Wednesday, January 30, 2008

What do you wanna bet that

, were Sxip to sell an OpenID-based solution, they'd mention the protocol in the associated press?

That's OK, SAML shuns the limelight.


Australia warns its travelers about the risks of Canada. My favourites

Heavy snowfalls and ice in the winter can make driving dangerous. The wind-chill factor can also create dangerously cold outdoor conditions.
We advise you to exercise caution and monitor developments that might affect your safety in Canada because of the risk of terrorist attack.
Bush and forest fires can occur any time in Canada.

I'm actually quite amazed that I'm still alive.

Based on my experience, Australian drivers are exposed to greater risk from ice when they reach into the back of their Ute to get a coldie from the Esky.

Oh my, a bush fire has started in my snow-covered back yard. Must go.

Tuesday, January 29, 2008

Imagine me waving my hands

as I write this.

And drinking red wine. And wearing blue.

'Most Pretentious Workshop Title for Q1 - 2008'

has just been announced.

I do concede it's possible I'm just PO'd because I'm not involved.

It seems that the organizers felt my demand for a separate dressing room from the other 'talent' was 'unacceptable'.

Ping clearly works out

From this,I'm guessing this.

Trying to remember, how did that movie end up ......

From Higgins to Societal Rules

  • Higgins recently announced support for SAML.

  • Liberty Alliance ID-WSF builds on SAML assertions and protocols in a number of ways.

  • A unique privacy-enabling piece of ID-WSF is the "Interaction Service", a set of related mechanisms whereby a user's Attribute Provider can, if the user is not currently visiting the Attribute Provider, reach out to pose queries to that user.

  • "Society", said the German sociologist Georg Simmel in 1908, "is merely the name for a number of individuals, connected by interaction."

  • 'Social Physics' was the term invented by August Comte to refer to the possibility of using scientific methods to analyze people and society.

  • Paul Trevithick now appears to spend less time on Social Physics than Higgins.

Ideally there would exist somewhere a university research study of the eponymous Tasmanian long-tailed mouse that used Shibboleth SSO to enable cross-school collaboration. Alas .....

Friday, January 25, 2008

This is news?

Government Computer News.
However, ADFS sends and receives these assertions not via the SAML protocol but another Extensible Markup Language-based set of secure transaction standards, called WS-* or WSFederation.

Pull your sox up

Phil and Marco have a great article on how Liberty Alliance's IGF can support SOX compliance.

Many information technology systems are comprised of numerous data “silos” containing personal information of customers, employees and partners. Information is often duplicated between these silos to varying degrees of accuracy and quality. Since management procedures are often specific to each silo, inconsistencies in the care and control and use of this information are inevitable. With the possibility of inconsistent identity information, demonstrating operational stability and control as required by SOX becomes challenging.

Thursday, January 24, 2008

From Claims to the Moluccas

1) Microsoft Cardspace builds on the idea of claims.
A “digital identity” is a set of claims made by one party about another party

2) Antarctica is owned by no country, but seven have made territorial claims over different (sometimes overlapping) pie-shaped sectors.

3) Argentina bases its claim in part on the Treaty of Tordesillas

4) The Treaty of Tordesillas was the 15th Century agreement between Portugal and Spain that divided up the globe into two domains - everything west of a mid-Atlantic meridian ceeded to Spain, everything east to Portugal.

5) A similar separation (not always respected) has evolved between SAML & OpenID - everything inside the enterprise meridian ceeded to SAML, that outside in the Web 2.0 world of Twitter etc to OpenID. (will online banking be the Moluccas that destroys this neat arrangement?)

6) Both SAML & OpenID deal in 'assertions', rather than claims.

Wednesday, January 23, 2008

Whenever I'm feelinng blue

This definition of 'the' identity metasystem' invariably cheers me up.

Some may not appreciate this subtle brand of humour, preferring 'pie-in-your-face' slapstick, but for myself, this is pure comedic gold.
An encapsulating protocol to obtain claims and requirements. The WS-Trust and WS-Federation protocols are used to carry requests for security tokens and responses containing those tokens

Pure genius! The Onion would be jealous.

