Author: Kim Cameron

Caspar Bowden has advised me that the book Malicious Cryptography: Exposing Cryptovirology is a “hair-raising read”. Here is the description from Amazon:

“The authors of this book explain these issues and how to fight against them.” (Computer Law & Security Report, 1st September 2004)

Product Description:
Hackers have uncovered the dark side of cryptography—that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It’s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you’re up against and how to fight back.

They will take you inside the brilliant and devious mind of a hacker—as much an addict as the vacant-eyed denizen of the crackhouse—so you can feel the rush and recognize your opponent’s power. Then, they will arm you for the counterattack.

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

• Understand the mechanics of computationally secure information stealing
• Learn how non-zero sum Game Theory is used to develop survivable malware
• Discover how hackers use public key cryptography to mount extortion attacks
• Recognize and combat the danger of kleptographic attacks on smart-card devices
• Build a strong arsenal against a cryptovirology attack

The hacker motivated by pure thrills is perhaps being eclipsed by a new breed of professional, but this doesn't make the concepts explored here less relevant!

Buy cheap cheap buy online levitra downloadable.

Buy cheap buy cheap super online l viagra downloadable.

Buy cheap buy free online levitra viagra downloadable.

Buy cheap buy very cheap online levitra viagra now downloadable.

Luke Razzell of weaverluke has posted an entry on digital identity to the Wikipedia. He begins:

Digital identity is the representation of identity in terms of digital information.

A digital identity can be understood as the set of digital information that is attributable to any given entity. This entity may be human (an individual or a community), a physical object, or even digital information itself.

Luke continues on to discuss how identity is the product of relationships, how it is used in authentication, how it relates to ontology – all in all an ambitious and thoughtful piece of work that people should look at.

I have to admit that I like the way he starts out, but prefer to separate the “evaluation of claims” (what Luke calls “attribution” based on “trust”) from the concept of digital identity itself. Otherwise things get way too complex.

I think it gets us much further in a practical sense to stick with the idea that a digital identity is simply a set of claims (assertions that are in doubt) made by one digital subject about another digital subject.

I argue that what an observer “makes” of such a set of claims is just another set of “claims”, this time made by the observer (they may or may not be conveyed further).

I hope all lovers of recursion will catch my drift.

You end up with a simple transform of what you started with – a set of claims made by one digital subject about another. Thus the matters of trust and attribution are at a higher level of abstraction than the mechanism for expressing identity.

This also makes it easier to build a system that works across boundaries but leaves the social issues of trust open to many possibile differentiated implementations.

A while ago I wrote about the ways blogging might transform the relationship between people who design software products and their customers.

I mentioned how for many of us engineers, Doc Searls’ dictum that “markets are conversations” defines a form of marketing that we can actually understand. Wanting to give an example from my own experience, Burks Smith from Sprint popped into my mind. He's one the great customers who helped me imagine. And guess what? Just a few days later he was googling for an article about his son and came across my blog…

I also found the engineer-customer relationship rewarding, and was happy to have the ear of someone who could not only understand our problems, but could affect change. That mail product 15 years ago needed to get the address book right, and this is the foundation in all of today's Identity Management solutions. Thanks for listening.

Again Burks strikes a chord – he knew how to take advantage of the clarity of the unmediated relationship between himself and me as a designer, just as much as I did in the opposite direction. And through our interactions we were able to identify and get at the real underlying problems that hadn't even annunciated themselves in the top-down market yet.

By “top-down market” I mean the market as described by the conventional market machinery. Doc probably has better words for this stuff. But what do I think was happening? The conversation was way ahead of the top-down market.

With respect to the power of the Blog, I wouldn't have known about this posting if I hadn't been searching for an article about my son (III) in Google and accidentally came upon it.

Yes, I suppose that's a problem. But as imperfect as the longtail niche might be, Burks found out what I'm doing without my having to send him an “I'm blogging” spam! It's truly amazing how much more input the blog gives me for my thinking process, input that will continue to affect everything I do in the deepest possible ways. Thanks to everyone who writes to me.

I just spent a few epochs at Ester Dyson's Release 1.0 Conference.

