Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Digital ID Policies
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2009 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« October 14, 2003 | Main | October 16, 2003 »

October 15, 2003

DIDW: Photos

I have a gallery of photos I've taken at Digital ID World.

06:23 PM | Recommend This | Print This

DIDW: Grassroots identity: Does it Have a Chance?

I was torn between Carol Coye-Benson's session on The Business of Digital Identity and the session on Grassroots Identity. Grassroots Identity finally won out because the characters they've got assembled for this panel are bound to provide an interesting show:

  • Moderator: AKM Adam, Reverend Dr., Seabury-Western Theology Seminary
  • Doc Searls, Sr. Editor, Linux Journal
  • Simon Grice, CEO, Midentity
  • Marc Canter, Chairman & CEO, Broadband Mechanics
  • Simon Phipps, Chief Evangelist, Sun

T-shirts, haircuts, tattoos, cars, vanity plates, and so on are examples of non-digital grassroots identity. Digital example include email addresses that are picked,meetup.com and other community creating services. Issued identities include driver's licenses, passports, many email addresses. Grass roots identity is created by the person for their own purposes. Its about being yourself, expressing yourself, sharing your own data, thoughts, and ideas. This blog is an example of a grassroots identity created by me to share an aspect of myself.

No identity is an island. Every identity sits in some context.

People are willing to pay for choice associate with identity. For example, many people pay to have a particular email address. I'm one of these, for example. I pay pretty dearly in terms of money and time to maintain a domain (windley.com) where I can create my own identity.

Identity markets are about relationships. Identity isn't worth much without a context. People exist inside relationships (both personal and organizational). We're typically very forgiving of identifying attributes being transfered to organizations and people we have relationships with. This even applies to where we shop and our willingness to give up information about who we are hen we buy in order to get a discount.

05:44 PM | Recommend This | Print This

DIDW: Federation, Policy, and Trust Management

I'm in the Federation, Policy & Trust Management session. The participants are:

  • Moderator: Jim Hurley, VP, Aberdeen
  • Khaja Ahmed, Chief Security Architect, Microsoft
  • Michael Barrett, VP Internet Strategy, American Express
  • Tim Moses, Sr. Director Advanced Security Technology, Entrust

I apologize that I've not kept careful track of who said what in the following. There's some general discussion of policies and trust. Access policies should be:

  • Accessible to people and businesses in native languages
  • Portable from business strategy through IT operations
  • Consistent from human readable to digital instruction and across time and location invariant
  • Reliable
  • Trusted

Policy is the set of actions that a party is required to take. Trust if confidence that a policy is being followed. For example, in authentication, the policy details the authentication mechanism and parameter values. The trust comes from the identification and authorization procedure and refresh requirements. In a different scenario, the policy might tell to what uses the data may be put, how long it can be retained, entities that may have access, etc and the trust is based on certification.

There are some important questions about policy in a federated space:

  • Who sets policy? First-party, third-party, bilateral?
  • How is the policy represented? Human readable, machine readable, both?
  • At what stage is the policy set? Deploy-time, run-time?
  • How flexible is the policy? Take it or leave it, adaptable?

The bad news is that traditional approaches for managing policy and trust are inflexible, slow, and costly. The worse news is that federation makes this worse. This sets the stage for requirements for policies that are machine readability, consistent, support late binding, adaptable, and function in a heterogeneous environment.

A community of trust has four components:

  • Governance (operating rules, roles and responsibilities, and legal validity)
  • Operations (people and the procedures they follow)
  • Technology (software and hardware)
  • Viable economic model

A village is a community of trust. Trustworthiness is based on reputation. Strangers have no trust, but over time this changes. eBay is a good example of this kind of trust system. MSN Messenger has provided a community for traders where people rely on the MSN messenger ID being inviolate. Email works very similarly--people trust email addresses and an email address conveys some sense of trust to people who have interacted with it for some time. Villages have a low governance burden. The community manages the trust and it works effectively across national boundaries. Risk management is done by each individual judging the risk/reward for a particular transaction.

