First Information Cards for Safari

click to download movie One of the best moments of the DIDW show, for me, came when Ian Brown, an old friend of Chuck Mortimore, showed us his Identity Selector for Safari.

If you don't know Chuck, he single-handedly wrote a Java-based InfoCard Identity Selector that runs inside Firefox on almost any platform.  He gave me a copy, helped me install it on my computer, and it all just works.

Later I'll do a screen capture of Chuck's work since i can run it on my own machine. 

But I don't currently have a Mac – so Ian succumbed to my goading and put together a little video so you could see what he's working on.

That's such good news.  As he says, “For the faint of heart, or for those running those other operating systems, here's a short screencast of the Safari identity selector in action, authN'ing against Kim Cameron's RP…”

Meanwhile, here's what he says about the actual plugin:

This is currently still at the proof of concept stage, and is lacking most of the features found in the official CardSpace selector from Microsoft. At present, only a single self-asserted card can be selected. The “selector” will currently pull the logged in account's personal information from the AddressBook application, and allow you to use that AddressBook entry as a self-asserted InfoCard with various RPs. It should work with existing installs of Safari, and with most relying parties.

The plug-in itself is a wrapper around Chuck Mortimore‘s Java implementation of an InfoCard token generator. For those of you out there using Firefox, check out Chuck's cross-platform Firefox InfoCard selector.

So download the Safari Plug-In below and give it a spin. Send me any feedback at igb at

I'll post new releases here as features are added and bugs are fixed.


Currently there are two versions, one for the new Intel-based Apple's, and one for the PowerPC-based machiines. At some point I'll figure out how to get XCode to generate a Universal Binary. (I suppose the PowerPC build might work on the Intel Macs, that's what Rosetta is all about right? But it hasn't been tested on the Intel arch, so YMMV.)

Intel version
PowerPC version


Installation is pretty simple. After downloading the ZIP file, extract the archive. You should now have a file called InfocardPlugin.bundle. Just copy that to the Library/Internet Plug-Ins directory under your home directory. restart Safari, and off you go.

Despite Ian's self-depricating style I think what he and Chuck are doing is amazing.  And it shows what can and will be done.  Meanwhile, Apple People, download Ian's plugin and leave comments on my blog.

More on iTunes and Modern Times

Cory Doctorow wrote to say: 

Kim, it appears that the four tracks you couldn't burn were video- files that probably couldn't be burned to a redbook CD, though the UI is still inexcusably confusing.

But there's still something rotten in Denmark.

If you go to buy the plastic CD at Amazon, here is the track list you see.  Check it out.  There are two disks – an Audio CD (Disc 1) and a DVD (Disc 2):

Track Listings

Disc: 1

  1. Thunder On The Mountain  
  2. Spirit On The Water  
  3. Rollin’ and Tumblin’  
  4. When The Deal Goes Down  
  5. Someday Baby  
  6. Workingman's Blues #2  
  7. Beyond The Horizon  
  8. Nettie Moore  
  9. The Levee's Gonna Break  
  10. Ain't Talkin’  
  11. Blood In My Eyes 
  12. Love Sick  
  13. Things Have Changed  
  14. Cold Irons Bound 

Dsc: 2 

  1. Cold Irons Bound (Unreleased live version from Masked & Anonymous) 
  2. Blood In My Eyes 
  3. Things Have Changed 
  4. Love Sick (From The Grammy Awards) 

In other words, Amazon says the audio CD includes the audio tracks corresponding to the videos you get on the second disk.  Isn't that what you would expect?

The virtual product doesn't let you do the same thing.  Who cares if it's not DRM on the audio – but instead, DRM on the video?  I'm unable to strip the audio off the video to burn it to a CD.

I think iTunes (or is it Sony?) should have structured their download the way they did with the molecular set – giving you all the audio tracks, and letting you copy them to a CD.

As Cory says, the iTunes user interface is – in this one case – incredibly confusing.  But in truth, even if iTunes fixed it, I wouldn't be happy with the Dylan album experience.  When I download an album I want the equivalent of the molecular product – with all of its 14 tracks, or whatever it's supposed to have.

Meanwhile, Alex J wrote to me from England.

Alex apparently doesn't think that videos have an audio track, or that I should expect to be able to put the soundtrack on an audio CD the way Sony did in the brick and mortar world (the miracles of modern science!).  He writes:

mmmm.. I don't see any DRM problems at all. I don't see any errors on the part of iTunes anywhere. I don't see …. well, shall I tell you what I DO see?

