dopplr Offsetr is a little tool that allows you to calculate the total mileage for your entire Dopplr Network. Based on that mileage, the tool then calculates the total carbon consumption for your network.

Offsetr queries the trips of your network (through what appears to be Google's authenticated API) and then calculates the aggregate carbon-guilt

Woody Allen would love this. Not only can you feel guilty for your own activities, you can feel guilty for the activities of your friends.

It appears I owe $1,750 (less in Canadian of course), this due in large part to the flying of David Recordon.

This while my own carbon contribution to my network is neglible

Sorry David but I'm going to have to let you go. I get enough guilt at home.

Decsions Decisions

In applying for the NEXUS program for US/Canada border crossing, I'm given the choice as to which country I present my info

Not stated here but the downside of giving my info to Canada is the mechanism is paper-based; for the US it's online.

Hmmm. Relying on Canada's privacy policy or that of the US ....

Paper is not so bad really.

Monday, November 12, 2007

What do people carry?

Nokia's Jan Chipchase talks at TED about mobility and, amongst lots of other interesting tidbits, presents the results of his asking people around the world 'What do you carry when you leave the house?'

I hope I don't spoil it for you when I say that the list is collapsing.

Connectid in Gartner Wedge

Connectid is proud to announce that, for the first year running, this blog has been recognized by Gartner as a leader in the 'silly & sarcastic' Gartner Wedge-Shaped Thingy.

"Well this obviously means alot to us" said an emotional Paul Madsen, CSO of Connectid. "We try hard to be both silly & sarcastic so, it's important to have that acknowledged. We know full well how competitive the 'Ottawa-based Identity Blogs Lacking Focus' market is so for Gartner to call us a leader in it is big, really big."

Added Madsen "Now is not the time to quibble but I question Gartner's rankings for 'salaciousness'. We put significant effort into being salacious, sometimes completely inappropriately, and so for us to rank so low seems strange. I guess we just need to be better here going forward."

Have a whiff of this

This could be significant for scaling federated identity beyond pairwise agreements, but only if we can work out how to bind it to the protocols.

Or alternatively, perhaps advertising an inhibitor through metadata would curtail the number of social invites you receive? I'd bathe in the stuff.

From Seed Magazine's Daily Zeitgeist.

What's in a name?

To his family he was 'Jamie' (often prefaced with 'Uncle' by one of the throngs of adoring nieces & nephews).

And to his sisters, more often than not, it was 'That Jamie!', said with a combination of exasperation & perverse pride as we waited for him to arrive for some family event.

To my late brother-in-law's co-workers, as this memorial plaque attests to, he was 'James'.

To his hockey team-mates, he was 'Murray'.

And to his wife Christine he was 'Pooks' (which I still find vaguely disturbing).

There are any number of possibilities for trite identity analogies involving personnas and identifiers - the type of superficial analogy I normally find irresistible.

I'll take a pass just this once.


n., pl. -nies.
  1. The use of words to express something different from and often opposite to their literal meaning.
  2. An expression or utterance marked by a deliberate contrast between apparent and intended meaning.
  3. Blogging about basement water damage one week before suffering it.

Lesson learned.

I will not, repeat NOT, be blogging about unexpected pregnancies.

Remembering (Canuck Style)

Continuing last year's tradition, I experienced the 11th hour of the 11th day of the 11th month at a hockey rink - this time in a locker room with parents & half-dressed kids standing at attention amongst hockey bags & sticks.

Spent the rest of the day playing street hockey & watching CFL playoffs.

Felt just right.

Sunday, November 11, 2007


Just listened to a podcast interview in which Dale Olds stated
the key aspect of user centric is that the user participates in the flow of the information

What I find refreshing is that Dale prefaced the statement with 'in my mind' - my interpretation being that he recognizes that this definition of user-centric is not holy writ and that other definitions exist.

Friday, November 09, 2007


Jimmy Buffet's collection of infocards

Article II

In this video, US President Bush describes the advice he has given to Pakistan's President Musharraf.
"We believe strongly in elections, and you aughta have elections soon. And you need to take off your uniform. You can't be president and the head of the military at the same time."

Pardon me?

