Tailrank blog links

Tailrank did a nice summary of some of the blogging around our announcement. It's a cools site, where the results look something like this:

 

CardSpace & OpenID: Working together

kveton.com  

Found 4 days ago
The OpenID community has been having quite a few discussions about phishing and what we can do to help mitigate that problem. We have come up with a whole list of solutions that work together nicely to help address the problem. …
 

Microsoft and OpenID – commentary

identity20.com  

Found 4 days ago
Here are other posts on Microsoft and OpenID announcement: Kim Cameron (Microsoft) post Michael Grave (VeriSign) post “this is a significant step toward the convergence needed in the identity space” David Recordon (VeriSign) post “Convergence isn't new for OpenID, rather continues to show how …
 

Microsoft to Support OpenID Log on System

thomashawk.com  

Found 4 days ago
Time, Walk, Step, Turn Hosted on Zooom r [I am CEO of Zooomr] WIRED Blogs: 27B Stroke 6 : In a keynote speech at the RSA security conference earlier today Bill Gates reportedly announced that Microsoft was going to support OpenID. …
 

Microsoft Working on OpenID Support

25hoursaday.com  

Found 4 days ago
It looks like we just announced that we'll be supporting OpenID at the RSA conference. Official details are in the press release Microsoft Outlines Vision to Enable Secure and Easy Anywhere Access for People and Organizations which states To further enable the vision of secure and easy anywhere access, …
 

Microsoft marries CardSpace and OpenID 2.0

blogs.zdnet.com  

Found 4 days ago

With the Vista launch behind him, Bill Gates and Craig Mundie, Microsoft's chief research and strategy officer and security patron, were on stage the 16th annual RSA Conference in San Francisco before a crowd of about 15,000 security geeks and professionals. …

 

OpenID creates a foundation as Microsoft pledges support

factoryjoe.com  

Found 4 days ago

You can read it around the web, but, hot on the heels of the creation of the OpenID Foundation , the news from the RSA Security conference is that Bill Gates has announced Microsoft's intention to support OpenID 2. …

 

Alec Saunders .LOG

saunderslog.com  

Found 3 days ago

Sometimes wishes to come true. It was only a few days ago that I posted a rant about Yahoo's decision to impose Yahoo ID's on Flickr account holders . And I was just one of the many voices in the blogosphere raised against Yahoo's decision. …

 

Dogs and cats sleeping together!!!

hyperthink.net  

Found 3 days ago

There's lots of buzz in the blogosphere today about the big Cardspace/OpenId collaboration that was announced this morning at RSA. Whodathunk that a technology rooted in the RESTful open source ecosystem could intermingle with a technology built by the WS-* wonks without trigging some bizarre matter/antimatter explosion. …

 

OpenID and CardSpace Dance Takes the Next Step

equalsdrummond.name  

Found 4 days ago

User-centric identity infrastructure just took another key step forward today: Janrain, Sxip, Verisign, and Microsoft announced they will all be working together to help OpenID users get the benefits of CardSpace and vice versa. …

 

Post a comment

brad.livejournal.com  

Found 4 days ago

http://kveton.com/blog/?p=221

 

Microsoft Shows OpenID Love

blog.wachob.com  

Found 4 days ago

For those of us who've been helping to promote OpenID, today's announcement that Microsoft will work to get OpenID and Cardspace working well together is absolutely no surprise. Kim Cameron, Mike Jones and the rest of the crew have been saying both very rosy things, as well as giving some well-appreciated constructive criticism. …

 

Microsoft support OpenId (officially) honest!

vecosys.com  

Found 3 days ago

Unbelievably sleepy old Microsoft (we spend $4bn on R&D but has anyone seen a return) beats dithering Yahoo (should we support it or should we buy OpenID) and arrogant Google (we hate OpenID and Microformats, we only use complicated stuff we invent) to officially announce support for the OpenID movement today at the RSA conference. …

 

The “Eveel Empire” Strikes Back (But Not in the Way One Might Expect

oreillynet.com  

Found 3 days ago

Just when you thought it was safe to make assumptions regarding whether or not MSFT understood the ” Don't Fight The Internet ” rule of doing business on the 2. …

 

Microsoft to support OpenID

phildawes.net  

Found 3 days ago

Microsoft, Verisign, Sxip and JanRain have announced that they will all support the OpenID protocol in their upcoming products. Kim Cameron has the scoop (but then he would have, being the ‘Chief Architect of Identity’ at Microsoft). …