I see a loud mouthed idiot getting hysterical over the fact that he (she?) is trying to burn 4 bonus video – VIDEO – tracks to an audio CD and is being told by iTunes that it can't be done.

Funny that.

Now, stop frothing at the mouth, go and burn tracks 1 through 10 (ie. the audio tracks, you know, the music?), and r-e-l-a-x. Oh, and don't forget to put up a retraction of your silly rant 🙂

I guess “frothing” is not inaccurate, though hauling out the word “bonus” to legitimize the iTunization of the last four songs is a bit much – as is the implication that they don't contain “music”. 

Getting down to brass tacks, the trouble is that Blood In My Eyes and Things Have Changed are pretty decent songs (you know, those audio things), and I don't want them caged up inside the proprietary iTunes environment.  

Modern Times: nutso DRM or bad iTunes UI?

I wanted to hear the new Bob Dylan album last night.  So I went to iTunes (first time there), bought the album, downloaded it.

And guess what?  I couldn't burn it to CD. 

I could only listen to it inside the iTunes application. 

Apple's nutson DRM

My reaction:  this must be really crazy DRM.  Nutso actually.  But then there was worse.

It turned out that Modern Times is a – you guessed it – Sony record. 

I could just see the same crew who concocted the stinky Sony rootkit selling “Son of Rootkit” to iTunes.

Here's what iTunes had promised me on their official site:

Burning playlists with purchased songs in iTunes 4.5 and later

If a playlist contains any songs purchased from the iTunes Music Store, iTunes software restricts the number of times the same playlist may be burned to seven.

My reaction: Seven?  Ha!  Zero! Sucker…

I wouldn't have objected to stupid zero-copy DRM if I'd known about it ahead of time – I would have just “stayed away”.  But telling me I have seven copies and then telling me that “buring is disabled”?   

Poor Dylan. Surely he can't be part of this – though he's the producer on this recording.  He said during his recent Rolling Stone interview:

We all like records that are played on record players, but let's face it, those days are gon-n-n-e.

Hey, not only are records gone – it seems CDs are gone too.  There will just be bits, zeros and ones, run from Sony's world wide underwater headquarters.  No wonder everyone has had their fill of these guys. 

But back to Bob:

You do the best you can, you fight that technology in all kinds of ways…  You listen to these modern records, they're atrocious, they have sound all over them. There's no definition of nothing, no vocal, no nothing, just like — static.

“No nothing” is right.  No CD, that's for sure.

Maybe it's all just a terrible mistake.  A programming error.  I hope so.  Otherwise, anyone for a class action suit?

UPDATE:  The “burning is disabled” message is what iTunes puts up when some of the files have video as well as audio content.  You can copy the first ten the tracks, but not the audio portions of the other four tracks – even though, according to Amazon, the plastic version of this includes one CD with all 14 songs and a DVD containing audio-video for 4 of the 14.


Denial of servce attacks on the GE Puffer?

Here's a sobering piece on the GE Puffer by Martin Tibbits at Kangaekata.  He quotes me as a “detractor” of the GE Puffer, and he couldn't be more right.  The so-called Puffer (which should be renamed “Blaster” to dispell the cutesy lie that is its name) is beyond invasive and mysanthropic; it's a bad dream from the world of stupid product designs. 

The good news is that it has a competitor called the Senitinal, made by Smiths, that is beautifully conceived and has none of the problems of GE's abomination (I compared the two machines here). I therefore expect that no one competently evaluating this technology will ever install a Puffer again – and GE, in light of how inferior its own version is, will take it off the market to avoid humiliating its design staff.

That being said, Martin's insights really caught me off guard.

I’m sure that by now many of you have experienced the “Puffer“…a new explosives detection device being tested at several major US airports. 

The puffer is made by GE… based on technology developed by Smiths and Barringer Technology.

The technology works like this:

The Puffer blows air on you collecting tiny tiny tiny particles of just about anything you have come in contact with. It then ionizes these particles and performs some complicated analysis. The upshot is that the Puffer can detect quantities of explosives as small as a picogram!

How small is a picogram? Well a picogram is 10 to the -12 grams. Essentially if you zoomed a BB to the size of a school bus, a picogram would be the size of a grain of salt in the bus.

As a technology, puffers are pretty cool, despite their detractors. As a downside they are generally pretty slow, taking 10-40 seconds per person to perform their magic. I would be surprised if they had throughput greater than 30 per hour, honestly.

