Wednesday, February 25, 2009

Hybrid messaging protocol

My wife and her sisters have come up with their own hybrid protocol - it goes something like this

S1->S2 (email): Hi, here is a funny joke (joke will involve any or all of set of perceived husbandly foibles & limitations).
S1->S2:(phone): Hi, just sent you an email. Also, did you hear that Mom ....... (subsequent conversation typically lsts 45 minutes)
S2: checks email, reads joke
S2->S1 (phone): Yes, that joke was so true. Men are so like that. Ha ha. Also, did you hear that Mom ....(subsequent conversation typically lasts 45 minutes)
S2->S3 (phone): Hi, did you check your email? S1 sent a funny joke. Also, did you hear that Mom ...... (subsequent conversation typically lsts 45 minutes)

Don't you just hate

those XACML folks and their sense of entitlements?

Tuesday, February 24, 2009

Can't hurt to ask right?

Welcome Lucy & Trent

Trent notes that the Internet Society has joined the Liberty Alliance as a Management Board member.

Trust me, you made the right decision. Being on the Management Board is sweet. Free coffee at meetings, nice pens & pencils - it's all good.

Deprovisioning



Or at least I hope so.

Monday, February 23, 2009

Overheard on the Santa Maria

No no Captain, please don't misunderstand - it's not me that has doubts. It's the men that are all saying that their Garmins and Tom Toms are saying we should be going South and not due East to get to the Indies, and that the projected travel time is 11 months and not the 6 weeks you've been saying.

Overheard on a desert isle

Well yes Friday, of course I could use the cell phone. But I just refuse on principle to pay those exorbitant roaming charges. And I'm sure that a rescue boat will sail by any day now....

Thursday, February 19, 2009

Mosaic

Black-listing (yourself)

Integrity offers what they call a Self-Exclusion List designed to protect problem gamblers from themselves.

The individual (or a legal guardian) adds themselves to the list so that, if they ever attempt to create an account at a gambling site that uses Integrity for age-verification, the account creation will be denied (or at least Integrity will not give the OK, the site can still ignore the advice).
Should an individual whose name is on the list attempt to open an account with a participating gaming site, Integrity would not return a match (approval) code to the merchant, thus blocking the user’s access to the site. 

Unlike a common dynamic from TV & movie, once a gambler has added themself to the SEL, they can just as easily perform deprovisioning (albeit with a 7 day delay).

The identity world spends most of its time worrying about use cases in which attribute flow enables some experience for users, not actively disables.

I'll give you 5 to 1 odds that the Integrity age verification protocol is proprietary. Unnecessarily so.

Wednesday, February 18, 2009

Secure Pizza

Domino's Pizza uses Voltage IBE encryption for secure conversations with its customers.

<order>Yeah, I'd like a large combination with extra
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
</KeyInfo>
<CipherData>
<CipherValue>WXlDyktaADlUe+PywKwS3KdKlahCteEKxi/hRlHcXNQlGwNGrYKy8aQ6dLtX1bKg
IgL/XoAQN3B27zD91b1ZLGh6QQ9CjnVD98+hYJ9TPp4piPnII4vGUA==</CipherValue>
</CipherData>
</EncryptedData> and a side order of wings.</order>

Mission critical security.

Tuesday, February 17, 2009

Missed standardization opportunity

I was watching a nature documentary last night. It seems that several species of monkey (e.g. Diana monkeys, Spot Nose Guenons, Campbell's monkeys, and others) in the Tai forest of West Africa  move together through the canopy in what is called a 'monkey alliance'.

Like many monkeys, each species within the Alliance has its own set of predator-specific alarm calls, i.e. 'Holy sh%t, big eagle coming in', etc. The interesting twist of these Alliances is that the different alarms calls are understood by the other species too. So, if a Diana spots a leopard and sounds the alarm, not only the other Dianas go on alert but also monkeys from the other species.

Pretty inefficient. I'm a young Guenon and I'm expected to not only learn my own species' calls but those of every other species I hang around with? And what happens when a new Alliance member joins up? Adult education classes?

Barring some sort of cross-species standard for alarm calls (you'd never get each species to give up their own calls, you know how primates are), you would have thought the different monkeys could have at least got together in a non-partisan location and thrashed out some  basic guidelines for reconciling the various call systems. Maybe something as simple as high-pitched calls for threats from above, low pitched calls for threats from the ground.

Monkey alliances are viable because each species within generally obtains food in different ways (e.g. at different levels within the forest canopy, flowers versus fruit, etc) so they don't directly compete with each other. Hmmm.

Monday, February 16, 2009

Update: When is a log-in not a log-in?

Update: Bob was gracious enough to send me a copy of the paper. I guess he already has an account with Burton.

When you are trying to 'Access Complimentary Content' from Burton, such as Bob Blakley's relationship whitepaper.



I'll leave it to somebody else (who may not have the same great amount of respect for Bob that I have) to point out the irony of Burton trying to establish a 'relationship' with me based on justification as tenuous as downloading a whitepaper.

Can somebody send me a copy of the paper?

Wednesday, February 11, 2009

Connectid now available through the Cloud

Hey, I can spot a trend when I see one.

95% success rate!

Plaxo is bragging about a 92% success rate for users of the OpenID/OAuth Hybrid extension.

Let me see if I have this right.

When you offer users a single combined OP & attribute provider (thereby removing from the equation the difficult part of having the user enable discovery of arbitrary providers), things are suddenly easy?


Monday, February 09, 2009

Geographically qualified claims

KFC has a new ad in which they must say 'fresh' 5 times.

If you look closely at the fine print, the freshness of the chicken is somewhat qualified.





Fresh claim is applicable to its Original Recipe thighs, drumsticks, breasts and wings. Not applicable in Alaska, Hawaii and due to supply outages

In SAML, this sort of thing in an assertion would go in the <Conditions> element. Probably in a child <CoverOurCorporateAsses> element.

De facto standards

From BoingBoing, comic book standards.

All identity assertions should end with an exclamation mark - why trust a claim if the IdP isn't confident enough to emphasize?

Friday, February 06, 2009

Fire and forget

I set an Thunderbird filter rule years ago.
if message contains 'Moliere', move to trash

After lying dormant for all those countless emails since then, it triggered today.

Initial set-up effort vindicated!

Tuesday, February 03, 2009

Embargo

In response to the blatantly protectionist "Buy American" clause in the US stimulus package, I encourage all Canadians to boycott American IdP/OPs in favour of local alternatives.

They can have their steel, there is more margin in identity infrastructure.