Friday, May 30, 2008

New social map app


(Please note the absence of pins.)

Why not for IDP discovery?

SocialHistory.js exploits a CSS leak to determine which social networks users have visited.

SocialHistory.js works by exploiting the feature in modern web browsers that automatically uses a different link color for visited links. The JavaScript loads up a bunch of links from a list of top social media sites in an iFrame and looks at which have been visited based on the change in link color. From there, it can assume which you are most likely to use

Mutual of Omaha


Phil has posted an interesting wildlife video filmed on location in Vancouver.

Unfortunately, the background noise of some guy talking about attributes & JSP's etc interferes with the bird sounds.

I kept expecting to see a burnoose-clad Marlin riding a CARML.

Hopefully

T-Systems treats their contractors better than Ping, as I've been doing some troubleshooting work for Axel on the Firefox openInfocard Identity Selector.

Axel, your questions answered below

Paul

p.s. invoice to follow

------------------------------------------------------------------------
- which version of the Firefox extension are you using? ;-)

0.9.9.20080401

- Please tell how this behaviour can be reproduced

My experience

1) Enter household spending data into a spreadsheet on Google Docs.
2) Data should indicate excessive purchases of perennial flowers and 'oh those are so cute' summer sandals.
3) Print page.
4) Wave page in wife's face.
5) Apply ice pack to (page waving) bruised arm.
6) Listen patiently to tenuous counter-arguments.
7) Defend purchase of computing equipment as a legitimate business expense and in no way comparable to sandals/flowers.
8) Sensing the tide of battle turning, perform tactical retreat.

- Next time please use "DOM Inspector" from the "tools" menu to find the object in the DOM. It was probably generated by javascript.

Maybe it's the Canadian in me

but I feel the need to apologize every time I ignore the directions my GPS provides.

It sounds so hurt
Turn left ... Turn around when possible ... Oh, OK, I'm sure you know best.,,, I guess you are relying on a different set of satellites and state- of-the-art routing algorthyms.

Thursday, May 29, 2008

Odd

A Google docs page


I could find no such objects in the source HTML.

Ping ID to Acquire Microsoft

In a move that has stunned the industry, Microsoft announced today that they have entered into an agreement to be acquired by Ping ID for an 'undisclosed sum'.

Even long term Microsoft insiders are shocked. Said one, on condition of anonymity,

'Well the way I hear it, it's all just a big misunderstanding, but the big guys can't admit it. Apparently, in the middle of the Yahoo! discussions, Steve sent the legal team an email saying "Ping me, acquisition". Next thing you know, here we are ....'

When asked about the deal, Ping's CEO Andre Durand was quoted as saying

'Well it's always been part of our strategy, it just came together a little bit ahead of schedule. We made another acquisition a little while ago and it was pretty straightforward incorporating that product line, so we figured we'd be ready for this.'

When asked how long he expects the integration of the huge Microsoft into the small Ping to take, Ping's CTO Patrick Harding responded

'Oh, she'll be right. We've got some ace tech that just makes it bloody heppen. I reckon by brekkie tomorrow we'll be apples.'

As yet, we have been unable to translate Harding's answer.

Wednesday, May 28, 2008

Bob has met his match

A perfect match that is.

For someone claiming to be an authority on relationships, you can't be accredited any higher than
Dr. Schwartz appears frequently on television, including "Oprah," "The Today Show," "Dateline NBC," "Good Morning America," "Dr. Phil" and CNN. She's also the Romance Travel Consultant for Peter Greenberg's syndicated radio show, "Travel Today."

Facebook use case

A high-school friend of mine now lives in Hong Kong - where he works as a physiotherapist.

But my sore shoulder is right here in Ottawa.

What to do?

Tuesday, May 27, 2008

Privacy

Nothing much to say about it, just that I have decided to, going forward, say it with that pompous Brit pronunciation of 'prih-vacy'.

Prih-vacy is critical to the emerging blah, blah, blah.

Yes, much better.

Rebound Friend

I can't help but think that Bavo just friended me on Facebook to get back at Patrick.

He'll probably now go around telling people how happy we are together and that I've met his friends etc (all the time hoping word gets back to Patrick).

I feel totally used.

No matter, I sense a kindred spirit
For now, there will be no joy in humiliating someone

Patrick, we'll always have Paris but it's time I moved on.

Monday, May 26, 2008

I thought we had something special

I was thrilled to get a FaceBook invite from Ping's Patrick Harding.

