Kim Cameron's Identity Weblog – Page 14 – Digital Identity, Privacy, and the Internet's Missing Identity Layer

Identity Roadmap Presentation at PDC09

Earlier this week I presented the Identity Keynote at the Microsoft Professional Developers Conference (PDC) in LA. The slide deck is here, and the video is here.

After announcing the release of the Windows Identity Foundation (WIF) as an Extension to .NET, I brought forward three architect/engineers to discuss how claims had helped them solve their development problems. I chose these particular guests because I wanted the developer audience to be able to benefit from the insights they had previously shared with me about the advantages – and challenges – of adopting the claims based model. Each guest talks about the approach he took and the lessons learned.

Andrew Bybee, Principal Program Manager from Microsoft Dynamics CRM, talked about the role of identity in delivering the “the Power of Choice” – the ability for his customers to run his software wherever they want, on premises or in the cloud or in combination, and to offer access to anyone they choose.

Venky Veeraraghavan, the Program Manager in charge of identity for SharePoint, talks about what it was like to completely rethink the way identity works in Sharepoint so it takes advantage of the claims based architecture to solve problems that previously had been impossibly difficult. He explores the problems of “Multi-hop” systems and web farms, especially the “Dreaded Second Hop” – which he admits “really, really scares us…” I find his explanation riveting and think any developer of large scale systems will agree.

Dmitry Sotnikov, who is Manager of New Product Research at Quest Software, presents a remarkable Azure-based version of a product Quest has previously offered only “on premise”. The service is a backup system for Active Directory, and involved solving a whole set of hard identity problems involving devices and data as well as people.

Later in the presentation, while discussing future directions, I announce the Community Technical Preview of our new work on REST-based authorization (a profile of OAuth), and then show the prototype of the mutli-protocol identity selector Mike Jones unveiled at the recent IIW. And finally, I talk for the first time about “System.Identity”, work on user-centric next generation directory that I wanted to take to the community for feedback. I'll be blogging about this a lot and hopefully others from the blogosphere will find time to discuss it with me.

New prototype could really help OpenID

I've sometimes been of two minds about OpenID. I've always seen it as alluring because of its simplicity and openness. It seemed perfect for simple web applications.

But in my darker moments, I worried about some of the system's usability and security issues. In particular, I was concerned about how easy it would be for an “evil site” to trick users into going to a web site that looks identical to their OpenID provider, convincing them to log in, and then stealing their credentials. If this were to happen, everything that is good about OpenID would turn into something negative.

OpenID has become a key part of the Identity Metasystem

I think many of us involved with the OpenID community came to the same conclusions, but felt that if we kept trying to move adoption forward, we'd be able to figure out how to solve the problems. In the last year, OpenID has without doubt become the most widely adopted system for reusable internet identity. Adoption by destination sites continues to grow dramatically: approximately 50,000 sites as of July 1, 2009. The big Internet properties like Google, Yahoo, AOL, MySpace, and Windows Live have become (or are becoming) OpenID Providers. As a result, the vast majority of the online US population has an account that can be used to log in at the growing number of destination sites.

Maybe even more important, some of these sites are of the kind that can quickly change perception and behavior.

Most notable is Facebook, which took a huge step forward when it started accepting OpenIDs for login – blowing away the old saw that “no one wants to be a relying party”.

Now, the US Government has decided to adopt OpenID as one of the identity protocols for citizen interaction – again, as Relying Party, not Identity Provider.

Sea Change

There is a sea-change here. I strongly believe the right thing to do is get behind OpenID as part of the Identity Metasystem, help promote adoption, and work with the community to make it safer and easier to use. What is encouraging is that the community has repeatedly shown its ability to evolve as it deploys, and has been able to rapidly extend the standard from the inside. It has now become widely recognized in the industry that active client software (also called an “Identity Selector”) for OpenID could solve most of its problems, given some minor revisions or additions to the protocol. By remembering the identities you use, this kind of software can address two sets of issues:

Usability: Lets you bring your identities with you to the site, rather than the site having to guess what identities you have
Security: Protects you from being sent to a malicious site impersonating a real site that would steal your password

New prototype at IIW

Yesterday at the OpenID Summit hosted by Yahoo, Microsoft's Mike Jones and Ariel Gordon showed some of the work their team has been doing to help figure out how this kind of capability could work. What's cool is that the client they were showing is completely optional – without it, OpenID continues to work as it currently does. But with it, experience improves and the dangers are greatly reduced. I agree with them that demand for a better and safer OpenID user experience will drive selector adoption, which will in turn enable scenarios at higher levels of assurance than are possible with OpenID today.

