Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« October 27, 2004 | Main | October 29, 2004 »

October 28, 2004

DIDW 2004 Wrap-up

I'm back at home and feeling great about the trip. As usual, Phil, Andre, Eric, and Kathi did a bang-up job of putting together a conference that was well run and fun to be at. Overall the talks were good and I found plenty there to get me thinking.

I'd love to see the conference expanded along one crucial axis, however. There's not much of a developer presence there and I think that they miss a big part of the identity puzzle without it. They also risk becoming a collection of vendors, which will pay the bills, but not necessarily achieve the goals I think Phil has of this being about all aspect of identity. There's plenty of open source and other work going on that touches identity. DIDW needs to find a way to reach out to that community and mix it in with what they've got. The result could be truly electric.

07:27 PM | Recommend This | Print This

DIDW 2004: Doc Searls on The Dawn of Independent Identity

Doc gives the closing keynote.
Doc Searls gave the traditional closing keynote to DIDW. As usual it was excellent. Listening to Doc's thoughts is worth the entire trip. Its impossible to capture the full gist of the talk, but here are some thoughts I had. I hope DIDW gets the MP3 of the talk on the net soon.

When we look at markets, we usually think of the transaction, but the exchange is only the bottom level of a market. Above that are conversations (ala Cluetrain) and above that are relationships. Federation is the relationship level of a market.

Gordon Eubanks pointed to the problem of silos, but the real silos are in our wallets. As an individual, I can't federate the relationships I have with various companies. I'm left to hope that the companies I care about get together.

Doc says "when we lost the industrial revolution (to industry) we lost the meaning of our names." Crafts we replaced by jobs, work was reduced to labor, and our occupations were reduced to positions somewhere in the org chart. The identity revolution has the power to give people back the meaning of their names.

Doc does a riff on podcasting and how it and the iPod are a response to the radio industry failing to meet the demands of the market. Lots of good stuff that I couldn't capture.

Doc wants rental car companies to compete for his business based on what kind of car he wants to drive. Right now, there's no way for that to happen, but technology could make it possible. Doc calls this "Company Relationship Management (CoRM)." CoRM is made possible by independent identity (ala i-names). CoRM can deliver on the idea that independent identities are where real marketing power comes from.

Drummond Reed shares the stage with Doc
Doc turned the mic over to Drummond Reed, the architect of i-names and Marc Canter challenged Drummond to explain how independent identity can work together with federation. Drummond asks "what are the requirements for an identity architecture where anyone can talk to anyone" in the context of creating a true CoRM system that can talk to the CRM systems that companies use.

Scott Mace talks about an important part of the CoRM problem: privacy. Scott says that its unreasonable to expect users to click thru privacy policies on devices like cell phones in a take it or leave it way. CoRM systems need a way to publish the complementary half of a companies privacy policy, that is my privacy policy. I added that privacy wasn't a thing, but a transaction. If users believe they are getting fair value for their identity information they will exchange it for what you're offering. CoRM system need to be built in a way that allows them to enter into negotiations about privacy.

Drummond says that an i-name is an independent identifier that is not attached to a specific mode of interaction or a specific company. Doc explains his fantasy about i-names: he's on the road a lot and drinks coffee a lot. He wants to talk into StarBucks with his card that is a pointer to his identity broker that can tell them that he wants a non-fat double latte. That card transcends everyone of the silos in his wallet.

Jamie Lewis says not to worry about the connection to Liberty and other protocols for individual identity. Develop the solar system (i.e. the mass of customers that will make big guys pay attention) and the relationships will form. The one thing big companies have figured out is that there will never be one way to do things.

12:23 PM | Recommend This | Print This

DIDW 2004: Federated identity Provisioning Panel

Federated identity provisioning panel: Archie Reed, Howard Ting, Chris Ceppi, Ranjeet Vidwans, and Justin Taylor (l to r)
In this morning's panel on federated identity provisioning, the subject of privacy and federation came up. Archie Reed, of HP, talked about the current state of affairs wherein the attributes that make up your digital identity are stored in thousands of databases all over the net. Think about how many places your birthday, address, and even credit card number are stored. These databases are maintained by people who are competent, incompetent, or even malicious. Chris Ceppi of Ping ID made a good point: federation doesn't necessarily keep applications from storing your attributes in a local database, but it does open up the possibility that those attributes can be queried, using SAML, for example, and then thrown away after use. This scenario not only eliminates duplication, but increases accuracy and privacy. We've all come to see the benefits of linking to things and application on the net and calling them when we need them rather than storing everything locally. Federated identity opens this same possibility for your identity attributes and that's definitely a step in the right direction.