But the speed isn’t the only real problem. Were the FAA to rely on soley on puffers, here is exactly what could happen:

Al Qaida or any other terrorist group with feet on the ground in the US would be empowered to bring air traffic to a complete halt in the US, at will.

How? Simple.

Terrorists could simply spill a little RDX or C4 dust in front of the security line at major airports. It could be so little that it would be unnoticable. Picograms…remember?

People would walk through the dust…and the puffers would give off nothing but false positives. The airports would have to revert to pat downs and other time intensive security measures.

The result? A reversion to limited or no protection against explosives in flight.
Am I giving something away here? I hope not. Let’s not assume the terrorists are any less intelligent than we are.

Amazing.  A chemical denial of service attack.  Obvious in retrospect, like so many security flaws.

Issues raised by Knowledge Verification

Adam at Emergent Chaos outlines several issues he thinks arise from IDology's approach to Knowledge Verification

I don’t like these types of systems for three reasons:

First, they are non-consensual for the consumer. Companies such as IDology make deals with other companies, such as my bank, and then I’m forced to use the system.

Second, the information that such companies can gather are probably already being gathered by Choicepoint, Axciom, Google, and others. So the assertions that “its cheap for us, and expensive for the attackers” are hard to accept as credible.

Third, if truth and your database don’t agree, then we’re forced to have a reconciliation process, in which I, or the id thief, convince the company to change its answers. How does that process work?

I hope John at IDology can respond at the same time he gives us concrete examples of how the system works in practice.

One more Paul on the federation and user centrism demo

Incredibly, I just came across a comment by another Paul.  I guess I spoke to soon about my success communicating with Pauls, since Paul Madsen seems to be a doubting Thomas – which in this case adds some variety, so I'm pleased to see it: 

Kim Cameron has a screen cap movie of a demo created by Ping ID.

Kim asserts that the demo illustrates (paraphrasing) “user-centric technologies like Information Cards are not in any way counterposed to federation technologies”.

I completely agree with the sentiment, but question whether the scenario portrayed by the demo actually demonstrates it.

In the demo, a user authenticates to a portal using CardSpace. Once authenticated, they are presented with a list of applications available to them for which SSO is possible (this presumably dependent n which I-Card they selected). For Kim, the user-centric piece (CardSpace) somehow ends at the portal, and from then on federation (SAML etc) takes over.

So, user-centric and federated technologies are shown as working together – but not at the same time. The user-centric piece hands off to the the federation piece. Federation is presented as a lower-level piece of infrastructure (which it can be) that doesn't seem to touch the user.

Hmmm.  What I'm really saying is that in the demo being shown, the user has a relationship with the portal, which offers a nice array of services.  So in terms of technology, the identity relationship is user-to-portal, not user-to-individual-service.  One could also say the “services” can be “outsourced” by the portal – and are dealing with users as proxies for the portal.  Once the user has entered the portal, there is a “magic carpet” that takes her from service to service. 

But note:  The portal could also take the user to a service with which she would have a completely independent identity relationship.  In this case, the user would again see the Cardspace interface and select her identity through it.

Paul (three) continues:

This interpretation is reinforced by Kim:

To my way of thinking, you have two more or less orthogonal technology efforts – that oriented around federation issues, and that oriented around the user’s experience.

This ignores the possibility for SAML-based technologies to provide the very same user-experience (i.e. real-time identity sharing control, IDP selection etc) that I-Cards enables. Is SAML's Enhanced Client or Proxy (ECP), as it enables similar control mechanisms, then user-centric?

Probably not, as Kim also hilites the common UI of Cardspace and its relevance

Should my experience therefore be totally discontinuous as I move from one portal to another, being organized by the portal rather than by my own system

Exactly.  Maybe I was more successful at communicating with Paul Masden than I initially thought – I think he sees my point. 

The portal just cannot know all my identity relationships (unless I were to find myself in some hiddeous “total environment” where everyone knows everything). 

So the portal, simply by virtue of the role it plays in the system, cannot organize my perception and use of identities across the board.  This is one of the key points I'm trying to make, and explains why you need user centric technologies and they are orthogonal to federation technologies even though in both cases you have claims being asserted and relied upon.

Finally, Paul asks:

If the phone manufacturers (or those of set top boxes) were to come together and agree on user-interface standards – would that be user-centric?

If they allow users and relying parties to represent and select between their multiple identities then yes, sure, exactly.  But it's not just a question of user interface (UI), it's a question of capabilities that are represented through UI.  I don't know why people reduce this to UI.

