Category: Identity

Andre Durand of Ping Identity has told me about what he'll be demonstating at Catalyst 2006 – important stuff.  As the post at the right puts it:

A user authenticates to a healthcare portal leveraging a self-asserted InfoCard. The user’s credentials are validated by a Java InfoCard Server built by Ping Identity. PingFederate is then used to enable federated single sign-on to a remote Web site without a redundant user authentication.

I've spent a lot of time over the last year trying to convince colleagues across the industry that InfoCard technology is not positioned against Liberty or SAML or WS-Federation technology – that federation protocols could be used on portals powered by WS-Trust through InfoCards. 

Now Ping has an implementation that actually proves it.  I guess this means I can take a break, cool my jets, lay low, and chill.  Thanks Andre.

Under the covers, the integration can be done in a number of different ways, so I look forward to seeing the details of how Ping has approached it.  To download the Ping poster and see the details, click here.

I'm impressed by Ping's ability to continue to innovate in the identity world.

This is a note to those (over 100 testers now) who are using my site to sanity-check their infocard implementations. 

For those who missed the first ten minutes of the movie, one of my motivations when I set up this site was to break down the industry fault lines that were undermining the emergence of an identity metasystem reaching across all platforms and technologies.  So I set out to learn more about the concerns and successes of people running on platforms other than the one I work on.  This led me first to Radio Userland, and then to WordPress, which itself runs on top of MySql, PHP and Linux or other Unix derivatives.  My blog runs in in this environment.

As the conversation evolved I wanted to prove that the Identity Metasystem and InfoCards can, with a bit of work, reach across any technology – and does not involve rocket science.  I wanted my friends in the REST community to see how straightforward all of this was.  So I wrote a library for accepting InfoCards in PHP and made it available to anyone who might find it useful by posting it on my site.

Recently I've enhanced this code to solve a problem that emerged in interoperability testing.  I don't think I broke anything else, but, hey!, I have no test organization, eh?  So this is a notice for everyone with an implementation to retest before turning up at a public demo and finding out I've changed spmething!  Help me make sure I haven't introduced an error that breaks your work.

Once I've gone through this phase I'll replace the code currently on my site with the new verson.

Phil Becker is Editor In Chief of Digital ID World.  His analysis consistently seems on-time and profound.  I don't think it's well known, but besides his wisdom in business matters, he has an amazing technical background: he wrote some of the code that helped put men on the moon. 

I have to admit that I'm a bit biased towards Phil because his magazine once gave me a prize, which, from a design point of view, was of a distinctly superior quality.  That's a good sign.

But since meeting him I've turned to Phil for a reality check more than once.  Like Doc Searls, Jamie Lewis and Craig Burton, he sees the big picture.  What example should I choose?  Recently, when we were chatting about how to explain InfoCard to enterprise architects, he said, “Kim, stop explaining it.  Start telling people how they can be part of it.  That's what they want to know.”   

Now he has written his “Identity Fallacies” – or three of them, at least.  They offer practical advice for the enterprise and beyond.  You have to love the way Phil explains things.  I hope this post will get those new to the identity metasystem reading his work (the left-brained may want to start at the first fallacy and read forward from there):

Like the second identity fallacy the identity data centralization fallacy recurs frequently because it seems so logical. It has kept identity management the province of very large companies for many years. Thankfully this is finally changing, albeit somewhat slowly.

A significant goal for many identity management initiatives is to gain centralized management and control, and intuitively it seems that the easiest path to that result is to aggregate all the identity data in a centralized data store. But identity data by its nature has distributed origins, and attempting to aggregate the data itself leads to an insoluble set of problems and side effects, especially at internet scale.

Centralization of any data suffers from reliability and performance problems at scale, requiring significant “brute force” to overcome. But when identity data is centralized a huge number of side effects occur that will ultimately undermine the success of the endeavor – even if the technical aspects are successfully worked out. Perhaps the most visible example of this was the Microsoft Passport project. Microsoft demonstrated that the technical problems of an internet scale centralized identity system could be solved. They also pretty well demonstrated that the side effects were so numerous and undesirable that a successfully implemented centralized identity data system wouldn't be accepted by the marketplace. This experience was a major factor in Microsoft's Identity Architect Kim Cameron formulating his Laws of Identity which attempt to describe the attributes an internet scale identity system must have to achieve marketplace acceptance.