Microsoft to join Public Mailing List!!!!

Shocking news!

Quite the journalistic coup for ComputerWorld. At least the level of research is consistent with confusing DataPortability with Social Network Portability, the fast-emerging group that wants to make it easier for users to share their personal contacts between different Web 2.0 and social media services,

Tuesday, January 22, 2008


I have my appointment for a retinal scan as part of the NEXUS program.

I'm already practicing the face I will show to the non NEXUS-enabled in the Canada Customs line whenever I cross back from the US - a mix of pity and scorn I think.

My biggest fear now is that there will not be a 747-size line for me to smugly walk past.

Top 8 Quotations on Trust


The only way to make a man trustworthy is to trust him.
Henry Stimson (1867 - 1950)

A little government and a little luck are necessary in life, but only a fool trusts either of them.
P. J. O'Rourke (1947 - )

I don't really trust a sane person.
Lyle Alzado (1949 - 1992)

The glue that holds all relationships together - including the relationship between the leader and the led is trust, and trust is based on integrity.
Brian Tracy

War is much too serious a matter to be entrusted to the military.
Georges Clemenceau (1841 - 1929)

You may be deceived if you trust too much, but you will live in torment if you do not trust enough.
Frank Crane

I know God will not give me anything I can't handle. I just wish that He didn't trust me so much.
Mother Teresa (1910 - 1997)

Love all, trust a few. Do wrong to none.
William Shakespeare (1564 - 1616)

A nitpick

on Jeff's nitpick on Eve's post.

Jeff points out that, in an enterprise, the users/employees etc will not likely have the same fine grained control over the how & where of their identity sharing.

Hence I would write it as..

(where users are okay with this sort of back-channel communication, or where they don’t have any say (e.g. in an enterprise deployment))

My nit.

The user had her 'say' when she signed the employment contract, and didn't read the sub-clause in Section 4.6 in which the IT department was given discretion to 'use, process, and share the employees identity data as deemed appropriate.'

Monday, January 21, 2008

How ironic

As pointed out by George, sites are subverting one of the main values of OpenID by hard-coding in IDP selection.

Basically, these main stream RP sites are using the "User picks their IdP" solution for determining where to send the user rather than having the user type in their IdP (,, etc) or full OpenID URL. At the moment, this scales OK as there aren't that many mainstream providers, but either user education needs to get better so this mechanism isn't needed, or we need a different technical solution.

Of course, even when there might be enough large OPs to make the 'Pick from List' model impractical, the dirty little reality of 'Preferred Partners' should serve to filter the list down.

Either way, it's clear that OPs will not all be treated equally with respect to their selection.


Directed it ain't

According to Simon Willison (with confirmation), Yahoo! is using the ceremony of 'directed identity' (i.e. user presents to RP rather than in its OpenID 2.0 support, but not the 'directedness' (as Yahoo! will return the same encrypted identifier for a user to each and every RP and thereby completely erase all correlation inhibition value of the mechanism).

On the plus side, it will save Yahoo! some rows in its database.

Tags: ,

Friday, January 18, 2008

Please delete my Yahoo! OpenID

Actually, just don't turn it on without my asking.

Oh right, according to the Tour, you won't.


Tags: , ,

I'm sick and tired of Censorship Silos

Abunga is a book store that promises to 'empower decency' by allowing books to be banned (and subsequently burned?) through a voting system.

Currently over 65,000 books have been blocked on to guard you family. Help us create a safer site for you and your family by blocking titles you find that aren't family friendly.

Blocking a book alerts us that you may have found a book that we don't want to sell and allows us to remove these titles to guard your family and ours. Additionally, once you block a book it will also remove the title from your view and it won't show up in one of your searches again.

A laudable effort. My current ability to choose to not purchase particular titles has left me feeling less than optimally empowered - Abunga not only gives me control over what I read, but what others can read. Now that's a decent level of empowerment!

