Phil Windley's Technometria

« September 2005 | Main | November 2005 »

October 31, 2005

Video Podcasting Talks

I want to be able to easily take a Powerpoint or Keynote deck and an audio file (MP3), sync them and turn them into an MP4. Can I use iMovie to do this?

5:34 PM | Comments (5) | Recommend This | Print This

How LCD Screens Work

The other day someone asked my how an LCD projector worked compared to an LCD screen on your laptop. Their general impression was that the laptop screen was like a bunch of LEDs, so how could you "project" that? I didn't really know. I knew that it was backlit and that's why you could project it, but had no idea how it worked. I asked Kelly Flanagan and he didn't really know either, but he sent me this really good tutorial showing how it works--interactive and everything. Apparently this is just one in a whole collection called Einstien's Legacy.

3:30 PM | Comments () | Recommend This | Print This

Personal Democracy on Steve Uquhart

The Personal Democracy Forum has a story on Steve Urquhart's Senate campaign to unseat Orrin Hatch.

2:55 PM | Comments (3) | Recommend This | Print This

Video iPod and Tivo

Friday I picked up a new iPod (60Gb, Black). I spent the weekend figuring out how to get video onto it from my Tivo, DVDs, etc. Here's what I've discovered, so far:

As I posted the other day, it's easy to download programs from your Tivo to your desktop. What isn't easy, on a Mac, is converting the shows to MPEG2 from the wrapper that Tivo puts them in. As I said in the earlier post DirectShop Dump will do that on a PC. You have to install the Tivo Desktop Connection first. I happen to have Virtual PC running on my OSX box, so I do that to avoid transferring multi-gigabyte files around. It's really pretty quick, even in Virtual PC.

Next I followed this instructions to use VLC to convert the video for use with the iPod. They worked for the most part. The result is an odd, square aspect ratio MPEG4 that is too big (vertical pixels) to load on the iPod. I loaded this up with Quicktime, changed the aspect ratio/pixel settings to 480x240 (see the Properties window), and then saved it out--that's pretty fast. I had a problem with VLC crashing on me over and over again for a while, but deleting my VLC preferences solved the problem.

For DVDs, I used a nifty little program called HandBrake. I resized them to be 320 pixels wide. Works pretty good, although I seem to be getting some audio glitches every 60-90 seconds. In a movie, their not too bad, but the Eagles Melbourne concert wasn't as nice as it could have been.

I have Quicktime Pro, which should work, but there are some problems. First, it won't play the MPEG2 files that DirectShow Dump (or Tivo) produces. I'm not sure why. Also, it's slooooooow. I used it to convert an hour of video on a G4 Powerbook and it took about 36 hours. VLC doesn't it in about an hour and twenty minutes.

I doubt I'll watch much TV on the iPod, but I do like to take shows I've Tivo'd on trips with me for the airplane or hotel room. My Powerbook works find for that, but sometimes the smaller form factor would be nice. I also want to try driving the TV from the iPod and see how that works. That would be nice as well.

Update: redoing the aspect ratio the video in Quicktime makes it look right in iTunes, but when you sync it with the iPod, you still get a weird tall aspect ratio on playback. I'm still exploring.

9:51 AM | Comments (3) | Recommend This | Print This

TinyDisk: Lessons for Web Applications Builders

At the CTO Breakfast, someone also brought up TinyDisk, a complete, shared filesystem built on to of TinyURL. If you're not familiar with TinyURL, it's a URL mapping service that let's you create a small, easily emailed URL to replace a long complicated one. Nice service that I've used several times.

TinyDisk is a demonstration by Acidus. TinyDisk shows that anything that stores anything on the Web can be used to store something else by encoding the something else into the Web-based storage system. In the case of TinyDisk, it's a Web-based file system that slices up a file, encrypts it, and stores it out on TinyURL.

TinyDisk is a program from saving and retrieving files from TinyURL and TinyURL-like services such as Nanourl. It overlays a write-once-read-many anonymous, persistent and globally shared filesystem. Once something is uploaded, only the database admin can delete it. Everyone can read it. No one can know who created it. Think of it as a magical CD-R that gets burned and placed on a network.

