Saturday, August 30, 2008

Marine Certification

Canada will soon require that all boaters obtain a 'Pleasure Craft Operator Card' certifying their knowledge of boats and the rules of the water, etc.

There are a number of accredited sites that allow you to take the test online. Transport Canada's rules for online certification require there be a non-relative proctor present at the time
All Pleasure Craft Operator Card exams must be monitored by a test Supervisor. The Supervisor ensures that the person taking the exam:
  • Has been identified correctly
  • Does not use reference materials related to boating or boating safety
  • Does not cheat
  • Does not manually copy the test questions
  • Does not communicate during the duration of the test
  • Does not save, print, copy or otherwise reproduce the exam
To be approved as a test Supervisor:
  • You must be at least 18 years of age
  • You must legally agree to BOATsmart! Canada’s Supervisor Rules and Procedures
  • You CANNOT be related to the person taking the exam. You cannot be the child, grandchild, sibling, husband, wife, parent, or grandparent of the person taking the exam.
  • You DO NOT require a Pleasure Craft Operator Card
  • You DO NOT require boating experience
  • Supervisor registration is FREE

What would be the federation assurance version of a 'non-relative'? Another vendor? A customer?

Laws of Identity (in even simpler form)

As simplification is all the rage, I offer

Do unto other's identity as you would have them do unto your identity....

Too simple? Perhaps. But would make way better bumper stickers than the competition.

Thursday, August 28, 2008


I will be speaking at our DIDW session first, followed by Mary & Patrick, so I'll have plenty of time to get to the party.

I'll be talking about SAML AuthnContext and OpenID PAPE, and a Concordia type usecase involving both protocols that hilites some discontinuities between the two.

p.s. If the bouncers at the Ping party hassle you at the door, just tell them that you are with me. I assure you that you will be given the appropriate level of respect.

Shake shake shake

why not use one of these for a second authentication factor?

Might require a rethinking of the old 'Something you know, are, have ...' saw to include 'can perform'.

Combine it with an mp3 of a castanet and play salsa while logging in. What fellow subway passenger wouldn't enjoy that?

Monday, August 25, 2008

Airing Dirty Linens

A while back I did an interview for the Data Portability In-Motion podcast with Trent and Steve.

Most of it seems to be me divulging Liberty Alliance secrets.  As in our having more users than people on the planet.

The only other time I apologize this much are during my marriage counseling sessions.

Water damage

George Fletcher flooded his social network through Plaxo.

Still mopping up. I wonder if my insurance will cover it.

Spousal Delegation

Phone conversation with a neighbour Dad
Me: The kids are welcome to come over for a swim
Him: Uhh, I think we may be going out.
Me: You can drop them off if you want.
Him: I'll check with 'The Boss'
Me: My Boss is out, so I have the authority you so emasculatingly lack.
Him: Authority, but delegated.
Me: And, admittedly, short-lived.
Him: Subject to audit as well.

Monday, August 11, 2008

Xth Law of Identity

Axel recommends Andy.

While not minimizing the stress I'm sure Andy and other OoTaoers are under, I confess I'm less concerned.

Identity Excellence floats.

OpenID PAPE & NIST 800 63 Level 4

OpenID PAPE allows for an OP to claim that the user was authenticated consistent with the stipulations of the most stringent assurance level as defined by OMB M-04-04 and  NIST 800 63.

(Optional) The Assurance Level as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., “Electronic Authentication Guideline,” April 2006.) [NIST_SP800‑63] corresponding to the authentication method and policies employed by the OP when authenticating the End User.

Value: Numeric value between 0 and 4 inclusive.
800 63 defines 'assertions' as
Assertions can be used to pass information about the claimant or the e-authentication process from the verifier to a relying party. Assertions contain, at a minimum, the name of the claimant, as well as identifying information that permits recovery of registration records. A relying party trusts an assertion based on the source, the time of creation, and attributes associated with the claimant.
Clearly, an OpenID authentication response is an assertion in the eyes of NIST (as is a SAML assertion).

But, 800 63 disallows 'assertions' at Level 4.

So, while PAPE provides a means for an OP to say 'I did NIST Level 4', NIST forbids the OP from making that claim.

Likewise, a SAML IDP would be forbidden by NIST from claiming Level 4. Unless perhaps the SubjectConfirmation was holder-of-key and not bearer?

