HOW TO USE INFOCARDS AT IDENTITYBLOG

At identityblog I accept pretty much any infocard – on condition that you demonstrate ownership of your email address.

Going forward, I hope to hook up with organizations like sxore who can do the necessary verification and reputation gathering, and people who present infocards from these organizations won't even have to go through email validation.

 

Click on the movie below to see how infocards work.

 

WELCOME! BEAR WITH ME AS I CHECK OUT YOUR EMAIL ADDRESS

 

Welcome to identityblog…

Please bear with me as I check out your email address.

It's great to see your interest in identityblog.  I look forward to receiving comments and links from you.

Since you are using a self-issued identity, I hope you won't mind responding to an email that contains a link back to my site.  It helps convince me you are not a spam robot.  Currently its not a very demanding test – you just need to click on the link!

Until then, your login here doesn't do anything for you.  Please watch for the email, then log in again. 

Having done that, you'll be able to leave comments here without going through the moderation queue.

 

THE SIGNED TOKEN

<saml:Assertion MajorVersion="1" MinorVersion="1"
        AssertionID="uuid:a5ca5dd2-f2b1-47c9-b3be-c9aa6e47d37f"
        Issuer="http://schemas.microsoft.com/ws/2005/05/identity/issuer/self"
        IssueInstant="2006-03-05T17:51:18.473Z"
        xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
    <saml:Conditions NotBefore="2006-03-05T17:51:18.473Z"
            NotOnOrAfter="2006-03-05T18:51:18.473Z" />
    <saml:AttributeStatement>
        <saml:Subject>
            <saml:SubjectConfirmation>
                <saml:ConfirmationMethod>
                    urn:oasis:names:tc:SAML:1.0:cm:holder-of-key
                </saml:ConfirmationMethod>
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                        <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        </e:EncryptionMethod>
                        <KeyInfo>
                            <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/
                                    wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                                <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/
                                    oasis-wss-soap-message-security-1.1#ThumbprintSHA1"
                                    EncodingType="http://docs.oasis-open.org/wss/2004
                                    /01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
                                        +PYbznDaB/dlhjIfqCQ458E72wA=
                                </o:KeyIdentifier>
                            </o:SecurityTokenReference>
                        </KeyInfo>
                        <e:CipherData>
                            <e:CipherValue>Zp9GQJBEuo4UZYxVh/QM3y8LzqVh2aium82nCsozh4
                                HwSK5NDIRfK/qKInUL8J7f+IrIQS1jpVkwlztUpoP4dkdaAAu9
                                A/EBzEuCGL/uz9wcD4HxxVAGrvV71H9gaAhgmvR561yaBLjaJC
                                rrnSNaji/4pAGUq23oIDxHF3IhHfk=
                            </e:CipherValue>
                        </e:CipherData>
                    </e:EncryptedKey>
                </KeyInfo>
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Attribute AttributeName="GivenName"
                AttributeNamespace="http://schemas.microsoft.com/ws/2005/05/identity/claims">
            <saml:AttributeValue>William</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute AttributeName="Surname"
                AttributeNamespace="http://schemas.microsoft.com/ws/2005/05/identity/claims">
            <saml:AttributeValue>Shakespeare</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute AttributeName="EmailAddress"
                AttributeNamespace="http://schemas.microsoft.com/ws/2005/05/identity/claims">
            <saml:AttributeValue>william@avon.org</saml:AttributeValue>
        </saml:Attribute>
     </saml:AttributeStatement>
     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
         <SignedInfo>
             <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
             <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
             <Reference URI="#uuid:a5ca5dd2-f2b1-47c9-b3be-c9aa6e47d37f">
                 <Transforms>
                     <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                     <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                 </Transforms>
                 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                 <DigestValue>E8fLZ1moCpnDYlLlX39Ooc2n+ec=</DigestValue>
            </Reference>
         </SignedInfo>
         <SignatureValue>nmRwWM/WjYlMK8v/bVBHOQeS+hBj603lxCcAcoD0GmxCKhm+c5O7X7X+iTj3qb
                   DGQrFQSu/zqRadJRlFGS3N0O5hapGuDXrmP85ac7KeDVBQ90PrDDigeYZQU5Lw6NK1iG
                   .
                   .
                   .
                   pXlT1vAG7Snvu6DAJQpAL+gqeO2afJg==
         </SignatureValue>
         <KeyInfo>
             <KeyValue>
                 <RSAKeyValue>
                     <Modulus>xmJx9eJQYln5r8eR7X2XPcwcSS5C8fBjlLdv/rBsgfNA+KeAKx6Z7speFJp
                         CmeNOe8v3nUldfYlvN9jWcKFn3AF4ddgMHw5e1M0TpPzQlBtcMTm12Uslg3ANFw0zM0h
                         .
                         .
                         IqNDrzJGDU1fuLRSkNT/Q==
                     </Modulus>
                     <Exponent>AQAB</Exponent>
                 </RSAKeyValue>
             </KeyValue>
         </KeyInfo>
     </Signature>
</saml:Assertion>