 

Libraries in the NHS

nelh.blogspot.com  

Found 3 days ago

CardSpace OpenID collaboration :

 

David Recordon's Blog

daveman692.livejournal.com  

Found 4 days ago

http://netmesh.info/jernst/Digital_Iden

 

Two-Factor Web Authentication with a Bookmark.

benlog.com  

Found 4 days ago

(There's always a dilemma between “publishing soon” and “polishing for peer review.” This is my first attempt at blog-based collaborative peer-review. Let's see how it goes!) The Problem Phishing is a serious issue, and it's only getting worse. …

 

OpenID Gets a Boost From Microsoft

lagesse.org  

Found 3 days ago

This is great news for the OpenID community – having companies like Verisign and Microsoft onboard certainly help the chances of achieving a way to manage your persona on the web! OpenID ( Radar post ) got a big boost today when it gained support from Microsoft . …

 

MSFT RSA announcement.

kaliyasblogs.net  

Found 4 days ago

This morning at RSA Bill Gates and Craig Mundie announced MSFT support of OpenID2.0 . ( Johannes has a good summary of the points they made too ) I wouldn't go so far to say that they got Married. But what exactly was announced? …

 

Microsoft to Support OpenID System

internet.seekingalpha.com  

Found 3 days ago

Thomas Hawk submits: In a keynote speech at the RSA security conference yesterday, Bill Gates reportedly announced that Microsoft was going to support OpenID. OpenID is an open, decentralized identity system that attempts to provide a solution to the multiple log on ID systems to access various sites across the internet. …

 

A new direction for ClaimID

chimprawk.blogspot.com  

Found 3 days ago

I'm proud to announce that, as of this morning, we are going to be taking ClaimID in a slightly new direction. We're going to be concentrating our efforts on being an OpenID provider, one that is extremely simple and easy to use. …

 

Microsoft supports OpenID

blog.broadbandmechanics.com  

Found 3 days ago

So I haven't had any time to talk to Kim or Dick – but here's my take on this deal between Microsoft and their CardSpace/InfoCards standards efforts and the OpenID community (Sxip, JanRain and Verisign. …

 

Post-SuperBowl blogging

blog.broadbandmechanics.com  

Found 3 days ago

Microsoft and the OpenID community have decided to support each other. In depth coverage here. Congrats to all! THis is important news! Getting Microsoft to recognize and then support an open effort like OpenID is a first step. …

Cool Tailrank page

I love Tailrank and its little pictures of blogs as this page on the CardSpace OpenID Collaboration Announcement shows.  I wonder how long the pages persist?  I'll have to remember to come back and look at this link in a couple of months.

Meanwhile, I thought I would explore Tailrank further and got to the part where I had to sign in and said to myself, “No, I don't have time for that”. 

Then it occured that this was just one more concrete example of a Web 2.0 opportunity going down the drain.

It seems so clear to me the Web 2.0 community should climb on board this user-centric identity thing ASAP. 

 

Apache Authentication Module for CardSpace

Yesterday I referred to a mind-altering announcement from Ping Identity Corporation.  I think it's a key piece of the identity puzzle.  Since it's obvious that this is a big accomplishment and that he's played a major role in it, I'll quote Ashish Jain's Identity TIcker blog: 

Thanks to the efforts of our labs team, we finally have the ‘Apache Authentication Module for CardSpace‘ available for download .

Here is the product description from the SourceID website:

“The Apache Authentication Module for CardSpace is an open source module that allows applications using an Apache server for hosting or proxy to use Information Cards as an additional authentication mechanism. It allows the Apache applications to act as CardSpace relying parties (RP) by means of simple configuration. The module is responsible for decrypting the tokens submitted by CardSpace, retrieving the claims and making them available for the applications’ use.”

The idea behind this is simple. If you have an application that is deployed on an Apache server and you want to CardSpace-enable it, drop in the module (along with the dependencies), change the httpd.conf and your application should have access to the claims in the infocard.

The post includes proof that these guys were coding twenty-four hours a day.

To my mind this is really huge.  I wonder if one day we'll see it become a part of Apache, just like the password and digest authentication modules.

The whole cardspace processing can be a black box for the administrators

The module puts the attributes in the session. So if you have a PHP application, you can do the following to retrieve the attributes

$email = $_ENV[‘auth_infocard_env_emailaddress’]
$ppid = $_ENV[‘auth_infocard_env_privatepersonalidentifier’]

The same thing works in any other programming language, since they all give you access to your environment variables.

