My wife and her sisters have come up with their own hybrid protocol - it goes something like this
S1->S2 (email): Hi, here is a funny joke (joke will involve any or all of set of perceived husbandly foibles & limitations).
S1->S2:(phone): Hi, just sent you an email. Also, did you hear that Mom ....... (subsequent conversation typically lsts 45 minutes)
S2: checks email, reads joke
S2->S1 (phone): Yes, that joke was so true. Men are so like that. Ha ha. Also, did you hear that Mom ....(subsequent conversation typically lasts 45 minutes)
S2->S3 (phone): Hi, did you check your email? S1 sent a funny joke. Also, did you hear that Mom ...... (subsequent conversation typically lsts 45 minutes)
Wednesday, February 25, 2009
Tuesday, February 24, 2009
Welcome Lucy & Trent
Trent notes that the Internet Society has joined the Liberty Alliance as a Management Board member.
Trust me, you made the right decision. Being on the Management Board is sweet. Free coffee at meetings, nice pens & pencils - it's all good.
Trust me, you made the right decision. Being on the Management Board is sweet. Free coffee at meetings, nice pens & pencils - it's all good.
Monday, February 23, 2009
Overheard on the Santa Maria
No no Captain, please don't misunderstand - it's not me that has doubts. It's the men that are all saying that their Garmins and Tom Toms are saying we should be going South and not due East to get to the Indies, and that the projected travel time is 11 months and not the 6 weeks you've been saying.
Overheard on a desert isle
Well yes Friday, of course I could use the cell phone. But I just refuse on principle to pay those exorbitant roaming charges. And I'm sure that a rescue boat will sail by any day now....
Friday, February 20, 2009
Maybe get Al Gore to make a movie?
Online privacy is like global warming.
Everybody recognizes there is a problem, but precious few do anything meaningful to mitigate the risk.
Everybody recognizes there is a problem, but precious few do anything meaningful to mitigate the risk.
.jpg)
Thursday, February 19, 2009
Black-listing (yourself)
Integrity offers what they call a Self-Exclusion List designed to protect problem gamblers from themselves.
The individual (or a legal guardian) adds themselves to the list so that, if they ever attempt to create an account at a gambling site that uses Integrity for age-verification, the account creation will be denied (or at least Integrity will not give the OK, the site can still ignore the advice).
Unlike a common dynamic from TV & movie, once a gambler has added themself to the SEL, they can just as easily perform deprovisioning (albeit with a 7 day delay).
The identity world spends most of its time worrying about use cases in which attribute flow enables some experience for users, not actively disables.
I'll give you 5 to 1 odds that the Integrity age verification protocol is proprietary. Unnecessarily so.
The individual (or a legal guardian) adds themselves to the list so that, if they ever attempt to create an account at a gambling site that uses Integrity for age-verification, the account creation will be denied (or at least Integrity will not give the OK, the site can still ignore the advice).
Should an individual whose name is on the list attempt to open an account with a participating gaming site, Integrity would not return a match (approval) code to the merchant, thus blocking the user’s access to the site.
Unlike a common dynamic from TV & movie, once a gambler has added themself to the SEL, they can just as easily perform deprovisioning (albeit with a 7 day delay).
The identity world spends most of its time worrying about use cases in which attribute flow enables some experience for users, not actively disables.
I'll give you 5 to 1 odds that the Integrity age verification protocol is proprietary. Unnecessarily so.
Wednesday, February 18, 2009
Secure Pizza
Domino's Pizza uses Voltage IBE encryption for secure conversations with its customers.
<order>Yeah, I'd like a large combination with extra
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
</KeyInfo>
<CipherData>
<CipherValue>WXlDyktaADlUe+PywKwS3KdKlahCteEKxi/hRlHcXNQlGwNGrYKy8aQ6dLtX1bKg
IgL/XoAQN3B27zD91b1ZLGh6QQ9CjnVD98+hYJ9TPp4piPnII4vGUA==</CipherValue>
</CipherData>
</EncryptedData> and a side order of wings.</order>
Mission critical security.
<order>Yeah, I'd like a large combination with extra
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
</KeyInfo>
<CipherData>
<CipherValue>WXlDyktaADlUe+PywKwS3KdKlahCteEKxi/hRlHcXNQlGwNGrYKy8aQ6dLtX1bKg
IgL/XoAQN3B27zD91b1ZLGh6QQ9CjnVD98+hYJ9TPp4piPnII4vGUA==</CipherValue>
</CipherData>
</EncryptedData> and a side order of wings.</order>
Mission critical security.
Tuesday, February 17, 2009
Missed standardization opportunity
I was watching a nature documentary last night. It seems that several species of monkey (e.g. Diana monkeys, Spot Nose Guenons, Campbell's monkeys, and others) in the Tai forest of West Africa move together through the canopy in what is called a 'monkey alliance'.
