I always trust Dave Kearns to tell me what he really thinks, so this review of my InfoCard For PHP Tutorial is encouraging:
Finally got around to watching the tutorial, and it's a good one. Simple concept, easily grasped nothing too techy, but still not condescending.
If only the narator was a bit more enthusiastic! 🙂
I think it will really help you understand metasystem and InfoCard technology if you take a look.
Here's one conference I definitely won't miss. I've been lucky enough to preview some of the papers. I gurantee that if you want to deepen your understanding of privacy enhancing technology, you should see if you can get to Cambridge at the end of June:
Robinson College, Cambridge, United Kingdom June 28 – June 30, 2006 http://petworkshop.org/2006/
Special Events:
* Keynote speaker: Susan Landau, Sun Microsystems Laboratories
on “The Missing Link”, (Abstract at the end of the email.)
* PET Award 2006 ceremony and reception at Microsoft Research,
http://petworkshop.org/2006/award.htmlCo-located with:
* The Fifth Workshop on the Economics of Information Security
(WEIS 2006), 26-28 June, http://weis2006.econinfosec.org/
* IAVoSS Workshop On Trustworthy Elections (WOTE 2006)
29-30 June, http://www.win.tue.nl/~berry/wote2006/Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior, and restricting the ability to publish or retrieve documents. Approaches to not only protecting individuals and groups, but also companies and governments, from such profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure.
This 6th workshop addresses the design and realization of such privacy and anti-censorship services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives.
Early registration by May 12 at:
http://petworkshop.org/2006/petRegister.htmlFurther local information on accommodation and travel is available on the PET workshop website (book accommodation early!):
http://petworkshop.org/2006/petTravel.htmlProgram Chairs:
* Philippe Golle, PARC
(Philippe.Golle at parc com)
* George Danezis, K.U.Leuven
(George.Danezis at esat kuleuven be)General Chair:
* Richard Clayton, University of Cambridge
(Richard.Clayton at cl cam ac uk)Research Program:
(also at http://petworkshop.org/2006/program.html)Privacy and the real world
* One Big File Is Not Enough: A Critical Evaluation of
the Dominant Free-Space Sanitization Technique
Simson Garfinkel and David Malan
* Protecting Privacy with the MPEG-21 IPMP Framework
Nicholas Paul Sheppard and Reihaneh Safavi-Naini
* Privacy for Public Transportation
Thomas S. Heydt-Benjamin, Hee-Jin Chae, Benessa Defend, and Kevin Fu
* Privacy Rights Management – Taming Cellphone Cameras
Mina Deng, Lothar Fritsch and Klaus Kursawe
* Ignoring the Great Firewall of China
Richard Clayton, Steven J. Murdoch and Robert N. M. Watson
* I Know What You Did Last Summer: Self-Awareness,
Imagined Communities,and Information Sharing in an
Online Social Network
Alessandro Acquisti and Ralph GrossPrivacy policies
* Enhancing Consumer Privacy in the Liberty Alliance
Identity Federation and Web Services Frameworks
Mansour Alsaleh and Carlisle Adams
* Traceable and Automatic Compliance of Privacy
Policies in Federated Digital Identity Management
Anna C. Squicciarini, Abhilasha Bhargav-Spantzel,
Alexei Czeskis and Elisa Bertino
* Privacy Injector – Automated Privacy Enforcement through Aspects
Chris Vanden Berghe and Matthias Schunter
* A Systemic Approach to Automate Privacy Policy
Enforcement in Enterprises
Marco Casassa Mont and Robert ThyneAnonymous communications
* Improving Sender Anonymity in a Structured Overlay
with Imprecise Routing
Giuseppe Ciaccio
* Selectively Traceable Anonymity
Luis von Ahn, Andrew Bortz, Nicholas Hopper and Kevin O'Neill
* Valet Services: Improving Hidden Servers with a Personal Touch
Lasse Øverlier and Paul Syverson
* Blending different latency traffic with alpha-mixing
Roger Dingledine, Andrei Serjantov and Paul SyversonAttacks: Traffic and Location analysis
* Breaking the Collusion Detection Mechanism of MorphMix
Parisa Tabriz and Nikita Borisov
* Linking Anonymous Transactions: The Consistent View Attack
Andreas Pashalidis and Bernd Meyer
* Preserving User Location Privacy in Mobile Data
Management Infrastructures
Reynold Cheng, Yu Zhang, Elisa Bertino and Sunil Prabhakar
* Location Access Effects on Trail Re-identification
Bradley Malin and Edoardo AiroldiPrivate muti-party computation, authentication, and cryptography
* Private Resource Pairing
Joseph A. Calandrino and Alfred C. Weaver
* On the Security of the Tor Authentication Protocol
Ian Goldberg
* Honest-Verifier Private Disjointness Testing without Random Oracles
Susan Hohenberger and Stephen A. Weis
* A Flexible Framework for Secret Handshakes
Gene Tsudik and Shouhuai Xu
* Optimal Key-Trees for Tree-Based Private Authentication
Levente Buttyan, Tamas Holczer and Istvan Vajda
* Simple and Flexible Private Revocation Checking
John Solis and Gene TsudikKeynote speaker:
The Missing Link
Susan Landau
In recent decades, we have seen significant progress in the development of tools to protect privacy. We have similarly seen various policy developments, e.g., the 1980 OECD Guidelines on Privacy Protection and 1997 application to the Internet. But
Between the conception
And the creation
Between the emotion
And the response
Falls the Shadow.
