Monday, December 24, 2007


5 yr old to me: So, is Keon (best friend) home from her trip?

Me to 5 yr old: No, she is still in Toronto. She won't be back till after Christmas.

5 yr old to me: So, she won't be at home for Christmas? How will Santa know where to bring her presents?

Me to 5 yr old: Geolocation.

5 yr old to me: Oh, so Keon added Santa to her People Service - so that he could be granted access to her various identity services like geolocation in a controlled & privacy-respecting manner?
Me to 5 yd old: Don't tell your brothers but you are my favourite.

Fah who foraze! Dah who doraze!

When providers are young, federated identity is all about the assertions they get. They wake up each morning excited about just what identity they'll receive that day, hoping for that shiny new red attribute they saw in the catalogue.

As providers mature however, they realize that it's actually giving identity that matters - the pleasure an IDP enjoys in seeing the face of an SP light up as they unwrap a claim, the satisfaction of choosing attributes wisely.

Myself I'm still an SP at heart.

Saturday, December 22, 2007

I stand (somewhat) corrected

In a comment to my 'Its not just mashups' post, Wesabe's Marc Hedlund corrects me

Unlike all of the other companies you mentioned, we do *not* require you to give us your bank or credit card usernames, passwords, or account numbers in order to use our service. We allow you to upload a file downloaded from your bank -- in which case no software but the bank has your password -- or use one of our downloadable agents, the Wesabe Uploaders, which store your passwords on your own computer.

The export/import model may be appropriate for Wesabe's model of exploring the broad patterns in your finances, but I (as a consumer) want real-time aggregated numbers.

Update: it seems that Wesabe does support dynamic update - through a desktop tool. I should do some research ....
In a separate comment, Yodlee's Jordan appears t0 blame the banks

The challenging is having the large financial institutions of the world understand that there is a compelling driver for them to support these news technologies.

but cites a willingness to change
Yodlee is an innovative technology company and we are always pushing towards the best and most secure way to do things and we are able to implement quickly.

Friday, December 21, 2007


By allowing me to create meaningful content like this, my new tablet has more than justified its cost.

It's not just mashups

Web 2.0ish mash-ups seem to get all the attention for the (dubious) authentication model in which user's must provide their account credentials at some 3rd party site in order to allow the mashing site to access their data there.

If the data being pulled is inane or worthless, you might even be able to defend the model (until you realize how people reuse passwords across sites of different sensitivity).

Yodlee, Geezio, Mint, and Wesabe all use this 3rd party authentication model, but for financial data.

All profess to be 'obsessed with security'. Not surprising.

They all need to look at ID-WSF or OAuth.

Thursday, December 20, 2007

LiMo Foundation

A colleague gave me the Coles/Cliffs Notes summary of the LiMo Foundation

Android is to LiMo as Passport was to Liberty Alliance

If so, I predict that, in 3-4 years, LiMo'ites will be saying
"It's a gross over-simplification to say that we were formed to counter Android"


George climbs down off his SOAP box to count a number of recent proposals for various types of discovery.

Given the numbers, it seems clear that we need a meta-discovery mechanism, i.e. how to discover the latest discovery proposal.

Do other identity bloggers

have Olympic medalists leaving comments?

No, I thought not.

Wednesday, December 19, 2007

In other words

The 'Identity Law of Minimal Disclosure' can be summed up as

Least said, soonest mended

China Syndrome

Robin's analogy for PII half-life makes me think of the China Syndrome - the hypothetical consequence of the escape of fissionable material from a nuclear reactor core.

If PII 'burns through' the containment vessel, will it end up in China?

Given the ever increasing amount of Russian spam I get, I'd guess an address somewhat to the West.

More Identity Management for Indoor Rowing

My son and I are participating in an indoor rowing Concept 2 Holiday Challenge, each of us attempting to row a certain distance before midnight on Dec 24.

My goal is 200km, but as 100km is a milestone for some, when I crossed that threshold my challenge page added a link from which I could download a Certificate acknowledging the accomplishment.

The URL for the 100k certificate looks like*******/challenge/holchal/HRC07_100cert.pdf

On a whim, I replaced '100' with '200' in the above and tried the resulting address. The URL worked and rewarded me with a nice 200k certificate.

Given that nothing prevents someone from completely fabricating their rowing distances, this is not an egregious security hole.