Ariel Gordon, the main UX designer, told me, “I see it as a starting point for joint work with others in the community – definitely not a finished solution or product.”

It is consistent with the Information Card metaphor:

Your OpenIDs are shown as visual cards
You select an OpenID by clicking
The OpenID last used at the site is the default selection

New OpenIDs can be added on the fly, by picking one from a list suggested by the site, or by typing the provider’s URL.

Mike made a good point about what this means for people who use smaller OpenID providers: “The cool thing is that it remembers the OpenIDs you’ve used and where you used them […] With a web-based Nascar user interface, Arizona Sate University users will never get the same user experience that Google.com users get […]”

Good Tweets

Unfortunately I couldn't attend the meeting in person but remained wired to the tweets. Summit host Allen Tom from Yahoo said, “Showing already used OpeniIDs is a great protection against phishing: if a rogue RP tries to send the user to ‘fake yahoo.com’, a regular Yahoo user will click on his Yahoo button in the selector and won’t even see the fake yahoo link.”

He added, “The prototype selector goes in the right direction by offering a better experience when present, while not preventing users to access their favorite sites from any computer.”

Google's Eric Sachs saw value too. “…And a fake yahoo tile would say “never used here” so that’s even more information to help protect the user.”

Bringing our perceptions together from different organizations with different missions and vantage points is what can make all of this succeed. The partnering is the key.

So one of the best things about the prototype, in my view, is that it has already demonstrated collaboration between a whole set of really experienced community members:

Relying Parties: JanRain, Plaxo, Deutsche Telekom
OpenID Providers: Yahoo, Google, JanRain
Identity Selectors: Microsoft, Deutsche Telekom
Enhancing Specifications: Microsoft, Facebook, Yahoo.

Today, the same prototype was presented to the influential Internet Identity Workshop . I'll add to my growing lis of IOU's a promise to do a screen capture of how the prototype works so everyone can take a look.

John Fontana on SAML Interoperability

John Fontana writes about the SAML interoperability test in ComputerWorld, turning quite a bit of his attention to Microsoft:

“Microsoft completed its first SAML interoperability test and the results are in: Active Directory Federation Services 2.0 software received a passing grade.

“Microsoft's federated identity platform passed its first SAML 2.0 interoperability test with favorable marks, signaling the end to the vendor's standoff against the protocol.

“The eight-week, multivendor interoperability workout conducted by the Liberty Alliance and the Kantara Initiative also resulted in passing marks for two other first-time entrants – SAP and Siemens. Return testers Entrust, IBM, Novell and Ping Identity also passed. Results were announced Wednesday.

“The Liberty Interoperable testing was a great opportunity to verify that Active Directory Federation Services (AD FS) 2.0 is interoperable with others’ SAML 2.0 implementations. This should give our customers confidence that their federation deployments using ADFS will ‘just work,'” says Conrad Bayer, product unit manager for federated identity at Microsoft.

“In the past, Microsoft has been dismissive of the Security Assertion Markup Language (SAML), a standard protocol for exchanging authentication and authorization data between and among security checkpoints, preferring the WS-Federation and other protocols it helped develop. The company previously supported the SAML token, but never the transport profiles of the protocol…

As much as I love John, I don't think “dismissive” really describes our attitude – at least I hope it doesn't. It is true that our initial thinking was that the world would be a “tidier place” if people used one single protocol that worked both for “Active Clients” (e.g. applications that run on your PC or phone) and “Passive Clients” (web pages served up in a browser). We saw WS-Federation as a way to achieve that technical symmetry. But I and others have also said for several years that we saw much of what people were doing with SAML as being innovative and positive. And we have made it very clear that an Identity Metasystem means “no silos”.

Today you can see the results of this thinking in our new product. ADFS V2 does everything it can to conform with the Identity Metasystem idea. That means supporting SAML as well as the other Federation and Claims Transformation protocols (e.g. WS-Trust and WS-Federation). I think the synergy will be great for our customers and the industry.