It still might seem that in an enterprise centralizing identity data is a good idea. But it generally isn't, for a variety of reasons. First, identity data is a very dynamic thing. It requires constant updating to remain current, and if it isn't current then using it to manage other things becomes risky. Even in an enterprise where identity data seems pretty straightforward, it turns out that it has many different natures that end up forcing portions of it to be managed by very different parts of the business. For example, HR tends to manage actual employees as they onboard and offboard. But department managers tend to manage things like promotions, temporary assignments, etc. that create changes in their identity data and corporate resource access requirements. And who in the company handles contract labor, consultants, business partnerships, etc? Certainly not any centralized business process for them all exists.

The result is that if IT tries to centralize identity data because that makes it easier for them to use it to manage their networked computing resources, they end up creating a structure that is politically and structurally at odds with the business processes of the enterprise. This has brought many identity management projects up short, severely lengthening their deployment times, reducing their scope, and limiting their effectiveness dramatically. In governmental identity projects, centralization of identity data creates most of the limitations that cause political reactions as well.

Thankfully the technology of identity management has begun to move past the concept of centralizing the identity data and is now providing tools such as virtualization and federation that allow the identity data stores to be organized to align with the identity data management while allowing them to be networked, managed by centralized policy, and presented in a variety of ways that don't reflect back on their management. The shift from a directory-centric view of identity management to a provisioning-centric view of identity management is the first step down this road. many more steps are now emerging to widen the applicability of identity to manage broad, networked business process oriented views of computing for regulatory compliance auditing as well.

But as each new person approaches identity management, it seems they have to go through the step of learning why identity data centralization is always a bad idea. it seems only after they realize the implications of this identity fallacy can they move on to understand how identity must really be deployed to be successful.

This is so interesting I can barely keep myself from making a number of comments.  But I need to concentrate on some other burning issues.  I'll come back to this as soon as I can.

I am glad to see I am providing Robin Wilton and various of his friends with suitable amusement these days. Luckily this doesn't distract him too much from interesting comments on the dynamics shaping federated identity frameworks.

First, on yesterday's topic of ‘identity protection and financial services’, you may be heartened to learn that the Financial Services Technology Consortium (FSTC) is working on stronger mutual authentication as part of the solution to this problem, and has just concluded Phase One of its ‘Better Mutual Authentication’ project. More information at www.fstc.org.

The FSTC has been looking closely at SAML and Liberty for several years now, and concluded back in 2003 that Liberty technology could help financial services organisations improve security and identity management.

I think what's changed since then is the increased recognition that strong authentication is, simply stated, a great example of a web service which one member of a circle of trust can provide to other members.

Second, Liberty members (especially the techier ones) are watching with interest as Kim Cameron is gradually exposed to some of the (frankly fun) group dynamics among the participants. You know how it is; you get to know people over the course of sometimes heated debate about identity principles, and every so often you have one of those arguments which looks to any outsider like a bare-knuckle dust-up. It's only when you know the two participants and their history that the whole thing looks altogether less vicious and more amusing.

There's also a good deal of innocent amusement to be had from reading these lines in Kim's blog:

“One of them asked why Liberty hasn’t caught on more since it has been around for almost five years. Not knowing Conor I might have imagined he would sidestep the issue with marketing gloop. “

As Kim immediately discovered, Conor is fresh out of marketing gloop… and is not expecting a re-stock ;^)

Without wanting to get into the subsequent to-and-fro between Conor, Paul Madsen and others, I'd just note this, as I have done in public comment on several occasions:

Those looking for mass adoption of Liberty often ask why large-scale e-commerce adoptions are not more visible. I think the e-commerce boom of the late 90s offers instructive parallels. The B2C bubble was highly visible and easily grasped, conceptually, by those seeking to understand this new technological phenomenon. However, there was both more money and greater longevity in the B2B market using exactly the same technology.

I think we're seeing some of the same thing in the identity market. Yes, there's adoption and growth in B2C applications – and that will continue; but there's a steadier undercurrent of adoption for B2B applications, even if those are not always as visible to the consumer or onlooker.

An interesting event to look out for is the point at which it becomes realistic for G2C identity infrastructures to intersect with B2C applications. That's not primarily a technology event – it's one driven by market and policy conditions – but in my view, if you're looking for candidate technologies to make it happen, Liberty is at or near the top of the list.

To me this doesn't look much like a bare-knuckle dust-up – just a good discussion.