People Service & Last Minute Shopping

I'm scrambling to get a last-week XMas gift for my 10yr old, it's a Lego Mindstorm NXT Book.

The book store can guarantee it will arrive in time, but only if I ship it to an address in Toronto.

I do not live in Toronto. My brother does live in Toronto. My family will be seeing his family at my parents.

An idea begins to form.

As it is, I can make this happen by providing my brother's address (I've already sent the email asking him, this easier than searching through my wife's daytimer) by hand to the book store as an alternate 'Use this address'.

Much preferable would be for the book store to get my brother's address on its own. A sequence that would accomplish this is

1) discover and query my People Service
2) show me a list of possible 'shipping recipients'
3) once I chose my Toronto-based brother, discovery and query his personal profile service for his address
4) ship book
5) create me a nice card to give to my son on the 25th, saying 'Be patient, your uncle has the NXT book'.

Xmas Card(s)


An email exchange with a colleague after a shared conference call

Friend to me: Why aren’t you on IM? Or have you blocked me from seeing you?

Me to friend: i dont have the IM client that speaks AIM as an auto start.

do you not use Skype?

Friend to me: Not very often. AIM, Yahoo messenger and google AIM are the 3 that I have up/running most often.

But for my colleague's apparent neediness and the resultant suggestion of stalking, this reads like two partners contemplating federated identity operations exchanging metadata to determine how best to communicate.

Tuesday, December 18, 2007

A Certain Irony

There is a certain irony to using Sxipper to manage authentication to the site.

It took me a while to get it to work. Sometime ago I had turned off Firefox's Password Manager (but not cleaned out already saved data). After than, I installed Sxipper and it worked quite happily with the existing store of account names passwords. was the first site I've created a new account at subsequent to turning off the Firefox feature so Sxipper was understandably lost.

Monday, December 17, 2007

SSOCircle & Google

Daniel describes how SSOCircle and Google use SAML for SSO.

A video version

p.s. in the past week, I've received 3 comments for the above video, all bitching about the sound quality.

As I see it, I have two choices for dealing with the complaints. The first is to take the criticism as constructive advice and invest in a better microphone and learn a bit about recording levels etc.

Alternatively, I can just block the commenters. Hmmm ...

The microphone I have seems fine.

Promiscuity Linked to Small Brains

In species where females are sexually promiscuous there is an evolutionary advantage for the males to have large testes capable of generating large amounts of sperm. If a male is uncertain about the constancy or duration of a female's affections, there will be strong motivation for him to ensure against some subsequent competitor sneaking in at the wire and impregnating the female, by choosing 'quantity over quality'.

Nothing portrays this clearer than the following diagram of the relative sizes of body, penis and testicle size (also showing relative body, breast, and ovary size for females)

Chimpanzees are promiscuous, and their testicles are many times larger than those of gorillas, in which a single dominant male has exclusive access to a “harem” of females. Because the male gorilla does not worry about (day to day) competition, he need not invest excessive energy creating sperm through growing large testicles. Humans testicles are intermediate in size (on average of course).

A study of testicle size in bats produced similar results. In the study, a team looked at testicle and brain size in 334 different species of bat. They determined that the size of testicles increased markedly in species with promiscuous females, and that the males' brains were correspondingly smaller.

All else being equal, an animal has to chose between making sperm and making brain cells - there is no free lunch. For those species that choose the former in order to protect their genetic interests in the face of loose females, the males brain size 'shrinkages' accordingly.

The reader can draw their own conclusions as to the relevance of these studies to identity system trust models.

Project Concordia Screencast

An experiment with my new tablet device

The screencast (with no audio) shows the flow of a Concordia use case showing a SAML domain connected to an Infocard domain - a user authenticating with a managed card followed by SAML-based SSO. The hybrid Infocard RP/SAML IDP in the middle is the glue.

The interesting piece of the scenario (to be demoed at RSA in April) is determining how 'authentication policy' can persist across the domain boundaries - mapping from SAML's authentication context mechanisms to comparable support in WS-Trust & the card selectors.

Please note the festive colours.

Sunday, December 16, 2007


Ben is thinking about discovery.
when I first arrive at a site, how does it know who I’ve chosen to be my IdP? When I turn up at Unicorns-R-Us, how do they know that they should go to Amazon to verify that I’m logged in and that I’m the same guy as shopped there last time?