From Article II of the US Constitution:
The President shall be Commander in Chief of the Army and Navy of the United States, and of the Militia of the several States.

S, my name is SAML

What is the significance of this for identity initiatives?
a pair of researchers find that although no baseball player wants to strike out, players whose names begin with K (scorecard shorthand for a strikeout) fan more often than other players. Most students want As, but those whose names begin C or D have lower grade point averages than students whose names begin with A and B—with an even greater effect if they say they like their initials. That has real-world consequences: students whose names begin with C or D and go to law school attend lower-ranked ones than students whose names begin with A or B.
C, my name is Cardspace? That's just sneaky.

Projecting your personality

I don't think I've ever met Dale Olds but I find him incredibly perceptive & insightful. His reviews of bloggers are always well thought out and reasoned. Dale is both 'distinguished' and an 'engineer', a combination rarely seen in nature.

When Dale recommends a particular blogger, I pay attention and typically spend a good hour or two clicking through that blogger's archived posts (making sure to click on every post title please).

And with respect to a future definition of an evolved OSIS acronym, I humbly suggest 'Open Social is Superfluous'.

Passwords as Speaker Wire

Update: the question of 'why should I quit using passwords' is the focus of the first half of this Bandit podcast involving Bob Blakely and Dale Olds.

A friend of mine was helping me install a new LCD TV and multi-media system. Two pieces of (unsolicited) advice he shared stuck with me:
  1. You don't need to shell out for the Monster cables.
  2. Set it up right from the start. Once you push the furniture back you'll get used to any inefficiencies and learn to live with a sub-optimal configuration.
Well, studies show that overpaying for cables adds to the enjoyment of new equipment but I do agree with his second tip.

People can get used to anything (e.g. having to open up the armoire doors in order to use the remote, surround-sound speaker wire taped down straight across the living room floor, a wife who goes to 'book club' meetings every second night but who never seems to buy books, etc) - the inertial resistance of "that's how its always been" should not be under-estimated in predicting the future.

When the "it's always been" is less than the ideal, whether or not it can be supplanted depends on people's willingness/ability to fight through the lethargy barrier (note to self: future quantum tunneling analogy) to see that brighter future.

Any invasive identity technology will fight against a similar resistance, the "it's always been" of passwords. As many issues as passwords present, and as 'better' are new alternatives, it can't be denied that users know how to use (and misuse) them.

Thursday, November 08, 2007


Taking time off (or perhaps he sent it using in-flight wireless?) from soaring, Robert leaves a comment on my 'Ethical Offsets?' post.
Perhaps there could be a service where you could connect to people you "hate" ? So whenever you get an unwanted invite you would (perhaps automatically) send an invite for that person to join your network of people-who-are-not-my-friends.

Way ahead of you my Dutch friend.

Robert goes on
If nothing else such a network would provide material for dozens of Ph.D. students... Inevitably there will be lots of interesting conflicts between the friend and not-friend networks! Yes it is really time to step up to richer notions of the edges of those "social" graphs. Just "is-a-friend-of" or "knows" is no longer cool.

Agreed. Subtleties such as 'enjoyed hot tubs with in foreign lands' need to be captured.

I also suggest there is a dissertation waiting to be written on the phenomenon of 'social network amnesia' - that confused feeling you experience when, in looking through any one of your friends lists, you ask yourself why half of its members are on it.

Ethical Offsets?

Carbon offsets remind people that there is an environmental price for airplane travel & other carbon emitting activities. But is the Greenhouse Effect the most pernicious evil the world currently faces?

I think not.

Social invites are the most pernicious evil the world currently faces.

How about a service to allow people to ethically offset the 'be my buddy' invites they send to their friends, family & colleagues?

For every invite sent, the offset service would randomly pick a penance, e.g. perhaps a small donation to a charity, or 50 push-ups, or visiting Grandma in the home.

People have to realize there are costs associated with friendship.

Blogged with Flock


World Usability Day

World Usability Day is today, Nov 8/2007.

This year's focus is on healthcare. Maybe somebody is working on a home pregnancy test that gives you the result in a less abrupt manner (e.g. 'Before we take you to the results page, let's talk a bit about how you're feeling right now ....')