THE ALEX BARNETT COLLECTION

Alex Barnett has been pushing his postcasting to the edge and I've found a number of his conversations both helpful and enjoyable.  I suggest people try them out:

 Microformats Podcast, March 31, 2006

“Here's a great podcast for you. All about microformats…”

Guests: Tantek Çelik, Dan Connolly and Rohit Khare. I think it's safe to say these guys know a thing or two about the web and microformats

Here's an OPMLish podcast for you, March 10, 2006

“It's all about the draft OPML 2.0 spec and a few other things thrown in such as structured blogging, OPML tools, namespaces and microformats.”

Guests: Joshua Porter, Adam Green and John Tropea.

Reading Lists (OPML) podcast: Danny Ayers and Adam Green, Feb 12, 2006

“Last year Dave Winer started to push the idea of Reading Lists for RSS. More recently, the idea of Dynamic Reading Lists and Feed Grazing (or Grazing Lists / Glists) has been kicking around.

Its likely that Reading Lists support will become a common feature of Feed Readers / Aggregators.”

Guests: Danny Ayers, Adam Green and Joshua Porter

Attention podcast : Attention with Steve Gillmor, Feb 08, 2006

“Steve has been leading Attention conversation for some time now. In 2003 he, along with David Sifry (CEO of Technorati), initiated the attention.xml efforts and has since taken on the role as president of the non-profit Attention Trust.”

Guests: Steve Gillmor and Joshua Porter

MSN Search Champs podcast – Privacy conversation Jan 26 2006

“I attended the MSN Search Champs today….and what a day.  Given the recent news and concerns around the data MSN Search, Yahoo and AOL provided to the government, there was a session set up where the 57 bloggers / online experts at MSN Search Champ were invited to discuss the topic with senior MSN management (Senior VP Yusuf Mehdi and VP Chris Payne).”

Guests: Fred Oliveira, Dion Hinchcliffe, Joshua Porter, Chris Pirillo, Thomas Vander Wal and Brady Forrest.

Attention podcast: RSS feedreaders and aggregators Jan 22, 2006

“I asked two of the RSS industry's leading lights to join me for a call and share their perspective on the question of where Attention is going with respect to RSS feedreaders and aggregators: Nick Bradbury creator FeedDemon, part of Newsgator (Nick also developed Homesite – sold to Macromedia – and Topstyle) and Kevin Burton of Tailrank (also co-founder Rojo).”

Guests: Nick Bradbury, Joshua Porter and Kevin Burton

Structured Blogging podcast with Marc Canter and Joe Reger, Dec 16, 2006

“You might have heard of the Structured Blogging initiative announced earlier this week by Marc Canter and others…there was certainly plenty of buzz and reaction to the news, but not all the reaction was rosy.”

