Marcus Lasance on Information Cards

Identity heavyweight Marcus Lasance is Managing Director of U.K.-based MaXware.  He wrote this piece on E-commerce and User-Centric identity management in ITSM Watch

New ID schemas are emerging that will, hopefully, ease IT's management burden while fueling e-commerce, writes ITSM Watch guest columnist Marcus Lasance of MaXware.

Enterprise organizations and governments view customer relationship information as a key asset and are fiercely protective of this asset. Fortunes are spent on maintaining customer’s personal information and protecting this information from prying eyes as mandated by data protection legislation.

CIOs are relying on meta directory technology to solve one of the industry’s thorniest problems: how to maintain information about the same individual scattered over different databases and directories nevertheless perfectly synchronized. Corporate-managed updates are effectively replicated using standards based connectors and schema mapping between systems.

However, what this technology cannot solve is the ability to provide updates we don’t know about. In the real world, our customer’s circumstances are constantly changing, yet businesses and (most) government agencies are not automatically alerted. This is an ongoing problem, because no matter how good we are at synchronizing data across platforms and applications, it doesn’t matter when the data becomes rapidly obsolete.

No call center can solve this problem. As an industry, we need to find a more logical way to manage this; namely through user-centric computing which puts individuals back in charge of their own identities.

Today, CIOs are watching two different user-centric solutions rise in popularity: InfoCard from Microsoft and Project Higgins from the open source community.

Conventional wisdom indicates that, with the advent of Vista on countless PC desktops, InfoCard will become the de-facto way users will manage their identity information. CIOs need to take note: On a global scale, employers are expected to issue InfoCards to their employees, governments to their citizens, etc.

Greater acceptance to InfoCard is due, in part, to InfoCard’s being based on WS-Trust and providing a much more “open” solution than Microsoft’s previous and suspiciously received Passport offering. InfoCard is not designed to run exclusively on Microsoft servers or Microsoft owned networks, which means that, in principle, every home PC connected to the Internet can become an identity provider.

What will be the business implications of a huge uptake of InfoCards as a mechanism to replace good old username-password logins to most e-commerce websites? Is it another expensive hype that hasn’t lived up to its expectations like PKI, which was predicted to fuel e-commerce like a out-back fire storm?

Well-known companies like eBay and Amazon are most likely to be early adopters of user-centric computing and other e-commerce sites will soon follow suit or be left behind. Cost savings combined with better security should follow naturally.

I can see a future in which most users will have between three-and-six InfoCards that can regularly used for different types of public or private transactions. The chore of maintaining personal information relating to those cards now resides with the individual, making it easier for organizations and consumers both.

With user consent and by subscribing to change alerts from identity providers companies don’t have to waste tremendous financial and human resources managing data with a rapidly deteriorating life span. Individuals don’t have to worry about maintaining endless silos of personal data.

When consumers can assign preferred identities to trusted vendors and more anonymous identities to things like chat rooms we will eliminate the need to enter reams of personal information on webpages we don’t necessarily trust; organizations will reap the financial rewards by cost savings and better quality of information.

However, in my opinion, the really big money will be made by a few, select organizations with the financial clout and public-trusted brand names to become the default public identity providers. Remember an InfoCard does not store the actual information, just the links to it. The information itself has to be stored and secured and backed up somewhere. Some kind of identity meta system will emerge, backed by a few powerful players. Organizations will emerge with similar roles that Swift, BACS, MasterCard and VISA now perform for financial services network.

It’s possible that giants like AT&T, Nokia or BT might be able to make a few pennies every time a user selects their InfoCard (from a stash of many InfoCards) stored on a desktop or IMS mobile terminal. Imagine the total world wide economic value of such e-commerce mediators.

With the individual in control and new technologies that will soon take the pain out of logging on the new services, user-centric computing could once more revitalize the e-commerce industry, and the market opportunity to become an identity service provider might mean even bigger business for a lucky few.

Interesting thoughts, though I actually think, in the fullness of time, Information Cards will convey subtle aspects of identity like reputation in various contexts, and be much more bottoms-up than Marcus suspects.