Is it significant that a search on 'World Usability Day identity' gives no (relevant) hits on the importance of usability & design to today's identity systems?

Usability for identity was the focus of last Fridays's DIM 2007 Workshop

Wednesday, November 07, 2007

Madsen's Lemma of Dubious Attributes

Madsen's Lemma of Dubious Attributes

In the context of any given application, a Relying Party will be unwilling to accept a self-asserted identity attribute without verification if there exists the possibility of differentiated advantage to the user in claiming one value for that attribute over another.

That is, if the user gains by fibbing, self-asserted doesn't cut it. The RP will want to get the attribute from either a separate 3rd party or infer it through some other means.

Madsen's Corollary of Dubious Attributes

For any given identity attribute, there exists an application context in which there can be differentiated advantage to the user in claiming one value for that attribute over another.

So, we shouldn't generalize and say 'profile' attributes like zip code are fine for the user to self-assert, whilst 'sensitive' attributes like credit rating aren't.

If I could have lied about the fact I live in Canada to avoid being bumped from Pandora, I would have. Damn IP address!

Can I just say

how much I've enjoyed participating in the 'Cardspace assurance' post/comment thread with Pam, Gerry, Ben, Axel, Jeff, Phil, Kim, and Dave?

I really have. Well OK, not with Ben so much, 'Liberty Dude'?. Nor Kim really, of course it's not binary. And actually Dave jumped in kinda late. What's with Axel showing off his Cardspace knowledge? Did I ask for insight? No, that's right, I didn't. I disagreed with Phil's insertion of 'user-centric' into the mix and I'm so sick of hearing about the 'Identity Oracle'. To be honest, I don't appreciate Jeff correcting me all the time - he even does it in TEG meetings. And come to think of it, Gerry tried to take over my argument didn't he?

Can I just say how much I've enjoyed participating in the 'Cardspace assurance' post/comment thread with Pam?

Canadian Ultimate players have to stick together.

Cardspace for Muslims


'New' Federated Identity

Phil Windley outlines a planned podcast series on user-centric identity:

I'm having a bit of trouble reconciling that one of the podcasts will discuss
state of identity in enterprise

with his list of technologies to be discussed
Technology: OpenID & CardSpace (700 words)

There is nothing 'new' about omitting SAML when discussing user-centric - doing so is almost an identity law in its own right (one of those antiquated laws that should be stricken from the books).

But to ignore SAML when discussing the enterprise - that's definitely new.

Coolest Thing I've Seen in Ages

A Periodic Table of Visualization Methods

I've seen the identity industry use:
Two standbys of our industry would appear to be missing:

PopSci Predictions Exchange

PopSci Predictions Exchange claims to be
the first place to bet on the future of science and technology. It's easy and free: Log on, and we'll give you POP$250,000 in our virtual PopSci Dollars. Use that money to buy propositions you think are likely to happen. If other traders also want to buy, that proposition's price will go up, and you'll make PopSci bucks. Expand your portfolio with bets on energy, space, consumer technology and extreme science, and compete against other players for prizes and bragging rights
I created an account, thinking I could add my own propositions, ones like
  1. Liberty Alliance announces that there are 1 bazillion SAML-enabled identities by end of 2009.
  2. Bill Gates remotely opens Beijing Olympics by using a 'scissors' Infocard to cut e-ribbon.
  3. Hare Krishna throws their support behind OpenID. Belief is that users presenting a URI linked to the mantra will create a higher state of world consciousness.
  4. Of WS-Federation, IBM & Microsoft announce 'We were just joking. SAML is the clear choice. Funny right'. (I would have shorted this)

No such luck. I am limited to propositions such as
Will there be more large-screen (40 inches or more) LCD televisions sold in the U.S. than large-screen plasma televisions in Q4 2008?

Protestant Assurance Framework

The First Book of Common Prayer was written in 1549, a product of the English Reformation after Henry VIII's break with Rome over his 'Great Matter'.

Prayer books contain the words of structured services of worship - the prescribed processes & rituals, as set out by the Church, to be followed by the priest and congregation for various services, e.g. weddings, communion, etc.