John goes on to say:

“Full matrix” testing means all participants must test against each other. The test was conducted over the Internet from points around the globe using real-world scenarios between service providers and identity providers as defined by the SAML 2.0 specification.

Microsoft participated in the testing with Active Directory Federation Services 2.0 (formerly code-named Geneva), which is slated to ship later this year. ADFS 2.0 is part of a larger identity platform that includes Windows Identity Foundation and Windows Cardspace.

Microsoft said earlier this year it would have SAML 2.0 certification before it released Geneva. The SAML profiles ADFS 2.0 supports cover the core features of federation.

ADFS 2.0 provides identity information and serves as a Security Token Service (STS), a transformation engine that is key to Microsoft's identity architecture. ADFS lets companies extend Active Directory to create single sign-on between local network resources and cloud services.

[Read more here]

New test results for SAML Profile For eGovernment

The success of the Identity Metasystem depends heavily on having products available from multiple vendors that are proven to interoperate and ready to deploy. Kantara Initiative and Liberty Alliance have contributed significantly to this by helping test products against specific profiles. Kudos to everyone involved with the definition, organization and testing of the eGovernment SAML 2.0 profile v1.5. This represents a real step forward given the diversity of products involved.

SAN FRANCISCO, Sept. 30 — Kantara Initiative and Liberty Alliance today announced that identity products from Entrust, IBM, Microsoft, Novell, Ping Identity, SAP and Siemens have passed Liberty Interoperable(TM) SAML 2.0 interoperability testing. These vendors participated in the third Liberty Interoperable full-matrix testing event to be administered by the Drummond Group Inc., and the first event to test products against the new eGovernment SAML 2.0 profile v1.5 recently released by Liberty Alliance. Web-based full-matrix testing allows vendors to participate from anywhere in the world and features rigorous processes for ensuring products meet SAML 2.0 interoperability requirements for open, secure and privacy-respecting federated identity management.

“The summer 2009 full-matrix testing event included more vendors than ever before, reflecting the worldwide demand among enterprises and governments for SAML 2.0 identity-enabled solutions that have proven to interoperate,” said Roger Sullivan, president of the Kantara Initiative Board of Trustees, president of Liberty Alliance and vice president, Oracle Identity Management. “Organizations can count on Liberty Interoperable for products that have proven to meet interoperability requirements today and over the long-term as the program moves to expand within Kantara Initiative to test against additional identity standards and protocols.”

This year's program featured enhanced SAML 2.0 testing scenarios between Service Provider (SP) and Identity Provider (IdP). The eGovernment SAML 2.0 profile and its requisite test plan have been developed by Liberty Alliance with input from the Danish, New Zealand and US governments. Testing processes for the eGovernment profile included multiple SP logout scenarios, requested authentication context comparisons, and other aspects of SAML 2.0 necessary to meet interoperability, privacy, security and transparency requirements in the global eGovernment sector. A review of the SAML 2.0 v1.5 eGovernment profile is available here.

“SAML 2.0 is the most popular federation protocol in the industry and utilized by commercial, educational, and government institutions around the globe,” said Gerry Gebel, VP and service director at Burton Group. “Federated single sign-on demand is growing, spurred by broad adoption of SaaS applications and the general increase in collaboration among business partners in every industry. The Liberty Interoperable program is instrumental to sustaining successful deployments in advanced federation scenarios where multiple products are in use.”

During the July 14 – September 4, 2009 testing event, the following products demonstrated interoperability based on a variety of SAML 2.0 conformance modes. A detailed list outlining what each vendor passed is available at http://tinyurl.com/yahs2u8

Entrust — Entrust IdentityGuard Federation Module 9.2 is a part of Entrust's versatile authentication platform, supporting numerous authentication methods in one cost-effective solution. Organizations are empowered to choose the right authentication method(s) for their users accessing enterprise, consumer, government or mobile applications. Entrust IdentityGuard includes support for username & password, IP-geolocation, device-ID, questions and answers, out-of-band OTP soft tokens (via voice, SMS, e-mail), grid and eGrid cards, digital certificates and a range of hardware OTP tokens. Entrust IdentityGuard enables rapid deployment, centralized policy management, and an easy integration into the enterprise. Entrust IdentityGuard also includes the ability to apply transaction digital signatures for increased confidence in online transactions. Entrust IdentityGuard serves as a certified SAML 2.0 identity provider, providing standards-based interoperability to organizations. Combined with Entrust's zero-touch fraud detection solution, Entrust IdentityGuard provides a powerful risk-based solution for authenticating users.