The fact that phones could deliver these new capabilities is why it makes perfect sense to put Information Cards on phones, music players, and other devices.  I first proposed putting them on computers because I happen to work in that industry.  But I know a lot of people who are interested in getting the same identity relationships to appear across all kinds of devices.

Demo gets good reviews

Paul Toal over at Identity, Security and Me posted this to encourage you to check out the demo I put up recently.  (Just in case any of you are busy, it's only 3 minutes long!)

Picture of Britian's Paul ToalKim Cameron has posted a really good video here explaining how user-centric identity and federation can work together. His blog and associated demonstration is shown using Microsoft CardSpace and Ping Federate from Ping Identity.

I have worked with Ping Identity for some time and was happy with the product and how it, and federation works generally. However, like Paul Squires here, I was struggling to see how it fitted within a user-centric architecture. Whilst I saw the two as complimentary, I didn’t see the link.

This video has clarified this for me and shown that there is a clear interaction between the two.

As usual Kim, thanks for a great demo! If you haven’t seem the demo yet, you HAVE to view it.

Then, following Paul Toal's link to Paul Squires at Here, Now, I came across his additional comment:

This [demo…] is well worth seeing for anyone with an interest in where digital identity is going. The demo itself shows cardspace (if there’s anyone who hasn’t seen it yet!) along with interoperability between a number of applications. The guys at Ping have done a great job with this and I’d hope this brings together these various strands of identity management (it’s certainly helped me, not least from an architectural point of view). Things are starting to look very exciting!

Update: Never one to miss out on a bit of vanity, the second open tab in the browser during the demo looks very familiar!

Gee, I'm on a roll.  Just like my horoscope said, I seem to be communicating well with people named Paul.

As for Paul two's “update”, looking closely I also can see that I had been reading one of his posts the day I captured the demo.  Just think.  Some people are worried there will be no fingerprints in the digital world.  It ain't true.

Ping's Identity Metasystem demo

Ping Federate with InfoCardEarlier this summer, just before the Burton Group Catalyst conference, Andre Durand and Ashish Jain of Ping Identity really surprised me with a lovely Identity Metasystem demo that combined use of Information Cards and federation technology.

I don't think anything I've seen demonstrates more concretely why “federation” and “user centricity” are different and yet complementary.

The demo is built around Ping Federate, which speaks four protocols for transporting SAML tokens around:  SAML 1.0, SAML 1.1, SAML 2.0, and WS-Federation.  Since it speaks all these federation dialects, it can talk to any federating system regardless of its dialect – for example WebSphere, Presentation Server, Windows 2003 and .NET, Tomcat, SAP, Web Logic,, SiteMinder, CoreID, etc.

But even better, the user has a rational experience as well – just seeing this circle of trust as being accessed through an Information Card.

To play the demo:

Use Windows Media Player.  (You will need the Techsmith Screen Capture Codec (TSCC).  If your system complains it doesn't have the right codec, pick it up here.)  If you want to watch this and don't have any way to see it with Windows Media Player, let me know and I'll make a version for Quicktime.

The demo lasts 3 minutes and takes up 4 megs.  Download here.

As always I sound a little earnest as I rush you towards the finale.  But I think you'll like what these guys have done anyway.

Federation and user-centricity

Conor Cahill picked up on a discussion I recently relayed to identityblog readers – part of an ongoing dialog between Brett McDowell and Dick Hardt.  Conor says:

I think the issue causing the disagreements here is the interpretation of the term “federation” when discussed in an identity context.

Certainly federation can mean groups of businesses working together and this is the traditional meaning of the term in the business community. This meaning would fit with Kim's statement above.

However, in an identity context (as in “identity federation” — the stuff the Liberty Alliance has been working on since its founding) the term federation was used to describe the sharing of identity information from party A to party B. Party A is usually some party representing the user (acting on the user's behalf) such as an Identity Provider or an Attribute Provider. There is nothing that says whether Party A is an entity operated by the user or by some 3rd party.

In fact, in the Cardspace solution, the process of sending data through an Infocard instance to a relying party would be considered taking place under identity federation, whether the infocard instance was rooted in a local data source or a remote data source.

Ultimately, I would say that federation can be used in both user centric and non-user centric solutions. Federation is a technology/protocol and user centric is an implementation philosophy. When designing a user centric solution, you almost always have to include some form of identity federation, but give the user great control over its use. The converse is not required to be true (although I wouldn't object to it if it was true in any environments in which I played).