Not following the liturgial steps exactly as spec'd out was not thought of as a minor slip-up - each was considered fundamental to proper worship. So, if a priest wasn't willing or able to follow the authorized script, then that priest was not going to be certified as being on the approved 'Avoiding Everlasting Hell Guidance Providers' list. (at the time, the consequences of not being on the list were not inconsequential.)

If however, a priest was on the list (as evidenced by his not being engulfed in flames) then those members of the congregation who relied on his guidance knew exactly what they were getting - there would be no 'Well I wonder what he will talk about today'. You could say that they had complete assurance in the priest and processes.

Sounds like NIST 800-63, but with more incense.

What would it have looked like if it used RFC 2119?

Public Batisme

When there are children to he baptized upon the Sonday, or holy day, the parentes SHOULD geve knowledge over nighte, or in the morning, afore the beginning of Mornyng prayour, to the curate. And then the Godfathers, Godmothers, and people with the children, MUST be ready at the Fonte, eyther immediatly after the last Lesson at Morning Prayour, or els immediatly after the last Lesson at Evening Praiour, as the Curat by his discretion shall appoincte. And then standinge there, the Priest SHOULD ask whether the children be Baptized or no. If they aunswer, No. Then the priest MUST say thus.

DERELY beloved, forasmuche as al men be conceived and borne in synne, and that our saviour Christ saith, none can entre into the kingdom of God (except he be regenerate, and borne a new of water and the holy gost) I beseche you to cal upon God the father, throughe our lord Jesus Christ, that of his bounteous mercy, he wil graunt to these children, that thing which by nature thei can not have, that they may be baptized with water and the holy Ghost, and received into Christes holy church; and be made lively membres of the same.

Then the Priest MUST say.

Let us praye.

Tuesday, November 06, 2007

How much am I offered for

The enema of my enema is my friend

More on sewers and pipe backups.

Seed Magazine led me to this, with a picture of a 'sewer cleansing sphere' obtained from Sewer History.

The sewers are regularly cleaned using large wooden spheres just smaller than the system’s tubular tunnels. The buildup of water pressure behind the balls forces them through the tunnel network until they emerge somewhere downstream pushing a mass of filthy sludge.

How big a ball would you use to cleanse out old & rotten attributes clogging up the corners & joints of your identity pipes? Where might you retrieve the ball afterwards?

And on the topic of pipe scouring, just because it's user-centric doesn't make it right.

Widget Portability

I don't assert to fully grok what OpenSocial is or isn't (or the business motivations that drove it) but, as near as I can tell, Open Social is about making widgets/gadgets/applications portable across container boundaries. Move the applications around, but the social & profile data stays put thank you very much.

For the life of me, I can't remember a time when 'widget portability' was presented as a problem that needed solving.

Reminds me of the physicist I. Rabi's response to the news of the discovery of the sub-atomic muon particle. On hearing the news, Rabi asked 'Who ordered that?'.

Ken is not gonna like this

From Andre, Barbie as security token.

Before two owners (I won't say 'girls', it theoretically could be boys. Not that there is anything wrong with that) can chat online, they need to register with each other through physical real-world interaction. Registration involves placing one doll in the docking station of the other (presumably the 'friendship' is recorded as bilateral?).

From what I hear on the grapevine, Ken already thinks Barbie spends too much time with her ditzy friends. And Barbie feels stifled just staying at home doing aerobics. Watch this channel for more juicy doll gossip.

Claim == Assertion?

We use them interchangeably in identity systems. Should we?

From Merriam-Webster

Claim: to assert in the face of possible contradiction.

Assert: to state or declare positively and often forcefully or aggressively.

This is consistent with how I would use the two words in 'everyday' communication.

I see a claim as having an implied question mark at the end (e.g. "I am one darn good lover"); an assertion an exclamation mark (e.g. "You are one darn good lover").

Where's Aldo?

and The Story of Digital Identity?

Tags: , ,

Perhaps I'm cool afterall?

After I praised her as my token cool friend on FaceBook, Joni took time out of her busy schedule of flute-playing, friend-IMing, and 20-something angst to send me an email
For the record I see very few use cases for Facebook or myspace beyond musicians pedaling their tracks, people who want to date but are socially inept and the occasional person trying to route contact types to something other than email (b/c our inboxes are all over loaded).