So this is pretty much as simple as it gets.  I hope everyone with a product that runs on Apache will look at this.

But wait!  There's more!  When I wrote to Ashish to congratulate him on this development, he added:

We also have a .jar file for java that serves the similar purpose (we internally refer it as the cardspace-magic.jar and we will open source some day). Same idea…drop the .jar file in,  then:

xmltoken in -> attribute’s map out

So if you use Java, you can go that way too.

But wait! There's still more!!

Yes, folks, Ping Identity is actually showing a demo at RSA of some of the very ideas we've been discussing over the last couple of days.  Namely, use of CardSpace to log in to OpenID sites.  I'll do another post to sow you some screen shots.

Structuring our announcement

Identity Woman Kaliya, who is a key community figure and has played a pivotal role in bringing everyone together, posted this (and this) about yesterday's announcement:

This morning at RSA Bill Gates and Craig Mundie announced MSFT support of OpenID2.0. (Johannes has a good summary of the points they made too) I wouldn’t go so far to say that they got Married. But what exactly was announced? I spoke with David Recordon and Mike Jones after the announcement. (this picture is before the announcement).

The OpenID Relying parties will be able to request that the authentication be done in a Phising resistant way. Then the OpenID Provider will have it a way to assert that the authentication of the OpenID (a URL or XRI/I-name) has been done in a Phishing resistant way. CardSpace will be available as a primary way of providing this kind of authentication (for users on Windows machines).

This is a very exciting development as it expands the options available to users. Their are issues with Phishing in OpenID (as outlined here by Kim) and addressing this hole is key to making it a viable protocol that is good for users.

Kim talks about is request to the OpenID community in the blogosphere and in the meeting they had last week at JanRain (Scott blogged about that here).

My big ask was to add a way to request credentials based on phishing-resistant authentication…..[so that] the system is built to handle the dangers that would come with its own success.

The one question I have about this collaboration announcement why Cordance, NetMesh and other companies who have made major contributions and have critical stakes in the OpenID community were not listed in the announcement. I know it was pulled together very quickly but I think the contributions of those two companies have been extensive and deserved mention (and yes! they do have ‘code’).

There was also no mention of like Brad Fitzpatrick the originator of the OpenID and his company LiveJournal which is now a part of SixAppart.

This is a good question.  As I pointed out yesterday, NetMesh was one of the orginators of OpenID.  Drummon Reed and Cordance have been big proponents too, and brought their i-names and XRI technology to the party.  Brad proposed the initial concept.  There are lots of creative people and companies who are playing their part in all of this, and I consider most of them to friends.

So since, as Gabe says, everything about this announcement – and identity work in general – should be perfectly transparent, let me share what I was thinking while working on this.

I've been involved in big announcements a number of times, and they take months to pull off.  Every PR department from every company has to get involved.  Each has a constituency and message that it wants to be clear.  Every time a change is made it has to go everyone else for approval, often provoking a further change, and so it just takes time.  You plan well ahead for these things, and commit near full-time resources.

We didn't have that luxury.  Nor was this meant to be PR as such.  It was a matter of the industry shaping itself through collaboration, and doing it in the blogosphere – the only place where these magical things can happen.  The fact that Bill and Craig thought all of this was important and exciting gave us all a sudden opportunity for time travel.

If I wanted this to happen in a short time, I needed to work with representatives, not the whole community, and even then, have a great deal of luck.  But to do this without offending everyone involved, I felt we needed an objective criterion for deciding who to approach to represent the OpenID community.

It seemed to me that the best representatives were the editors of the OpenID 2.0 specification.  After all, they are at the center of landing this baby.  And the editors are David Recordon at VeriSign, Johnny Bufu at SXIP, and Josh Hoyt at JanRain.  Thus the choice of companies.  I felt they would understand the technical issues and possibilities, and that the support of their companies for collaboration would be the beginning – not the end – of a wider process.

So to be perfectly clear, we would love to see more people and companies getting involved in this collaboration and building the momentum going forward.  This isn't the end of the identity journey – just a time-warp in which we all got thrown forward.  So let's work on some of the big announcements I referred to above, and most of all, on really great technology.

Clairvoyance?

Gabe Wachob claims a certain clairvoyance in this post. But I don't want anyone to underestimate the drama even for me.  Friendly discussion is slightly different from everyone actually landing on the same page.