Brad Judy, from the IT Security Office at the University of Colorado at Boulder, attended one of the recent conferences where I discussed the Information Card as a way of reifying identity, and where I went on to characterize the identity metasystem as an “abstraction layer” above existing identity systems. The fact that I referred to the same thing as being a reification from one point of view and an abstraction from another captured his interest. Later he shared these comments:

During a presentation on Infocard and Cardspace, Kim Cameron made a comment about the reification of identity. During a question, I noted that it was interesting to hear a layer of abstraction being referred to as reification. Kim noted that he was mixing contexts and that Infocard/Cardspace was reification for the end-user and abstraction for the IT personnel.

One human's abstraction is another human's reification.

If abstraction can be considered indirection, the old computing saying from David Wheeler may apply: “Any problem in computer science can be solved with another layer of indirection. But that usually will create another problem.” The benefit of abstraction as reification is that the additional problems created might be ones that we are already adept at addressing (we know driver's licenses quite well).

There has long been a gap between technology and humanity that many have worked to bridge. I would argue that for most of the history of computing, the user has had to meet the computer more than half-way – was it ever the natural inclination of humans to punch holes in cards to accomplish a task? Kim gave the example of sending people off for extended periods of word processor training in the early days of word processors, and the virtually non-existent training needed now (a combination of greater ease and early exposure). He also gave the example of explaining command line file management to users and how the visual file folder reified digital file management for the end user. Such GUI concepts certainly opened up the PC to a much broader audience as the bridge between technology and humans passed the half-way point.

Not having been a software architect over the past twenty years, I can't say if the ongoing gap has been the result of the limitations of technology or a mindset that users must meet the computers half-way. The lesson of the PC is that true accessibility by the general population requires technology to meet them 90-95% of the way. (Perhaps this should have always been expected, after all, we never expect This seems to be occurring through the adoption of existing human models/paradigms/methods of use and interaction to software and hardware. While it wasn't the focus of this recent event, two presentations brought this home: tablet PC's and Cardspace.

Tablet PC's, particularly software like OneNote represent the adoption of a long standing human activity to a digital medium. It isn't the first tech to tackle the note-taking and handwriting space, but it reifies and extends in a way that may complete the bridge between the personal computer and the person. A direct representation of paper and pen (a method institutionalized over hundreds of years), extended with the ability to categorize, search, transmit and more. I'm reminded of a statement by a co-worker (not directed at me), “Stop giving me #$&@ing hardcopies, you can't grep paper.” The platform has a lot of possibility with interesting software like MagicPaper/Physics Illustrator. The limited success of “true” tablets (aka. Slates) indicates that decades of computer use with a keyboard, and sometimes mouse, have developed an institutionalize method of use that must be hybridized with traditional methods for the greatest progress.

CardSpace exists to reify the experience of digital identity in a way that links it to an existing model for identity familiar to most users: an identity card. From the visual representation to the concept of identity providers and multiple ID's. The identification “card” is also hundreds of years old, although they have evolved greatly from hand-written letters authenticated by signature or stamp, to the modern passport and drivers license, authenticated by physical attributes and electronic validation. The InfoCard will also likely be a hybrid of this old paradigm and a common computing experience: the password. Although the concept of a password predates modern technology, its use has truly exploded in the past several years. Because InfoCards aren't single, physical objects that can be tightly controlled, they will largely rely on the ubiquitous password for protection (perhaps other techniques will be used, but I expect passwords will protect most InfoCards).

So the IT industry continues to build the largely one-sided bridge, abstracting their way across the gorge. Years of software and hardware have provided the proverbial water under the bridge (not to mention a landscape scattered with half-started and falling bridges). For their part, many people have stretched far from their side to make contact and have found a combination of productivity and frustration. Hopefully not many have fallen into the gorge. Perhaps the golden age of computing is truly just around the bend as the bridge is completed and proven stout (an important point raised by Scott Charney, also at the event).

I'm struck by Brad's perception of Information Cards as a bridge between user perception on the one hand and a technological abstraction (metasystem) on the other.  That's completely right, and it's important to put it in the wider context of other attempts to do the same thing.


Here is a piece by Eric Norlin over at Windows Live ID is the identity backbone used by Microsoft's web properties and services – for example, by hotmail. For those who haven't followed the bouncing ball, Windows Live ID is the latest evolution of Passport, which has undergone a name change to convey its focus within Window Live services – as well as its ability to federate in a multi-centered identity landscape.

Recent announcements of Google's authentication service have prompted comparisons to Passport, and even gotten to Dick Hardt (of “Identity 2.0” fame) to call it the, “deepening of the identity silo.” I'd like to contrast Google's work with Microsoft's recent work around Live ID.