I love avatars and 3D, and I am fascinated by ActiveWorlds and Second Life.  So how could I not flip over this article by Mark Wallace at 3pointD.com.  He discusses not only those topics, but identity as well:

This was going to be a brief post about some new features of the ActiveWorlds software that was just released, but it turned into a longer contemplation of how the 3D Internet will work once many, many more of us have a presence in such online spaces.

Chris from SWCity, a community in ActiveWorlds that I’ve been meaning to visit ever since I blogged it back in April (sorry, guys!), sends news that AW recently released a preliminary build of the new Version 4.1 of its software. I don’t spend a lot of time in ActiveWorlds so I can’t say how much better this is than the last version, but a couple of things jump out at me from the release notes that are notable or at least cool-sounding — including a kind of identity portability. And some of it seems to point, in a platform-agnostic way, to what would seem to be the future of 3D spaces on the Internet. But first the new AW stuff:

• AW now has particle objects. De rigeur for Second Life, but will be big new fun for AW residents.

• New objects called “movers” can be used to make vehicles. Again, old hat for SL, though perhaps AW will actually do this better. SL’s vehicles mostly suck.

• (This sounds very cool:) “Users may define zone objects, which can be used to define a 3d spatial volume where the normal world properties are replaced or changed.” Anti-gravity plot, anyone?

Plus the ability to slide downhill, handy-sounding interface features, and native voice support. But one of the most intriguing additions to AW 4.1 is the following:

• “Personal Avatars allow you to take a unique avatar to almost any world.”

Unlike Second Life or There.com, in which practically all the land masses of the virtual world exist on the same map, accessible as a single “login space” (i.e., one login gives you access to any region of the world), ActiveWorlds exists as a series of discrete, disconnected spaces — including 3D home pages — that are accessed from a central hub. But you don’t always get to take the work you’ve done on your avatar from one to the next, forcing you to re-tweak and/or remodel who you are for each separate world. The Personal Avatar feature should let you bring your “self” from one world to the next with little trouble.

This kind of thing points the way forward for virtual worlds, if you ask me. Second Life is a unique community; it’s the America of virtual worlds, a land of opportunity and a melting pot of different people and peoples, all tossed into the mix in a big beautiful jumble. (What does that make There.com? The Caribbean of virtual worlds? The California?) But I’d argue that the one-world model of SL is a temporary condition, something that will become a smaller subset of a larger picture as individuals gain more and more power to create their own 3D online spaces.

I’d bet things are headed toward a more distributed metaverse, one in which you can create your own little 3D online corner of the Internet that doesn’t exist on any 2D map aggregating such spaces. (There will continue to be 2D Web pages as well, of course.) You’ll still be able to travel from one to the next, but it will be more like traveling from one Web page to another; you won’t necessarily be able to walk next door to visit the neighbors.

Contiguous 3D spaces won’t disappear altogether under the distributed metaverse model. Groups of people will band together into loose confederacies of interest and community and create larger spaces that will exist on their own 2D maps. But there will eventually be too many people on the 3D Internet to make it feasible to manage them all through a visual interface. Imagine if you had to use a 2D map to navigate through or even look at the 11 billion Web pages that are out there. Impossible. Even 1 million such locations isn’t practical to represent that way. Larger contiguous communities will still exist, but you’ll still need an information-based way to navigate between these.

And you won’t want to show up at each new 3D homepage or in each community looking like a newb. This is already a problem on the Web, where we have to create a new username and password for any site we visit that offers more than just something to browse (which is why Kim Cameron at Microsoft and many other people are working on a solution to this). I just counted 46 logins I use on a semi-regular basis, and there are probably a couple dozen more than I use less frequently. I’m probably something of an outlier, but even having just a Netflix, Amazon, Gmail, iTunes, Second Life (or ActiveWorlds) and World of Warcraft login is starting to be too much. Can I really expect all my online friends and associates to reside (as far as their online “lives” go) in the same 3D world? Already I know people in almost a dozen 3D worlds, and that number will only rise as time passes. While I see no problem with donning a world-specific avatar for playing World of Warcraft or EVE Online, it just doesn’t make sense to switch visual identities, reputation, account information and inventory each time I want to visit a different social or commercial or otherwise utilitarian world — just as it doesn’t make sense that I have almost 100 login handles for using the Web.

Which is where ActiveWorlds’ Personal Avatars come in. I can’t tell you which 3D technology is going to become dominant, whether its AW’s, SL’s, There’s, Multiverse’s or one that’s yet to emerge. But whatever it is (or whatever set of such technologies, more likely), we’ll want a way to navigate between them more seamlessly than we can navigate between even 2D Web sites today. I think the nicest way to do this would be to develop some kind of protocol, either for 3D sites themselves or for portability of avatars and identity, just as an “identity metasystem” is being contemplated now. And this is just what ActiveWorlds’ Personal Avatars are for the spaces that run on that platform.