Hey, I'm socially inept, and I use it for messaging .... If this is how cool people use Facebook, maybe, just maybe, I am, 9:30 bed-time notwithstanding, cool after all?

Joni offers support for this claim
Geeky and Cool can be synonymous and not necessarily at odds with each other. I argue, Geeky = Uncool is a MAYBE and not a MUST

Referencing RFC 2119 is undeniably nerdy, but I'm cool with that.

Off to find a 'scene'.

Open Assurance 2.0

We here at Connectid are proud to announce the release of 'Open Assurance 2.0' - a revolutionary new take on identity assurance. We've listened to your feedback and went back to the drawing board, basically starting from scratch to create this new post. Lots of long hours & coffee. Lots.

The new name 'Open Assurance 2.0' reflects the new emphasis we're placing on 'openness'. We here at Connectid are fully committed to being 'open' (Mrs. Connectid admittedly less so). For too long there have been 'assurance silos', each RP making its own decisions about which IdPs it will do business with. Let's tear down those silos and open up the 'assurance graph'.

We're also very focussed on the number 2. For instance, I had 2 children before the third. We hope that the '2.0' in the name of this post demonstrates our commitment to this integer.

We're pretty proud of this new 'Open Assurance 2.0' post. Let us know what you think.

Key inputs worth noting.

Axel commented that, for managed cards, there are meaningful gradations between 'never heard of that IdP' and 'our CEOs golf together every Wednesday AM'.

Eric pointed out in a comment that, as there are more moving parts for a managed card than for self-asserted, the level of technical confidence should be decreased.

Separately, Pam pointed out that, as there will likely exist a contract between a user and an RP, even for a self-asserted card, then it's wrong to say that a self-asserted card can engender no business confidence.

So, managed card technical confidence goes down, self-asserted card business confidence goes up.

The combined result

We're confident that this will satisfy all constituents. Ultimately, we all just want the RPs to be happy right?

Monday, November 05, 2007


Pam throws ground turkey, albeit oh so politely
I apologize for continually throwing rocks at other people’s glass houses

I see no glass (which, I admit, is sort of a defining characteristic of the 'glass house' phenomenon) and I think Pam's aim is off - she just splattered the big plate glass window of the Jones's next door.

She challenges my claim/assertion that a self-asserted card can create only technical confidence, and not legal or business confidence.
I see absolutely no reason why I would hesitate to associate a self-issued information card ... If I read Paul’s taxonomy correctly, there would be technical confidence but no legal confidence, even though I as an end user do indeed have a contract with my bank.

But my arguments were expressed in terms of the level of assurance that the RP can ascribe to the authentication - not whatever the user can. It's not the user that may think differently about the comparative assurance made possible by a 3rd party IdP, it's the RP (99.8% of users will be completely oblivious to the fact that they are even different).

And while yes, there may well be a contract between the self-asserted-card-presenting user and the RP, am I naive in thinking that an RP protecting sensitive and/or valuable resources, one worrying about potential damages should a spurious authentication occur, one for which authentication & associated management is not a core capability, might rather rely on a contract with a business entity that had a bank account balance not determined by the ebb & flow of monthly mortgage & car payments?

Would it help if I drew my business confidence diagram such that there was a non-zero amount of assurance for self-asserted cards? But that I maintained the potential advantage that a card managed by a 3rd party IdP can provide?

With respect to Pam's other stone,
Let’s go past an authentication-only scheme and say that my bank will trust everything I assert from my self-issued card. That boils down to contact information — the same stuff that many websites let me change already.

I have never attempted to extend the argument beyond authentication to attributes. As Pam points out, attributes introduce a whole different set of issues around sourcing & verification.

Pam closes off with

there is certainly no reason to malign either card mechanism until proof exists that either one is more vulnerable than the other

I guess this is for Gerry because I was in no way trying to malign self-asserted cards, merely pointing out that introducing a 3rd party into the mix (through a managed card) makes possible (but does not guarantee) a higher level of assurance for the RP (through business constructs like a "good ol' fashioned I'll sue the a$% off you if you break it" contract). Heck, I like self-asserted cards, some of my best friends are self-asserted.