Microsoft's Live ID *is* the old Passport — with a few key changes. Kim Cameron's work around the identity metasystem has driven the concept of InfoCards (now called CardSpace) deep inside of Microsoft. In essence, Kim's idea is that there is a “metasystem” which utilizes WS-Trust to translate tokens, so that all identity systems can interact with each other.

Of extreme importance is the fact that Windows Live ID will support WS-Trust, WS-Federation, CardSpace and ADFS (active directory federation server). This means that A) Windows Live ID can interact with other identity metasystem implementations (Open Source versions, for example); B) that your corporate active directory environment can be federated into Windows Live ID; and C) the closed system that was Passport has now effectively been transformed into an open (standards-based) and transparent system that is Live ID.

Contrast all of this with Google's announcement: create Google account, store user information at Google, get authentication from Google — are we sensing a trend? While Microsoft is now making it easy to interact with other (competing) identity systems, Google is making it nearly impossible. All of which leads one to ask – why?

I honestly believe that Microsoft is ahead of Google on this one for a very simple reason: Passport taught Microsoft some very painful, first-hand lessons. Passport forced Microsoft (over a period of years) to re-examine their fundamental approach to identity. Further, it forced them to figure out how to monetize the idea of identity applications — and not simply the aggregation of identity itself. Conversely, Google's business is now built on the aggregation of identity data, and they have yet to walk the painful Passport path.

Will the market force Google to learn the same lesson? I don't know. On the other hand, one company is clearly advancing the cause of “identity 2.0”, “web 2.0”, “Net 2.0” — call it what you will — and that company is Microsoft. The other company is deepening the silo and building the walled garden — and that is *so* late 90s.

While I love being in the software olympics as much as the next guy, I personally hope that Google embraces federation, Information Cards and the identity metasystem. They have enough smart people who understand these issues that I expect they will.



The Identity Mashup held last week at the Harvard Law School lived up to its name.  There were an endless number of nooks and crannies and people with different trajectories talking and braintorming both in and between the sessions.

A lot of important things happened.  I've already mentioned one key development:  the anouncement of an Open Source Identity Selector project (OSIS).  If you are new to the identity conversation, an Identity Selector is the steering wheel of user-centric identity – the way people select the identity (visualized through what we call an Information Card) appropriate to a given context.  OSIS will create an equivalent to what CardSpace does on Windows.  It's therefore an essential piece if we want to build an identity metasystem that reaches across platforms and devices,    

But there's another deeply significant development:  Red Hat, which lays claim to being “the world's most trusted provider of Linux and open source technology”, will be one of the key participants.

Why is this so important?  First, because it helps bring us closer to a metasystem which truly reaches across all platforms.  Second, because RedHat's participation is emblematic in conveying the idea that Information Cards really represent an open technology and a rallying point for the industry.  Web sites can now add Information Cards and be confident they won't be accused of herding their customers towards any given platform. 

As Pete Rowley said in explaining Red Hat's decision to participate, “With so many companies collaborating on the project it is clear that this is an important piece of the identity puzzle and that the industry recognizes the opportunity to work together for the common good.

“The open source movement is much more than just Linux and we're seeing significant interest from customers and the community in building a common framework for identity interchange on the internet. 

“Like TCP/IP – having a common framework takes more than a standard to encourage adoption – there must be an express need and a community of use to embrace and extend – and with the number of folks worldwide now sharing conversations, there's an express need for easily confirming that you are conversing with who you think you are.

“Seeing the democratization of content take place on the Internet I am convinced that  with the advent of ubiquitous user-centric identity systems there will be a sea change in the services offered and the way we use the Internet.”

Wow.  I love this guy.  I think I can hear the identity big bang starting just beyond the horizon.  Hold on to your seats. 


From ZDNET, a post by Phil Windley from the Berkman ID Mashup held over the last few days at Harvard Law School:

David Berlind's not the only member of the Between the Lines team at the ID Mashup this week.  I've been here as well, watching the identity happenings.  The first two days were traditional conference style, but the third day of the workshop was done open space style.  That's a great format for generating discussion and this example was no exception.  I went to a session on reputation first thing that resulted in some very good ideas and principles on that important subject.

