Saturday, December 27, 2008


Panspermia is to the origin of life as Web SSO is to authentication - it doesn't address the issue but rather just outsources it.

Super Hero

Visiting in-laws for Xmas, I asked my brother-in-law what his wireless network password was. His best guess turned out to be inaccurate. But clearly it was a guess that resonated for him.

So I snuck in through the router's admin page and reset the password to what he had guessed. And then went around to all his laptops and desktops to change them accordingly.

Password Man to the rescue.

Sunday, December 21, 2008

Thursday, December 18, 2008

I have seen the future of home media entertainment

and it looks like an Archos 5.

Wifi, web, email, video, music, flash, web TV, DVR, HD, pics ....

More to follow (with an almost certainly tenuous connection to identity).

Better left unsaid

Eve put me on to this cool UML app.

Started me thinking about how identity protocol swim-lane diagrams often have the various endpoints mulling over policy and authz decisions to themselves, completely separate from what goes out on the wire.

Something like this.

Wednesday, December 17, 2008

Better get a bucket

I'm gonna throw up ( before you follow the link,  play the embedded video - it will put you in the right frame mind of mind)

Low-tech but effective

Chris Messina's email signature uses a simple mechanism for expressing rights
Chris Messina
Citizen-Participant & Open Technology Advocate-at-Large # #
This email is:   [ ] bloggable    [X] ask first   [ ] private
Of course,  when the thing you want to blog about is the signature itself and not the content of the email, it's unclear how to proceed.....

As I understand the mechanism, Chris uses a Thunderbird AI extension that analyzes the content of outgoing emails for key words and phrases before automatically setting the appropriate privacy switches.

Or maybe something simpler
Yep, I set those manually. Nothing like ASCII for utter UI simplicity and data portability!

Wouldn't it be nice if there were other (enforceable) switches...

This email is: [ ] non-forwardable
                        [ ] non-repliable
                        [ ] non-startsomeinterminablethreadabout"whatisidentity"able

Monday, December 15, 2008

5 is enough

Usability guru Jakob Nielson argues that you don't need large numbers of testers to gather useful data about an interface. 5 users is sufficient - providing the right trade-off between spotting issues and economy & efficiency.

As you add more and more users, you learn less and less because you will keep seeing the same things again and again. There is no real need to keep observing the same thing multiple times,

Jeez, a whole 5 users?

I guess we'll have to wait a bit before conducting Infocard usability tests.

Thursday, December 11, 2008

Like I need to be told

Some Identity bloggers are abuzz about Typealyzer.

Until such time as different sectors of the brain are associated with scorn, sarcasm, and derision I will not partake in such personality analysis - it would only demonstrate science's current limitations.

Temporal phishing

If the phisher has an idea of the timing of legitimate mailings that the user expects to receive, it will be that much easier to fool them.

Case in point, I recently achieved Elite status for my frequent flyer program (said status resulting in my pretzel packages being pre-opened as well as being allowed to use public washrooms in the airport).

Air Canada sent me the below asking me to login in order to customize which perks I want.

As far as I know, Air Canada does this for all Elite users at this same time each year.

Even if hadn't reached Elite status and got this mail, I'd be inclined to log-in to see if I could take advantage of their mistake.

Franchise Opportunity

The OpenID Board vote.

Tuesday, December 09, 2008

Facebook Connect is the new panopticon

Some interesting reading in the Facebook Connect Terms of Use.

In order to make Connect possible, you agree to allow Facebook to check your Facebook cookies when you are visiting participating third party websites, and allow Facebook to receive information concerning the actions you take on those third party websites. In addition, once you allow a participating third party website to connect with Facebook, you agree to allow Facebook and such third party website to generate and publish news feed and other stories about actions you take on the website without any additional permission. In the event you no longer want the third party website to publish stories about you, you can always disable this feature by changing your application settings.

I used to think that SAML & Liberty could enable a pretty-good panopticon model (or at least that's what I was told) but we have nothing on this.


Facebook Connect has single log-out.

Comparing functionality would suggest that it's SAML that should feel threatened.


Monday, December 08, 2008

Perhaps a bailout criteria?

Chris Saad has a proposal to make OpenID competitive with Facebook Connect.

As a bonus, Chris suggests

If you provide OpenID but do not consume it you need to be named and shamed. There should be a 2 month grace period, then The OpenID Foundation, the DataPortability Project and everyone else who is interested should participate.

Absolutely. And the the Big Three car manufacturers should be forced to buy cars as well as sell them.

And why cannot I sell my own homemade burgers to fast-food chains?

Oh right, business models.

The more things stay the same

the more they change ... or something.

It seems FaceBook Connect is the new Passport.

So would that make the 'O' (i.e. OpenID, OAuth, Open Social, etc) stack the new Liberty Alliance, i.e. advocating decentralized standards-based identity in opposition to a centralized & proprietary model?

This 'convergence' is for me an early Xmas gift of hilarious incongruity wrapped up in sweet sweet irony.

Friday, December 05, 2008

Well I do declare

Phil Hunt will be giving a webinar on the ArisID API.

ArisID de-couples developers from having to make protocol, schema, and architecture decisions that would limit the usability and deployability of their application in an evolving and ever complex enterprise network, where a large number of identity sources and protocols are used. By relying on intelligent ArisID libraries, developers can now ensure maximum flexibility and use of their applications while significantly reducing development time.