Some ideas for reputation system:

  • Better formalized reputation system or 'gossip' mechanism in cloud-based systems
  • Services that allow a hybrid model (reputation plus authority assertions (village elder)
  • Rich, intuitive, "falling off a log" easy desktop tools for credential and attribute management.

Liability flow between companies affects trust. A liability flow occurs when a service provider can sue an identity provider for damages related to problems associated with an identity. False positives occur when someone has access to an account they have no rights to, an automated attack occurs and fools the system into granting an identity that doesn't belong to the attacker, or social engineering attacks. Another problem is authentication strength. Its very difficult to compare two authentication schemes and determine which is stronger (how UID is chosen, how passwords are chosen, how passwords are aged, etc.)

What to do? Ignore the risk--probably not a good idea. Accept the risk--viable and often done. Joining a prep-existing network that's worked some of these problems out--PingID is providing such a network. Utilize the Liberty Alliance Business Guidelines that explore these issues in detail and work out solutions.

04:51 PM | Recommend This | Print This

DIDW: Digital Identity Tutorial

My tutorial on digital identity management was this morning from 10:15 to 12:15. It overlapped a keynote and consequently we were slow getting going. Initially there were just three people there, but by the time we finished the room was full. Many of those present were people I know and respect; I felt like I was talking to a group of people who knew more about digital identity than I did. We had some good questions and discussion and I had several people say that going over the basic technologies in context was helpful. That's why I developed this tutorial: I knew about the various technologies, but didn't understand how they worked together and interacted. The tutorial:

  • defined the language of digital identity,
  • related digital identity to familiar identity scenarios in the physical world,
  • described the primary protocols for creating, exchanging, and using digital identity, and
  • discussed how organizations can develop an identity management strategy.

You can get a copy of my slides. I also have a white paper upon which the slides are based. You can get a copy by signing up for my free newsletter. If you'd rather not sign up for the newsletter and were at the tutorial this morning, send me an email and I'll send it to you.

02:14 PM | Recommend This | Print This

DIDW: Identity Management vs. Managing by Identity

Phil Becker is using an interesting distinction to emphasize a point I've made several times before: identity management is about opportunity, not just security. He calls this "managing by identity" rather than "identity management." He says managing by identity

  • uses identity to organize, manage and secure computing processes
  • allows business process and computing process to align more naturally
  • releases the real promise and capability of network computing: networking business processes

Networking business processes across business boundaries has now become possible. Soon it will be necessary for survival.

Phil moves onto the topic of trust. Networks require trust to release their power. Human networks learn to trust over time. You can't buy, build, or create trust. Trust is granted by others based on behavior. Transparency is the surest path to trust. Secrecy impairs trust. If this is interesting to you, be sure to review Professor Kent Seamon's research.

The web browser taught people the concept of discovery and networking at the document level in realtime. Web services are the next step at the application level. These new network activities have shown us the need for management by identity.

Federated identity is about linking silos of identity into networks of identity in a way that scales. The only way to make this happen, according to Phil, is to keep the management local while allowing the identity to be used globally. I think this is a great definition of federation because it is general enough to allow multiple solutions.

Because its impossible to pre-define all the ways people will want to integrate data and applications, we need to be able to integrate on demand. This is a good view of what's different about Web services. Businesses integrate on demand all the time: they form teams of people to solve special problems on a regular basis. The tools don't support this kind of "integrate on demand" business process. Only a robust identity infrastructure can support this.

Portals are a starting to address this problem. Portals have always been about aggregation. Portals should be organized based on the user's needs and the policies of the applications and data. Think of what an employee portal is meant to do. Aggregate the data that a user needs in a personalized way. This is an interesting view of what portals do.

09:18 AM | Recommend This | Print This

nTAGS at Digital ID World

We're using these interactive name tags called nTAGS. These are little computers that you were around your neck. The goal is to provide a technology that enhances, rather than disrupts, face to face communication. The devices have a pretty simple interface and function well. They are a little heavy, but that's the first generation. I wish they were more dynamic. They're meant to be that, but the information that the conference attendees provided was more multiple choice than free form, so they're a little less free form than I think they need to be. Still its a fun experiment and they're great conversation starters.

08:55 AM | Recommend This | Print This