Protect your valuables

This makes me think of something analogous for identity
Tired of the constant struggle every morning trying to get your online identity looking perfect? IdentityGuard revolutionizes the way you protect your online identity. IdentityGuard can be customized to your own particular online identity in seconds, with three easy adjustments. Just apply the IdentityGuard to your online attributes, and rest assured your valuable attributes will be safe from being trimmed or knicked by malicious hackers. Hey guys, take it from me  - girls love IdentityGuard!
I'd even market it the same way, i.e an attractive girl staring with devotion at a handsome guy - he confident in the security of his online attributes.

For myself, as I don't typically shave when completely pi%&#d or asleep, the goatee template seems unnecessary.

Now, if they made something similar to protect my wife's flowers from the depredations of my mowing ....

Watch out for the Russian Judge

As far as I can see, nowhere in the Olympic motto of 'Citius, Altius, Fortius' is there any concept of 'more synchronized'. Or 'artistic impression'.

Why then must I endure 'sports' like sychronized diving and rhythmic gymnastics?

And how long till the Olympics include events that demonstrate 'online excellence'? I can see Synchronized Single Sign On, Inbox Spam Clearing. Browser Tab Management.


Kaliya reminds me of an identity phenomena I thought had died out.

My Wordle of the Wordle posts of some other ID bloggers.

Ahh, for me this points out how fragile our identities are.

This one is for all the ladies

Conversation with my kids on a visit to their friends of a relative

Them: It's an Uncle.
Me: Is he Francois's brother or Audrey's?
8 yr old Son: No idea.
6 yr old Daughter: He is the second husband of Audrey's sister.

Da chicks dey get the relationships.

Wednesday, August 06, 2008

More songs from my iPod

that have something to say about social networks
  • Bizarre Love Triangle - New Order

  • Nobody Calls Me Unless They Want Something - Shout Out Out Out
  • Is This Love - Bob Marley
  • Everyone Knows Everyone - The Helio Sequence
  • Have a Little Faith in Me - John Hiatt

I never lose

Vendor saber rattling between Sun and Oracle.

I feel fortunate that the Liberty Alliance, even while bringing these and other vendors into the same room, is free of the phenomena.

For the record, Connectid has NEVER lost a single deal to either Sun or Oracle, whether for technical or political reasons (there was that one loss due to 'inappropriate behaviour' but I still contend that was a set-up).

Mid-life bulge

OpenID, confronted with the stresses and tribulations of adulthood, is putting on weight.

Based on experience, I expect we'll soon see OpenID drinking lite beer and huffing 'n' puffing up a hill in one of those garish biking outfits.

Tuesday, August 05, 2008

Gadget of the Week (Tribute Post for a friend tragically lost to the blogging world)

I'm loving my waterproof Olympus Stylus 1030 SW digital camera.

I realized that 90% of my family's summer time adventures involve water, why not get a camera that can capture them?

Oh and my son is in a gifted program for school.

Social Shuffle

Shuffle play on my IPod Mini (yes it still works) queued up two songs in a row with a social bent
  • Tight Connection to my Heart - Bob Dylan
  • We Used to be Friends - The Dandy Warhols
A line from Tight Connection effectively sums up my reaction to receiving a social invite from a colleague
But I can't figure out whether I'm too good for you, or you're too good for me.
Of course it's normally the first option.

Enjoy the vids

Flat-packed identity

IKEA (pronounced ICK-YEAH by the Swedishenti) is entering the mobile market.

I understand that they, in support of their federated operations, will be proposing a new compression scheme for identity attributes.

And of course they will save money by forcing/allowing their users to assemble the assertions themselves. How very ... err.... oh what was that term that was once so popular .....something about 'centered' ....?

Sunday, August 03, 2008

Connectid selected as official identity blog of the 2008 Beijing Olympics

Connectid has become the official identity blog partner of the 2008 Olympic Games, the Beijing Olympic Organizing Committee (BOCOG) announced in Beijing on Thursday.

"BOCOG decided to select Connectid as the identity blog partner after conducting a thorough investigation and all-round evaluation," Wang Wei, BOCOG's vice president and secretary general, told a press conference.

Connectid will provide sarcasm & mockery blog support for the 2008 Olympics and Paralympics, 

Wang refused to give any details on the amount of the deal, only saying it's "neglible".

Friday, August 01, 2008

That's nice, but who is the accreditor?

Coors Light bottles are 'Cold Certified' - the labels change colour when they are a certain temperature.

All fine and dandy, but how do I trust the certifier? As an RP, I have a lot riding on the the decision.