I do have a concern however. If I were to create an account at Abunga and start listing books that offend me in some way (with the hopes that others would agree), that's all well and good. But it would be effort I'd need to duplicate at any other similarly right-thinking book sellers - the burden would fall on myself to ensure that my family was equally protected from undesirable contamination at each.

Each separate book store would be a 'silo of censorship'.

Could we not bridge these silos? Could we not make it possible for me to specify my narrow mindedness centrally, and yet leverage it at all the various sites I feel I need be protected at (and not just book stores, there are lots of things that offend me or that I don't understand.)

The current chaos of censorship must end.

What about Bob?

Kaliya wonders about social networks, invitation mechanisms, and Liberty Alliance People Service.

I do think it is pain in the butt to ‘re-invite’ my friends - are there ways to ‘re-invite them’ but not via e-mail? - are there ways to leverage the work that Liberty Alliance has done on the People Services Spec. from what I could discern from presentations I have seen it has promise to meet the needs articulated.

Today's invitation model is as follows

1) Alice visits SP
2) Alice determines that she wants to interact with Bob at SP
3) If Bo doesnt already have an account at SP, Alice shares Bob's email with SP
4) SP sends Bob an email invite to a) create an account, b) connect it to Alice's
5) Bob & Alice interact in the SP context
6) Repeat 1-5 for every other application context (i.e. SP) that Alice & Bob might share

People Service can reduce the 'invitation load' on Bob two ways:

1) by defining an alternate mechanism by which Bob can be informed of Alice's desire to interact that doesn't imply his email being provided to the SP without his consent , nor be predicated on the very phishable 'click on the link to accept the invitation'. In this other mechanism, the SP gives Alice a URL to herself deliver to Bob, he to present it to his IDP of choice to kick-off acceptance from the 'other direction'.
2) by allowing Bob's invitation acceptance action, even if obtained in a specific application context, to cover other contexts. For instance, if Alice first reached out to Bob from a photo-sharing site, in accepting the invitation, Bob could specify that he was fine with any other application context that Alice in the future might invite him to, effectively pre-accepting (of course, Bob doesn't have to enable this, he could choose to exercise precise control over how he interacts with the sometimes dubiously moralled Alice).
3) by removing from Bob the burden of creating (and subsequently managing) an identity at each SP from which Alice sends him a invitation). Bob instead leverages the existing identity he has at his IdP(s).

This points out what I think is too often lost when people gripe about social silos.
Typically, it's the burden on Alice of maintaining her social network across the various sites that is cited as unacceptable.

But what about Bob?


The Kanji character for 'fake' won the 'Kanji of the Year' Award for 2007, chosen in a poll as best representing the happenings of the year.

I have it on good faith that the localized Japanese version of the Liberty Alliance's Identity Assurance Framework will use the character in the web mark for Level -1 IdPs.

A Kanji character for 'Let me get this straight. I should base my authorization policy based on your identity assertions even though I have no business relationship with you. And I should do this because it will be user-centric' is being developed.

P.S. specification of a Kanji for user-centric itself is also underway. Derived from an existing radical of marketing, the defining feature of the new character is that it has no sharp lines.

Thursday, January 17, 2008

WS-I Lives

Data Portability feels like a for Web 2.0.
DataPortability - The technologies already exist, we simply need a complete reference design to put the pieces together. - WS-I delivers practical guidance, best practices and resources for developing interoperable Web services solutions.

Separately, Data Portability's Technical Blueprint is further along than than its Policy Blueprint sister.

Making data portable is easy. Making identity data portable isn't. Specifying how to do so without simultaneously determining the social, legislative, and legal issues that will constrain such portability is risky.

The Liberty Alliance has made lots of mistakes over the years. But we didn't make that one.

Tuesday, January 15, 2008


I've always been a fan of the James Burke 'Connections' model for exploring the patterns of history (the name of this blog is (partly) a tribute to Burke's show).

It also motivated me to try my own identity-related thread

  • A key piece of SAML 2.0 is its support for pseudonyms, an identifier for a user unique to a pairing of an Identity Provider and a Service Provider.