The second session I attended was a discussion of OSIS, the open source identity selector project. This project has server and client pieces as well as a security token service (STS). The server side pieces of OSIS will be part of the proposed Heraldry project at Apache. The primary purpose of Heraldry is to provide a home for open source identity projects, like OpenID. The client code and STS pieces will be part of the Eclipse Higgins project.

OSIS is more than just a small project to build open source identity selectors for Microsoft's CardSpace (formerly InfoCard); after all, that's been done. OSIS will support interoperability between the addressable identity systems (OpenID, LID, XRI) and card (or token) based identity systems (more notably CardSpace and Higgins). OSIS has the support of all of the major players (including Microsoft, Novell, IBM, SXIP, XRI, and Verisign).

This is really a historic development in the Internet identity space. Microsoft, before their own implementation of CardSpace even ships, is linking up with the larger identity community, including OpenID, LID, i-Names, and Higgins. Make no mistake, they've been participating and giving leadership to that community for a long time, but until now, it wasn't clear that all the various systems would be interoperable. OSIS aims to change that.

I don't actually agree with Phil's notion that “this has already been done”.  But I agree it will be.  The list of individuals and companies participating in OSIS is a who's who of important contributors. 

Why not? The conference was full of remarkable milestones.  I'll talk about some of the high level issues in subsequent posts.

But in terms of concrete and immediate progress, Michael McIntosh of IBM showed how he could use a Higgins “i-Card” to log in to my identityblog site.  I know Michael and Paul Trevethick (from Social Physics) worked really hard to show skeptics that we throughout the industry are really coming together to make identity work across platforms. 

In another demo, we saw more of Paul's work around an “information broker” – I”ll try to find a detailed writeup somewhere.

And to top it off, we got an eye-opening presentation by Montreal's Louise Guay.  Her My Virtual Model is a must-see. Louise is a real visionary.  Doc was reeling.  For example, she offers us a personal avatar – you set it up with your measurements and characteristics and use it to find outfits with the look you want.  And guess what?  People are actually using it.  And I'm just brushing the surface of her thinking.

Beyond the “cool factor” is the fact that she is turning marketing upside down.  She's fully aware of the relationship between her avatars, the people who use them, and the great identity issues of our age.  These are social artifacts people can share with their friends, but are also respectful of privacy – allowing us to get access to unprecedented personalization without sharing any identifying information.     


Here's a piece from Network World about Novell's new open-source identity initiative, called Bandit:

Novell has launched an ambitious open source identity management project, which aims to allow companies to integrate different identity systems and provide a consistent approach to securing and managing identity.

Called “Bandit,” the company quietly initiated the project earlier this year, and has been donating engineering resources and code to get things started.

Novell has a track record in identity management products and some credibility in the open source world, due to its acquisition of SuSE Linux, and is hoping that a freely available integration layer will mean more sales for the whole identity management market.

“Novell's initial sponsorship of the Bandit project is a natural extension of our leadership in both identity and open source, and we are gratified to see the groundswell of community support,” Novell Executive Vice President and CTO Jeff Jaffe said in a statement.

The company has lined up support for Bandit from a number of key industry players, including ActivIdentity, Eclipse, IBM, Liberty Alliance, Microsoft, Novacoast, Red Hat, Sun, Sxip Identity, Symantec and Trusted Network Technologies.

“The Identity Metasystem provides a model for identity interoperability across the industry. We're happy to see Novell playing an active role in helping realize the Identity Metasystem and look forward to working with them to ensure interoperability between our respective products,” said Kim Cameron, architect of Identity and Access for Microsoft, in a statement.

The Bandit services will work with existing industry standards such as the WS-* standards, Liberty Federation and Eclipse Higgins. Indeed Bandit has some overlap with the open-source Higgins effort, Novell has acknowledged, and Bandit's developers are planning a Higgins context provider based on Bandit's Common Identity service. The context provider is the way the Higgins framework accesses different identity repositories.

Ultimately, Bandit aims to provide an easier approach to problems such as secure, role-based access and regulatory compliance reporting, Novell said. The project's four main components are the Common Authentication Services Adapter (CASA), the Common Identity service, the Role Engine service and the Audit Record Framework service.

Industry analysts have said the initiative appears promising, given Novell's background and the apparent willingness of other heavyweights to participate.

“This is not the first open source identity management initiative, but the involvement of identity management heavyweight Novell is significant,” said Neil Macehiter, partner at analyst firm Macehiter Ward-Dutton, in a research note. “The fact that the project is focusing on higher-level identity management issues gives it added significance.”  

