Friday, February 29, 2008

Integrating Liberty Alliance & Cardspace

Two different approaches to bridging Liberty Alliance & Cardspace.

Bridging CardSpace and Liberty Alliance with SIM authentication

A Client-side CardSpace-Liberty Integration Architecture


Get your mind out of the gutter

Popular Science has an article on 'community urine-testing', i.e. examining the drug habits (illegal or otherwise) of communities by testing the waste water they excrete.

Sewage is more than just filth. It’s evidence of our worst habits, everything from caffeine to cocaine, all ingested and flushed down the toilet. Now scientists are using wastewater to drug-test entire cities, and the results are sobering.

What is interesting are the concerns over what might be called 'collective privacy'. Communities don't want their drug habits brought out into the open - even if the habits of any one constituent are impossible to identify through the aggregated tests.

No city wants to be known as the coke capital of the world, and some critics fear Big Brother tapping their plumbing as well as their phone line.

I expect that eventually cities will start dumping masking agents down the drains. Or claim they had a bad cold and were just taking decongestants.

Thursday, February 28, 2008

Pat's Password Proxying Proposal

Pat proposes using Cardspace as a password-manager, i.e. using the identity selector to retrieve the username & password for the user for a particular site when needed.

How would the RP indicate what it wanted? As a (newly defined) required claim URI? In this case the RP is not simply asking for a piece of static identity data that is the same for all RPs, e.g. email address etc. It's asking for 'the username & password that the user previously stored against my endpoint'.

In this sense, the username & password are just like the existing 'private personal identifier' in Cardspace (or a pseudonym shared between a SAML IDP and SP).

Is it just another claim?

<OBJECT type="application/x-informationCard" name="xmlToken">
<PARAM Name="RequiredClaims" value=

Presumably, current selectors would not know to process this as it would a PPID, and not an email address.



Good luck camouflaging your URI like this.

I tried pretending to be the '//' but kept falling over.

And my bad back means the '.' is out of the question.

Tuesday, February 26, 2008

Trading cards

Today is the trading deadline in the NHL, the last day on which teams can trade players in preparation for a run at the Stanley Cup.

The Toronto Maple Leafs (who I detest) had wanted to trade their captain Mats Sundin, recognizing that they have no chance this year (which is sweet) and hoping to get some future potential for the franchise's star.

But Sundin has what is called a 'no trade clause' in his contract, essentially giving him and not the Leafs (which I hate) control over if, and to where, he can be traded.

Mats likes Toronto (which mystifies me, I think of it as a sinkhole with streetcars) and so politely declined when the organization asked him about trade possibilities.

For some, Sundin demonstrated real loyalty, preferring to stay with the basement-bound Leafs rather then being traded to a contender - even if only for a short period as a 'rental'.

For others, his declining the trade was pure selfishness, putting his own interests ahead of those of the organization which he professes to feel loyal to (he is Swedish and has spent his professional career playing in Quebec City and Toronto so likely doesn't know better).

What if social networks allowed trades? Would members be given the same control over their trading fate? And suffer the same accusations if they opted-out?

For my own network, I'd be willing to let Kim Cameron go for the right deal. It would kill me to let Kim go but I'm in a rebuilding stage and need some future prospects. Kim, FYI, you don't have a 'no trade clause', your agent dropped the ball on that one.

Leafs suck!

Monday, February 25, 2008


Let me see if I have this straight

Kim writes
But OpenID doesn’t have the privacy characteristics that would make it suitable for government applications or casual web surfing. And it doesn’t have the security characteristics necessary for financial transactions or access to private data.

and from that post of Kim's Eric deduces

Yet one more reason why you (as a CSO) should be paying attention to OpenID.

Does OpenID provide appropriate security characteristics for the enterprise, ie. is OpenID 'safe for work' or not?

If not, why should a CSO care about it? Because her employees will be used to using their OpenID for non-work surfing and so will demand a similar log-in ceremony for work?

I enjoy the occasional hot-tub but I've never been able to convince any employer that it would be a relevant piece of cubicle furniture.

Six Degrees of Schneier

Given the popularity of 'Six Degrees of Kevin Bacon' for mapping the working relationships of actors & actresses, I propose the identity & security space similarly track our distance from some notable name in the industry.

Now, who shall we pick as our hub? Let's try Bruce Schneier for now and see how it works.

I propose a simple algorithm - a given identity bloggers Schneier Number will be calculated based on the 'link distance' between Bruce's blog and their own. For instance, if there exists a blog posting in which both Bruce and that blogger are linked to, then that blogger would have an SN of '1'. Simple yes?

I wonder what my SN would be? How would I even determine it? Oh wait, coincidentally, an insightful post from Gunnar in which both Bruce and I are linked to.

I guess then by the previously defined (and completely objective) algorithm, my SN is 1. Wow, I really didn't expect to have such a high score. I have to say that I'm impressed with myself.

Friday, February 22, 2008


It seems that DataPortability is finally heeding my advice (of this morning) and will be reconsidering the DP logo by holding a competition.