That is, till I discovered he has made more 'friends' in the last week than Britney backstage at a 'Boyz II Men' reunion tour.



Hey man, you friended Dale before me? That's harsh.

Let's Make a Deal


I sure hope the Cardspace algorythm doesn't work like this.

Let's see what's behind Card No. 2 ....


Hey Kim, Monty is a fellow Canadian. How 'bout Microsoft sponsor him to come to an IIW for the UnTalent Show?

I'm pretty confident it wouldn't cost that much.

A new binding for SAML?

A paper proposes using neutrinos as a communications channel.
We examine the possibility to employ neutrinos to communicate within the galaxy. We discuss various issues associated with transmission and reception, and suggest that the resonant neutrino energy near 6.3 PeV may be most appropriate. In one scheme we propose to make Z^o particles in an overtaking e^+ - e^- collider such that the resulting decay neutrinos are near the W^- resonance on electrons in the laboratory.

Well duhhh.

Not getting it

FutureShop sent me the below



I sent the following to Customer Service



Their response



Oh well I guess that's OK then.

Security through localization

Mike brags about how Infocards can interrupt/prevent a phish.

I tried the phishing demo and, even without using an Infocard, saw some indicators that would flag to even the most obtuse user that something was amiss.

The first clue was a warning from a faithful watch dog



Hmmm, Sxipper smells smoke, and is barking furiously to wake me up.

No bitch (Sxipper is female no?) is going to tell me what to do, so I persevered.

After going through the mental inventory of available OpenIDs alphabetically, I chose Blogger as OP.

The phishing RP sent me to the facsimile Blogger.



This set my spidy senses tingling. As my German is restricted to ordering 'Ein Stein' at the Hoffsbrau House, this seemed strange. Was this some new Blogger program to expand my linguistic horizons?

Not knowing the privacy policy of the demo site with respect to how they would handle my Blogger credentials, I stopped there.

RFJ 2008

We had the launch party for RFJ 2.0 this past weekend. Lots of new functionality (i.e. runners) compared to the previous version, some bug (i.e. slowness) fixes, and a new look and feel.


For RFJ 3.0, expected in 2008, we will allow participants to monetize the available unused space on their T-shirts for Google AdSense.



Sunday, May 25, 2008

Passwords may not be dead

at least not with this tech available.

Meaningless Authority

Any authority (NSFW) I ever had is now shot.

Hey Technorati, why can't I delete those links that I deem to be splogs? Your filtering engine is obviously not up to the job.

Note passing

If, as a teenager, I had ever had a girlfriend (as if I wanted one, girls are soooo groosss) I expect she would have eventually dumped me by passing me a note in biology or geography.

I would have been heartbroken but at least I would have the note to treasure (and analyze for hidden meaning, by writing 'Hey Loser', perhaps she is referring to how she lost her heart to me?))

My 18-year old nephew told me yesterday that his girlfriend ended their nascent relationship by a note she passed him through Facebook.

Although the channel may have changed, it's good to know that the message remained the same.

'You deserve better'

A classic.

Thursday, May 22, 2008

Please Do Not Erase

Cisco proposes an alternative to SOAP.



I believe they are talking to Microsoft about Cardspace integration.




Incremental & Iterative

Johannes led a session at IIW2008a entitled 'Partioning the Space', in which we specifically attempted to come up with new visual metaphors for identity which would help explain/understand the space.

One idea was to sketch out the value/depth of a relationship between a user and some service provider as a function of time. We posited that the depth would climb smoothly over time, starting from zero.



Over time, the depth of the relationship grows, one manifestation of which is the collection of user attributes by the SP.

Federated identity makes (perhaps theoretically) possible a model in which a relationship can be 'jump started' with identity, these attributes collected from an IDP rather than through successive transactions between the SP and the user.



From the PoV of the user, this step-function establishment of the relationship may feel artificial, as the depth (as determined by the attributes the SP has) does not reflect any shared history. It may also feel artificial to the SP.

An 'identity collection model' that better aligns to the 'slow growth' relationship curve is one in which the SP obtains the user's identity on a JIT basis. Rather than try to obtain identity attributes in anticipation of future need, the SP waits till it actually requires some attribute.

(Bob Blakly made the point in his relationship talk at IIW that, because of the associated risks, SPs will more and more think of identity as 'hand grenades', i.e. something you don't hang on to longer than absolutely necessary. The flip side of throwing the hand grenade as quick as possible is of course only asking for it when you really need it.)