Dale Olds, the distinguished engineer behind the initiative, has shown a lot of leadership in the open source community by throwing Novell's support behind Information Cards.  He's a serious guy – serious about interoperabilility.

Dale's belief that identity can't have boundaries or borders is palpable.  We'll all benefit from his work.


 Progress Bar says:

I have to gently disagree with Kim Cameron about the renaming of InfoCard. Personally, I thought it [InfoCard] was a fine name. Then again I am a Mac user and Keychain just makes sense.

Now, it has the Windows name in it. Why? Second, contains the word space, similar to namespace, which I think of in technical terms like an XML namespace and my unscientific interviews this morning produced much head scratching from regular people. Not a big deal in the grand scheme of things but still irks me.

Let me clarify things a bit. 

InfoCards don't go away – instead they are transformed into “Information Cards”. 

So from now on, I'll be writing about Information Cards.  I hope that one day Apple will have a way to use Information Cards.  Not to mention Linux and Unix and telephones and iPods.  I hope they all behave in a more or less recognizable way, just as we can all get into a car we've never seen before, look at the steering wheel and pedals, and know how to drive it – inspite of every car having its own character.

Our research shows the growing understanding of “InfoCards” will transfer just fine to “Information Cards.” 

In fact if someone kept calling them InfoCards or ICards or Cards the meanings would all still hold together. 

But as a name that reaches across the industry, it is best to have one that no one owns, and that we don't have to debate, because it is just a generic statement of purpose.

Meanwhile, we have the small detail of this implementation on Windows and the fact that it's going to ship soon.  Our implementation is a place where you can put your Information Cards.  So we're calling that your CardSpace.  We don't intend to Windows it to death – I expect it will normally be refered to as CardSpace once you are inside the Windows world.  Of course, I don't work for the Department of Naming and don't have my branding license.

For the last year, my friends and colleagues in other companies and organizations have been hard core about wanting me to better separate between the “Identity Metasystem”, the “cards” that stand for identity relationships, and the Microsoft Implementation of all this.  I think everyone wants to participate in the emerging identity metasystem.  But people don't want their participation to be seen as too closely mixed up with Microsoft's implementation. 

In the early days of the project I didn't understand all these complex issues so we ended up with the same name being used for all three purposes.

Now, we've tried to do what our colleagues have been asking for.  The name of the “big idea” – Information Cards – is generic and belongs to the industry and the world.  The Identity Metasystem is something each of us contributes to in our own way.  Windows CardSpace is Microsoft's implementation of an identity selector on the Windows client. 

I will be working with colleagues from other companies on a common logo that can be displayed wherever Information Cards are accepted.

I should have made all of this clearer when I first blogged about it.  But thanks to the miracle of the Blogosphere it's possible to see when you haven't been clear about what you are doing.  So, I hope this helps.


Here is more fallout from James McGovern's intervention about InfoCard as a “consumer” interest. 

It's a posting from Mike Beach – an identity pioneer all of us in the enterprise world respect, and who was one of the first to get an inter-corporate federation system off the drawing board and into production. 

His thinking has the benefit not only of vision, but of a lot of real experience.  Whatever he says, pro, con or neutral, I always start by assuming he is speaking to us from the future:

I agree with Kim that the Infocard/Identity Metasystem (or some other form of user-centric identity implementation) will find its way into the corporate world and help to solve some interesting problems. I have recently been mulling the potential impacts to both privacy and federation.  

In the privacy space a colleague of my shared an interesting perspective. Most corporations, especially in the B2C space, have considered user/customer identity data to be an asset. Knowledge about their users that could be leveraged for any number of marketing opportunities. With the rising concerns and increasing regulations around privacy this perspective is, or should be, starting to change. This “asset” is now becoming a liability. Data about people (corporate people and consumer people) is always going to be required to do business, but how do we get that while at the same time minimizing liability? Enter the Infocard concept. It would seem we now have a means to establish authoritative data about the user, but give it to the user for safe keeping.

Relative to B2B federation it also appears the Infocard concept can add value.

Today many federations are established by corporations “on behalf” of their employees.

Consider the many corporate benefits providers that are establishing SSO federations with their clients. The employees are at the mercy of their employer and the benefits providers to ensure security and privacy, and typically have no choice in the matter. I realize the federation standards provide for “opt-in” federation, but I don’t see that fleshed out in products and implementations.