Fundamentally, rather than an application developer coding 'Use protocol X to obtain identity attribute Y', ArisID would have them express 'My application needs identity attribute Y' using an XML syntax

The CARML specification is an XML document that developers use to describe the identity data and transactions used by a service or application. The data types may include identity attributes, predicates (e.g. “Is an Adult”), and roles (e.g. “Manager,” “Business Class Flier”) that an application requires.  

The burden of determining the how (ie LDAP, SAML, OAuth etc) and from where  (i.e. dealing with discovery) to obtain the attribute is taken off the application, and assumed by the identity infrastructure.

I have been experimenting with profiling CARML in a slightly different manner - each morning, I create a CARML file with my food and drink expectations for that day (i.e. cold beer @ 5pm) and then upload it to my blog so that the home infrastructure can retrieve and process.

As in any intra-enterprise project there are political battles to be fought - the food and drink adminstrators have as yet refused to acknowledge the value of the new paradigm and cling stubbornly to clearly obselete modalities.

Thursday, December 04, 2008


I'm reading a biography of Charles II, who seemed to prorogue parliament with a frequency exceeded only by that of the turnover amongst his mistresses.

There is a clear historical precedence for this move.

Now it's personal

Finding $25 tucked down amongst the couch cushions, I just joined the OpenID Foundation.

The criteria for my vote for the upcoming board election is simple - I will NOT vote for any candidate that uses either 'philosophy' or 'spirit' in their platform. Separately, an open bar at IIW would be nice.

Whatever the result, let's just hope that everybody has confidence in those elected.


is fair play. As I often speak condescendingly to my children, hockey referees, and shop keepers, I can't rightfully complain when Ben directs it at me, in his rebuttal of my (and a plethora of others) criticism of his 'phishability' post.

Ben's argument hinges on a definition (my interpretation, he never comes right out with it) of 'unphishable' as
unphishable: a security characteristic enabled by an authentication protocol in which the password is never sent to the authentication server but presented by the user only to a secure device - the device then authenticating to the server on their behalf.

With this definition, I don't disagree (and you wont't hear me diminishing the critical importance of small mobile communication devices to security). If passwords aren't delivered over the wire (and all the other necessary 'utopian' conditions that Ben after the fact stipulates are met) then users could use the same password everywhere.

But of course, this is Ben's definition for unphishable and so perhaps we shouldn't be surprised that it works out nicely for him.

Another definition (one that it appears all of those who had an issue with the original post prefer) looks something like this

unphishable : impossible to phish, see phish.
phish: a fraudulent attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication

A phish depends on the fact that the user bears the burden of spotting the fraudulent site (notwithstanding visual cues designed to assist them). Any (mutual) authentication protocol that removes that burden from the user could warrant the unphishable descriptor (with similar utopian caveats as Ben stipulates).

This more inclusive definition does not guarantee (for some mechanisms, this would be the case) that there will be nothing on the authentication server that could be used by a insider to impersonate the user elsewhere. And so, this type of unphishable does not inevitably mean that it is appropriate to use the same credential everywhere.

Wednesday, December 03, 2008

For an OpenID from here I'd wait

Total Prestige is a social network for the super-rich.

It seems they white-list.

Well that's just friggin' great! So when Paris wants to show me her holiday pics she'll have to email them to me.

Personal Best

is a personal web application that will give you some insight into your sex life.

For me personally,  November was a good month.

Oh wait, I just noticed the 'partners' tab - that puts a different spin on my numbers

Tuesday, December 02, 2008

I don't follow

On the scaling of passwords, Ben Laurie writes
If your password is unphishable, then it is obviously the case that it can be the same everywhere. Or it wouldn’t be unphishable.

I don't follow.

Because I can't be fooled into divulging some credential where I shouldn't means that it is appropriate that I use it everywhere? Are there not other attack vectors that would drool at the thought?

Conversely, that the fact that I can use the same credential everywhere is somehow a necessary aspect of 'unphishability'? 

Client-based authz?

Flying to Toronto this morning for an ISWG meeting, I used 'mobile check-in', in which a link to a QR code was emailed to my phone.

Of course, at Ottawa airport there is no infrastructure to read the code (and I so desparately wanted to swipe it somewhere) - I ended up instead showing the email to security and at the gate.

When I later tried to access the link from my laptop, I saw the following

Who made Air Canada the authority in charge of defining what is mobile and what is not?

My laptop is pretty mobile, but if I had tried to use it to show the QR code I would have been stuck.

Monday, December 01, 2008

Help for busy couples trying to start a family?

The title of this Download Squad post had me thinking of a different application, one potentially leveraging both the iPhone's accelerometer and connectivity.

Wife subscribes to be notified if and only if her pre-defined Male Critical Angle (MCA) is reached, husband's location determined from GPS, calendar application coordinates marital rendezvous, etc etc.

I expect it will be in the fastening mechanism by which different IPhone case manufacturers differentiate themselves.


According to Olivia Judson in a half-baked article postulating a link between obesity and voting record
the way an individual responds to threat is part of its personality

Why then should we expect there to be a single anti-phish solution?

Perhaps there is a Lakoffian explanation, i.e. that those held often by their parents as babies develop to be more trusting and confident adult web users?

Friday, November 28, 2008

When dislike isn't sufficient

A demo of a preferences-based authentication system, i.e. your registered likes and dislikes used to authenticate you for password resets etc.

You register your preferences


and then try to remember them to log-in


For myself  to remember, there would need to be a continuum of disliking  from mild aversion to virulent loathing. Lumping in gardening with show tunes is just too coarse a granularity.

Thursday, November 27, 2008

One profile too far

Just flicked past the National Dog Show on my way to the Lions-Titans blow-out.