For those of us who've been helping to promote OpenID, today's announcement that Microsoft will work to get OpenID and Cardspace working well together is absolutely no surprise. Kim Cameron, Mike Jones and the rest of the crew have been saying both very rosy things, as well as giving some well-appreciated constructive criticism.

Today, there was an announcement (see Scott Kveton, Dick Hardt, Michael Graves, David Recordon, Johannes Ernst, or Kim Cameron for details) that Janrain, SXIP, Verisign and Microsoft  ” will collaborate on interoperability between OpenID and Windows CardSpaceâ„¢ to make the Internet safer and easier to use.” Let me assure you that from personal experience I know the parties involved all want to make OpenID and Cardspace succeed – the agendas here are amazingly open and transparent.

This is a big deal folks – i encourage you to read those blog entries, rather than have me summarize it here. Apparently Bill G even spoke about openid at the RSA keynote this morning! 

Gabe was also part of an IPR podcast that sounds interesting and is described here.

There's a nice piece on the announcement in O'Reilly Radar here.

Really great news coming on Ping Identity.

 

 

Notes on Bill Gates’ Identity Keynote

Many of you know my colleague Mike Jones. He had enough wits about him to take notes on what actually transpired during the keynote earlier today. So I'll share them with you:

The flow of the identity part of the talk went something like this:

  • Slide: Evolution of Identity: Making the Vision Real (with picture of two cards in hands)
  • People are used to choosing what credential to use where for what purpose (talking about cards in our wallets)
  • We use a variety of physical tokens to represent these things
  • CardSpace creates a vehicle to allow people to have a GUI for credentials that represent their identities or personas in particular situations
  • Each thing in the physical world conveys a particular set of information and discloses just enough information
  • CardSpace provides a drag & drop interface for identity
  • People will have to acclimate to it
  • People can create their own credentials and others can give you credentials
  • The system reasons about what the right credential is for you to simplify things for users
  • WS-* hints about what credentials that are being looked for
  • CardSpace shows candidates for credentials

Then they segued to the OpenID collaboration announcement:

  • Issues of reputation and trust are foundational on the Internet
  • Different levels of trust are needed in different contexts, such as blogs and access to enterprise resources
  • People have been thinking about issues of trust
  • OpenID 2.0 is doing this in the blog / Web 2.0 world, others are coming at this from the enterprise space
  • We see these approaches as being complementary
  • “Today we are announcing that we are supporting OpenID 2.0 and that they’re extending what they’ve done to enable the use of strong credentials”
  • They're doing this because they see that it solves problems and attacks that a pure password approach has
  • We're excited about this marriage of CardSpace and Web 2.0
  • This will help eliminate the possibility of man-in-the-middle attacks
  • CardSpace is built on our work on the WS-* specifications
  • OpenID will be endorsing the CardSpace marriage later today
  • We see this as a very smooth continuum with a common GUI metaphor

Numerous enthusiastic comments followed in Mikes rendition…

Bill Gates and Craig Mundie on identity and privacy

Here are some of the top level messages from the Microsoft RSA Conference Keynote press release.  I thought Bill Gates and Craig Mundie spoke extremely well about identity this morning.  In the speech, Bill announced the industry initiative to converge the capabilities of CardSpace and OpenID that we've been discussing here.  This includes support for OpenID in future Microsoft identity products.   

“Security is the fundamental challenge that will determine whether we can successfully create a new generation of connected experiences that enable people to have anywhere access to communications, content and information,” Gates said. “The answer for the industry lies in our ability to design systems and processes that give people and organizations a high degree of confidence that the technology they use will protect their identity, their privacy and their information.”

“To create the level of seamless, pervasive connectivity that will make secure anywhere access a reality, continued collaboration and cooperation across this industry is essential,” Mundie added. “If we can work together to enhance trust, it will open the door to a transformation in the way people share experiences, explore ideas and create opportunities.”

Gates and Mundie said that to further advance trust and enable anywhere access, there are three key technological areas for industry focus and momentum:

    Evolution of networks. As businesses and the industry move forward on redefining network boundaries, policy will become the driving force for managing access — not the physical topology of the network. The goal is for the network and the Internet to appear and work as if the boundaries between them are seamless, so access for users is easier and faster.
    Evolution of protection. To achieve this anywhere access vision, customers need comprehensive security products and services that integrate seamlessly with each other and existing infrastructure and that are easy to use and manage. There is a necessity for the industry to enable greater protection, not only when information is in transit but also when it is created and where it resides, whether on the server, the desktop or a mobile device.
    Evolution of identity. Today, individuals and businesses struggle with an increasing number of digital identities to manage and the increased level of complexity and risk that goes with them. The industry’s collaborative efforts around the development of an identity metasystem are the right direction, and customers need this system to be based on standard protocols that address heterogeneous infrastructures in order to reduce the complexity of managing identities across networks and the Web.