(T.S. Eliot, “The Hollow Men.”)One shadow is that while privacy policies abound, when data is collected, there are few or no rules governing its security (which is a crucial requirement for data privacy). A current instance of this concerns the recent requirement for data retention by the European Union.
This talk discusses what is needed to get to:
Between the conception
And the creation
Between the emotion
And the response
Falls the Action.
Phil Windley's piece on the Tuesday morning session at IIW includes this description of the fascinating work done by Chuck Mortimer (who had an entire InfoCard environment running inside FireFox) and by Gail-Joon Ahn.
The first session I went to was Gail-Joon Ahn from Univ. of North Carolina. Gail-Joon and his students built an open source implementation of InfoCards. They’re interested in creating potable, interoperable, and multi-modal identity card selectors (part of InfoCard).
Gail-Joon’s students demo’d a Java version of the InfoCard selector. The demo included logging into a site using a selected InfoCard, creating cards, and interacting with identity providers and relying parties in a couple of scenarios. All of the code is in Java. This is an impressive effort, but also illustrative of the fact that InfoCard
- doesn’t have to be just a .Net/Microsoft thing and
- is simple enough to allow multiple implementations.
Part of their work involves moving InfoCard beyond the desktop and to mobile devices. They demo’d what’s called an “i-button†that contains a secure token. The i-button could be on a ring or key fob. There was also a demo showing an InfoCard selector on a mobile phone. Chuck Mortimore did a 5-minute demo of a Firefox plugin he’s done for InfoCards. He created a card and then logged into Kim Cameron’s blog using the card. Pretty cool. Kim Cameron took over to show the code that Chuck was hitting on his blog. The relying party stuff he’s using is all written in PHP. Kim showed various debugging tools for seeing what’s going back and forth and demo’d the use of various InfoCard pieces from various players together.
I guess Phil turned his head for a moment, and in the general chaos that reigned all around us, missed Paul Trevithick's demonstration of early Higgins interoperability with InfoCard. It brought about another round of whistles and applause, and I think represented one of the aha moments of the conference.
Paul, who has been a leader in the Identity Gang since day one – being instrumental in developing our shared vocabulary – and Anthony Nadalin, an inventor of WS-Trust and a leading identity thinker at IBM, were both 100% clear that their goal in Higgins was to produce an identity selector that would use the same InfoCards being employed in Microsoft's identity selector, and expose the user to a similar identity experience. I think this clarity will be important in convincing the journalist community that we on the same identity train.
The demos made the growing momentum of the Identity Metasystem absolutely tangible. People have now demonstrated all aspects of the metasystem running on both Windows and non-Windows platforms. That's a real milestone. Meanwhile, discussions about open source projects abound.
Here's some of what Phil Becker had to say in the DIDW newsletter:
This week I saw a significant “state change†occur in this year and a half “Identity Gang†evolution, and it tells me things are going to start to happen. Some of those involved will be happy this is so, others most likely won’t be. But for those not directly involved (i.e. most of the population) it was, in my opinion, a tremendously significant moment in the evolution of the identity conversation, and one that will have many significant ramifications going forward – though these will likely take another year to become clear to those not paying close attention.
They are working on the issues of what form identity must take to become ubiquitously deployable, become something that will be adopted comfortably by users, and how we can ever get there from here.
The first sign that the required significant shifts are occurring is visible in the titles of the sessions this un-conference produced on its first day. These titles have all subtly shifted in ways that indicate there is no longer any question that there is a single, over-arching story behind the identity conversation, and that the mission now is to figure out how to converge the many efforts that are underway.
These efforts were each begun with a very different mission and with a very different use/case and problem set driving them, and this has previously created division and competition. This time, however, it was clear that everyone was looking for where they should get on board, and how to avoid having their goals left out.
Opinity's Tom Maddox has a bunch of podcasts lined up for us:
Sorry about the failure to do postings updating the Internet Identity Workshop 2006. Last heard from, I had finished eating my spinach on day one–listening through presentations on technical topics.