This question is, of course, the question of IdP discovery, and although we’re not worrying about it much right now (at least in the user-centric world - I know Liberty has worried about it forever), I predict that we’ll be worrying about it a lot, Real Soon Now.
It's true that the Liberty Alliance did spend time on this sort of discovery, that where an RP determines the place where the user can be authenticated. It was in ID-FF that the 'common domain cookie' discovery mechanism that SAML 2.0 now standardizes was first defined (after ID-FF was submitted as input).

These days however, Liberty doesn't spend much time thinking about this sort of IDP discovery.

For Liberty, discovery now primarily refers to Unicorns-R-Us, once given an authenticated user through (likely) SAML SSO, determining where the various identity attributes (e.g. profile, calendar, geolocation, social, etc) of that authenticated user can be found. It is through the user's Discovery Service (a sort of personalized identity search engine) that Unicorns-R-Us is able to find these various services, as well as obtain security tokens that can be used to authenticate to those services.

For the most part, Liberty ID-WSF defers to the SSO protocol that precedes it (with the link between the two worlds known as the bootstrap) to deal with the type of IDP discovery Ben is interested in.

Flynn Effect

The Flynn Effect is the observed fact that, around the world, the average score for people taking intelligence tests are rising year to year.

Lest you think we are getting collectively smarter, please consider the counter evidence.

If people aren't getting smarter, then the tests must be getting easier. One explanation for the rising scores comes from Ulric Neissner, who argues that the scores are climbing because of the tests' reliance on visual questions, and the familiarity of test subjects with such through the ever-increasing visual world.
Schoolchildren of all ages devote far more time to visual "projects" today than they did a generation ago.

So people aren't smarter across the board, just in those aspects of intelligence that IQ tests find easiest to test.

When talking about the usability of identity systems, you'll often hear somebody say something along the lines of
It has to work for my Mother

the idea being that older web users may have different capabilities with respect to getting around on the Web (or programming the VCR, turning on the flat screen, etc) and that usability of identity systems has to account for these restricted skills (or willingness to learn new ones).

But if Neissner's explanation of the Flynn Effect is correct, then Mom may be a lost cause. Her ability to understand web identity systems through visual cues, without years of early training through video game playing, YouTube browsing, or Viagra spam filtering, is just not there and unlikely to be trainable. Sorry Mom.

With respect to the value of the tests themselves, I think Neissner sums it nicely
no serious scholar claims either that IQ tests measure nothing important or that they measure everything important.

Friday, December 14, 2007

Claims Transformation

I have a small amount of OnePass miles (collected I know not when).

Thinking I might be able to transfer them to Aeroplan (my preferred disloyalty program), I came across Mileage Converter.

My conversion calculation is shown here

Even with the egregious, bank-like conversion rate, I'd be tempted to transfer the miles were it not for the implication of having to create accounts at the intermediate AmTrak, Midwest, and HHonours (actually I think I have one there) to enable the flow.

If only there were an easier mechanism for the controlled transfer of identity to and from entities that I may or may not have a 'credentialled' account with ....

Does FutureShop sell metasystems?

FutureShop being my preferred electronics dealers, I wonder if I might be able to pick up a meta-system there, as my wife has been dropping hints for her Xmas present - hints like leaving little notes around the house about about how much she hates passwords, or asking over breakfast 'Sigh, Is there anything that can be done about phishing', etc. Subtle, real subtle.

Pam seems to suggest that an identity metasystem would have a SKU.

would like to see Enterprises adopt technologies such as the Identity Metasystem

I assert that the metasystem (of which we more and more see tantalizing glimpses of) is not a technology in and of itself, but rather separate identity technologies (each of which you can go out and buy to put under the tree) that are, at the very minimum, not incompatible, and ideally, optimized to be compatible & composable.

I will be on the lookout for Boxing Day sales though ....

As for the original question of the relevance of user-centric in the enterprise, I'm staying out of it - I claim no expertise on the pressures today's enterprises experience that might drive them to abdicate some level of control over how the identities of its employees are used. I will say this. I have been an enterprise employee in the past and cannot recall an instance where I said to myself
Wow, this authentication/identity system empowers me. The Company is really putting my interests first.

Thursday, December 13, 2007

At the other end of the assurance spectrum

from EV Certs is this proposal for more extensive use of self-signed TLS server certs.