For this to work, the SP & IDP will need the ability to reach out to the user on a JIT basis to both collect attributes and clarify consent, and not rely on the user's erratic surfing schedule.

Love is in the air

This makes me think that consent UI will need to adapt

Till now

I've just been sitting up here in the Ol' Igloo twiddling my cold and asocial thumbs.

I'd go be social except I'm a Rogers customer.

Wednesday, May 21, 2008

Temporal discontinuity

A comment Eve just made on a call prompted this

Consider some magazine at which I've subscribed. The mag only needs my address at the start of every month, just in time for sending out that month's edition.

Their demand curve (I'm sure there is a proper economics term) for my address looks like


If the magazine relies on me actually visiting their site (to view online content etc) as the mechanism by which it can get the most recent address, then they are at the mercy of my erratic visit schedule for the update operation.


If I happen to move in mid February


then I don't get the March edition.

Infocards, ID-WSF, and R-Cards

Although I think the name is misleading (do not other cards also represent relationships?), Higgin's R-cards are interesting.

My (current) understanding is that R-cards are used to establish a long-lived, secure & privacy-respecting 'identity pipe' (or is it a bus?) between some entity that holds a user's identity, and another that wants those attributes. Unlike the relationship enabled by 'normal' cards, the R-Card relationship works even without the user's explicit participation/mediation at the time of sharing. (how about a name that reflects this distinction, e.g. Direct-Card, Silent-Card, etc?)

What R-cards don't do is define just how the identity actually flows, i.e. what are the specifics of how the requestor asks for the attributes, in what format are they passed, how can the requestor subscribe to be notified should they change etc.

That's where something like Liberty ID-WSF is needed, because ID-WSF defines just this sort of plumbing.

Fundamentally, to get things going for ID-WSF, the requestor needs to get a WS-Addressing EndpointReference (EPR) (as profiled by Liberty) for the user's Discovery Service. Once armed with this DS EPR, the requestor would be able to obtain the EPRs for particular service types, e.g. contacts, calendar etc.

The graphic below portrays this simplest case.


As modelled, the originally provisioned card does not capture a semantic of 'this attribute is stored at this provider' but rather 'This card can be used to discover where the user's attributes are stored'. Is this weird?

An experiment in privacy

To test the Google Health privacy policy, I plan on adding all known conditions, diseases, and ailments to my profile.

The theory is that if some drug company contacts me with an offer to participate in a drug trial, then I'll know that Google sold my data to the highest bidder. If not, I will continue to trust Google with my calendar info.

I plan on working through alphabetically as the interface for adding conditions is slow & clunky (why not a 'Select All' option?)



I've learned to live with the fissures, but I do confess that the pap smear results have me concerned. And the 'premature' thing? That was just once!

A counter example

Not discounting the power of token issuance chaining as explained by Vittorio, I offer the following as an example of the fragility of the model.
  1. Friend1 owes me money for hockey
  2. Friend1 gives money to Friend2, says 'Pass to Paul'
  3. Friend2 give money to WifeOfFriend2, says 'Pass to WifeOfPaul'
  4. WifeOfFriend2 gives money to WifeOfPaul, says 'Pass to Paul'
  5. WifeOfPaul gives money to Paul

This is of course the 'theoretical sequence', the actual broke down somewhere around the steps involving the more feminine endpoints.

Net net, Paul has no money, and hears alot of 'Oh what a nice summer dress, it it new?'

Bi-channel infocards

Axel is pushing for mobile infocards.

To my mind, an interesting twist of a mobile selector is that the resource being accessed need not be accessed on the mobile, i.e. a mobile selector can be used to facilitate PC based access.

When surfing from a PC, rather than rely on any selector on the PC, use the one you have on your phone (and thereby indirectly achieve card portability across different PCs). This is the same model that NTT explored with our SASSO - a SAML IDP on a phone.

One challenge for this model is solving the 'how do I wake up the identity agent?' issue. In the 'normal' sequence, the selector is invoked by the browser (or some other application) when it comes across some indication from an RP that identity is being sought.

Not so easy to do when the application is on the PC, and the selector on a phone.

You either have the PC communicate the invocation to the phone (through Bluetooth, QR codes, etc), depend on the selector to determine if it needs to wake up at any instance (by polling, etc), or have the user manually launch the selector.