Entrust — Entrust GetAccess 8.0 delivers a single entry and access point for user authentication and authorization across multiple Web portal applications. The solution delivers full service provider (SP) capabilities and provides organizations with security, flexibility and performance to personalize the user experience of a Web portal through the following key services: flexible authentication, including seamless integration with Entrust IdentityGuard for step-up authentication; proven authentication interoperability via standards such as SAML, Kerberos, X.509 and others; SSO to Web and non-Web applications via SAML; authorization including fine-grained access control to online resources; rich policy management capabilities, allowing controlled access based on environmental considerations (e.g. authentication method used, physical location, TOD, external data sources); centralized session management; personalization of content; integration with leading application and portal vendors; web-based tools for business administration and operational control.

IBM — IBM Tivoli® Federated Identity Manager (TFIM) 6.2 provides a full featured web access management solution for managing identity and access to resources that span companies or security domains. Rather than replicate identity and security administration across companies, Tivoli Federated Identity Manager provides a simple, loosely coupled model for managing trusted identities and providing them with access to information and services including SaaS and cloud-based deployments. For companies deploying Service Oriented Architecture (SOA) and Web Services, TFIM provides a centralized identity mediation services for federated Web services identity management across multiple domains (e.g. Java, .NET and mainframe). TFIM supports the following standards: SAML Protocol 1.0/1.1/2.0, OpenID Authentication 1.1/2.0 – OpenID Simple Registration Extension 1.0, Information Card Profile, WS-Federation Passive Requestor Profile, Liberty ID-FF 1.1/1.2, WS-Trust 1.2/1.3.

Microsoft — Microsoft Active Directory Federation Services (AD FS) 2.0 enables Active Directory to be an identity provider in the claims based access platform. AD FS provides end users with a single sign-on experience across applications, platforms and organizations and simplifies identity management for IT Pros. AD FS 2.0 is part of the Windows Server platform, and supports both on-premises and cloud solutions.

Novell — Novell Access Manager 3.1 simplifies and safeguards online asset-sharing, helping customers control access to Web-based and traditional business applications. Trusted users gain secure authentication and access to portals, Web-based content and enterprise applications, while IT administrators gain centralized policy-based management of authentication and access privileges. What's more, Novell Access Manager supports a broad range of platforms and directory services, and it's flexible enough to work in even the most complex multi-vendor computing environments. Novell Access Manager makes administration easy. You can use it to centralize access control for all digital resources, and it eliminates the need for multiple software tools at various locations. One access solution fits all applications and information assets. In addition, Novell Access Manager includes support for major federation standards including Security Assertions Markup Language (SAML), WS-Federation and Liberty Alliance.

Ping Identity — PingFederate v6.1 is an Internet Identity Security platform that delivers an enterprise-class, scalable, cost effective and standards-based software solution for enabling Internet Single Sign-On, Identity-Enabled Web Services and Internet User Account Management. PingFederate provides a centralized platform for managing all of your external identity connections with customers, Software-as-a-Service (SaaS) and Business Process Outsourcing (BPO) providers, partners, affiliates and others. Your organization can have Internet SSO and Identity-Enabled Web Services connections in days with point and click connection configuration, out-of-the-box integration capabilities, multi-protocol support, and automated user account management. Over 350 enterprises and service providers worldwide base their Internet identity security strategy on PingFederate.

SAP — The next release of SAP NetWeaver Identity Management 7.2 is planned for the second quarter 2010. SAP plans to significantly enhance the product with an Identity Provider (IdP) and Secure Token Service (STS) to support web-based Single Sign-On via SAML 2.0 assertions, identity federation and Single Sign-On for web services. The existing features to centrally administrate and provision users — provided by the Identity Center and Virtual Directory Server components — will be extended and allow for integrated scenarios with the IdP. The new IdP and STS will add access management features to the SAP NetWeaver Identity Management and allow the solution to be integrated into an Enterprise Single Sign-On environment reducing TCO and administrative effort.