From Most Significant Bit Labs :: TinyDisk
Referenced Mon Oct 31 2005 07:52:54 GMT-0700 (MST)

The presentation from Phreaknic describing this is worth looking at. Here are recommendations from the presentation on what to do to prevent your Web application from being repurposed:

• Do lots of validation on data you receive form the user!
• Do not allow arbitrary amounts of user

TinURL isn't doing this. The basic idea behind TinyDisk is that it writes an arbitrary amount of information into a database with an HTTP command and then reads this information out of the HTTP 302 redirects Location header.

This kind of thing isn't new, of course. A file system built on top of GMail has been out for a long time. But, it shows that GMail isn't special and that as soon as you give someone a Web application that stores data, it may not get used for what you want. The presentation also gives tips for writing non-sanctioned extensions:

• Write things as generically as possible. Your “API” is subject to change :­)
• Don't try to make any money with your extension (even Google ads). Theft of service.
• Throttle your app to reduce impact on original site.
• Contact authors, maybe you can help them.
• Don't do it. Get the raw data that site is using for free(US Census, geo surveys, public domain references) and implement your own web app.

In the case of TinyDisk, Acidus wrote a replacement for TinyURL to test against called NanoURL using 2 pages of PHP and a MySQL database.

7:46 AM | Comments (1) | Recommend This | Print This

October 28, 2005

CTO Breakfast Report

I really enjoyed this morning's CTO breakfast a lot. At the suggestion of some attendees, I tried to moderate it a little and keep it more focused on new and interesting technology. Here are some of the things we talked about:

Riya is a new photo sharing service that includes face recognition. You can identify people by selecting their face and typing in something (name, keyword, etc.) The service then will identify that same face using that keyword in any other photos you've uploaded. Very cool. There are some obvious privacy concerns... Right now, it's invitation only and I'd love to get an invitation, but it's also IE only, so I guess I don't care. There's a discussion of Riya at Techcrunch.

Phil Burns brought up Planzo, an online calendaring system. It has RSS, but I can't see that it understands iCalendar format calendars (so I can display calendars I manage in iCal online). Meeting Wizard is a nice tool that has more functionality to me than a simple online calendar since it let's me schedule meetings among various participants.

We had a nice discussion of quality assurance for both software and data. Lots of good ideas. Steve Gray drove up from Cedar City just to participate in that one. He's a principal in Test Foundry and specializes in Web load testing. He's got to love what he does to get up a 4am to drive to a discussion about QA!

We had a short discussion of 37 Signal's WriteBoard and that prompted a discussion of SubEthaEdit, the shared editing solution for Macs, and SynchroEdit, a Web-based shared editing tool that I saw demoed by Chris Allen at IIW2005. Chris is big on social and collaborative software and brought some real world identity needs to IIW2005.

We also talked about Gada.be and XRIs. In fact, since I came back from IIW2005, I've told three different groups about XRIs.

11:39 AM | Comments (4) | Recommend This | Print This

October 27, 2005

IIW2005: Day Two Wrap-Up

Today we ran the conference using something called "structured open space." Kaliya Hamlin was anxious that we use it as a way of creating discussion. I'll admit that I was somewhat skeptical, but it turned out very well. Here's how it worked:

• As people came in at 8:30 we put them at tables with 8-10 people and told them to introduce themselves. About every 20 minutes we made them switch tables and reintroduce themselves to the new crowd. All along the way they were supposed to tell people what questions they most wanted answered in the workshop today.
• At 9:30 we called everyone together in front of a big matrix we had posted on the wall. The rows were for different spaces at the Hillside Club and the columns were times in 30 minute blocks. Everyone had a chance to write a topic on a piece of paper and post it on the matrix. Posting a topic meant you agreed to host or moderate it.
• We broke up and let people chose which topics they went to and what the discussion was.

There were some very good discussions, people explaining things to each other, groups whiteboarding concepts, discussions of follow-on cooperation, and even people making commitments to write code. This is exactly what we had hoped would happen.

In hindsight, we probably should have had 45 minute blocks. Thirty minutes wasn't quite enough time. We would have also been better off with a few whiteboards and big pads of paper on easels. Still, none of that was anything that was a show-stopper.