10:39 AM | Recommend This | Print This

DIDW 2004: Justin Taylor on Identity Driven Computing

There were three sessions I wanted to attend this morning. I knew that Linda Elliot's session on compliance would be a good one and probably have some information I could use, but in the end I opted to go to Justin Taylor's session on identity driven computing.

Justin opens with the usual schtick that you hear opening talks at DIDW (including mine) about how today's ID systems are siloed with different protocols, standards, tools, and management styles. There's no common paradigm among the various vendor products and trying to get them to work together is an exercise in frustration.

Justin wants identity to go beyond "carbon-based life forms" and apply the things we've learned about managing human identity to documents, servers, and other resources. He defines digital identity as the "distinguishing characteristics of an entity in a digital system." He says "an identity is the sum of its attributes." This of course is not meant to be deeply philosophical, its just a practical realization of what we're really talking about when we speak of digital identity.

Viewing identity this way allows you to create a lifecycle for the identity and that allows you to manage it.

The identity driven computing model is a common set of services utilized by today's, as well as next generation systems and applications to manage the behavior between all the identities in your enterprise to address the challenges of business. These services are integrated through a service oriented architecture. This idea relies on loosely coupled directories.

Justin applies this to home-based identity. Is there a place for holistic identity management in the home? Every DVD player has different parental control locks but they're all different and unmanaged. This is likely to proliferate over time. Can identity management be made "consumer friendly?"

Justin speaks to the centralization-decentralization debate. He uses policy as an example of something that has to be centralized (for regulatory compliance, for example) but must be decentralized in its use. This is not an either/or kind of thing, but points out that there are different activities that take place everywhere along the centralization spectrum.

Decision that use identity must be made in context. Context is the sum of the human, the device, and the application or resource. Knowing the attributes of each of these identities allows intuitive policy management. SAML allows this, although its not typically used in this fashion.

Justin uses the example of an executive accessing corporate financial data from an iPAQ over the net. The CEO has declared that "access to financial data restricted to Sr. VP or higher" while the CSO has declared "access to financial data restricted to desktop or laptop." These two different policies need to be applied together even though they're created separately.

In the end, I'm not sure Justin lived up to the billing of "identity driven computing" to the extent I'd hoped. The talk was good and the information useful, but this was more of an analyst's talk that a technical talk. I think that's what I was hoping for.

09:47 AM | Recommend This | Print This

DIDW 2004: A Few Technologies that Interested Me

You already know that I liked the Identity Commons and i-names. There were a few other technologies I ran across at the show that I liked as well. Briefly, here they are:

  • Core Street makes technology for controlling physical access, among other things. What I thought was cool is that they use smart cards (their vendor agnostic) as a form of sneaker net to carry revocation lists, access changes, new certificates and so on from lock to lock. This allows them to put smart card access-controlled locks on places that can't be networked (like the door of an airplane cockpit) and still keep it up to date. I think that's very clever. As an aside, the CEO of Core Street, Phil Libin writes a weblog called Vastly Important Notes.
  • sxip Networks (pronounced "skip") is a person-centric identity company, giving people the ability to manage an identity that can be federated across multiple sites. Once you create a sxip ID at your home site (which could be your own computer), you can use it to log into any sxip membersites. There's a demo on their site which you can use to actually create a sxip ID and then use it.
  • Midentity is a British company founded by Simon Grice. I met Simon and heard about Midentity last year at DIDW 2003. Midentity allows you to create identity profiles and then share them with others. Midentity did the attendee list for DIDW 2004 and I've used it already to contact some people at the conference who I didn't have email addresses for. I wish O'Reilly would do this at their conferences instead of the printed page of names and addresses.

There's plenty of other companies here at the show and I'm sure they've got some good tech, but these seemed particularly innovative and interesting.

08:51 AM | Recommend This | Print This

Doc's Got an I-Name

Doc Searls has an i-name, =searls. Doc hopes this will "finally give us what I call The Fully Empowered Customer."

07:22 AM | Recommend This | Print This