Siemens — DirX Access V8.1 is a comprehensive solution that integrates access management, entitlement management, identity federation, Web services security, and Web Single Sign-on in one single product to protect your web applications and web services from unauthorized use. DirX Access provides for the consistent enforcement of business security policies through external, centralized, policy-based authentication and authorization services, enhances Web user experience through local and federated single sign-on and supports regulatory compliance with audit and reporting both within and across security domains.

About the Liberty Interoperable Program

The ongoing success of the Liberty Interoperable program is demonstrated by the wide scale deployment of SAML 2.0 products and the increasing number of businesses and governments such as the US GSA, now requiring vendors to pass Liberty Alliance testing. With nearly seven years of testing products for true interoperability of identity specifications, Liberty Alliance expects to expand the Liberty Interoperable program within Kantara Initiative to reflect growing momentum for proven interoperable multi-protocol identity solutions. More information about the program, including a list of all vendors who have passed Liberty Alliance testing, is available here.

Enterprises and governments are going to be able to do important projects and derive tangible benefits very quickly using this cross-vendor family of products. That's really important. Of course, there's more to identity than browser-based federation… But one of the most encouraging signs is that the same kind of progress we see in the Kantara announcement is being made with the user-centric and privacy-enhancing technologies that many of us are working on to complement the SAML technology.

Microsoft: minimum disclosure about minimum disclosure?

Back from vacation and catching up on some blogs I found this piece by Felix Gaehtgens at Kuppinger Cole in Germany:

A good year ago, Microsoft acquired an innovative company called U-Prove. That company, founded by visionary Stephan Brandt, had come up with a privacy-enabling technology that effectively allows users to safely transmit the minimum required information about themselves when required to – and for those receiving the information, a proof that the information is valid. For example: if a country issued a digital identification card, and a service provider would need to check whether the holder over 18 years of age, the technology would allow to do just that – instead of having to transmit a full data set, including the age of birth. The technology works through a complex set of encryption and signing rules and is a win-win for both users who need to provide information as well as those taking it (also called “relying parties in geek speak”). With the acquisition of U-Prove, Microsoft now owns all of the rights to the technology – and more importantly, the associated patents with it. Stephan Brandt is now part of Microsoft’s identity team, filled with top-notch brilliant minds such as Dick Hardt, Ariel Gordon, Mark Wahl, Kim Cameron and numerous others.

Privacy advocates should (and are) happy about this technology because it effectively allows consumers to protect their information, instead of forcing them to give up unnecessary information to transact business. How many times have we needed to give up personal information for some type of service without any real need for this information? For example, if you’re not shipping anything to me… what’s the point of providing my home or address? If you are legally required to verify that I’m over 18 (or 21), why would you really need to know my credit card details and my home address? If you need to know that I am a customer of one of your partner banks, why would you also need to know my bank account number? Minimum disclosure makes transactions possible with exactly the right fit of personal details being exchanged. For those enterprises taking the data, this is also a very positive thing. Instead of having to “coax” unnecessary information out of potential customers, they can instead make a clear case of what information they do require for fulfilling the transaction, and will ultimately find consumers more willing to do business with them.

So all of this is really great. And what’s even better, Microsoft’s chief identity architect, Kim Cameron has promised not to “hoard” this technology for Microsoft’s own products, but to actually contribute it to society in order to make the Internet a better place. But more than one year down the line, Microsoft has not made a single statement about what will happen to U-Prove: minimum disclosure about its minimum disclose technology (pun intended!). In a post that I made a year ago, I tried making the point that this technology is so incredibly important for the future of the Internet, that Microsoft should announce its plans what do with the technology (and the patents associated for it).

Kim’s response was that Microsoft had no intentions of “hoarding” the technology for its own purposes. He highlighted however that it would take time to do this – time for Microsoft’s lawyers, executives and technologists to irk out the details of doing this.

Well – it’s been a year, and the only “minimum disclosure” that we can see is Microsoft’s unwillingness to talk about it. The debate is heating up around the world about different governments’ proposals for electronic passports and ID cards. Combined with the growing dangers of identity theft and continued news about spectacular leaks and thefts of personal information, this would really make our days. Unless you’re a spammer or identity thief of course.