Just as TCP/IP helps connect the otherwise incompatible networks that make up the Internet, something will one day connect the otherwise incompatible worlds that make up the metaverse. AW’s Personal Avatars are only the earliest manifestation of this kind of thing. It’s quite a bit further off than right around the corner, but it’s not too early to serve up as food for thought. Bon appetit!

I first started to believe in the inevitability of avatars at a super-hip conference organized by Jerry Michalski and Ester Dyson somewhere back in the 1990’s.  Maybe it was Doc who got me invited.  Anyway, there were a bunch of smart web innovators there, including some pretty cool guys with a web browser that had a “magic carpet”.  

It turned out there were legions of subscribers who rode these magic carpets together on tours that went site-crawling using avatars that looked like Marilyn Monroe and James Dean and other sex symbols of various sorts.  The system's inventor showed me how to create a magic carpet of my own.  Incredibly, a gaggle of avatars lept onto my carpet within a few seconds. 

My friend said, “Now just type in the name of your web site, and the magic carpet will take everyone to it.”

I said, “Really?”  The realization of what was about to happen suddenly hit me.  I didn't actually want to, but since everyone was waiting I typed my URL, which pointed to a web site all about identity and metadirectory technology.

Then the avatars all started to scream and burp and jump off the carpet as fast as their legs – those that had legs – would take them.  It was kind of symbolic.

Identity was really a niche thing in the 90’s.  I thought it would probably take a decade to make it into the same paragraph as an avatar.

And I guess it did.

We now have bits that make it easy to try out InfoCard from Windows XP.  You can download them here.  In other words, we've moved beyond the problems of conflicting versions that plagued us earlier.

UPDATE:  Thanks to Rick for pointing out that when you follow the link, you'll see a button allowing you to download  Microsoft Pre-Release Software WinFX Runtime Components – Beta2.  Click on that button.  InfoCard is part of that Beta.  Sorry I didn't make this clearer.

This is still not the final UI – which is continuing to evolve.  There are also some known “issues”.  One is that when you export your cards and reimport them, the keys change.  Another is that there is an incompatibility with tablet PC meaning that, on tablet, you can only use InfoCard once and then need to reboot. 

None the less, you will get self-asserted cards out of the box (though there is no box).  I'll also be posting links to some managed cards so you can try that out.

For those who are interested in building relying parties and identity providers on the Windows platform, you'll get everything you need here.

Once you've got an infocard, go to “Login” or “Dashboard” at the top right of identityblog and leave a comment…  Let me know wht you think.  There's no moderation – with an InfoCard you can publish directly to the blog.

Adam, at emergent chaos, has found a great image to help communicate the concept of compartmentalization of identity.  He begins by relaying one of my recent posts:

My central “aha” in studying the British government’s proposal was that the natural contextual specialization of everyday life is healthy and protective of the structure of our social systems, and this should be reflected in our technical systems. A technology proposal that aims to eliminate compartmentalization rejects one of the fundamental protective mechanisms society has evolved. The resulting central database, where everything is connected and visible to everything else, is as vulnerable as a steel ship with no compartments – one perforation, and the whole thing goes down.

Then he goes on to add:

It's a tremendously important point. Our lives are naturally, usefully, and importantly segmented. In 1959, Erving Goffman discussed this in the (still important) “Presentation of Self In Everyday Life.” (Wikipedia article, or some excerpts… I know. Books. Get over it, there's some useful stuff stored that way.)

His basic thesis is that we play roles: “school principal” or “mother” or “doctor” or “bribe-accepting Congressman,” and that each of these roles has its own quirks and presentations, and it is useful and important to separate them. An identity system that doesn't support that in powerful ways is far less likely to be adopted.

Paul Squires at Here, Now responds by starting to offer concrete examples of things we might expect of an identity card system that was designed to be maximally secure and protective of the privacy of its citizens. 

This is great.  We need to take it further and continue to brainstorm what is actually possible in the realm of identification, rather than remain mired in a framework defined by outmoded notions representing lowest-common-denominator technology and the minimal privacy/security bar. 

This is in effect what I was trying to say here and it’s a very important part of why an ID Card system on the scale the Government is attempting to force through will be doomed to failure. I had a very similar discussion IRL a few days ago with someone who is favour of ID cards (in principal) and I don’t think the scale of this is fully appreciated.