Tuesday, May 20, 2008

A Kick Asa Demo

Ha-ha.

Asa has posted a write up of his IIW demo of 'OpenID bootstrap to ID-WSF'. (a horrible misnomer, because as cool as that part is, the demo shows so much more).

Asa has long hair, wears sandals, and advocates local currencies. I have much to learn from him on the topic of 'hipness'.

Asa is also a serious non-conformist, as evidenced from the accompanying PDF

I use RED-ID to log in to my home made twitter platform and proceed to twit (I know it is tweet, but I like twit)

That way leads to anarchy young man.

I may decide to be a non-conformist, but I want to see how the crowd goes first.

Verified by OoTao?

Andy posts about OoTao's MCP supporting verified emails and i-names.
If you want to consume these claims you will need to ask for:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/verified/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/verified/iname

The 'verifiedness' (verificity?, verificabiltiy? verificatiousness?) is built right into the claim identifier.

To my mind, the level of assurance that can be ascribed to a claim is orthogonal to the claim itself. An IDP makes a claim, and then provides supporting information to help an RP decide how to treat it.

Do we need a 'Verification Context'?

And maybe I want only a 50% verified claim .... :-)

Deck from IIW2008a



For want of punctuation

Pat corrects what he interprets to be a misunderstanding on my part.

Actually, I mistyped when I wrote 'I bet not' (which admittedly does give the impression that I'm suggesting that fedlet WOULD NOT be reusable across different IDPs).

I had meant to write 'I bet. Not'.

The first sentence indicates my belief in the fedlet's power, flexibility and reusability. The second expressing my moral stance against wagers.

Pat, I hope that clarifies things.

SLO?

You don't get any more logged out than this.

Fortunately, QR codes have more mundane applications for identity.

Sun Fedlet

I understand the attractiveness of Sun's new fedlet (separately, the site gets my vote for most tenuous application of Guns'n'Roses - I'm seeing Axel drunk on stage at some future JavaOne) mechanism for quickly enabling federated operations with a partner, but how is it all relevant that fedlet is built on SAML?

If you control the technology at both the IDP & SP ends, the fact that both ends use a standard for messaging and assertions is irrelevant isn't it?

Would the fedlet, once deployed by an SP, be reusable with other IDPs (than the one that created it initially) and thereby be considered a quick and easy way to SAML enable an SP? I bet not.

Monday, May 19, 2008

Worrying rumour

Word from Redmond is that, inspired by this salesmanship fiasco, in order to demonstrate their corporate loyalty Kim and Mike are working on their own music video, a duet remake of the Beatles 'Please Mister Postman'.

I been standing here waiting mister postman
So patiently
For just a card or just a letter

Disquieting as that thought may be, I find it less disturbing than the conflicting rumour that the two of them will be performing 'O SAML Mio' with Vittorio.

Fallen Fruit?

I don't think I can count how many times I heard discussed at IIW the privacy challenge inherent in one user deciding to share their social network - the contents of which necessarily containing or referencing the PII of other users.

As far as I know, there is as yet no name for this effect/issue?

As they say, Nature abhors a terminology vacuum .....

According to Wikipedia,
Usufruct is the legal right to use and derive profit or benefit from property that belongs to another person, as long as the property is not damaged.

The word derives from the Latin words for 'use' & 'fruit' - the archetypical example is enjoying the apples from a tree growing in your neighbour's yard (and not harming the tree).

Is my sharing of the fact that you are in my social network an example of usufruct?

[Amateur Lawyers: insert comments here]

Full Circle

  • User-centric is out, relationships are in, according to Bob at least. Rather than think of identity as being centered on the user, Bob argues that it is more appropriate to think in terms of of the relationships that exist between the user and their providers (and their friends etc.)
  • Bob draws an analagy between this interpretation and planetary dynamics. Before Nicolaus Copernicus, the belief (popularized by Ptolemy) was that the planets and Sun orbited the Earth - a so called geocentric universe. Copernicus proposed what he saw as a simpler model, he demoted the Earth from the center and placed the Sun there instead - a heliocentric model.
  • As important as this shift was, Copernicus stuck with other aspects of the geocentric model. For instance, he still described the planets as orbiting on circular paths on fixed invisible spheres in space. So, a step closer to the truth, but no better at creating a stable calendar than Ptolemy.
  • It was on the observations of the Dane Tycho Brahe that Johannes Kepler took the heliocentric model to the next level. Kepler used Brahe's data to calculate elliptical orbits for the planets, the motion due to a force of attraction from the Sun and no longer requiring magical spheres.
  • Johannes Ernst led an interesting session at IIW entitled 'Partioning the Space'. In that session, we developed an interesting way to think about how the relationships between customers and bricks'n'mortar stores deepen gradually and incrementally, but how typical consent models in federated identity completely break with this slow growth pattern (e.g. 'Do you consent to sharing all your identity attributes with this SP you've just met?')