Dogs with legs 2 inches long are a perfect example of the profiling of a core specification gone horribly wrong.

Other examples do come to mind.

Wednesday, November 26, 2008

Amen to that

One of Google FriendConnect example sites is BibleApps, at which you can test your knowledge of  Old Testament scripture.


I did not fare well on the quiz. It seems that no matter how much I study, I always confuse Ezekiel and Numbers. And don't ask me to conjugate 'begat'.

BibleApps also allows you to 'Post A Prayer', my two favourites of which


The second makes me think that perhaps all those working on open identity standards are doing God's work.  I must remember to look into the possibility of a tax break.

Friday, November 21, 2008

Attribute-based authz

A sign on my 6 yr old daughter's bedroom door

Please note the exception for parties playing the role of 'Daddy'. I asked her to instead define the policy in terms of me specifically but she declined, citing the 'administrative burden of updating'.....

Does she know something I don't?

Would that the other policy persist (or at least until she meets a nice SAML boy in her 30s).

Identity in the cloud

God sues Microsoft for copyright infringement

In a move described by copyright lawyers as 'ground breaking', the Supreme Deity has filed a lawsuit against Microsoft (MSFT) for copyright infringement of her  The 10 Commandments work. The suit alleges that Microsoft's 'Laws of Identity', as popularized by Kim Cameron, has violated its copyright.

"The so-called 'Laws' are a deliberate and complete knock-off. It's quite unconscionable, even bordering on egregious. It's perfectly clear that they are based on my client's earlier work" said God's attorney Smitty James."Pretty much the only thing that's different is that there are only 7 laws, compared to our 10 commandments. Did they run out of time or something?"

James added "We believe that the Laws were created with deliberate intent to interfere in God's economic affairs and interest and to deceive the marketplace regarding the origin, nature and identity of the Supreme Being. We'll be seeking commensurate, i.e. 'huge', damages".

The suit provides examples of infringement - alleging that, Law #3, that of Justifiable Parties, derives from the Commandment stipulating that God's worshipers MUST 'have no other other Gods before me'.

Kim Cameron has not responded directly to the allegations, writing on his blog only "We are committed to copyright protection and believe this suit will be resolved in Our favour."

Microsoft representatives were quick to issue a statement clarifing "that the unfortunate capitalization of  'Our' was nothing more than a typographical error".

Thursday, November 20, 2008

Just the facts ma'am

I was wondering about the parental rating of the new Hellboy movie, so I went to the IMDB.

Their parent's guide eschews any moralizing, instead simply asking reviewers for a description of the potentially age-inappropriate content. Arm the parental relying party with information, and let them make the access control decision.

Of course the downside is that some parent's want to off-load the responsibility, it's very easy to say no to a pleading child with a "Sorry, but the rating says it isn't appropriate". Much more thought would be required to actually analyze the content.

This is the model SAML's Authentication Context took for handling assurance - i.e. the IDP doesn't make any 'moral' judgements about the factors that impact assurance, but rather just describes them.

Pretty much the exact opposite of that taken by those uptight old ladies at NIST.

Default behaviour

From the Free Dictionary
claim n. A statement of something as a fact; an assertion of truth

If you buy this definition, then any identity attribute an STS delivers as a 'claim' to an RP should, by default, be interpreted by that RP as that STS asserting it as a true fact.

Consequently, more appropriate than an STS indicating that a particular claim had been 'verified', would be for the STS to instead indicate which attributes had not (and thereby guide the RP's default interpretation).

OpenID/OAuth hybrid extension

There is a proposal for an OpenID extension to effectively create a hybrid protocol between OpenID and OAuth - this to optimize the combination and thereby minimize consent pages and redirects.

Interestingly, Ping's Patrick Harding was proposing a similar optimization  between SAML & OAuth at DIDW.

Starting at Slide 23 in the below deck

Hopefully, the pattern that OpenID defines to carry the OAuth parameters/messages can be appleid to SAML.

Hammer & Nail

When all you have is a 'X', everything looks like a 'Y'

Not sure where to go with this.

'URI' & 'resource'?

'browser' & 'redirect'?

'SOAP message' & 'Header'?

Public and private keys

One of the factors that contributed to the Crimean War was a struggle over control of Christianity's Holy Places - this between Roman Catholic and Easter Orthodox monks (and France and Russia's respective backing of the two factions).

Control over the various divine churches, shrines, and sepulchres had shifted back and forth over the years between the Catholic and the Orthodox churches. By the 1840s, it was the Orthodox Church that was dominant.

In 1850, Louis Napoleon (Napoleon III) of France decided to try and change the balance of  power and champion the Roman Catholics to control the Holy Places. Russia favoured the Orthodox Church. Caught in the middle (but not MITM) between the two superpowers was the Ottoman Empire that ruled over the Holy Land at the time.

Hoping to resolve the issue without upsetting either, the Ottoman Turks engaged in a wonderful bit of crypto bamboozlement. In February 1850 they sent a diplomatic note to the French, giving them two keys to the door of the Church of the Nativity. At the same time, they assured the Orthodox Church that the French keys would not fit the lock.

Sounds like a poorly implemented KDC.

Tuesday, November 18, 2008

Is it meaningful

that the intersection between my LinkedIn network, (loosely representative of the 'federated identity' community I would claim) has a minimal intersection with the LinkedIn group focused on 'User Experience'

Is the real intersection larger than Luke and Ariel (who I hope both do not object to my publicizing our possibly compromising connection)?

Monday, November 17, 2008

Sound and fury

In one of the IIW intro sessions, Google's Kevin Marks made the point that relying on what attributes users provide themselves is risky as what they too often provide is 'noise'.