Quite simply – the data revealed by a scan of my ID should be different, depending on what I’m doing at the time AND who the reader is. Obviously my doctor should be able to read different information from that of my local policeman, which will be completely different from the barman who needs only to verify my age (this is law 2 of Kim Cameron’s laws of identity). The fact that the police should also be limited in what they can read under any situation is also going to be vital… Additionally if I’m operating in the course of my business then personal information shouldn’t be revealed, but my business details could be. The context HAS to work two ways to form a minimum subset of data that can be revealed in a situation.

Why does all this seem so obvious to me?

Paul McNamara brings us a heart-warming tale of deserved retribution in Sony settlement and Mr. Rootkit over at Network World.

Unless he's been fired already — a not-unlikely scenario — someone is walking around Sony today known as The Rootkit Guy (we'll use Guy in the non-gender-specific sense here). I mean that code didn't simply leap onto those CDs; someone thought it was a clever idea and made sure it got there. Has to be one of the classic “What the (bleep) were you thinking?” moments in modern history.
 
And you can't help but wonder how that someone is doing today as news emerges that Sony has settled a class-action lawsuit — three, actually, combined into one — that looks as though its going to cause Sony bean counters to pull their hair out by the rootkits. The agreement calls for those who purchased the CDs in question to receive their choice of a cash payment of $7.50 plus a free album download, or three album downloads.
 
We're talking about 15 million CD buyers.
 
If he is still at Sony, something tells me Rootkit Guy is eating lunch alone.

It's funny. I know pretty much everyone in this bizarre thread by Tom Raftery, and can't actually believe my eyes as I read it.   I wonder if, when we get all the other licensing issues worked out in the identity sphere, we'll find out Dick Hardt has trademarked Identity 2.0? (just joking, I think!)

Marc Canter called Cory Doctorow out yesterday. He said:

Cory Doctorow is one of the leading critics of DRMs, DMCA, copyright laws and the status quo – which often pits lawyers vs us. He’s worked for the EFF for years and helped found the #1 blog – Boing Boing. 

But he’s also a close buddy of Tim O’Reilly and Rael Dornfest and helps create the Etech conference every year – which is the cornerstone of the O’Reilly Web 2.0 empire.

So I’ve gone be back and scanned BoingBoing over the last 36 hours – and guess what?

I can’t find a statement from Cory on his good buddy Tim – suing Tom Raftery – who is now MY good buddy, since I did a podcast with him, met him in Dublin at a Web 2.0 event and will be going to Cork – in November to speak.

I take shit like this personally.

So this is a public all out to Cory “hey Cory – wassup dude? Which side are you on?”

Cory has subsequently come out of the woodwork with as biased a piece on this Web 2.0 furore as I have seen outside of the O’Reilly blog.

At first glance the article seems even-handed, reasonable even, until you realise that Cory has only linked to two articles in his post: 1) the O’Reilly response and 2) John Battelle’s response (John Battelle has a working relationship both with Cory and O’Reilly).

Then consider Cory’s language, he says that the dispute has been resolved amicably and that O’Reilly’s

has granted the con[ference] permission to use “Web 2.0″ in its name

I’m sorry, what? They have granted us permission to use the phrase Web 2.0 in our conference? Wow, that was really generous of them, NOT. Should we also apply to them for permission to use the word “conference” in our conference title?

What if I trademarked the name Cory Doctorow here in Ireland. It wouldn’t be that hard, there can’t be that many Cory Doctorow’s here. Then say I got my legal team to send threatening cease and desist letters to Cory Doctorow saying I had trademarked that name in Ireland and that he had better refrain from using the name in the US. Then say I finally relented, called off the legal dogs, and said “Ok Cory, you can use the name Cory Doctorow – I will give you my permission to use it”. Would Cory feel I had been particularly generous to ‘allow’ him to use the name?

Of course not. Similarly, a trademark issued in the US has no jurisdiction whatsoever in Ireland. O’Reilly’s have no trademark for the term “Web 2.0″ in Ireland. O’Reilly’s did not grant us permission to use the term – they had no authority over our use of the term in the first place.

Cory, if you are going to write a biased post that’s fine, everyone is entitled to that but you should really disclose your relationships with the parties you blog about (and link to the relevant posts rather than only linking to your friends).

UPDATE – Robert Hyndman has a fabulous post on the selfishness of trying to trade mark a term as generic as Web 2.0.