While it wouldn't help with phishing, it's interventionist ISPs that the more ubiquitous TLS is meant to thwart.

Tags: , ,

Who needs browser tabs

when your ISP is willing to enable 'enhanced browsing' for you.

As a Rogers customer, I am actually happy they are thinking of new ways to alienate me, I long ago grew tired of the old ways.

From Boing Boing

Claimed Identity

Perkin Warbeck's card selector

It wasn't just Perkin self-asserting. For their own (dynastic and/or political) reasons, lots of 3rd parties chose to profess themselves convinced of his authenticity - and even affirmed it themselves.

Just goes to show that sometimes you have to take even the claims of authorities with a certain amount of skepticism and qualify your confidence.

Wednesday, December 12, 2007

Mixed Emotions

I am no longer Co-Chair of the Technology Expert Group (TEG) within the Liberty Alliance.

I have mixed emotions about the change; part of me is ecstatic, the other part giddy.

I'll miss being pushed around by Carolina & Joni, but I expect my wife will be willing to pick up the slack so that my level of cowed-ness will remain constant.

To help prepare Prateek for Carolina's return from maternity, I have taught him to say "I apologize", "You are right. It was silly of me to think otherwise", and "Sorry, I will stop interrupting" in Spanish. These at least will get him through the first call.

I plan on filling my time with

- Identity Governance Framework
- Project Concordia
- profiling SAML & ID-WSF for new SSO Use Cases
- Identity Assurance Framework
- VRM explorations
- the next phase of Liberty's client capabilities evolution
- continuing to add to my comprehensive Nihongo vocabulary (next lesson is saying 'Good Night'!)

Costus Interuptus

As I see it, the key aspect of the VRMish "Magazine Subscription Use Case" is the value of services providers being able to deliver uninterrupted services to users - even when confronted with changeable endpoints (e.g. a mailing address, etc).

But it's not just a changed endpoint that can interrupt service. Modified payment information can be an even quicker show-stopper.

I received the below from Sirius Canada.

Were Sirius to have obtained my credit card info from a 'wallet provider' the first time, and subscribed to be notified should the card information subsequently change, I would have been spared the hassle of changing the info myself if I renew.

Note: I thought about obfuscating the ESN above but couldn't see the danger. Was I wrong? Have I just made it possible for CSIS to track my listening habits? (For the record, I listen to the PlayBoy Radio Channel for the interviews).


Usage Abuse

Received the following from my new wireless provider.

Now I clearly gave them the date of my birthday, but my sharing would have been in the context of 'security verification info' and not 'undesirable marketing spam'.

Somebody with more motivation than I might go take a look at the privacy policy and see what clause they've violated by collecting identity in one context and using it in another.

Secondly, what is the value of free calling on my birthday if constrained to only 'from us to you'? Big deal! I don't want them calling me anyways.

Tuesday, December 11, 2007

Phone Tag

Me to I'd like to cancel my wireless account when the contract expires in 5 days to me: Name and Password please.
Me to Paul Madsen & XXXX to me: Thank you, now for cancellations I have to send you to Customer Service.
Me to OK

phone redirect

Me to I'd like to cancel my wireless account when the contract expires in 5 days. to me: Name and Password please.
Me to Paul Madsen & XXXX to me: Thank you, now for cancellation of bundled accounts, I have to send you to Customer Service for Consolidated Accounts.
Me to Sigh. OK

phone redirect

Me to I'd like to cancel my wireless account when the contract expires in 5 days. to me: Name and Password please.
Me to Paul Madsen & XXXX to me: Thank you, now I'm sorry to hear you are canceling your account. Do you mind telling me why?
Me to (stunned silence)

Terminology Dispute

Jeff loathes terminology debates.

Actually, I think a better term than 'debate' would be 'dispute'. To my mind, debate implies a more structured format than supported by blog post threading.

Fountain of Youth

It's stuff like this that keeps me feeling young and sarcastic.

describes itself as a service that allows users to
Stop Junk Mail and Protect Against Identity Theft for Free

I signed up and played around a bit some time ago. And then forgot about it as the service wasn't available to Canadians.

I was reminded of ProQuo yesterday. I received 2 (yes 2, deux, zwei, etc) 'newsletters' from them, thanking me for signing up.

Looking at ProQuo's registration page, it is indeed opt-in for getting the newsletter so my bad - I must have been feeling tired. I definitely didn't opt-in twice though.