Guests: Marc Canter and Joshua Porter

Attention and Identity with Dick Hardt and Kim Cameron, Podcast, Dec 09, 2006

“A couple of weeks ago Joshua and I had a conversation about attention data (as podcasts). In that conversation we kept touching on the topic of online identities and their management, so we thought we'd invite two pioneers of the identity space, Dick Hardt and Kim Cameron, to a podcast session and discuss how they saw the connections between these two related topics: attention and identity.”Guests: Dick Hardt, Kim Cameron and Joshua PorterGuests:

OPML = Attention Data, Attention Engines and Tailrank, Nov 12, 2005“Although we met briefly last week, Kevin Burton and I didn't manage to get enough time to discuss some of the things on our mind at the time, so we got a Skype call together and posted it as a podcast (.mp3, 42mb).

We focused the discussion around what he calls Meme Engines and I call Attention Engines, Tailrank (Kevin's latest project), OPML, RSS and Attention.xml”

Guests: Kevin Burton

Attention podcast with Joshua Porter, Nov 26, 2006

“About OPML, Attention, and empowering people.”

Guest: Joshua Porter

Web 2.0 podcast, July 01, 2006

Richard MacManus of Read/WriteWeb and I had a Skype chat this evening and recorded the call   Talked about Web 2.0, attention.xml, a bit about RSS, APIs and more.”

Guest: Richard MacManus

NOW FOR C5: CUSTOMER-CENTRIC CONVERGED COMMUNICATIONS & CONTENT

Here's a piece by Marcus Lasance that appeared recently in European Communications, an interesting web site oriented around telecom and originating from Europe.  Marcus is Managing Director of MaXware UK, and for those who may not know MaXware, it's a European company with a sterling reputation that has long built identity-related software.

Marcus makes a number of interesting points.  One of my key take-aways is that the shift toward user-centricity is hardly limited to North America, as some have thought, but has independent and reinforcing components emerging all over the world.

 The IEC’s 21st Century World Forum will, next year, be renamed the “C5” Conference: “Customer-Centric Converged Communications & Content”. With this snappy title the IEC is picking up on an emerging trend that tries to put individuals, ie ‘The Customer’ back in charge, when it comes to managing and controlling access to the very important resource that is their personal data, their public and private identities and associated profiles. It should be the individual user who decides what parts of their digital identity they want to share or do not want to make available to others in their interactions with strangers, friends and family, companies and governmental organisations. So, how will IMS cope with this fundamental human right?

The seven laws of identity

When Microsoft's Kim Cameron formulated his seven laws of identity in May 2005, he put at the top of his list ‘User Control and Consent’. Any Identity Management metasystem must be designed to put the user in control – both of what digital identities are used, and what information is released. Kim warns us: “A system that does not put users in control will – immediately or over time – be rejected”. Kim also practices what he preaches at Microsoft. Possibly the most important design rationale behind ‘Infocard’ – Microsoft software that aims to help consumers deal with the plethora of Internet logins – is “to enable users to simply and consistently make informed and positive authentication decisions on their own behalf,” says Cameron. Infocard will be released as part of the new Vista operating system from Microsoft. “We're laying the foundation for what we need,” Bill Gates said in a speech at the recent RSA Conference in San Jose.

4891 – Project iDNA

4891 – Project iDNA promotes an even more radical paradigm shift in this respect. iDNA is the brainchild of Dutchman Paul Jansen, who shows that not only does this trend make sense from a privacy perspective but that it also has enormous commercial potential. Those organisations that understand and act on the opportunity to work with individuals to enable a better, cheaper use of their data, will gain significant competitive advantage.

Both Jansen and Cameron observe that in today's e-commerce world, enterprises, for example, see their relationships with customers and employees as key assets, and are fiercely protective of them. However, from an economic perspective, it makes no sense that organisations in aggregate spend billions of dollars maintaining the same duplicate personal information about their ‘customers’, which 99 per cent of the time, in any case, soon becomes obsolete.