Days two and three were very different, as advertised. “Open space,” “unconference”–what have you. There was a large open space, where at one end larger presentations could take place; otherwise tables were spread out across the space, and there were meeting rooms on both sides of it. What this means, practically speaking, is that the rooms and tables could be used for smaller sessions, and that the remaining tables could be used for ongoing conversations.
The sessions were actually seminars: topic-centered, with a more or less formal leader, a whiteboard, and a group of engaged participants.
In short, as Dave Winer has advocated often and well, the conference was able to engage the intelligence and kills of the participants. Insofar as I could tell, the results were excellent. That is, people knew they would have a chance to voice their concerns and to respond to whatever others said–whoever the others were, including technical or corporate bigshots.
Now, before someone reprimands me for implying that there were corporate or technical bigshots in attendance, let me clarify that one. There were, in fact, luminaries of various sorts participating: A-list bloggers, well-known corporate folks, technical experts working at the forefront of innovation in the field of identity mangement … people like that. However, and this is the point: they were not on stage, performing. They were at the tables and in the rooms, talking, listening, asking and answering questions. In terms of social interaction, the conference hierarchy was flat.
However, de gustibus non est disputandum, as the man said—which is to say, there's no accounting for taste. So some folks undoubtedly prefer the bright lights, big city ambience of big conferences. I prefer things this way.
But, you may ask, what were these people talking about? Well, I'll cue up the MP3s and show you as I get them edited. I did podcast interviews of varying lengths with several people:
- Doc Searls, one of the workshop organizers–though, he says in the interview he's more of a liability than an asset as organizer
- Dick Hardt, CEO of SXIP Identity
- Phil Windley, another of the workshop organizers
- Christine Herron, who blogged the hell out of the first two days of the workshop
- Daniel Perry, a lawyer from Florida working on Internet issues, in conversation with Bill Washburn, from Opinity
- “JB,” who'd ridden the train from Tennessee, where he is, among other things, a Christian radio broadcaster
So, here's the thing: I'm working on the audio from all of these and will get them all online as quickly and well as I can–emphasis on quickly because this stuff is timely and requires speed more than formal excellence, or so it seems to me.
Oh yes, I wanted to say that Eugene Kim owes me an interview. He periodically came up to the table where I and my fancy microphones –great stage props for signifying “I'm really serious about this podcasting stuff”–were ensconced and said, in effect, I'll be right there, hold on, but apparently he then put a series of Sportsracer power moves on me so awesome they fogged my memory, because somehow, well, I'm not sure how it happened, but I don't have a KimCast. Hmph.
Tom's “Eating Spinach at the Internet Identity Workshop 2006” gives you a good feeling for what went on during the first day's level-set meeting.
Here is Kaliya's post, which unfortunately omits a discussion of Matisse's influence on the unconference:
Facilitating the Internet Identity Workshop was a wonderful experience. I got to bring help the order emerge out of the chaos by leading Open Space. Many felt that it was
About two weeks ago I started making a map of the history of the community. This was in part because I knew a lot of new people were coming to the workshop and I wanted to be sure they had some context of who we were and where we had come from. I translated this into an interactive wall map that allowed people to add their own elements to the history.
On the timeline:
- Yellow diamonds are protocols
- Pink Trapazoids events that have happened on a timeline
- Purple papers are Publications white papers
- Purple 1/2 circles are podcasts.
Clusters (ot on the timeline):
- Green Parallelograms are mailing lists
- Blue pages are blogs
There are some good photos of this but I will be taking the results and putting them into Omnigraffle and then PDF too.
Tuesday Morning we got to put together the agenda. It involves everyone who wants to present putting what they want to have a session about on a piece of paper. They speak their session title to the whole room and then post it on the wall.
It wasn’t until about mid day on Tuesday that I actually landed and was able to engage in the conference. The Planetwork folks talked a lot talking about the emerging 1society project.
Dinner both evenings was great. Monday was Italian and Tuesday was Thai.
The Identity Commons crowd moved things forward we have a follow up call next week.
At the very end watching and listening to Paul and Drummond go over the relationship between Higgins two projects and XRI / XDI was a great treat.
We concluded our day listening to Eugene Rant about Wikis at Wiki Wednesday. After dinner Meng told us he had founded the Reputation Gang and we invited him to be a part of the Identity Commons.
The highlight to get the essence of what happened is the closing session recorded. Here Tuesday and Wednesday.
I'm looking forward to seeing the map in digital form.
Few know more about conferences than Doc, who has attended more than one of them:
My Internet Identity Workshop pictures are up.
The event, an unconference, was one of the best conferences, prefix or no, that I've ever been to, much less been part of.
Here's Phil Windley's wrap. He also has an earlier list of inbound kudos for the conf.
Kaliya (pictured above) Hamlin, who organized the event's “open space” approach, has these reflections. Kaliya and Phil did most of the hard work of putting the conf together. I'm listed as an “organizer”, but that's an extreme exaggeration.
Kim Cameron called it a “superevent”.