So it’s about time Microsoft started making some statements to reassure all of us what is going to happen with the U-Prove technology, and – more importantly – with the patents. Microsoft has been reinventing itself and making a continuous effort to turn from the “bad guys of identity” a decade (in the old Hailstorm days with Microsoft Passport) into the “good guys” of identity with its open approach to identity and privacy protection and standardisation. At Kuppinger Cole we have loudly applauded the Identity Metasystem and Infocards as a ground-breaking innovation that we believe will transform the way we use the Internet in the years to come. Now is the time to really start off the transformative wave of innovation that comes when we finally address the dire need for privacy protection. Microsoft has the key in its hands, or rather, locked in a drawer. C’mon guys, when will that drawer finally be opened?

Kuppinger Cole has been an important force in creating awareness about the role of an Identity Metasystem. It has also led in stressing the importance of minimal disclosure technology. I take Felix's concerns very seriously. He's right – I owe people a progress report.

This said, there is no locked drawer. Instead, Felix gets closer to the real explanation in his first paragraph: “the technology works through a complex set of encryption and signing rules.”

The complexity must be tamed for the technology to succeed. There is more to this than brilliant formulas or crypto routines. We need to understand not only how minimal disclosure technology can be used – but how it can be made usable.

There are different kinds of research. Theoretical research is hugely important. But applied research is just as key. Over the last year we've moved from an essentially theoretical grasp of the possibilities to prototypes that demonstrate the feasibility of deploying real, large-scale distributed systems based on minimal disclosure.

I don't have much time for standards and protocols that are NOT built on top of experience with implementation. And if you don't know what your standards and implementations might look like, you can't define the intellectual property requirements.

So we've been working hard on figuring this stuff out. In fact, a lot of progress has been made, and I'll write about that in my next few posts. I'll also reach out to anyone who wants to become more closely involved.

7 Laws of Identity

Here's the most beautiful take yet on the Seven Laws of Identity – put together by Karon and Katrika, who even saw how the Laws connect with the Perception of Ailatan. In the past people have asked why I didn't do a Laws of Identity poster – this must be it. Click to view full size.

Make of it what you will

One of the people whose work has most influenced the world of security – a brilliant researcher who is also gifted with a sense of irony and humor – received this email and sent it on to a group of us. He didn't specify why he thought we would find it useful…

At any rate, the content boggles the mind. A joke? Or a metaspam social engineering attack, intended to bilk jealous boyfriends and competitors?

Or… could this kind of… virus actually be built and… sold?

Subject: MMS PHONE INTERCEPTOR – THE ULTIMATE SPY SOLUTION FOR MOBILE PHONES AND THE GREAT PRODUCT FOR YOUR CUSTOMERS

MMS PHONE INTERCEPTOR – The ultimate surveillance solution will enable you to acquire the most valuable information from a mobile phone of a person of your interested.

Now all you will need to do in order to get total control over a NOKIA mobile (target) phone of a person of your interest is to send the special MMS to that target phone, which is generated by our unique MMS PHONE INTERCEPTOR LOADER. This way you can get very valuable and otherwise un-accessible information about a person of your interest very easily.

The example of use:

You will send the special MMS message containing our unique MMS PHONE INTERCEPTOR to a mobile phone of e.g. your girlfriend

In case your girlfriend will be using her (target) mobile phone, you will be provided by following unique functions:

In case your girlfriend will make an outgoing call or in case her (target) phone will receive an incoming call, you will get on your personal standard mobile phone an immediate SMS message about her call. This will give you a chance to listen to such call immediately on your standard mobile phone.
In case your girlfriend will send an outgoing SMS message from her (target) mobile phone or she will receive a SMS message then you will receive a copy of this message on your mobile phone immediately.
This target phone will give you a chance to listen to all sounds in its the surrounding area even in case the phone is switched off. Therefore you can hear very clearly every spoken word around the phone.
You will get a chance to find at any time the precise location of your girlfriend by GPS satellites.

All these functions may be activated / deactivated via simple SMS commands.

A target mobile phone will show no signs of use of these functions.

As a consequence of this your girlfriend can by no means find out that she is under your control.