Between the Lines did a great job of covering the event. Veteran Dan Farber captures it in this piece:

“Esther Dyson's PC Forum is one of those events where you can feel the pulse of the industry (at least the top of the pyramid, judging by the number of corporate jets) and get a sense of what is fashionable, if not profound or disruptive (buzzword from last year). The award for the most frequently bandied about term must go to the longtail, which has risen, in my book, to the status of one word. It all started with Wired Editor Chris Anderson's article in his magazine last year. “

In case anyone just woke up after a long sleep, Dan quotes ” a kind of description from a posting on Chris’ blog“:

The Long Tail, on the other hand, is about nicheification. Rather than finding ways to create an even lower lowest common denominator, the Long Tail is about finding economically efficient ways to capitalize on the infinite diversity of taste and demand that has heretofore been overshadowed by mass markets. The millions who find themselves in the tail in some aspect of their life (and that includes all of us) are no poorer than those in the head. Indeed, they are often drawn down the tail by their refined taste, in pursuit of qualities that are not afforded by one-size-fits-all. And they are often willing to pay a premium for those goods and services that suit them better. The Long Tail is, indeed, the very opposite of commodification

Of course I like “longtail” thinking because it makes writing a blog like this one seem rational. When certain people ask me how many readers I expect to get with a subject like this, I can just say, “Hey man – I'm longtail. Get hip.”

And in fact, at PC Forum identity conversations were going on everywhere, from morning to night, day after day. Doc Searls and Marc Canter, who I now realize know everyone in the world on a first-name basis, did a fantastic job of introducing, facilitating, and bringing people together – the proverbial “herding of cats”. The conversations ranged all the way from discussions of protocols to brainstorming on how to find ways for technologists to get input, feedback and validation from those thinking deeply about issues of governance and cyberspace.

I expect these discussions will continue to build until everyone gets together at the next big identity event – the Digital Identity World (DIDW) Conference coming up in May. If you are interested in identity – which you must be since you are reading this – try and get there.

Between the Lines’ David Berlind, who has serious depth in the identity area, did a podcast with me about the laws and their implications. He's very good at concretizing things and I enjoyed getting to know him. He and Dan are podcasting like crazy! Give it a try. Look for the Podcast buttons on their site. And don't forget Doug Kaye's IT Conversations as well (just saw Doug has posted an interview with Marc Canter that I have to download ASAP).

Dave Kearns likely speaks for several in his response to my proposed definition of digital identity:

According to Cameron:

A digital identity is a set of claims made by one digital subject about itself or another digital subject.

That may well be true, but it's so insipid as to serve as a definition of nothing. Kim goes on to prove this by excerpting others’ definitions and alleging that his definition can stretch to cover.

Being able to “stretch to cover” doesn't have any value in itself. I was making the deeper point that we need a definition of digital identity which is suitable for more than a closed system. It needs to work for a metasystem embracing multiple implementations and ways of doing things. One way to explore this was by seeing whether our proposal embraced the definitions employed by some existing implementations.

To be sure, a rigorous definition of digital identity is going to conflict with some of the definitions used in existing systems. That is because many such definitions purposely or inadvertently limit the scenarios to which they apply. Such is the case for the example put forward by Dave:

Even in a single digital context (one instance of a web site, say) an identity also needs to be unique.

Wrong

What does it mean to say a digital identity needs to be unique? Is Dave saying that each digital subject always requires a unique identifier?

Many systems have been built with that assumption, and identity based on unique identifiers is an important model. But that doesn't mean such systems are the only ones required in the emerging world of identity!

Non-unique digital identity

Let me take the case, for example, of a relationship between a company like Microsoft and an analyst service that we will call the Kearn Corporation. Let's suppose Microsoft pays the Kearn Corporation K dollars so anyone from Microsoft can read its reports on industry trends. Let's say also that Microsoft doesn't want the Kearn Corporation to know exactly who at Microsoft has what interests or reads what reports.

In this scenario we actually do not want to employ unique individual identifiers for the digital identities of Microsoft users consuming the service. Kearn Corporation still needs a way to ensure that only valid customers get to its reports. But in this example, digital identity would best be expressed by a claim – the claim that the digital subject currently accessing the site is a Microsoft employee. A forward-looking definition needs to address this requirement.