When asked for zip code, more than statistically appropriate numbers answer '12345' or '90210' (Schenectady NY and Beverly Hills respectively).

Myself, I assert that self-asserted attributes are  'full of sound and fury, signifying nothing'.

'A tale told by an idiot' is maybe a bit strong.


Playing with the new CardSpace.

It seems I have no personal cards


but neither do I seem to be able to create any ...

Should I not see a 'Create Card' option?

I appeared to be successful adding a managed card from the Verisign PIP, but no card appears when I then tried to use it to log-in to PIP. to become OpenID Provider

Reiterating a campaign promise for his administration to be more 'user-centric', President Elect Barack Obama has indicated that one of his first moves once in office will be to direct the Central Intelligence Agency to add support for the OpenID authentication protocol to the web site.

Obama is reported to have said "We've got all this data on our citizens, why not use it to help our them get around the Web. In this day and age, why should a US citizen have to manually enter a detailed record of their sexual history at some dating site when their govenment has that very same data and will serve it up when asked?"

The CIA and other departments already share large amounts of identity data on Americans (and other nationalities). The promised support for OpenID's Attribute Exchange is seen as different because OpenID, through its inherent user-centrism, will give citizens the ability to monitor and control such sharing. An Senior CIA Officer said 'Yes, consent is critical for us. We would never dream of sharing a citizen's identity attributes without first asking a judge'.

Rumours are that the CIA OP will distinguish itself from other large OpenID providers with a major print & web marketing campaign built around the slogan 'Let us tell you about yourself'.


RL "Bob" Morgan held a session at IIW on verified claims, what they are, how to ask for them, how to express them etc.

The Information Card Foundation is using a 'by reference' model for the last.

For an STS to indicate that a particular claim value has been verified, it includes that claim identifier in the (separate) 'verified' claim. If there are other attributes that are also veified, they get added in the same way (space separated).

To indicate that claim as to age of majority was verified (and not self-asserted), the STS would assert
age-18-or-over = true
Verified = age-18-or-over

This model does not allow for 'shades of verification', all the verified claims are treated equally - you are either verified or not, with no middle ground. Discussed in Bob's IIW session was the possibility of 'verification context', the additional information about how verification was achieved, akin to OpenID PAPE or SAML Authentication Context for authentication. As always, some RPs might want this extra context, others not.


1) Isn't the verified claim a meta-claim, ie a claim aboot a claim(s)?

And as such, would not standardization fall under the purview of the group tasked with all things meta?

2) How does a RP indicate it desires a verified claim? The same mechanism?

3) Does the following combination make sense?
age-18-or-over = unknown
Verified = age-18-or-over
Can the STS hedge its bets, i.e. "I've verified the age, but I'm not telling"? Where else would the STS indicate this policy?

Naval gazing

Chris Messina posts the results of a more comprehensive survey of OpenID 'awareness'.

One key distinction between OpenID and SAML is that the SAML community doesn't spend its time on this particular type of naval gazing (concentrating on others) - there has never been any expectation that the end users would be at all aware of whether SAML was being used or not.  It's freeing to not have to care. (I expect we'd have picked a better name if we thought the users might be aware, and a cool icon.)

OpenID definitely started out with a conscious design for a brand with users, and so measuring awareness of that brand made sense. But it seems to me that the current trend for UI (at least with big OPs) is to downplay OpenID itself, and concentrate on helping the user with the more basic task of distinguishing between the choices of a local or non-local identity.

Look at the recent guidelines from Google and Yahoo! for federated login - neither mention OpenID in their initial UI. Google segues into federated login through a generic 'Help me login', and Yahoo! replaces the OpenID brand with its own.

Are surveys of OpenID awareness asking the right question?

Is federated identity made easier, or more difficult, when the user is expected to be aware of not only where a non-local identifier is, but also what sort it is?

That would be interesting research.

Friday, November 14, 2008

Purpose & Usage Policy

An email from my daughter's teacher

Yeah right, like I want my kids establishing social relationships of uncertain career advantage to me. Tell me what the parents do and then we can talk.

Damned with (implicit) faint praise

I'm choosing to interpret the 'different standards' and 'different communities' mentions from this theSocialWeb.TV interview done at IIW as a 'shout-out' to SAML.

It's very cool for a niche identity technology to get such recognition. Even to be (implicitly) mentioned alongside the identity juggernaut of XRIs shows how far SAML has come.

Why must social invites be so blah

Could we not spice up the existing 'X wants to be your friend/colleague'. For example

For an invite

An invite through a colleague

An acceptance (with conditions)

A rejection

A rejection with explanation

A response back to a rejection

Wednesday, November 12, 2008

Useful to remember

When attending an event like IIW - where worlds and terminologies collide - it's easy to fall into the following trap
An Englishman, a German, and a Frenchman are debating the merits of their languages. The German claims 'German is off course ze best language. It is ze language off logic and philosophy, and can be used to communicate viz great clarity and precision!'. 'Zut Alors' shrugs the Frenchman ' French, is ze language of lurve. In la Francaise, we can convey all ze subtleties of romance with elegance and flair'. The Englishman thinks about both claims, and then says 'Yes,chaps, that's all very well. But think about this. Take the word 'spoon', for instance. You French call it 'cuillere', and you Germans call it a 'Loffel'. But in English, it's simply called a 'spoon'. And when you stop to think about it for a bit, isn't that exactly what it is?'

From 'The Unfolding of Language' by Guy Deutscher


Pat has some pics up of the "2nd Annual Liberty Alliance Tokyo Football-based Sporting Event" - this time futsal.