Apparently Bob is correct, it is indeed all about relationships.

Sunday, May 18, 2008

Two Aussies and a Kiwi go into a bar

and write a paper on 'Use Cases for Identity Management in E-Government '.

Hmmmm, punch line sounded funnier when I heard it.

Separately, the award for 'Best Title in an IDM paper' goes to this surgically sharp Caesarian chapter (or is it a section?).

Relationship Therapy

Therapist: So, SP, why don't you get us started and tell me why you and User are here today?
SP: Well, I just think that User and I are drifting apart. The relationship was great at the beginning. I mean, User even had a password with me. And I stored all his attributes. We were really close.
Therapist: And that has changed?
SP: yes, ever since he has been hanging around with his new federated friends, things are different.
Therapist: How so?
SP: Well, for one thing, we never spend any, you know, err .... 'quality time' alone.
Therapist: Quality time?
SP: (blushing) yes, he uh, he always insists now that one of his IDP friends join us.
Therapist: And how does that make you feel?
SP: Well, let's just say that my Mother didn't raise me that way.
Therapist: OK, I see. User, why don't you tell me your view point.
User: Well, I don't see what the big deal is. Sure I'm bringing some IDPs home, but I'm just trying to spice up the relationship - the password thing was getting tiresome.
Therapist: And you think adding IDPs to the relationship will help?
User: Yeah, and I mean, it's not like I'm bringing home some Passport or anything. These IDPs are all right.
Therapist: SP, is the issue that you don't know anything about these IDPs?
SP: Definitely. User will have a few beers after work and then just show up with some IDP and, with only a very brief introduction, expect me to 'party', as he puts it. And then he says he wants to watch because he doesn't trust us!
Therapist:Just to clarify, by 'party' do you mean engage in the transfer of identity assertions?
SP: Well yes, but you don't have to be so blunt about it.
Therapist: Sorry about that. Would it help you if you knew more about these IDPs that User was introducing you to?
SP: Yes I think so.
Therapist: OK, I think we're getting somewhere. User, would you be OK with if SP got this info about your IDP friends?
User: Sure, just so long as I still get, you know, serviced ....
SP: And a bottle of wine wouldn't hurt either. Maybe some flowers once in a while. An SP likes to feel appreciated after all.
Therapist: User...?
User: (sighing) Sure, wine & flowers sounds fair. Hey, can we talk about her Mother-in-Law always coming over?
Therapist: Let's save that for the next session. SP, are you in agreement that User can involve IDPs if you are able to find out more about them?
SP: Yes, but fair is fair right. Maybe I might want to party with an IDP User introduces me to without User even being at home
User: No way, nope, I'm not ready for that. I need to be present.
Therapist: Why don't we work up to that. Baby steps right?

Sensitivity Training

I think it was the psychology course I took in 1st year (or maybe its because I'm an Ottawa Senators fan) but, for some reason, I am particularly attuned to the suffering and frustration of others.

That's why I'm able to read between the lines of Andy's post on Infocards and see what most people, oblivious to the subtle signals the post sends, would miss.

On the surface, Andy's post is an amusing romp of a story about an experience he had with Infocards, specifically logging in to leave a comment on Kim's blog. All seems well. Dig a little deeper however, go beyond the surface hunky-doriness, and there are tell-tale signs that the experience might not have been optimal for Andy.

For an emotionally aware person like myself, certain phrases act like signposts for Andy's, otherwise hidden, true frame of mind. Phrases like

- Infocard Hell
- frustrated anxiety
- I have now been trying to write .... about this damn post for 3 hours

are indicators that many just don't (or won't) see. You shouldn't feel bad if you missed them. I am, as I said, very sensitive.

Someone less sensitive than I, someone more inclined to go for a laugh at the expense of another, might say to Andy
'Hey man, stop your whining and suck it up. You've just come across the joy of tri-party communication interoperability.'

It's a curse being this tuned into the suffering of others. Weddings for example, make me cry every time.