Monday, December 10, 2007

Look at that escargot!

Reading through SAML 2.0 Bindings, I noticed the diagram for the Enhanced Client or Proxy (ECP) Profile flow.

The call-out on the left for Step 3 states
ECP determines Identity Provider to use (methods vary, details not shown)

Well how timely. One such mechanism for choosing the Identity Provider will be an S-card within the Higgins identity selector - as selected by the user (once candidate IDPs are determined by mapping the criteria of the request against the capabilities of the different providers.)

Specifically, an S-card will represent the relationship the user has with a SAML-based IDP, just an an M-card represents the relationship with a WS-Trust based IDP.

A new twist on passwords (a bad one)

Booking some travel at Priceline, I saw the following

This is twisted.

Not only is a password authentication equated with the type of question typically used as part of a password reset (with security supplemented through a known verified email address), but Priceline explicitly encourages the user to provide their 'preferred' password, i.e. the same one they use everywhere else.

ID-WSF and the VRMish "Magazine subscription use-case"

Update 2: in a comment, Robert clarifies and expands. First, that ID-WSF allows for 'first level permissions' to be defined at the Discovery Service, i.e. the user can control which requestors are even allowed to find their identity services, much less actually obtain identity. Secondly, interaction can happen either through browser redirects, or through the back-channel. Robert points out that, if the user is online and available, the redirect option is simpler. Agreed, but there can be security advantages to using a separate communication channel than the browser.

Update: fixed below where I mistakenly attributed the 'push out new address' operation to - this actually performed by


Alice is a customer of British Airways, and has BA's monthly in-flight magazine delivered to her work mailing address (as the bulk of her travel is work related). Alice maintains her mailing address at an online Identity Provider If and when Alice changes jobs, changing her address at will serve to automatically change all copies of the address held by the various mailers she has signed up for.


  1. Alice, a frequent flyer with British Airways.
  2., Alice's cellular provider.
  3., the Identity Provider at which Alice stores her delivery/shipping address.
  4. BritishAirways, the airline wants to know if and when Alice's shipping address changes so that her subscription to the BA in-flight magazine Impressions can be delivered without interuption


These following sequences describe how Liberty Alliance ID-WSF could be applied to support the use case. There are two phases, the first in which Alice facilitates BA getting her mailing address the first time, followed some time later by BA automaticaly receiving her new address when it changes.


  1. On a business trip, prompted in the departure lounge by an offer for additional miles if she subscribes to BA Impressions, Alice uses her phone to navigate to the BA mobile site
  2. After asking her for consent, BA redirects Alice to, using SAML to ask for Alice's authentication
  3. After authenticating Alice, sends her browser back to BA with a SAML assertion carrying a pseudonym for Alice (specific to the connection). Also in the SAML assertion is information about Alice's Discovery Service (DS) – the place where BA can go to find out where Alice's Personal Profile Service is – this the place to get her mailing address.
  4. BA asks Alice for her consent for it to discover her Personal Profile. She gladly gives it, as this will mean she doesn't have to enter it on the phone herself.
  5. BA queries Alice's DS for the location of her Personal Profile, specifying it's her work address it is interested in (as guided by Alice) as a search parameter. At the same time as making this request, BA asks to be notified if and when Alice's address changes in the future.
  6. Alice's DS returns to BA Alice's work address. Likely accompanying the data itself are the associated obligations BA assumes, e.g. allowed uses, deletion rules, etc.
  7. BA displays the address to Alice and asks 'Use this one?'
  8. Alice notices that the address has an old office building listed (she having changed departments), she changes that bit through BA's interfaces (the phone OK for entering numbers)
  9. BA sends the changed address back to
  10., uncertain about whether it should accept the changed data, reaches out through the ID-WSF Interaction Service (IS) to send Alice an SMS asking for guidance
  11. Alice indicates should accept the changed data and store the new building.Her consent is routed back through the IS.
  12. BA now has Alice's mailing address and Alice enjoys reading on a monthly basis about up-scale hotels in exotic locations her company's travel policy will never allow her to stay in.
Later On
  1. Alice switches companies, her new role has similar travel load so she still wishes to receive BA's magazine.
  2. Alice visits her account management page at
  3. She enters her new work mailing address.
  4. Based on the previously subscription created when BA first obtained Alice's mailing address, pushes Alice's new mailing address to BA(and other chosen mailers).
  5. Alice receives Impression magazine without interuption.
  1. ID-WSF can work much the same way for all the other slices of Alice's identity, e.g. calendar, wallet, geo-location, reputation, etc. It's all about discovery & invocation of identity services, with appropriate security & privacy.
  2. there need be no existing trust and/or business relationship between and BA. can effectively broker trust between the two of them.
  3. ID-WSF supports variations where Alice's phone can play a more active role, e.g. either or both of Discovery Service & Personal Profile Service could hosted on her phone