Pam, I hope you have insurance - the Jones' are very litigious. :-)

And of course, the privacy characteristics of self-asserted vs managed cards is a completely different issue. But that doesn't stop Ben from trotting it out. I must get 'Liberty Dude' added to my business cards (the self-asserted ones).

Whither goes Japan?

From the Globe and Mail, Bye Bye PC.

The PC's role in Japanese homes is diminishing, as its once-awesome monopoly on processing power is encroached by gadgets such as smart phones that act like pocket-size computers, advanced Internet-connected game consoles, digital video recorders with terabytes of memory.
“There's no denying PCs are losing their spunk in Japanese consumers' eyes,” said Hiroyuki Ishii, a sales official at Japan's top PC maker, NEC Corp. “There seems to be less and less things only a PC can do,” Ishii said.


HealthVault Revolutionizes Social Sharing

In order to share my health data with family members, I simply send them an email and invite them to join HealthVault. How perfectly simple & straightforward! Why has this not been done before?

I expect my friends & family would really appreciate the opportunity to join my social graph (or is it a 'chart' in the medical context) in yet another context.

Here I start the sharing process.

I choose who I want to share my health info with (in this case myself) by providing an email address.

I am given intuitive and informed control over the specific types of information to be shared. There is just the right level of detail. Why just the other day I was trying to share my 'Hb1ac' levels with my hockey team. I decided against giving myself 'custodian' permissions as I feared I'd be expected to mop the clinic floors.

HealthVault sends an invite to the email address.

I get my invite from HealtVault. I am warned about 'phishing' (I am not warned about Big Pharming).

If I accept the invitation I am encouraged to create my own account at Healthvault.

Perhaps it is appropriate for a health site to rely on viral marketing methods.

Balancing Act

ProQuo has an interesting twist on the 'Do Not Call' concept. Instead of dealing directly with every mass mailer and credit card company that send you unwanted mail to clog up your (physical) mailbox, you use ProQuo as your proxy to those 'annoyers'. You tell ProQuo from which annoyers you don't wish to receive mail, and ProQuo sends the corresponding 'cease & desist' message (or helps you send it yourself).

As unwanted credit card offers occasionally cause me to miss exciting offers for 'enhancing my sexual prowess' I gave it a whirl.

First things first. Although not explicitly stated, ProQuo is for annoyed Americans only. Canadians must, at least for the forseeable future, continue to suffer under the barrage of igloo duct-cleaning & moose-grooming offers.

I forged on with the only US zip I know.

After creating an account, I was shown a list of mailers from which I could 'opt-out' of receiving mail.

I used the 'Stop All' link to ask to be removed from all the mailers. It seems there are three types of mailers, those that support ProQuo directly sending them the 'stop' message electronically, those that expect a letter, and those that require the user to opt-out at their site. For the latter two, ProQuo prompts the user that 'Action is Required'.

For the PennySaver (which I used to deliver as a child, how's that for irony), clicking on 'Action Required' displayed

'Save to desktop' created a customized PDF, with an instruction page (while strangely detailed, the instructions appear to leave some steps undefined. For instance, it's not specified that the user should lick the envelope glue strip before closing and sending. I wonder if these were usability tested? I'd bet ProQuo will lose 'non-technical' users here).

and a letter to send to the PennySaver

For those mailers that want the user to visit their site, ProQuo redirects the browser. From the tries I performed, the redirects happen without transmitting any of the information I've already given to ProQuo. Wouldn't it be nice if I didn't need to enter this again at the various mailers?

Additional to the 'Dashboard' from which users remove mailers, is the 'More Services' tab, from which users can add mailers.

I had been wondering how ProQuo was going to make money - a business model peaks through the clouds.

If my guess is correct, Proquo will try to balance itself between two opposing forces - representing the user (through mechanisms for users to opt-out of unwanted mail) and representing mailers (by mechanisms for users to opt-in to wanted mail).

Some users (e.g. like my wife's Crazy Aunt Aleta who enters any and every contest going) actually want to receive 'offers', and so for them the two forces need not be in opposition - both Crazy Aunt Aleta & the mailers are willing participants. Both benefit (it's presumably worth it to the mailers to pay for such a 'hot-lead'). I wonder if there are enough Crazy Aunt Aletas out there?