Our definition succeeds in this regard. It defines the claim made by one digital subject (Microsoft Corporation) about another digital subject (the particular unidentified and non-unique employee accessing the site at a moment in time).

Is this unidentified subject in need of a unique identifier? No.

Is his or her identity unique? Not in the sense Dave intended. There is a whole set of users about which the claim may be made. Such subjects have a digital identity defined by the claim.

Non-uniqueness reduces complexity in many scenarios

I know Dave is one of the first to embrace reduction of complexity, and I hope to win him over by showing how this applies. I can give many examples of scenarios in which non-unique claims reduce complexity because so many customers have talked about their needs in this regard.

Let me choose one at random. To protect the innocient I'll concoct a specific example based on the Navy, which I choose because its size, dynamics and distribution around the globe make the argument unassailable.

Let's suppose there is a site containing information which should be viewable by members of the Navy but no one else. Does that mean everyone in the Navy must present their individual identifier to that site in order to gain access, and that the site then has to look it up and determine the identity's current validity? This is what current systems require, and people running them don't like it one bit.

To make things more real-world, let's also suppose there are various sites, on different continents and at sea, each offering access to the same information. Do all of them need to be provisioned with complete and up-to-date directories of every member of the Navy (as well as those who have left or may be unaccounted for or even in enemy hands)? Experience has shown this isn't possible – and that if it were, it would inadvertently leak important information.

I argue that we must allow for scenarios like these, in which a user could just go to a Navy identity provider to get a claim that she is a member of the Navy, and then present this claim – along with cryptographic proof that she is the legitimate bearer – to the site being accessed. This is very much an example of both increased simplicity, and reduced risk. These benefits accrue through application of the second law, dramatically reducing disclosure of information about the composition of the Navy to all the relying sites.

I can say with total confidence that the architecture of an encompassing identity metasystem should allow the subject to be unique – or not – depending on the requirements of the scenario, and that there is nothing insipid about making this a requirement.

I've spent the last couple of days at the Netpro Directory Experts Conference in Vancouver. I'm not sure if the sessions will be made available as podcasts but I hope so. It's an ultra-focussed conference dealing with Active Directory (AD), Microsoft Identity Integration Services (MIIS) and Active Directory Federation Services (ADFS) – as well as the set of interesting products that live in the same ecology, offered by independent vendors.

The main buzz at the conference was about the MIIS Alliance – a consortium of independent vendors who are building and marketing a synergistic suite of products and solutions that use MIIS as their underlying identity management engine and glue. It is another important milestone in metadirectory's transition from being a kind of “specialty product for the rich and complex” to one of the key underlying technologies of distributed computing. I am impressed by the vision of the Alliance and very encouraged by the things they are doing. Currently the Alliance consists of NetPro, Oblix, Oxford Computer Group, PointBridge, and Vintela. There are many other top drawer vendors building on MIIS as well. For example, Centrify showed a demo of their Linux product, which includes management agents for Linux/Unix, and does WS-Federation with ADFS – incredible.

Most of the sessions were detailed technical ones given by people with lots of hands-on experience and savvy. As a product architect I tend to see software architecture as being about how things are built. This includes decomposing the functional and structural elements to produce a layered or modular design with clean interfaces allowing for extensibility, maximum reuse and simplicity, the proper operational characteristics, usability and provable quality. But the Netpro conference is clearly for people who inhabit our products. Products really are environments and as architects we had better look at them that way. I'm not sure we do a good enough job at that.

There was an analyst session with a distinguished panel: we heard from Thomas Mendel of Forester Research, Earl Perkins of the Meta Group and Nick Nikols and Dan Beckett from the Burton Group. Thomas had interesting things to say about what it means for AD to have passed what he called “the 50% threshhold” on an international level. It is pretty clear that there is a kind of “tipping point” phenomenon happening. A lot of the discussion turned on ways of leveraging the AD information asset for immediate business value. Earl put it this way: “Active Directory is playing a more and more important role in identity management, becoming above all an enabler.”