I will be submitting to the contest the following (artistically manipulated) head-shot of myself

as I believe it meets the stipulated requirements of
  • aestheticness
  • uniqueness
  • royalty freeness
  • clarityness at small-sizes (my wife chuckled at this one, not sure why)

Note: I will be donating any prize money I receive to 'The Poor' so that they can purchase i-names for themselves (it just tears me apart to think that their data might not be as portable as yours or mine).

Impedance Mismatch

SAML & ID-WSF are joined at the hip, likewise seemingly OpenID & OAuth.

A swap is in order.

Consider the IDP Selection model of the 4 - this the bit by which a user and a consumer of identity come to agree on where to get the identity.

There are essentially 2 choices, let's call them "User Drives" and "Consumer Drives", distinguishing between who is in 'charge'.

User Drives (UD)

1) User visits some identity consumer
2) User specifies identity provider
3) Consumer works with the specified identity provider to get some identity

Consumer Drives (CD)

1) User visits some identity consumer
2) Based on its relationships, consumer offers user a list of candidate identity providers
3) User chooses from within list
4) Consumer works with the chosen identity provider to get some identity

UD pushes consumers towards promiscuity in picking their provider partners, CD reflects the existence of business and trust relationships that constrain consumers and providers.

I'll argue that the 4 identity systems above are either restricted to (or optimized for) either UD or CD as follows:
  • SAML - CD (because SAML defines nothing comparable to OpenID's association mechanism for dynamic trust )
  • ID-WSF - UD (because the Discovery Service enables dynamic trust brokering by which a consumer of identity can be matched up with an, a priori unknown, provider)
  • OpenID - UD (well duh)
  • OAuth - CD (because it presumes a relatively static trust model with a priori key and secret exchange)
So how do you reconcile the apparent mismatches, e.g. a UD-ish OpenID with a CD-ish OAuth? Or CD-ish SAML with UD-ish ID-WSF?

Perhaps we should consider swapping spec partners? Get everybody together, have a few drinks, and see what happens. No pressure.

I know I've seen ID-WSF, when cutting the lawn, sneaking peeks at OpenID sunbathing, so there is definitely interest there.

You'll never get that in the overheard bin

DataPortability considers changing its logo - a set of candidates here.

Discussion is focussed on the shape, relationship, and colour of the 'd' and the 'p'. As far as I know, the 'suitcase' on which the letters are placed is unquestioned. But is it appropriate?

The chosen suitcase is clearly not a candidate for carry-on. it actually looks like one of those old-school hard-sided Samsonites your Father used that ended up covered with stickers from places like Des Moines.

So what you ask?

Well, checked luggage is not user-centric. While you do start off with your bag, you give over control of it to the 'air travel providers', trusting in them to handle it with appropriate care and deliver it to the right place. Who knows what they actually do with it in the interim? That's not user-centric, it's 'airline centric'.

I humbly suggest that a more appropriate luggage model would be one that is clearly designed to stay with the owner as a carry-on and not be checked into the luggage limbo that awaits behind the counter.

Here are some photos of my own preferred carry-on suitcase to get DP started (wrt the second, I confess it's not always easy to get a volunteer to pull me through the terminal. But my feet get soooooo tired.)

And lest you forget, contents may have shifted in flight.

Wednesday, February 20, 2008


Our identity world seems quite insular - take a look at an identity papers (white or otherwise) 'References' section, and I venture the sources are other identity papers (with usually a few security ones thrown in for credibility)

My list of other intellectual fields from which identity might learn:
  • economics - if the availability of a particular identity attribute grows scarce in the marketplace (because of privacy or legislative factors), does it become more valuable? Can you even assign a value to a particular attribute?
  • game theory - does the Prisoner's Dilemma bear on social network dynamics? Or on the standardization process?
  • evolutionary science- is the battle between phishers & security experts comparable to the 'arms races' that develop between predators & prey? If so, who is the prey?
  • history - could the 'identiverse' be carved up into non-overlapping regions of protocol dominion as agreed to by Spain annd Portugal in the 15th century Treaty of Tordesillas, i.e. SAML/WS-Fed get the enterprise, OpenID/Cardspace are ceded consumer space? Who would play the monopoly busting Sir Francis Drake?

Single Sign-On Summit

Ping is putting on a Single Sign-On Summit

Established with singular focus, the SSO Summit will help line-of-business owners and IT understand in detail the when, where and how of SSO

I believe plans are in the works for a follow-on "Single Log-Out BOF". There is also talk of a pre-conference 'IDP Discovery Workshop'.

Andre/Patrick, please feel free to use this for your summit welcome (with attribution)
Two CIOs go into a bar. The first guy says to the second 'How's it going?'. Second guy says 'Sso-sso'.

Complaints will be taken seriously

I propose attendees of the next IIW perform an identity-based Complaints Choir.

Some lyrics to get us started
But I already logged in over there.
Oh no, I do enjoy looking at photos of your family's vacation
to Disneyland. Please hand me that bottle of pills would you?
We can go to Mars, but I still have to provide my shipping
address when I buy something online?
Your social invitations annoy me more and more.
To be honest, I find your avatar spooky.
Notwithstanding the opportunities for 'increasing her pleasure',
spam is annoying and limits productivity.
Clearly, my blog gets less traffic than it deserves.
Strangely enough, I do not wish to receive email updates
as to how often you move your bowels.