  • Nicholas Bourbaki was the group pseudonym under which a group of young French mathematicians wrote a number of books on advanced mathematics. They wanted to rewrite mathematics in terms of set theory.

  • George Cantor was a 19th century German mathematician who formulated set theory.

  • If any one individual can be credited with SAML 2.0, it would be Scott Cantor.

Burke's new book Twin Tracks has a number of separate chapters, each starting with a single event in history, and then following two separate threads towards a common endpoint in space-time. If I had been less lazy, I could have pointed to the Venn of Identity as another thread connecting set theory to Scott.

Monday, January 14, 2008

Identies for Sequenced Web Services

This Cisco whitepaper argues for an identity model in which, for multi-hop web service transactions

Multiple identities are required to establish sufficient levels of trust and to provide an audit trail of operations and transformations.

In their model, a SOAP message request will contain a WS-Security header with at least two SAML assertions S(p) and S(a1) - S(p) identifies the originator of the transaction (typically a user in a browser session), and S(a) identifies the Web service actor sending the request. The model is shown below.

If the resource being accessed through the web services is itself not associated with a given identity (e.g. my calendar, or my profile, etc) - the above model of two identities in a request can be sufficient. As well, even for identity-based resources, if the originating identity S(p) is the same as the 'owning' identity (i.e. I'm the one initiating a request for my own identity attribute) then the above model is fine - 2 identies in the request are enough.

But, if the identity initiating the request for some identity attribute is not the same as the identity associated with the attribute, then more identities may be required in the request. For instance, if my wife is trying to access my current geolocation (stop stalking me, I said I would be home at 10!), and if I've defined permissions so that not everybody can see where I am, then the request will necessarily specify both her and my identities (as well perhaps as the requesting application (e.g.

It was just these sort of multi-identity request scenarios that motivated the development of the People Service in Liberty Alliance ID-WSF 2.0.

You can think of the People Service as the place to track/manage your connections to all of theose friends/family/colleagues for whom you might want to grant access to your identity attributes. Instead of maintaining such a buddy list at each application, you maintain it centrally.

Social graph portability before it was cool.


Paranoia (will destroy ya)

Different identity systems make different assumptions about the necessity, appropriateness and trustworthiness of a 3rd party identity provider being involved in identity transactions.

There is a 'paranoia continuum', from simple browser SSO (as supported by SAML & OpenID) where the IDP is involved real-time and 'sees' much (to the horror of the anti-panopticonists) to the other extreme where no 3rd party is involved at all (with its own issues).

In between are models where 3rd parties are involved, but trusted less and so constrained more (through client capabilities not available to dumb browsers).

Here are some identity systems plotted onto the paranoia continuum as I see them.

The shading is meant to roughly represent level of support, e.g. SAML's ECP enables the "OK, but I'm watching you" model as supported by Infocards but it hasn't been widely deployed.

Friday, January 11, 2008


The 40 minute wait at YOW Canada Customs as I returned from a Liberty Alliance TEG meeting in Boston convinced me that it was time to finish off my application for the NEXUS program.
NEXUS is designed to expedite the border clearance process for low risk, pre-approved travellers into Canada and the United States.

At the very end of the the lonnnnnng online application (which Canada has perversely outsourced to the US GOES (Global Online Enrollment System) I came across

When I saw the page title I thought they would be asking for my preferences as to the preferred form of transferring documents.....

Thursday, January 10, 2008

Wednesday, January 09, 2008

How wonderfully centered on the user

Capital One allows you to design your own credit card.

The mechanism by which users can add their own (inevitably pictures of their children/grand children) images to the cards seems well designed to discourage users from availing themselves of it. You choose one of the stock photos, get that card delivered to you, and then are able to design a second card with your own photo, this then mailed to replace the first. Now that's streamlined.

Monday, January 07, 2008

Policy Exceptions

The jist of a sign my 5yr old daughter has posted on her bedroom's door
No Boys Allowed
- if you are Daddy
- to see the gerbil
- on my birthday
- if you ask me first

I do like the main clause but am scared by the precedent of allowing exceptions.