Tags:

Thursday, May 15, 2008

The Bard on ID Theft

Who steals my purse steals trash ....
But he that filches from me my good name
Robs me of that which not enriches him,
And makes me poor indeed.

I think it's fair to say that Will underestimated the business model.

Jack of all trades, master of most

If I didn't know I wouldn't see him for another month and a half, I'd hesitate to gush over George like a lovesick teenager but ..

There is nobody I know in identity that has a better grasp of ALL the various systems in play.

Whether SAML, OpenID, ID-WSF, XRI, Infocards, OAuth, XRDS, OpenSocial, FOAF, XFN, etc, I'd venture that George has 90% of all of them (and 100% of most of them).

I think I might have George on XDI (but only because I attended Markus's session this afternoon and he didn't). Take that Mister Smarty Pants.

In addition to George's unparalled expertise in identity is his unmatched friendliness & easy going nature. Never will you hear a negative word from him.

I am actually quite proud of myself for not letting such clear character flaws interfere with our friendship.

FriendDA

Sensing an emergent meme, I want to make sure I get in as an early adopter.

Bob is modelling a relationship as (my interpretation)
some number of participants, taking on defined roles, and promising to abide by a set of rules with respect to sharing of claims

Bob makes the point that if society doesn't provide a sufficient set of rules or policies that a relationship can leverage, then the relationship needs to be able to define its own rules.

Pam called this a 'friendDA' last night at dinner.

Tuesday, May 13, 2008

Serendipity

It was by pure luck (for me, as he has a car and can drive me to and fro the meetings) that I ended up in the same hotel as Peter for IIW2008a.

The lovely Ramada Inn Limited. Pool, hot tub and free breakfast. Business travel at its best.

It's the combination of Peter's bookings that is critical. If he and I were both in the same hotel but he had no car, then the benefit to me is limited, perhaps shared cab fare and some sarcastic and snide banter on the drive.

If on the other hand Peter had a rental car but was staying at a different hotel, then I would need to guilt him into picking me up and dropping me off each time. I've had great success with this ploy in the past but I don't like to overuse it.

What I would love is a hotel booking engine that, in addition to allowing me to filter hotels based on the normal criteria, e.g. free WiFi, pool, exercise room, etc, it would allow me to specify a search param of

"Only show me hotels where a friend who has rented a car are staying (and give higher weight to a convertible)"


This would be a special case of using your social network to help find services of interest and value, as in the diagram below (which I cant remember if I created, stole, or adapted)



In Liberty People Service, the rough flow would be

1) Expedia.ca, helping me book travel, discovers and queries my People Service to see my 'Travel Friends'
2) Expedia.ca uses info it gets from People Service to discover and query the 'travel calendar' of each of those friends
3) Expedia.ca uses info in my friends travel calendars to filter out hotels in my search
4) I ride for free

Faces as index

Do you not think that, given that 90% of people's photos are of the same people (either young & drooling, or older and intoxicated) over and over, that this privacy protecting process is somewhat irrelevant?

It's not you, it's me

Much talk yesterday about relationships at IIW.

In Drummond's macrame demonstration, Asa's ability to end the relationship with a single snip was portrayed as key.

In the absence of e-scissors (now there is a business model and domain name packaged up for you), how might relationships be ended?

Follows are some of the 'relationship termination reasons' asserted to myself over the years, almost all of which might be used to severe an identity relationship.

- Work is really busy these days
- Let's still be friends
- You know, I was really drunk
- You're really awesome, but ....
- I like you, but not in that way.
- I'm not looking for a big commitment
- It was Spring Break!

Tags:

Saturday, May 10, 2008

Talking Points

Last week I was at a Liberty Alliance TEG meeting, talking about

- Privacy Constraints
- Reconciling OpenID PAPE & SAML AC
- Profiling WS-Trust for security token issuance within ID-WSF
- a 'multi-device' SSO use case, where a user starts watching a video on her mobile, but then transfers the security & application context to her set-top box so that she can watch the remainder in HD
- a RESTful/like binding for ID-WSF
- Orange APIs

Next week, I'll be at IIW, where I expect to talk about

- a use-case from my own family that motivates Liberty People Service
- that beer Ping owes me
- s-Cards
- identity rights agreements & privacy constraints
- data portability
- how Ping never settles invoices in a timely manner
- a multi-factor authn use case that requires OpenID PAPE & SAML AC be reconciled
- how IIW 'Closing Circle' makes me think of summer camp
- legal options for forcing Ping to honour its debts

Friday, May 09, 2008

IAD Efficiency

Writing this while my righteous indignation is still elevated.