Friday, December 07, 2007

A Framework for Identity System Confusion (Reduction)

I gave the below presentation on Monday's IIW 2007b Introductory Session.

I hope it's a fair treatment of the design goals and capabilities of each identity system.

I do need to update the matrix of functionality to reflect, at minimum, OAuth.

Do I still get a t-shirt?

Update 4:I am shirted (along with everybody else who attended IIW).


Update 3:in a comment, Dale reassures me that my wardrobe will be appropriately extended. Related to Dale's comments about user experience, I'll be troubleshooting this with Pam at IIW.

Huzza to the Bandit team for their great help-desk support. Both Dale and Pam literally offered me the shirt off their backs (albeit the first stained and the second a so-called girly version)


Update 2: Andy clarified for me that my problem with the Firefox extension was indeed 'my' problem, as I was expecting the plug-in to enable card selection for Firefox on XP. But, the extension actually just calls out to a Digital Me exe, a Windows version of which doesn't yet exist.


Update: in comments, Andy & Carolyn encouraged me to try the latest Digital Me Firefox extension.

Alas, I still see errors

Saw the same messages at different RPs.

Perhaps relevant, the instructions indicate

Launch DigitalMe. Under the "File" menu, select "Import". This will bring up a file chooser dialog.

How do I 'launch' Digital Me?

The shirts look like tight in the collar anyways.

I've been trying to log-in to Bandit T-Shirts using a managed card from the Bandit Cards.

I'm stuck in a strange loop. Steps are

1) create account at Bandit Cards
2) after authenticating with account/password from Step 1, create a personal card for alternative authenticating mechanism (I predict that users are going to have trouble keeping such cards separate in their minds, I sure did)
3) download and install a managed card to the Cardspace selector (couldn't get Digital Me selector to work in Firefox
4) go to Bandit T-Shirts RP and ask to log-in.
5) (seemingly) successfully present the managed card to the RP
6) get shown a screen indicating that the email address from the card needs to be validated. Told to click on link in the mail just sent to me (it's not clear to me whether it's the IdP or the RP validating the email address. If the former, why not do the validation earlier when I created the account? If the latter, why not trust the IdP?)
7) Click on link, get taken to what appears to be the same page as Step 4 above. Noticeably missing is any 'Hi Paul, you have successfully presented a card, your t-shirt is on its way" message.
8) Rinse and repeat.

I do like those shirts.

Wednesday, December 05, 2007


As yet, I don't know exactly what Wingaa is, but I do love the name regardless.

Sounds like an Aussie Rules position.


Your reputation precedes you

Dave agrees with Phil that reputation will be 'the next big thing for IIW', and seemingly by implication, perhaps for the identity world.

Reputation did indeed seem to be a 'topic of interest' at IIW.

Abbie Barbir presented on a proposed OASIS TC for 'Open Reputation Management Systems'. (I wonder if we could all agree to simply take the 'open' on faith and stop prefacing everything we do with the descriptor?).

Additionally, Phil's BYU grad students were always around to talk about their reputation work, which I assume was presented at some time but I missed it.

And of course, IIW itself is a forum where people's reputations get reconciled with reality.

But I question whether reputation is yet ready for 'Big Thing' status. I contend that a necessary underpinning of meaningful reputation is a consistent social layer, so that my reputation can be informed by those that best know me, in addition to or instead of those with whom I've simply interacted with online (a la eBay's or Slashdot's model etc.)

Sometimes reputation needs to be based on real and not merely transactional experience. Employers base a hiring decision on both references and past employment history, not one or the other.

And while it may make less sense to talk about a provider's 'Buddy List' when thinking about its reputation, I would likely want to give greater weight to the opinions of my own friends when calculating that reputation than somebody named 'NotMyRealName2007'.