I was torn - there was a primarily Liberty team and a primarily NTT team. Which to honour with my skills?

In the end I resolved the conflict by playing for the Liberty team but scoring for the NTT team.

We seem to be going at it backwards

Biblical version

1) start with single unified language
2) build big tower in self-congratulation
3) upset Deity
4) deal with multiple incompatible languages

Not that I expect we'll end up with a single identity 'language', but a tower would be nice. And a happy Deity.

Karaoke 2.0

identity Puzzle: Place these pictures in order


identity Model for Requests

Consider the LinkedIn '10 of your trusted connections can introduce you to X. Please choose one:',

Let's say Bob asks Alice to introduce him to Mary. In this case a request will be sent that

- has Mary as the target identity
- has LinkedIn as the sender
- has Alice as the identity against which permissions will be performed (in order to determine whether she is allowed to proxy invites to Mary)
- on the behalf of Bob

If Bob maintained his social network somewhere other than LinkedIn, there would be another identity in the mix - that of his SNS.

Monday, November 10, 2008

An admittedly ingenuous question

Why, using SAML, is Google willing to act as an RP but, using OpenID, not?

Anyone? Class? Anyone?


Anyone? Assur-ance. That's right.

Saturday, November 08, 2008

Living dead (or proxying claims)

Some African cultures distinguish between the recently deceased (for whom there still lives someone who actually knew the deceased) and those for whom no such survivors remain. The sasha are those whose memory remains alive in the minds of their friends and family, but once they themselves die, the sasha move to the zamani. (the concept resonates for me. While I lost my brother-in-law 2 years ago, every family get together is a boisterous celebration of his existence in the sasha).

According to the book 'Lies My Teacher Told Me' by James Loewen, US high school history textbooks too often fall into the trap of discussing only history's zamanis, because by definition there is nobody to interject with a 'hey, that's not how it happened'. Easier to avoid such controversy (and subsequent thinking by the students) by avoiding the sasha.

It behooves those of us considering proxying of identity claims to acknowledge the distinction between first and second hand knowledge


Picture this.

A bunch of tired & sweaty (due to futsal) identity people (Ingo, Hiroki, Sampo, Nat, Joni, Pat, Dervla, Tatsuo, Fulup, Colin, Yuki) in a crowded Tokyo dining room, me laying down a mean karaoke groove to a Hasidic Jewish reggae song.

Now stop picturing it.

You can't can you.

Wednesday, November 05, 2008


I think we can now safely step back from our recent frequent messaging. But do please feel free to give me a call should you need an IdM Advisor.

p.s. Did you not get my Facebook invite? I'll resend.

Tuesday, November 04, 2008

Palin inadvertenty votes for Obama

apparently she though the ballot was to determine which hockey tournament her kid's team should compete in and she figured a southern state would be a nice warm change.

For good times, Suntory times

Anticipating some sleepless nights in Tokyo this week, I brought 'Lost in Translation' on my laptop. The movie perfectly captures the sense of jet-lagged spaciness that I typically experience here.

I watched it at 2am this morning.

And noticed that the hotel I'm staying in appears in the pan of the skyline as Bob drives away from Charlotte to Narita.

My room is on the 36th floor at the left. If you cant sleep, drop by and we can go the cocktail lounge.

Monday, November 03, 2008

I did what?

A quote from Frederick Nietzsche 

"I have done that," says my memory "I cannot have done that" -- says my pride, and remains adamant. At last -- memory yields.”

Facebook is changing this dynamic

Friday, October 31, 2008


In a 1793 letter to King George III declining a trade relationship, Chinese emperor Qian Long bragged
our Celestial Empire possesses all things in prolific abundance and lacks no product within its own borders.


I set no value on objects strange or ingenious, and have no use for your country's manufactures.

Sounds like one of the big public OPs.

Perhaps its relevant to note that the insular attitude did not ultimately serve China well.

Barack had better win

I don't want to be hanging around in Chicago with a bunch of despondent losers.

Thursday, October 30, 2008

Looks like an SSO redirect sequence

Flights for upcoming travel

If only the 'user agents' were 'business class'.


Anthropoprotocolism (ăn'thrə-pə-pro-to-kul'iz'əm)
Function: noun

: Attribution of human motivation, characteristics, or behavior to inanimate protocols, identity standards or deployments. To criticize deployments of OpenID for whitelisting and thereby breaking the 'spirit' is to anthropoprotocolize OpenID.

See - ridiculous

Wednesday, October 29, 2008

Much as I love a Microsoft rant

an article that blasts Microsoft for Live ID not issuing card based identities should acknowledge the card support already in Live ID.
Separately, has UProve technology been integrated?

Put your birthday into a managed card and you can prove that you’re over 16 for a shopping site without handing over details that could help someone hack your bank account if the site loses its customer details on a USB stick, because the site only gets the assertion that you’re old enough, not the actual day, month and year.
This bit has me stumped
Is it because OpenID is accepted by a lot of sites? So are information cards,

I will submit another possible explanation as to why Microsoft is currently hiliting their OpenID support in Live ID, more so than information cards.

Perversely restrictive list.

Tuesday, October 28, 2008

White lies

From Seed Magazine, an article with a moral for IdPs, i.e. deceiving those who place their trust in you only works as long as they trust you.

Homeopathy would appear to be the equivalent self-asserted model, ie. users fooling themselves without the benefit of an authoritarian 3rd party in a white coat.