Flying back from the Liberty Alliance TEG meeting at AOL, I endured the tangled web that is the security screening lines at Dulles Airport. I felt like a rookie running back, more motion sideways and backwards than forward.

I take one consolation from the experience. Where ever my future travels may take me, whether the Sudan or some back-water single runway airport in Thailand, I am confident that I have already seen the worst organized security check that bungling incompetency can devise.

Smooth sailing from here on.

Invoice: Ping ID

To: Ping ID

From: Connectid (a wholly owned subsidiary of Paul Madsen Enterprises)

For: 1 Beer at IIW (and not some crap like Bud)

Re:Testing of OpenID for Blogger commenting (see image)



Identity Rights Agreements

by another name.

Liberty Alliance TEG yesterday voted out for public review a 'Privacy Constraints' specification.

From the introduction

Privacy constraints describe fundamental constraints on the propagation, usage, retention, storage and display of
identity data. Increasingly, there is concern regarding appropriate use of identity data and Privacy constraints allow the expressions of constraints over the processing of such data.

This document describes a small set of atomic privacy constraints. They are not meant to be exhaustive and we fully expect that communities will define additional assertions based on geography, industry and law.

Using policy frameworks such as WS-Policy, authorities (custodians of identity data, end-users) and consumers (applications, enterprises) can use Privacy constraints to describe composite constraints on identity data. For authorities, this takes the form of indicating the conditions under which data is being released; for consumers this takes the form of indicating the conditions that will govern their use of data.

Privacy constraints describe conditions under which identity data is sought or released. Exactly how Privacy constraints would be used in practice is outside the scope of this work. Depending in business context, they may be added to message flows in protocols or viewed as meta-data associated with identity data.

Generally, when a privacy constraint is bound to a request for some attribute, it is interpreted as a ’commitment’ the requestor is making with respect to its actions should it receive the attribute, when bound to a response carrying an attribute, a constraint is interpreted as an ’obligation’ attendant upon the recipient.

While Liberty kicked this off, my personal view is that subsequent work needs to happen in the wider community - wherever the right place for that may be.

Thursday, May 08, 2008

When in Rome

I'm watching the Fox morning show in the hotel room. The host's banter is so real, they obviously really like each other.

One story is about the debate over students from some Minnesota high school traveling to Spain on a class trip.

Apparently, the law in Spain will allow 17yr old students to drink alchohol should they so choose - even though they are not of age in their home domain and so can't legally quaff Bud back home.

The teacher in the debate (who travels with the kids) made the point 'the kids travel to Spain, our laws do not travel to Spain'.

Timely. In Liberty Alliance TEG's discussion of IGF's CARML yesterday, we talked about a use case in which an application used CARML to express a need for a user's age, actually not the age itself but whether the age was above some threshold.

How the threshold is expressed will impact on the students imbibing.

If the drinking policy is expressed as 'isAgeGreaterThan19', then the students will not be drinking overseas. The policy is bound to a specific locale by hard-coding the
threshold in.

If however the policy were expressed 'isAgeLegalForDrinking' then the policy can be localized appropriately - the wine can flow (assuming parental consent etc) when in Spain but not in Minnesota.

There was also a story about a prison in Louisiana that uses black bears as prison guards. I did say I was watching Fox.

Wednesday, May 07, 2008

Van der Waal

I'm hesitant to try to out geek Vittorio, because it's evident from this that he is supremely qualified in the art of over-thinking (to which I only aspire).

To model an STS as an RP-IP molecule, to bring in Kirchoff ..... I have tears in my eyes, it's just too beautiful.

I will however humbly suggest that any physical model for 'claims chaining' would benefit from an extraneous and superfluous analogy with chains of genetic information.

For all the hype DNA gets, the actual work of translating the information within DNA's recipe into a medium (proteins) that can be used directly by the cell is done by RNA.

So, DNA are the claims, RNA are the claims transformers.

I fear I was rash

in previously diminishing Twitter as inane, silly, and pointless.

I now see it as a powerful communication tool with unlimited potential.

You should really get yourself an account and tweet away. Heck, get two accounts and have them follow each other.

Tuesday, May 06, 2008

Innerworkings of Japanese IDP

What goes on behind the SAML request/responses.