Reversing this idiotic process requires the acceptance of a paradigm shift. Organisations should all stop wasting their resources by trying to centralise and monopolise the storage of personal information, and find a more logical place to manage this – namely by putting the individual back in charge. Paul introduces at this point the concept of the iDNA key (for which he has a patent pending), which has some resemblances to Infocard.

An iDNA-key can be any kind of hardware token consisting of a combination of a few well known and robust technologies, such as: Data-storage in Flash-memory; PIN-code (software) technology; Biometrics; and Chip/ROM data identification.

A USB token with built in biometrics

Software integrating this technology in a hand held device, acting as an IMS terminal, makes imminent sense. The UICC SIM card used in 3GPP networks already knows an application called ISIM, which can store private and public user identities, not unlike the principle of the Infocard and iDNA.

The display of modern hand-held communication devices is even more suitable for facilitating user interaction, when it comes to allowing or disallowing the transmission of privacy sensitive personal information to and from applications on the converged network.

But will the user be bothered, every time he/she makes a phone call, to press an ‘OK’ button before being connected to an unknown IMS subscriber? Probably not. If, however. the user was made aware that during his call a whole stream of location data was being captured and stored in a location server, he might have second thoughts.

PRIME: Privacy and identity in Europe

The European commission was so concerned about the whole issue of privacy, that on March 1st, 2004 it launched a 16 Million Euro R&D Project on Privacy and Identity Management called “PRIME – Privacy and Identity Management for Europe”.

PRIME aims to contribute to the development of voluntary standards for privacy enhancing technologies. The European level gives PRIME the necessary weight to do this, and enables the research organisations of major IT vendors and major universities to co-operate on this topic. Prime has worked out a provisional high-level component architecture of the PRIME IDM system. How successful it will be is another matter. For starters, PRIME seems to violate Cameron's 5th law of Identity advocates: “Pluralism of Operators and Technologies”

“Today many governments are thinking of operating digital identity services. It makes sense (and is clearly justifiable) for people to use government-issued identities when doing business with the government. But it will be a cultural matter whether, for example, citizens agree it is “necessary and justifiable” for government identities to be used in controlling access to a family wiki – or connecting a consumer to her hobby or vice,” Cameron says.

Paul Jansen also does not see a leading role for government in being an arbitrator of what is and what isn't allowed, shared, or divulged in our privacy sensitive information transactions.

When interacting with governments, he sees a role for trusted third parties, very much like the BACS and Interpay clearing services, which we implicitly trust when we do very similar financial transactions.

So we'd have some emerging ‘Information Banks’, where we would store a back-up of our valuable information assets, combined with a secure network like Visa's to handle privacy sensitive data transactions.

In economic terms, the value of such an identity meta system could one day rival that of the world banking system, according to Jansen.

AAA in the IMS

While attending last year's 21st Century Communications World Forum, it struck me how little we, as engineers, have learned from the criminalisation of the Internet. Scholars like Zouhair Ghazzal of the History Department of Loyola University in Chicago already pointed out that the rise of the Mafia can be directly attributed to the failures of nascent and weak state institutions, and the lack of/need for a well trained and “clean” police force, judiciary, fencing and guarding techniques, etc.

So the mafia emerges as a de facto group that actually functioned as the “guardian” of physical property. Are we first to see the same kind of lawlessness on the emerging converged networks of Internet and IMS?

Sometimes it seems that our industry is too clever for its own good. VPN tunnelling on the Internet and ESP (Encapsulating Security Payload) are all fair and well, but the same technology that protects our privacy from prying eyes can, at the same time, hide a stream of kiddie pornography or hide the fact that important identity information is being hijacked and forwarded without our knowledge.

What is the future of IMS networks? Big dumb pipes, where anything goes, or closely monitored ‘information super highways’ where state troopers can stop every IP packet and demand to know what lays encrypted inside? The dilemma between privacy and piracy is one we need to solve. Big brother may be watching, but so are the crooks! In the end we probably prefer the devil we know.