Street wise

Generally when I travel I prefer to walk from place to place (e.g. hotel, meetings, bars etc) as much as possible. But in big cities it's not always easy to know beforehand how practical this will be.

But for next week's various Liberty Alliance event locales around Tokyo, I've been able to 'walk' the routes 'to and fro' using Google Maps Street view.


As far as I can tell, walking will be practical - with sidewalks where I need them, no insurmountable freeways, and appropriately spaced konbini along the routes.

Although I am a little worried about that delivery van headed right at me.

Getting warmer

Warmer .... warmer.

Strange that when he could, with reasonable justification, play the 'meta card', Don chose to avail himself of it only sparingly.

Perhaps he, Kim, and Mike need a sync-up on messaging?

I should talk, sometimes NTT Corporate Marketing and I are so far apart it's like we speak different languages.

Friday, October 24, 2008

In defense of heterogeneity

A Seed Magazine article examines the dangers of homogeneity to Earth's diversity and 'resilience'.

Project Concordia is a recognition of the value of diversity in identity management.

Who the #$@&* is Patrick Heuchenne?

Update: Patrick resolves the mystery as to our connection, it was through Project VRM.

I'm always impressed by the 'You may also know ...' feature of social networks - it seems a bit spooky how they can guess who else I might have a connection to (yes, even trivially simple algorythms can create spookiness).

The capture below is from Plaxo.

Of the 9 suggestions, 8 could be considered relevant - I either do indeed know the individual, or might want to pretend to (were I not already connected with them multiple times over in other networks).

But my pending friend Patrick had me stumped. A Google search didn't clarify.

Then I found him on Linked In.

And I do indeed feel a connection - just the other day I was explaining to my kids that 'Buying or selling is at the end of a transformation process which converts subtle experiences into tangible and physical ones'. That is freaky.

Thunderbird thinks Obama is a scam

but I don't.

You have to admit the mail has some of the same characteristics as spam though, e.g. request for money, claimed urgency, appeal to male sexual insecurity etc.

If I were the suspicious type, I'd think this was a Republican plot, i.e. subvert Democrat fund raising through manipulation of spam filtering.

Wednesday, October 22, 2008

Connectid endorses McCain/Palin

After carefully examining the potential for identity-based satire over the next 4 years (admittedly likely less for McCain) Connectid has decided to throw its weight behind the campaign that offers the greatest opportunities.

The other guys give me nothing to work with (other than to suggest that MyBO is a less than optimal acronym for a profile page)

I'm Paul Madsen and I approve this message.

Tuesday, October 21, 2008

Of course

If I could teach newcomers just one thing about federated identity, they would probably want a refund for the tutorial series.


There is currently no Nobel Prize for federated identity.

Don't tell me you are naive enough to believe that this situation won't change pretty darn quickly if the Swedes ever get their act together?

Cross-domain reputation portability

I switched dentists recently, the old one seemed to see me more in terms of my coverage than my teeth, i.e. what procedures are allowed under the plan, not what are needed.

I chose my new dentist based on my previous experience with him as, at least initially, a team mate on some Ultimate frisbee teams. It was his reputation as a strong defender with a nice flick, more so than any reputation he might have as a dentist, that drew me to him, his reclining chair, and instruments of pain.

You know what they  say about Ultimate - it doesn't build character, it conceals it (or something like that).

Successfully transferring reputation across domain boundaries based on sports like volleyball will likely vary.

There is help out there

If you know an RP that you feel may be making bad trust decisions about their partner IDPs/OPs - it's difficult to know what to do.

Should you intervene? You may worry that talking to them will be seen as 'butting in'. Will they be offended, embarassed, litigious?

Does the RP even have a problem? The following are warning signs that an RP you know may have a federated identity gambling problem

1) Do they constantly talk about arcane things like PAPE, or AuthnContext?
2) Do they trust unknown IdPs/OPs in the hope of 'winning back' lost customers?
3) Do they lie to family and friends about their federated identity activities?
4) Do they neglect local sign-on mechanisms in favour of federated login?

If you have a friend RP demonstrating any or all of the above signs, there is help - a site to help friends, help friend RPs.

The other assurance

The default SAML SSO model has a RP trusting a possibly unknown User based on the IDP (which the RP does know and trust) saying 'He is OK'.

The hard line user-centric model has an RP trusting a possibly unknown OP based on the User (which the RP may know and trust) saying 'He is OK'.

Of course, it is meaningless to say 'trust' without adding 'to do X', i.e. trusting someone means believing they will act in a certain way in a certain situation.

A SAML RP trusts the IDP to identity proof the User initially, to run a good ship with respect to internal processes, and to authenticate the User in an appropriate manner. Importantly, there are mechanisms and syntax by which the IDP's abilities in these respects can be quantified, in order to allow RPs to make graded trust decisions about the IDP (and consequently about the Users).

In the hardline user-centric model, the burden of assessing the OP's security processes would seem to fall on the User, i.e. it's the User who will vouch for the IDP to the RP by saying the equivalent of 'I've checked out their server farm, we're good to go'.

Unfortunately, there does not yet exist a framework by which the skills and expertise of different typical Users for performing security reviews could be quantized and assessed in order to allow the RPs to make an informed trust decision about the User (and consequently about an ertswhile unknown IDP).

Here is a rough first draft of such an assurance framework

  • Level 0 - the User has absolutely no expertise in assessing the security processes of IDPs
  • Level 1 - there is no Level 1
  • Level 2 - there is no Level 2
  • Level 3 - see Level 2

Were an RP to be armed with this information, the hard line model is viable.