Dave had nice things to report too. (Here are some more birthday pix.)
Next up: Berkman‘s Identity Mashup conference at Harvard Law School, June 19-21. (Watch the Identity Gang wiki for pointers.)
Pete Rowley of RedHat has nailed something about the mood at IIW. His blog contains a number of related pieces.
I just attended the Internet Identity Workshop at the Computer History Museum in Mountain View, CA. Many others have blogged the event so I shall not repeat what has already been said. Suffice to say that there was no synergistic paradigm disruption here, oh no. There was however a 3 day discourse on what digital identity for the internet is, how we can build it, how we can move it, how to make that all happen, and in some cases how to effectively fear it.
The format of the workshop consisted of an introductory afternoon, and then, well, then there was a 2 day coffee break. The coffee break started with some serious retro-geekery as people were asked to write down (with pens, on paper) topics that they wished to discuss and to place them in a time slot on the wall for one of the 7 meeting places. From a purely tech standpoint the wall was an elegant example of a fully interactive calendar, or meeting agenda, with advanced features like undo, redo, merge and insert but without the computer – genius. I can only wonder what features Kaliya Hamlin has in store for us when she releases the much anticipated harderware, Wall 2.0. The unconference format is an interesting live study in self organizing systems, and it works.
It struck me during the course of one particular meeting that the people around the table would probably be impossible to assemble in one place, and certainly one table, in any other way. In fact due to the nature of the workshop and the people attending, there was an excellent chance that any query you might have could be satisfied by the top banana on the subject, and who would be willing to talk. Though I confess I couldn’t find anyone to tell me what to do about coffee induced shaking. You know you are in trouble when the guy fixing the coffee asks if you want your usual at a 3 day event. In keeping with the theme of discussion and interaction the entire workshop happenings are described on the wiki.
Actually, come to think of it, there was quite a bit of synergistic paradigm disruption after all.
Here's some news guaranteed to brighten your day from Jeremy Reimer at Ars Technica:
In the seemingly never-ending war against spyware and other intrusive and harmful software, the Federal Trade Commission has struck a blow against Sanford Wallace, known as the “Spam King,” for his habit of sending mass e-mails. A judge in the District Court of New Hampshire has ruled in favor of the FTC, forcing Wallace and his company, Smartbot.net, to give up over US$4 million.
The company was charged with deceptively installing spyware without users’ consent, changing their browser settings, and barraging them with pop-up ads. The spyware also caused users’ computers to slow down and in some cases even destroyed user data. Some web sites featuring the software were incredibly deceptive, using a simple system call to open the CD drive and then displaying a message saying “If your CD-ROM drive is open…You desperately need to rid your system of spyware pop-ups immediately.” Ironically, clicking on the link to “rid your system of spyware popups” installed the harmful software.
“We got what we believe is a judgment for the full amount of disgorgement—the amount of money we believe he took in through the unfair distribution of spyware,” Rick Quarefima, the assistant director in the FTC's division of advertising practices, said in an interview.”
The FTC also won a smaller judgement of US$277,000 against Optintrade, a company headed by Jared Lansky that placed advertisements for the Smartbot.net software.
Wallace had initially put up his own defense in this case, arguing that “there is nothing we're involved with that cannot be avoided by a consumer choosing to turn off downloads on their computers or by blocking pop-ups” but ultimately abandoned this argument in the face of withering criticism. The final judgement was passed in his absence, although the FTC believes they will be able to track him down and retrieve the money, which will go to the US Treasury.
Hopefully this judgement will help curb the nefarious activities of companies like Smartbot.net. However, lawsuits against spyware companies are just one prong of the attack against malicious software. The problem can also be attacked with software, such as Microsoft's free Windows AntiSpyware program and anti-phishing technology integrated into most new web browsers, and by user education, which teaches people how to practice skeptical computing.
I brought you the arstechnica logo because my right-brain really liked the connection between their tagline and what they do.
The bit about reaching into your house and opening your CD drive is particularly creepy. But it's also a signpost with respect to what is to come.
As our environment becomes intelligent and wired, the connection between physical and digital intrusion will become increasingly closer. Today Wallace takes over our CD drives; his progeny will go for our windows and doors. All, to me, more proof that a strong identity metasystem is not just a nice-to-have, but an inevitability. Through its ubiquity and commoditization it can bring secure wireless devices to the price-point where intelligent enviroments can become reality.
Sorry folks, I just can't take any more BLOGSPAM. Uncle! I've closed down comments to those who have not registered. It's not hard to register if you use InfoCards (wink! wink!) but passwords work too, so please don't stop connecting with me. It is a major source of energy for me.
I've done a little screen capture to show why I've been driven to this. I'll post it on the weekend. Until then, please post by registering or by writing to me at my I-name, and I hope you'll be able to relate to what I've been going through.