After provisioning, the attributes are released only to authorized requestors.

It's the packing efficiency that distinguishes the solution though.

Monday, May 05, 2008

Admittedly not particularly user-driven

Notwithstanding that it enables an arguably anti user-centric modality, the British governments 2004 policy of authorizing torture provided that they

“neither procured the torture nor connived at it.”

would appear to be a perfect application of federated identity, i.e. you want the info, but don't want to concern yourself with the messy details of how it is obtained?

I see the need for a 'Torture Context' syntax. This would give to RPs the extra information they need to assess the assurance level of the confessions - everybody knows water-boarding is far more trustworthy than sleep exhaustion for instance.

Fundamentally constant

In a previous life, I dealt with Feynman diagrams, a visual tool of theoretical physics.

By modelling a particular interaction between sub-atomic particles in this way (straight lines are particles that make up matter, wavy lines are the particles that mediate the forces between the matter particles), and using experimentally determined values for the coupling strengths (e.g. 1/137) of the different vertices between the lines, you would (after alot of horrid math and tracking of 'i's and 'e's), calculate the probability of that interaction occurring.

The above shows two electrons colliding to create a photon which, after a short delay, disappearing with two quarks emerging from the debris (a back of the envelope calculation shows that the probability of the above is 'sometimes').

Now I deal with swimlane diagrams


The math is much easier - the probability of any given interaction occurring isn't determined by fundamental constants but rather by market forces.

And, you don't need billions of dollars to look for them.

People Service Use Case Demo

Screenshots of an ID-WSF People Service PoC between NTT & Symlabs components.

Alice is able to leverage a social connection with her friend Joe across multiple application contexts, e.g. sharing both photos and her online calendar.

Don't ask, don't tell

Eve considers the risk of new identity systems, by facilitating the flow of identity, exacerbating the problem of identity flowing unnecessarily.

In her proposed best-practices, Eve presents an iterative identity collection model - applications ask only for what they need right now, and not what they expect they might need in the future.

Not wanting to preempt Eve's next post
More thoughts soon on some solution opportunities in all this…

but ...

Liberty's CARML, through use of <ws-Policy> elements on the <Interaction> , would allow an application to indicate priorities for the various identity attributes it required (or simply desired). So, for instance, a tee time booking application (tieing back to Eve's story) could indicate that it absolutely required the golfer's handicap but that it merely wanted whether they were right/left handed.

I'm not sure that priority labels alone are sufficient to support an incremental collection model. The tee time application may absolutely require the golfer's favorite beer, but only at such time as the beer girls cart draws near them on the back nine.

Friday, May 02, 2008

Identity-Aware Devices

From Marco, a great HP paper on Identity-Aware Devices, describing some PoC work HP did with Intel around the Liberty Alliance's Advanced Client specifications.

Current users’ experience with mobile devices, in networked and federated services, is difficult and painful: users need to create (one or more) user accounts, disclose profile information, authenticate against service providers, get additional credentials to access services and ensure that these credentials are stored in a safe and secure place.


Thursday, May 01, 2008

Security Policy


John Gerard was an English Catholic Jesuit priest imprisoned in the time of Queen Elizabeth I, for perceived treachery and treason against Elizabeth's government and reign.

While in the Tower of London, he contrived to send secret messages to another prisoner John Arden. Gerard would write his messages in orange juice on the wrapping paper of parcels he would bribe his gaolers to deliver to Arden. Invisible to the messengers, once warmed by a fire, the messages would appear.

The first time the system was used, Arden was unaware that there were any hidden messages at all, and promptly disposed of the wrappings. Clearly incompatible security expectations.

It was only when the two (through a pantomine of squeezing and writing from their separate regions of the Tower) were able to agree on the encryption algorythm to be used that they were able to organize their escape.

So So

Seed Magazine explores the usage of 'so' in scientific parlance. For example,
So as we can see, modified Newtonian dynamics cannot account for the rotation of any of the three observed galaxies

As the article points out, 'so' is not restricted to science. IT finds it useful as well. I hear it often in conference calls. The chair, when asking for volunteers to take minutes.
Sooooo ... anybody at a desk? It should be a short call.... Anyone?

Does the fact that 'so' is often a precursor for a subsequent claim suggest relevance to federated identity?

An IDP making a claim
So, as is clear from the assertion, the user authenticated to me at 9.30 using an OTP.