In case your girlfriend will change her SIM card in her (target) phone for a new one, then after switch on of her (target) phone, your (source) phone will receive a SMS message about the change of the SIM card in her (target) phone and its new phone number.

These unique surveillance functions of target phones may be used to obtain very valuable and by no other means accessible information also from other subjects of your interest {managers, key employees, business partners etc, too.

I like the nostalgic sense of convenience and user-friendliness conjured up by this description. Even better, it reminds me of the comic book ads that used to amuse me as a kid. So I guess we can just forget all about this and go back to sleep, right?

If you try sometimes – you can get what you need

I'll lose a few minutes less sleep each night worrying about Electronic Eternity – thanks to the serendipitous appearance of John Markoff's recent piece on Vanish in the New York Times Science section:

A group of computer scientists at the University of Washington has developed a way to make electronic messages “self destruct” after a certain period of time, like messages in sand lost to the surf. The researchers said they think the new software, called Vanish, which requires encrypting messages, will be needed more and more as personal and business information is stored not on personal computers, but on centralized machines, or servers. In the term of the moment this is called cloud computing, and the cloud consists of the data — including e-mail and Web-based documents and calendars — stored on numerous servers.

The idea of developing technology to make digital data disappear after a specified period of time is not new. A number of services that perform this function exist on the World Wide Web, and some electronic devices like FLASH memory chips have added this capability for protecting stored data by automatically erasing it after a specified period of time.

But the researchers said they had struck upon a unique approach that relies on “shattering” an encryption key that is held by neither party in an e-mail exchange but is widely scattered across a peer-to-peer file sharing system…

The pieces of the key, small numbers, tend to “erode” over time as they gradually fall out of use. To make keys erode, or timeout, Vanish takes advantage of the structure of a peer-to-peer file system. Such networks are based on millions of personal computers whose Internet addresses change as they come and go from the network. This would make it exceedingly difficult for an eavesdropper or spy to reassemble the pieces of the key because the key is never held in a single location. The Vanish technology is applicable to more than just e-mail or other electronic messages. Tadayoshi Kohno, a University of Washington assistant professor who is one of Vanish’s designers, said Vanish makes it possible to control the “lifetime” of any type of data stored in the cloud, including information on Facebook, Google documents or blogs. In addition to Mr. Kohno, the authors of the paper, “Vanish: Increasing Data Privacy with Self-Destructing Data,” include Roxana Geambasu, Amit A. Levy and Henry M. Levy.

[More here]

My email address

I'm writing this post in case your version of my email address has “windows.microsoft.com” in it.

The “windows.microsoft.com” domain is being repurposed for some higher good. So going forward, please write to me with the usual address (same local-part) but at “@microsoft.com” instead of “@windows.microsoft.com”).

Electronic Eternity

From the Useful Spam Department : I got an advertisement from a robot at “complianceonline.com” that works for a business addressing the problem of data retention on the web from the corporate point of view.

We've all read plenty about the dangers of teenagers publishing their party revels only to find themselves rejected by a university snooping on their Facebook account. But it's important to remember that the same issues affect business and government as well, as the complianceonline robot points out:

“Avoid Documentation ‘Time Bombs’

“Your own communications and documents can be used against you.

“Lab books, project and design history files, correspondence including e-mails, websites, and marketing literature may all contain information that can compromise a company and it's regulatory compliance. Major problems with the U.S. FDA and/or in lawsuits have resulted from careless or inappropriate comments or even inaccurrate opinions being “voiced” by employees in controlled or retained documents. Opinionated or accusatory E-mails have been written and sent, where even if deleted, still remain in the public domain where they can effectively “last forever”.

“In this electronic age of My Space, Face Book, Linked In, Twitter, Blogs and similar instant communication, derogatory information about a company and its products can be published worldwide, and “go viral”, whether based on fact or not. Today one's ‘opinion’ carries the same weight as ‘fact’.”

This is all pretty predictable and even banal, but then we get to the gem: the company offers a webinar on “Electronic Eternity”. I like the rubric. I think “Electronic Eternity” is one of the things we should question. Do we really need to accept that it is inevitable? Whose interest does it serve? I can't see any stakeholder who benefits except, perhaps, the archeologist.

Perhaps everything should have a half-life unless a good argument can be made for preserviing it.