Tuesday, February 19, 2008

We need a word

to describe
a phenomena in which a message displays momentarily in your Inbox before the spam filter kicks in and the message disappears - words like 'girth' and 'performance' appearing for just enough time to subconsciously pique your interest - this interest determined to be misplaced upon exploration.

Going downhill fast

There are a number of winter sports predicated on the concept of 'sliding down a snow-covered hill quickly'.

The fun part of these activities (I would have said 'sports' but, hey, is tubing really a sport?) is the 'sliding downhill' component. Before you can enjoy this fun bit however, a necessary evil is a preliminary period of 'being lifted or pulled up the hill slowly' (I believe Isaac Newton was developing this as a corollary to his Laws of Motion. At least he was until he realized that, Eddie the Eagle notwithstanding, the UK has no hills or snow and consequently nobody would understand what he was talking about).

There are a number of mechanisms for accomplishing the 'preliminary slow uphill lifting'. Here is a partial list:
  • Magic-Carpet
  • Rope
  • T-Bar
  • Double
  • Quad
  • Detachable quad
  • Gondola
  • Helicopter
All these mechanisms get you from A (a low spot) to B (a higher spot). But, as anybody who has fought a T-bar while on a snowboard can attest, the above mechanisms can vary greatly in:
  • the level of active participation expected of the user (e.g. holding onto a rope or sipping a latte in a gondola)
  • their speed (all else being equal, you'd rather spend your time going downhill)
  • the stress of getting on & off (nothing is more fun than watching 4 novice boarders disembarking from a quad chair. Nothing.)
  • the degree to which the user is exposed to the weather (I posit that the top of the TGV chair at Mont Tremblant is colder per capita than the Antartic. )
  • capacity (as in # butts lifted/hour)
I'm sure a ski hill operator would also tell you that they also vary greatly in their economics, as in initial costs , ongoing maintenance, and how many years it takes to redeem the investment.

Consequently, a smart operator uses the right 'lifting mechanism' for the right combination of slope, difficulty & accessibility. You will never (OK, perhaps in Vail) see a helicopter being used to run kids up to the top of the bunny hills (which can actually be deceptively challenging for even advanced boarders), nor will you see a magic-carpet unloading at the top of a double black-diamond (as I've never actually seen the top of such a run, I admit this is conjecture).

The right lift for the right hill. A good ski resort has appropriate variety in both.

The reader is encouraged to consider the relevance of this essay to identity systems. For extra points, discuss the concept of resort federations.

Doggone it, people like me!

Well, maybe not 'people' in the plural, but Andy does at least.

And, to be precise, he likes this blog.

For all I know, on a personal level, he may hate my guts (which I absolutely don't get!).

So I guess it'd be more accurate to say

Doggone it, at least one person likes this blog!

Tough to build a 'Daily Affirmation' around that.

Andy, with respect to Liberty ID-WSF being a good read, I expect you are currently working through the (many & significant) specification pieces I contributed. A word of warning, your enjoyment will vary in spots.

Sunday, February 17, 2008

Kids say the darndest thingss

My 5-yr old daughter, on the burden of remote identity management (trying to access her Webkinz account from a friend's house)
I couldn't get on because I didnt have my username but I had my secret code so I was able to get my password changed.

I don't think we need be concerned about the abilities of her generation to adapt to new identity models - they'll do just fine.

Perhaps then we should stop worrying about 'My Mother' as the average user for which we design identity systems and skip to the grandchildren - far less constraining.

Friday, February 15, 2008

Assurance Levels

After a medium-sized snowfall last night, my kids were anxiously waiting to find out if the school buses were cancelled, giving them a 'snowday'.

The Web site said the buses were running, the radio indicated some doubt.

My 5-yr old daughter gave her assessment of the relative assurance of the two information channels (with likely a certain amount of hopeful bias).
Radios are righter than computers.

Not always Sweetie. Go get dressed, your bus is coming.

Wednesday, February 13, 2008

I have the ears of a 24-year old

According to Vikram.

Sadly, the lawyer for my inner ears has asked for a trade to 'a body with commensurate deterioration'.

Tuesday, February 05, 2008


From Information Architects, a map of 2008 web trends.

I know why SAML isn't on the map, but OpenID? The only way OpenID could be trendier would be if it wore bell-bottoms (those are in right?).

FYI, I stayed in a hotel out near Doc Searls the last time I was in Tokyo.

Friday, February 01, 2008


Kaliya wonders what I think about the rumour that NTT is investing in Twitter, seemingly based on Twitter's choice of NTT America for hosting.

To be honest, I'm disappointed. I had pitched my own idea but it appears that management decided to 'go in a different direction'.

Other than that, sorry Kaliya, I claim no insight (not that I ever have).

Tags: ,


WS-HumanTask has been submitted to a new TC in OASIS

The TC will focus on defining human interactions (“human tasks”) as part of a WS-BPEL process, enabling these definitions to be exposed as web services.

My wife is preparing submissions to the TC for follow-up specs