So, I believe that an individual's social network (I've decided to alternate between using 'network' and 'graph' on a weekly basis) can feed into both their own reputation, as well as how they calculate the reputations of other parties.

For reputation to be the next big thing would imply that the necessary social footings are in place - that we've 'solved' social identity. Notwithstanding the recent gush of enthusiasm over the potential for freshly final OpenID and OAuth, in combination with XFN and FOAF, to do this, or alternative systems like Liberty People Service, we have not solved social identity.

New social app


Dale Olds
Ashish Jain
Mike Jones
Mike Beach
Andy Dale
Kim Cameron
Dave Kearns

As I get ready to go to the airport for travel to IIW 2007b, an idea for a new social site came to me.
People I know only through blogging but look forward to actually meeting

Probably need to spiff up the name, perhaps Or ...

I hope I'll be able to cross some entries off my list by the end of the week.

The sister project
People I actually have met but wish I knew only through blogging.

is searching for angel investors.

Tuesday, December 04, 2007


Kaliya opened IIW this morning by presenting the 4 principles of Open Space.

1) Whoever comes is the right people.
2) Whatever happens is the only thing that could have.
3) Whenever it starts is the right time.
4) When it’s over it’s over.

Isn't this OpenID's trust model?

Selective Pressure

In its purest form, the OpenID philosophy forbids Relying Parties from showing any preferences for particular OpenID Providers from whom they might accept authentication claims. Thus the current tension between the 'promiscuity purists' and those who want to use whitelists & blacklists in order to allow RPs to select their OP partners with more discernment.

I'll argue that RP promiscuity (in which the RP cares little about which specific OPs it partners with) works just fine in situations where both of the below are true
  1. the resources the RP protects are such that the RP assumes no different levels of risk in accepting authentication claims from different OPS
  2. there is no other factor that differentiates OPs

At least currently, OpenID is being used in low value (money & sensitivity) applications. When there is little risk to start with, an RP will feel little different about how various OPs change that risk. So, for now, #1 is true.

And #2 has been true. Except for varying levels of support for particular authentication methods (e.g. Infocards) or different extensions (e.g. Simple Reg or PAPE), the different OPs are a level playing field from the RPs point of view.

And then Vidoop has to tip the apple cart and skew the above balance by announcing that they, as an OP, are going to start paying RPs by sharing their advertising revenue. No longer is #2 true - even if #1 is still equal (i.e. no risk differential), an RP will now be motivated for favour Vidoop as an OP, above other OPs that don't pay.

I predict two consequences
  1. RPs will attempt to guide users to Vidoop in order to maximize revenue (e.g. "I'm sorry, the OpenID you presented doesn't seem to work. Would you like to use/create a Vidoop OpenID?")
  2. Other OPs will be forced to match the Vidoop revenue sharing model in order to restore the balance and ensure they are not excluded by RPs at selection time. There will be a bidding war as OPs fight to ensure market. A single OP with big pockets will emerge.

I think I'll go reserve ''. Maybe they can reuse the old code.

Sunday, December 02, 2007

Federated unauthorization

We have designated no-screen days on which the kids are forbidden from any activity involving looking at a screen, e.g. TV, computer, PSP, etc (homework & music-players exempted).

My neighbours, the kids of which my kids play with, use a different system - their kids can earn screen time through compensatory good deeds (e.g. homework,chores, etc).

Different authorization schemes between interacting policy domains.

And there is the rub, both sets of kids are constantly back and forth between the households, knowing full well that the two sets of parents have been unable to agree on authorization policy and are consequently ripe for the screen-time picking.

Me to neighbour kid: Hey, are you allowed screen time?
Neighbour kid (with straight face): Oh yes.
Me to neighbour kid: Well I guess so ....

I suppose audit could help prevent the abuse. But, busy life etc.

I'm thinking of adopting a system in which, every time my kids went over to the neighbours, and vice versa, there was pinned to their shirt a note (signed & sealed) listing what they were NOT allowed to do.

<Forbidden action="TV"/>
<Forbidden action="pre-dinner snacks"/>
<Forbidden action="criticizing their Father's rules"/>

Federated unauthorization.

And yes, XACML.

Saturday, December 01, 2007

Is she really going out with him?

Joe Jackson obviously wrote this a long time ago.

All he'd need to do these days is check out his ex's Facebook page.