Again enter the Infocard concept. The potential for eliminating the magic, invisible, mandatory federation of today. The corporations can issue Infocard credentials to employees that can be used at benefit provider sites – or not. Employees have visibility, control, and choice. I can imagine the Infocard concept becoming the new federation user experience.

This phrase haunts me, and should haunt the industry:  “The magical, invisble, and madatory federation of today.”

I tend to believe that if anyone knows what the gotchas are, it's Mike.  So having him in this conversation is essential.  Hey Mike, it's time to blog…


I got a note recently from federation master Mike Beach – a man with a great deal of experience in terms of how users react to security:

Is it just me or does your site have an invalid cert.  When I attempt to
login using my new Infocard in IE7 I get the infamous “warning, go back, do
not enter, danger ahead” and things go all red (really more pink).

Given the primary drivers of Infocard are to save us from all the web evils
of today it would seem this is contrary reinforcement when I must ignore all
the security warnings to log in.

I thought, “That's weird.  I don't get that problem.”  – you know, the ancestral “That's funny.  It doesn't happen on MY box.”  But of course it really was happening to Mike, so I wrote back and asked if he could send some screenshots.  It turned out this wasn't necessary – he had already figured out the problem.

He had been visiting identityblog using this URL:  

When he clicked on Login he was redirected to  

But my certificate is limited to  Therefore IE (correctly) saw Mike's and the certificate's as being different – resulting in the redish bar.  It looked like this:


That's enough to confuse anyone.  So clearly, redirecting to something that isn't consistent with your certificate is a no-no.  I was setting up an experience that would undermine my user's understanding of what was happening to her, breaking law six.  I should have been checking and redirecting to even if the user didn't supply the “www”.  Strangely, I had done the Dashboard link correctly – it was only the Login link that had the error.

All of which goes to show there are a set of gotchas that we have to nail down in terms of establishing prescriptive guidance for how a site should deal with these issues in order to be consistent.  We need a checklist – or better still, a test plan.  A wiki would be a good way to elaborate this.

Another big takeaway is that an identity 2.0 relying party has an obligation to make sure it doesn't do things that send mixed signals (in my case, nice InfoCard experience but big red warning bar in IE).  Everyone has to co-operate with the goal of not confusing the user.

It's worth pointing out that none of this is primarily an InfoCard problem.  The same considerations apply to any use of https.  But in the InfCard case we want to make sure we have the deployment practices nailed down to a higher level than has previously been the case.


Well, it's a good thing I read Pamela Dingle's blog or I might have missed out on this breaking news: 


Looks like Microsoft has released the official name of their Infocard windows client — Windows Cardspace. Well I'm not sure if it's official, but somebody from MS has blogged about it, so that's good enough for me (-:

I like the name – it is catchy and will be easy for help desk personnel around the world to refer to. It is also Googleable, and it doesn't have the terrible generic sound that 99% of the big stack mentality monster corps seem to be blindly adhering to these days (ie ). If it had been MS Card Manager or MS Identity Manager, I would have been very unimpressed (-:

It also solves the question of – “InfoCard” vs “InfoCards” as the official name, and it is also now easy to know whether you are talking about the client or a single card.

The same blog entry also talks about the new name for WinFX – go check it out, I wouldn't want to ruin all the surprises…

Nice work y'all, I bet it feels good to get to this milestone!

Thanks Pamela.  I like it too.  I would like to congratulate the Department of Naming, which turns out to be as able to party as anyone, for coming up with something so close to the spirit of what we are about.   

As Pamela says, I think this will go a long way towards reducing the confusion between Microsoft's client piece (what is now called Windows Cardspace) and InfoCards – the things that you see in your Windows Cardspace or your Linux Identity Selector or your mobile phone.  The word ‘InfoCards’ is still just a placeholder of course, but it's clearly different from “Windows Cardspace”. 

Speaking of which, someone pointed out Pamela's blog has not been in my blogroll (it is now!).  Which is ridiculous because she's doing such good stuff.  Just as bad, Johannes de Beer pointed out my spelling of Johannes Ernst's name has been wrong for, er, about a year.  And I know Johannes discreetly mentioned it once (blush), and that I fixed it and then it somehow reverted during an update (hand wave, gurgle).  So apologies all around – it's what comes from having this darn day job.