I imagine a browser extension advertising User's assurance levels to the RPs they visit, so as to inform the RP's decision to trust that User's expertise in reviewing the OP that they present. There could even be certification programs run at local high schools, etc. Perhaps even badges?

Monday, October 20, 2008

On a whim

motivated by a thread on the OpenID list, I tried to use my OpenID at Microsoft HealthVault.


I did not of course expect it to work, but I did expect a more illuminating error message.

I think an average user might be forgiven for thinking that this would work the next time, when 'communication problems' are cleared up.

Bad news

When applied to Web SSO, Einstein's Theory of Special Relativity predicts that the advantages to users are minimal at best.

Consider two users Alice & Bob, both of whom having successfully simultaneously authenticated to the same IDP, are hoping to browse to the same service provider. Alice will avail herself of SSO from the IDP, while Bob will get there the old fashioned way, i.e. use his bookmark for the SP and once there, log in with is password.

It's undeniable that, using SSO, Alice will get to the SP before Bob. But there is a trade-off for her.

Special relativity constrains Alice's combined motion through space & time (specifically that their sum must exactly equal the speed of light). As Alice is 'travelling' faster than Bob, her motion through time must slow down to compensate - and time will consequently be slower for Alice.

Initial calculations show that any actual speed advantage for Alice will be almost exactly negated by her perception of the SSO taking longer than it actually does - this a result of the time dilation.

I call this the 'Theory of Special Redirectivity'.

Saturday, October 18, 2008

Thursday, October 16, 2008


From the add contacts page at

All Your Friends Are Here

With, you can keep all your friends in one place, making it simple to find people when you need them. Grab your contacts from services you subscribe to, your current address book, or add a new contact by hand.

Then you can combine them easily so you know that Daveman692 is really your friend Dave who likes scuba diving and has the crazy hair. Then add tags so you group and find people according to special interests.

Was this tailored to me? Because I do indeed know a daveman692 who likes scuba and sometimes has crazy hair (not that I'm judging).

Or is it simply a private joke between members of the cool end of the identerati continuum?  Designed to mock the uncool end? Nice, very nice.

Monkey Business

I'm proud to announce

I've always felt a affinity for the Bonobo chimp, so it felt right to claim them for my domain.

The species is distinguished by relatively long legs, parted hair on their head, a matriarchal culture, and the prominent role of sexual activity in its society.

I could do worse for an epitaph.

A feature I like is the ability to toggle between viewing my profile page as myself, and as a member of the unwashed hordes.

Offline, it's my wife who informs me as to how I'm currently appearing to others (e.g. people are laughing at you, I can't believe you wore that sweater, etc), so its nice to have a parallel mechanism online.

Reputation Filter

The recent surge in numbers of blog posts discussing reputation has forced me to specify filter criteria in my feed reader - I simply can no longer keep up with the traffic.
grep "social"

Alas, neither Gerry's post nor Radovan's post met the criteria. I do wonder what arguments they made ....

Some attributes are intrinsic to a user, some extrinsic, emerging from that user's social interactions with others. The latter are candidates for reputation, the former not.

Somewhat related, based on intrinsic value, there are bargains (i.e. intrinsic > market) to be had in the turbulent equity markets. Warren Buffet has a reputation for finding them.

A question of faith

Jeff beats me to it, relating particular religions to particular identity systems.

I'd add to Jeff's list the following:
  • Passport - any of the monotheistic 'Big 3', e.g. Judaism, Christianity, Islam with their whole 'No other gods before me' shtick 
  • UProve - The Mormons. Stop preaching at me that my soul is lost, I'm doing just fine thank you.
  • XDI - Rastafarianism . I may not buy into the premise, but it looks like a good time.
  • VRM - Buddhism. Not a religion per se, more a philosophy of personal growth and empowerment.

What he said

Gerry takes the ball and runs with it.

Subjective vs objective is the ultimate determinant of whether an attribute is something for which a user can have a 'reputation for', and is consistent with both my other conjecture about reputation (reputable attributes are not fixed), and Robert's comment (they can drop to zero).

Gerry's brief rumination on reality makes me think of a joke - Two quantum physicists probably go into a bar.

Sorry 'bout that.

Wednesday, October 15, 2008

Reputation Conjecture 2

For a given attribute to have a reputation aspect, it must be possible for the entity concerned to, through their own actions, manipulate that attribute.

I can try to change my reputation for cynicism.

I can't try to change my 'reputation' for being 6'.

The Desert Island Rule

Much discussion of reputation, what it is, what it isn't on the ID Gang list.

I propose the following test for whether a given attribute can have a reputation aspect.

Were the entity in question to be located on a desert island with no social contact with others, would the value of the attribute in question be impacted?

If I was on a deserted island with no social interactions, it would make no sense to talk about my reputation for trustworthiness or dependability (both admittedly recently at all time lows) because there would be nobody else with whom my interactions could be assessed for trustworthiness. Likewise, a business wouldn't be able to develop a reputation for courteous customer service if it was stuck on the island and unable to service its customers.

On the other hand, my age or weight (although I do expect I'd lose some weight, all the Survivor contestants do, which would be nice) on that island would be the same as if I was at home - they are not social constructs. Consequently, I can't have a reputation for being either 44 years old or 165 lbs (ahem).

Is this 2 factor authentication?

I know that the authentication relies solely on the implanted chip, so technically it is one factor, but surely there are so few people in the world this crazy that the effective authentication strength is greater?

I am currently using it to open my handgun safe for instant access. I can have a gun in hand in one second in blackness without fumbling with buttons or codes.