There are a lot more details about many different initiatives here.

 

OpenID Editor David Recordon

Here's what Editor David Recordon has to say:

So with the recent OpenID news, I have to say that I'm quite excited! Convergence isn't new for OpenID, rather continues to show how it is a great technology to innovate around. This isn't about one technology swallowing another, it is about true cooperation, collaboration, and ultimately convergence.At the first Internet Identity Workshop in 2005, Brad Fitzpatrick, Johannes Ernst, and I collaborated with the XRI guys and jointly developed Yadis. Suffice it to say, the technology developed by the community in Yadis is so powerful that it is now being built into the standard XRI Resolution spec at OASIS. Over this last summer there was further convergence with the XRI community, now allowing the OpenID Authentication 2.0 spec to support both URLs and XRIs as identifier formats. In August Sxip joined forces, which has caused the OpenID technology to continue to improve and has built the community to be even stronger.

Now today, we get to announce that Microsoft too has decided to collaborate with the OpenID community. I've known Kim Cameron and Mike Jones for about two years now and despite anything you may say about Microsoft, these guys continue to push for the best and engage the wider user-centric identity community in a very positive light. I'm personally really excited to be working with them, and others, in further developing the Assertion Quality Extension so that OpenID can be used within a wider range of products (including those from Microsoft). So welcome Kim and Mike, I hope to see you on the mailing lists shortly!

Johannes sends “marriage” greetings

Here's more support from another legendary member of the OpenID community, Johannes Ernst of Netmesh.  He's the inventor of LID, and one of the strongest champions for the “URL-based” identity used in OpenID.  He brought ideas his together with Brad Fitzpatrick's quite a while ago now, creating one of the first synergy-lurches for the community.

I should also point out that Johannes has also been one of the first, and most tireless, advocates of the synergy between OpenID and Information Cards.  He has given many cycles to OSIS, the group that has co-ordinated open source work around identity selectors and information card technology.  The beautiful thing here is that convergence with CardSpace MEANS convergence with Information Cards in general, including the Higgins project and work by many others in the community.  I've been concentrating on CardSpace for obvious reasons, but to me it is very important that this goes far beyond CardSpace into another whole community.

Wow! After two years of hard work, we are finally getting real convergence in identity land! Today, Bill Gates is announcing has announced in his keynote at the RSA conference that Microsoft will support OpenID. Here are some posts covering the news:

At NetMesh, we've held for a long time that URL-based identity (OpenID, with its roots LID, i-names and Sxip), and other technologies such as CardSpace have to come together so we can really get to an interoperable, multi-vendor, user-centric identity layer for the open internet. That's why we helped put together OSIS, and lots of activities of that nature.

Now even Bill Gates supports the same vision! Yippie!! (apologies for being too excited, but this is exciting!)

Just pointed out to my wife — who wrote the first line of code, ever, about three years ago, implementing URL-based identity — that in some way, she should now be famous!

So, congratulations Tammy!

Feature – not a bug!

As he says, Brad Fitzpatrick “made” the orginal OpenID to solve problems he was facing at Six Apart.  Of course it grew over time, if anyone's opinion counts, it's his.  And here it is:

So Bill Gates just announced earlier this morning (while I was sleeping in / recovering) that Microsoft is supporting OpenID.

When I made OpenID, I intentionally left the method of authentication undefined. (feature, not a bug!)

Now people ask me what I think about Microsoft supporting it, using their InfoCards as the method of authentication…. I think it's great! So far I've seen Kerberos integration for OpenID, voiceprint biometric auth (call a number and read some words), Jabber JID-Ping auth, etc…. all have different trade-offs between convenience and security. But as more people have CardSpace on their machines, users should get both convenience and security. (sorry, I'm not totally up on all the details… just seen demos….)

Anyway, I and others at Six Apart are thrilled to see Microsoft supporting OpenID. Kudos!

Thanks Brad.  For us, its clear that OpenID is a really great technology for doing public identities – the simplicity is stunning.  I really like your work.  OpenID is clearly an important part of the identity metasystem.  We really hope to see the synergy keep expanding.