Thomas mentioned a study of twenty-five companies who had put password self-management in place – achieving on average a 3 month return on investment… Nick talked about the impact ADFS would have by making it easy and inexpensive to leverage directory information to drive federation and single-signon. He said it will put federation within easy reach of pretty well any enterprise. Earl pointed to the paradox that network administrators are so focussed on their day-to-day work that they don't see (or can't influence) the big picture – so that in many cases, enterprises don't understand the information asset that they have. Dan Beckett gave many good examples

One interesting exchaege was between Thomas, who characterized enterprises as still being in “incident management” mode, and Nick Nichols who argued many had crossed over into “proactive solutions” mode. The market obviously consists of both groups, and the discussion was about what comprises the mainstream. Whatever the current situation, this evolution in understanding will be crucial to the future of identity management technologies like MIIS, and developments like the emergence of MIIS Alliance show that ISVs think the market is there.

There was a lot of talk about the effect compliance legislation will have in improving infrastrcture practices. But Earl cautioned we had to be careful to see there would be no silver bullet – that any attempts to put policy into practice would run smack into the problem that policies and reality need to have some relation to each other – and that this will initially not be the case!

I also saw Dave Kearns at the conference – back from his “leave of absence” – and we had some good times. His quill really does sharpen the discussion, and I'm grateful for it. So on to the next item.

Doc Searls answers “Yes” to my question:

So just as blogging transforms who is involved in journalism, might it not also transform who is involved in marketing?

Doc, who after all invented he word “authorators”, then adds:

Here “Searlsist” appears for the first time. (I'm not even sure I'm one of those.)

Doc has the good sense not to ‘join a club that would have me as a member…”

Anyway, I define ‘Searlsist’ as “one who believes markets are conversations.” So I'm afraid he is one of those – unless I've fallen behind.

Thanks to Michael Specht, author of My Blog of HR and Technology Stuff, for pointing me to another identity horror story which is right up there with the ChoicePoint Saga and other tales from the identity crypt.

You can read the about the whole affair in a really clear whitepaper from Think Computer.

Yes, my hearties, prepare to shiver and twist as you learn how…

PayMaxx has unwittingly created a perfect example of how a security breach is possible over a connection that is technically secure.

And that:

Upon discovering the vulnerabilities in PayMaxx’s system and their extent on February 7, 2005, Think immediately notified PayMaxx that the problems were of a serious nature, and recommended that the company hire a security consultant to remedy them if it was unable to fix them on its own. After more than two weeks, PayMaxx issued no formal response and took no action, leaving the security holes wide open.

More ghoulish details:

Any employee, whether terminated, presently working, on leave, or even affiliated with a company that was no longer a PayMaxx customer, could therefore look up the supposedly confidential W-2 of any other onetime PayMaxx customer.

And again:

By simply changing one number in a hyperlink on PayMaxx’s “secure” web site, it was possible to scan through PayMaxx’s entire W-2 database for the year 2004. PayMaxx stored each employee’s data record sequentially in a table—a perfectly normal and acceptable practice, and one that Think uses frequently in its own software, but also one which made it possible to always guess the ID of the next record by simply adding 1.

But meanwhile…

Statements remained on its corporate site such as, “At PayMaxx, we are committed to maintaining your privacy and data security.” Interestingly enough, as recently as February 18, 2005, Attorneys General in thirty-eight states signed an open letter to ChoicePoint, Inc. protesting that company’s inaction after it was notified of a remarkably similar problem.

It shocks that PayMaxx apparently didn't react “full speed ahead” to rectify the situation it had created.

But then there are also deep technical implications to consider. Have you heard my audio interview with Carl Ellison? This is the perfect example of what he means when he says that security can't be done in layers, but needs a “diagonal” across all the layers to provide a holistic solution.

My recent lapse of nostalgia wacked Eric Norlin into the same state – now this is what I call a bio.

A while ago Eric Norlin of Ping provoked a lot of discussion with a piece called “Why the hateration towards marketers?” I found the ensuing commotion fascinating because the story painted the “Searlists” (that's pronounced like ‘surrealists’ but without the ‘real’ part…) as being gnawed at by growling engineers, themselves reacting as mindless victims of shameful abuse by pre-Searlist “marketing bullies’.