Like many monkeys, each species within the Alliance has its own set of predator-specific alarm calls, i.e. 'Holy sh%t, big eagle coming in', etc. The interesting twist of these Alliances is that the different alarms calls are understood by the other species too. So, if a Diana spots a leopard and sounds the alarm, not only the other Dianas go on alert but also monkeys from the other species.
Pretty inefficient. I'm a young Guenon and I'm expected to not only learn my own species' calls but those of every other species I hang around with? And what happens when a new Alliance member joins up? Adult education classes?
Barring some sort of cross-species standard for alarm calls (you'd never get each species to give up their own calls, you know how primates are), you would have thought the different monkeys could have at least got together in a non-partisan location and thrashed out some basic guidelines for reconciling the various call systems. Maybe something as simple as high-pitched calls for threats from above, low pitched calls for threats from the ground.
Monkey alliances are viable because each species within generally obtains food in different ways (e.g. at different levels within the forest canopy, flowers versus fruit, etc) so they don't directly compete with each other. Hmmm.
Like many monkeys, each species within the Alliance has its own set of predator-specific alarm calls, i.e. 'Holy sh%t, big eagle coming in', etc. The interesting twist of these Alliances is that the different alarms calls are understood by the other species too. So, if a Diana spots a leopard and sounds the alarm, not only the other Dianas go on alert but also monkeys from the other species.
Pretty inefficient. I'm a young Guenon and I'm expected to not only learn my own species' calls but those of every other species I hang around with? And what happens when a new Alliance member joins up? Adult education classes?Barring some sort of cross-species standard for alarm calls (you'd never get each species to give up their own calls, you know how primates are), you would have thought the different monkeys could have at least got together in a non-partisan location and thrashed out some basic guidelines for reconciling the various call systems. Maybe something as simple as high-pitched calls for threats from above, low pitched calls for threats from the ground.
Monkey alliances are viable because each species within generally obtains food in different ways (e.g. at different levels within the forest canopy, flowers versus fruit, etc) so they don't directly compete with each other. Hmmm.
Monday, February 16, 2009
Update: When is a log-in not a log-in?
Update: Bob was gracious enough to send me a copy of the paper. I guess he already has an account with Burton.
When you are trying to 'Access Complimentary Content' from Burton, such as Bob Blakley's relationship whitepaper.
I'll leave it to somebody else (who may not have the same great amount of respect for Bob that I have) to point out the irony of Burton trying to establish a 'relationship' with me based on justification as tenuous as downloading a whitepaper.
Can somebody send me a copy of the paper?
When you are trying to 'Access Complimentary Content' from Burton, such as Bob Blakley's relationship whitepaper.
I'll leave it to somebody else (who may not have the same great amount of respect for Bob that I have) to point out the irony of Burton trying to establish a 'relationship' with me based on justification as tenuous as downloading a whitepaper.
Can somebody send me a copy of the paper?
Thursday, February 12, 2009
Wednesday, February 11, 2009
95% success rate!
Plaxo is bragging about a 92% success rate for users of the OpenID/OAuth Hybrid extension.
Let me see if I have this right.
When you offer users a single combined OP & attribute provider (thereby removing from the equation the difficult part of having the user enable discovery of arbitrary providers), things are suddenly easy?
Let me see if I have this right.
When you offer users a single combined OP & attribute provider (thereby removing from the equation the difficult part of having the user enable discovery of arbitrary providers), things are suddenly easy?
Monday, February 09, 2009
Geographically qualified claims
KFC has a new ad in which they must say 'fresh' 5 times.
If you look closely at the fine print, the freshness of the chicken is somewhat qualified.
In SAML, this sort of thing in an assertion would go in the <Conditions> element. Probably in a child <CoverOurCorporateAsses> element.
If you look closely at the fine print, the freshness of the chicken is somewhat qualified.
Fresh claim is applicable to its Original Recipe thighs, drumsticks, breasts and wings. Not applicable in Alaska, Hawaii and due to supply outages
In SAML, this sort of thing in an assertion would go in the <Conditions> element. Probably in a child <CoverOurCorporateAsses> element.
De facto standards
From BoingBoing, comic book standards.
All identity assertions should end with an exclamation mark - why trust a claim if the IdP isn't confident enough to emphasize?
All identity assertions should end with an exclamation mark - why trust a claim if the IdP isn't confident enough to emphasize?
Friday, February 06, 2009
Fire and forget
I set an Thunderbird filter rule years ago.
After lying dormant for all those countless emails since then, it triggered today.
Initial set-up effort vindicated!
if message contains 'Moliere', move to trash
After lying dormant for all those countless emails since then, it triggered today.
Initial set-up effort vindicated!
Thursday, February 05, 2009
Tuesday, February 03, 2009
Embargo
In response to the blatantly protectionist "Buy American" clause in the US stimulus package, I encourage all Canadians to boycott American IdP/OPs in favour of local alternatives.
They can have their steel, there is more margin in identity infrastructure.
They can have their steel, there is more margin in identity infrastructure.
Subscribe to:
Posts (Atom)