I like a lot of Conor's thinking.  I agree that use of a managed card in Cardspace should be considered a form of “federation” between the relying party and the identity provider – federation approved by the user.

But I don't quite buy that “federation is a technology/protocol” wherease “user-centric is an implementation philosophy”.  I doesn't compute given a great deal of work I've been doing lately.

It's clear to me that good “user-centric” experience isn't just an automatic or natural by-product of some other “technology/protocol”.  In fact, it requires just as much study, just as much thought, just as much coding, and just as much experimentation as protocols do – probably more. 

What I'm try to say here is that it requires technology.   In the past we've had a lot of technology that failed miserably at organizing, integrating and rationalizing the user's experience.  I've been working on software that I think does a lot better job at this.  Why wouldn't Conor call that a technology?

To my way of thinking, you have two more or less orthogonal technology efforts – that oriented around federation issues, and that oriented around the user's experience.

As a user, when I go from portal to portal to portal, it's likely they will have relationships with different identity providers.  Should my experience therefore be totally discontinuous as I move from one portal to another, being organized by the portal rather than by my own system?

In Cardspace (and with Information Cards running on other devices and platforms) we postulate that the user can benefit from computerization of his or her own identity experience – just as enterprises benefit from computerization of theirs.

Through Information Cards users can benefit, to the extent the technology is adopted, from the same well-understood experience as they move between unrelated portals which do not share identity relationships.   

I see Cardspace as providing a palette of identity relationships (Information Cards) that work for me as a user and make sense from my point of view as an individual with a complicated life. 

I think Dick Hardt, and others like Paul Trevithick at Higgins, share a number of the same notions as I do, though each of us is concentrating on different aspects of the problem.

So that's why I'm saying that there are two legitimate technology areas, orthogonal in the sense that you can have either one without the other, but synergistic in that together you get a number of critical new scenarios.

To make this more concrete, my next post will be  a demo of Andre Durand and Ashish Jain's work in showing how this can look in practice.

User Centric is here to stay

I came across the following exchange on the ID Workshop discussion list.

First up was Brett McDowell of the Liberty Alliance:

I've just started looking for the follow-on thread I was expecting out of the “User Centric” session Dick led in Vancouver. I don't see it. Has that happened yet?

I was expecting an email that captured the consensus we had and a list of new “titles” for what I call “the identity management architecture formerly labeled ‘user-centric’ which is to be renamed in acknowledgement that at least two architectural models are appropriately labeled ‘user-centric'” (one model being a “user-centric deployment of Federation” and the other model being “TBD”… but it is what SXIP does).

That was our consensus view at the well-attended Vancouver session and I'm keen to participate on the naming exercise for the other architecture.

For more background read the wiki notes here. (note I'm not sure attendees are done tweaking these notes yet so they may not yet represent a true consensus but they are helpful now nonetheless):

So, Dick… are you going to kick this off? (or did I just miss it?)

Brett's challenge was directed at Dick Hardt, the amiable CEO of SXIP who understands better than any of us how to explain digital identity to a broad audience. (If you don't know him or forget how powerful his message is, make sure you look at this.)

After reviewing the meeting and looking at the graphics that were drawn, I think that user-centric might be the right term. The term has a fair amount of market awareness already and is being used to convey a model that is different from Federation.

I think User-centric means that each site trusts the user, and the user is free to choose any identity agent that provides the appropriate technical functionality. Federations are where a set of sites have decided to trust each other and the user has a relationship with one of those sites, which can then be communicated to the other sites.

This does NOT mean that “federation technologies” cannot be deployed in a user-centric manner.

Hopefully being August, the signal to noise ratio on any ensuing discussion will be high, but that may be wishful thinking.

I agree with Dick on this one, and don't really understand why Brett wants to fold user-centricity and federation into a single axis.  They are orthogonal. 

Federation technologies aim at helping internet portals, their suppliers, and their enterprise customers (businesses or government) to digitally identity the subjects of their business transactions.  This might or might not involve “users” in the conventional sense.

User-centric technology aims at helping individual people organize their relationships with many different and unrelated portals and internet sites – contact relationship management for individuals, as Doc Searls once said.

So in my view we are likely to have individuals employing user-centric technology to organize their relationships with federations.  There is no contradiction here, and no need to get rid either of the notion of the user-centric, or of the idea of federation.

The individual needs – and has a right to – technology that represents her.  The individual hasn't really been a factor in the identity equation until recently – she has simply been whatever some domain says she is.  That's changing.  User-centric technology delivers those changes.