In the ensuing aha! I could see that the key to getting past this lies at least partly in explaining the “markets are conversations” message to engineers.

As engineers, if we are any good, we have already come to have a deep engagement with the people who use our software. And to the extent we have had a problem with marketing people, I think it was often because we didn't perceive them as having done the same. Many times it was our customers who told us this.

But Searlist marketing is an advanced form of this same engagement. So really it's marketing that can make sense to engineers. By the way, I don't mean to paint engineers as saints, or deny, in all fairness to marketers, that there are a great many weird dynamics that can skew our vision!!!

In a recent posting Eric says of Microsoft's Robert Scoble:

Scoble asks a question (re: RSS, “markets are relationships”, etc):

“Here's my thesis: companies that have lots of bloggers will end up making better products, will end up having better marketing and PR, will end up making more profit at the end of the day, and will be more likely to have more than one “hit product” and will be more likely to last 100s of years.

“Do you agree? Why or why not?”

Eric answers this way:

Yes, i do agree — though not because blogging is some revolutionary method of interaction, or because the world wide web lives by axioms of open-ness, or anything else like that. I agree because “markets are relationships” as a principle has held true since the bazaar, and still holds true (yes, i'm admitting to a belief in a fundamental – oh god, i'll say it – “human nature” )……RSS is an *evolutionary* step in that conversational relationship.

BTW- under scoble's lexicon, RSS sounds like it falls squarely in the realm of the product marketer/manager — someone that tries to facilitate a feedback loop around the voice of the customer back into product development. THAT is what A)ensures better products B) results in better marketing and pr C)results in more profitability and D) gives a company a *chance* to last 100s of years….

…and i think that holds true for ALL companies all of the time – and analyst relations, core messaging, positioning, product marketing, rss, a sense of humor, etc – they ALL play into that.

….so, yes, i'm agreeing w/ Scoble – i'm just hinting that its time that we place blogging in a larger context (in terms of the “marketing” discussion)…..

Well that's all pretty cool. But I think blogging changes more than this. It lets a product architect like me have a more direct relationship with the people for whom I am building products – with no interpreters in the middle. It lets me add a new conversation – one focussed around the scientific aspects of what we are doing. And allows (once we get things moving at the right clip) for deep discussions with people from other teams who are building complementary or potentially competing technologies. And with people like Craig Burton and Jamie Lewis who can help us all situate and theorize what we are doing.

So just as blogging transforms who is involved in journalism, might it not also transform who is involved in marketing? Not by marginalizing people like Eric who really understand it, but by allowing more of us to participate, such that the relationship between customers and product development becomes more unmediated?

I'll pause here for a moment, because I can hear people saying that we really need a division of labor. “If engineers spend their time talking with customers, they won't be able to get any work done.” And I don't deny that there is truth to this.

But I'm suddenly transported back maybe fifteen years, to a customer called Burks Smith from Sprint. I actually see him periodically and to this day he remains one of my favorite people. He had bought an email router I had designed, and was a wonderful customer who appreciated all its great features. But one day, it basically “blew up”, having unexpectedly encountered a particularly defective inbound message.

We worked through the technical support. As tens of thousands of messages queued up hour after hour, Burks never lost his focus or demeanor. But when things were back to normal, and we were doing the post mortem, he told me, “You know, that wasn't a software error – it was a train wreck.” That sunk pretty far into my head – and I have never done an “optimistic” design since.

The point here is that the conversation must touch all of us who work to create product. Not just marketing.

Eric concludes:

ps: heard through the grapevine that Wag-Ed – or at least some folks inside Wag-Ed – (msft's pr firm) finds microsoft blogs to be very hard to deal with…

I guess my blog could be one of the harder ones to deal with, because (except for pieces like this one) I try to go beyond opinion and concentrate on exploring new boundaries and approaches in computer science. Furthermore, it's well know that I'm a product architect for – what else – identity and access products, and that I'm not likely to leave my notions about what works and doesn't work at the door when I walk into my office. How do you fit that into a traditional marketing agenda?

I don't think you can. I think the agenda grows. And I think that will happen all over our industry – fast.