What sort of numbers are we looking at? Let's say there are 100 million in the US who would think this is a good idea for enabling fast, easy & indiscriminate firearm access. That cuts the pool of possible authenticators almost in 3 right?


I think SAML needs to write up a new 'beast mark' Authentication Context class and do it fast.

Pantheon of the gods

Deism: the belief that the Universe was created by some supernatural power, but that this entity does not play an active role in the Universe today.

Deism asserts that there needs to be some supreme authority to 'get things moving' but minimizes the role of that authority to be involved in the subsequent day to day goings on, i.e. enjoying that seventh day of rest forever.

For web identity, this is the UProve proposition. To a lesser extent, Liberty's Advanced Client.

Theism: the belief that the Universe was created by some supernatural power, and this supreme authority even now playing an active role in day to day happenings.

Like deism, theism postulates a creator, but has that same creator actively participating in the Universe's happenings once initiated, i.e. answering prayers, causing floods, chatting with Presidents etc.

This is the SAML Web SSO, Managed Cards, & OpenID proposition.
Atheism: the rejection of theism and deism.

Atheism rejects completely the necessity or relevance for some deity mediating between individuals and the wonders of the Universe.

Think Personal Cards.

Update to my Google Health Conditions

I realized it had been a while since I updated the list of conditions I maintain at Google Health with their current status.

Changes were constrained to the 'A's.

As yet, I've seen no evidence of Google having monetized my health records. They are obviously waiting for the right opportunity.

Well he started it!

Pam's haiku collection feels too much like my mother telling me to stop fighting with my brothers.

Mom: OK, now calm down and tell me what the problem is.
Me: (blubbering) Well, they have started this club, and they want to call it the 'metasystem', and I said that's not right because it's scoped for just infocards and then they...
Mom: Slow down a bit. So they want to use the metasystem concept in their name and you think that this is inappropriate? Is that it?
Me: Uh huh, and then they said that I couldn't even join their club cuz I had my own baby club ...
Mom: (to brother) OK, your turn. What's this about a club?
Brother: Ahh mom, it's just a place for me and my buddies to hang out.
Mom: That's fine. But 'metasystem'? How many times have we talked about using nomenclature to exclude your brother?
Brother: But Mom, he always tries to bring in that OpenID guy.
Mom: (to me) What did I tell you about not playing with that kid? Why don't you ever play with Liberty from down the road? She's fun isn't she?
Me: Ahh mom, Liberty is alright, but lately all she ever wants to play is her ID TBD game.

Tuesday, October 14, 2008


The recently released research from Google and Yahoo on best practices for federated UI makes me think we need a markup language in order to differentiate the various models.

Enter "Federated UI Markup Language" (pronounced 'Fweemel').

And it's even based on an existing standard!
The design objective of the User Interface Markup Language (UIML) is to provide a vendor-neutral, canonical representation of any user interface (UI) suitable for mapping to existing languages. UIML provides a highly device-independent method to describe a user interface. UIML factors any user interface description into six orthogonal pieces, answering six questions:
What are the parts comprising the UI?
What is the presentation (look/feel/sound) used for the parts?
What is the content (e.g., text, images, sounds) used in the UI?
What is the behavior of the UI (e.g., when someone clicks or says something)?
What is the mapping of the parts to UI controls in some toolkit (e.g., Java Swing classes or HTML tags)?
What is the API of the business logic that the UI is connected to?

Inevitably, there will be other proposals for federated UI markup languages. I expect we'll see something that will be styled as "composable & modular". Maybe another will be a Interface Metasystem Interoperability ...... no, probably not.

Username Check?

Forget usernames, I need to know where I've used my password.

Have to think this could be useful for phishers.


Geode is a Firefox extension for geolocation.

As I understand the process, whenever a web site indicates it's looking for your location , the extension uses a W3C location API to query Skyhook Loki, which determines your location from WiFi triangulation.

Once Geode has your location from Loki, it shares it with service providers, like a sample FoodFinder


Before sharing with an SP, Geode asks you for your granularity privacy policy.

On two separate trials visiting Yahoo FireEagle, I specified 'Exact Location' and 'Neighborhood'.

For the latter, FireEagle appeared to know my location to the same accuracy as for the former, even though I specifically did not select the 'Remember my decision' box.

The same experiment for the FoodFinder app worked, so it would seem FireEagle is doing its own tricks to remember.

For many applications, ultimately more important than a user's location (whether obfuscated or not) is whether they are near to some particular place. The privacy principle of minimal disclosure would argue that if the SP really doesn't need the full location, but only a yes/no to a question of 'Is he within 2 km of X'?, then they shouldn't get the full location.

I don't see support for this sort of 'test position' method in the W3C API.

Monday, October 13, 2008

A Social Experiment

I lived in Canberra, Australia as a teenager. My best friends then were Greg Parsons and David Barnsley.

For the past 10 years I've tried to use various Web mechanisms to track the two of them down, and reestablish contact.

No luck so far.

How might I game (in a non-adversarial manner) the search engine algorythms such that, if and when my two friends search on their own name (which I am confident of because they were both pretty fond of themselves when I knew them), that this posting would turn up?

How many links to this post would drive the ranking up such that it would rise above the 'David & Greg' froth?

The authority of the linkers will be key (thanks for the thought Conor, but probably not relevant).

Friday, October 10, 2008

Canadian Identity Proofing for Federal Election

as noted by Dick.

Only in Canada

Only in Canada would organizers of a contest to pick the new musical score for a weekly hockey broadcast worry about spurious votes.

There are rumours of another vote happening simultaneously. Poor scheduling.