At 3:00pm, we called everyone together in a big circle and did a mini-debrief. Here's some of the comments (relatively unedited and without attribution) that I copied down as people spoke:

• Encouraged by feedback on YADIS
• Lots of passion came out in the last couple of days
• Very creative ideas here. Some so far beyond the edge that it's absolutely whacky.
• What books should we read?
  • Digital Identity
  • Against the Gods: The incredible story of risk
  • The New Agreements for Work
  • Order without Law
  • Bowling Alone
  • Digital Person
  • Transparent Society
  • Why Most Things Fail
  • Paying with Plastic
  • American Demographics Magazine
  • The Identities of Persons
  • Accelerando
  • Iron Sunrise
• Social affordances for women are very different from those for men. Take that into account as you build systems.
• A lot of people didn't trust presenters on details of their implementation. Do we not know and trust each other or do we not know enough about the various solutions.
• The understanding in the security community is that almost all designs are bad and when they're put out there they will be attacked. Design criticism is given with that in mind.
• We all need to work on making our own stuff more understandable.
• There have been real leaps forward in understanding how these things can work together.
• Two really cool things happened this afternoon: we got a good grip on things that could happen with Identity Commons and a list and wiki surrounding identity rights agreements.

We're planning to do another one of these in about 6 months. It won't be exactly the same format, but the goal will be the same: encourage cooperation and cross pollinate the Internet identity space. Watch this space for more details as they become available.

8:27 PM | Comments (1) | Recommend This | Print This

IIW2005: Identity Rights Agreements

This afternoon there was a good sized group that got together to discuss Identity Rights Agreements.

One big problem is the legal status of such agreements. Mary Rundle was very helpful to the discussion here.

One point was that an organization (like Identity Commons) could create a "trustmark" that Web sites that take identity data could display saying they agree to abidee by IRAs. This provides some prtection under trademark law, but may not be the best way really punish violaters.

Data protection privacy commissioners want to create a regime for protecting personly identifying information. What we're saying in the discussion of IRAs is that we can build systems that allow users to easily indicate their privacy preferences, at least for some classes of data. What's missing is the legal framework in the middle to make such agreements legally binding.

There's two sides to this: identity owners and identity consumers. I've thought of IRAs being about the identity owner side. There's the other side of trustmarks that indicate what a site's policies are.

We shouldn't have a fixed set of artfully designed icons, but rather a set of choices that lead to the agreements. This is basically what Creative Commons does: make some choices, end up with a few fix choices.

Ultimately, we need to think about negotiation. What if I don't want my credit card stored, but the site policy is to store it. I don't want to enter a negotiation to see whether I or they are willing to compromise.

I-names and other systems creating identity records seem like a great place to start. The interface could let users select IRAs for each identity data field and then be responsible for packaging it into the standard for wrapping identity data (be that hCards, vcards, or something else).

IRAs aren't about technological (DRM) or even legal enforcement, although ultimately legal enforcement may be possible. IRAs are about expressing preferences. If users can express their preferences, service providers can start to cater to them and advertise their willingness to cater to them.

2:42 PM | Comments (2) | Recommend This | Print This

IIW2005: Attention Data as Identity

Attention data is the record of what you've read, what you're spending time on, and what you should be paying attention to. Two different groups are thinking about attention data in a general way: Attention.xml and Attention Trust. My impression is that Attention.xml is more about the technology needed to track yourself while Attention Trust is more "rights" to "data you own."

We had a discussion this morning at IIW2005 about attention data and identity. It's clear that attention data is founded on identity, it's less clear that attention data is identity in the sense of "digital identity" as it's commonly defined as a collection of attributes, preferences, and traits. A few points of interest from the discussion:

• Attention, or everything I do, defines me in a way that is both self-asserting, and, so long as it's accurate, definitive in the aggregate. This is the technological expression of "I can't hear what you say because what you do is screaming so loudly in my ears."
• Do user's "own" their attention data to the extent that they have the right to compel another entity to hand it over? For example, when I visit Amazon, they track my clickstream. I can track it as well (by hand, with a browser plugin, etc.) Should Amazon be compelled to hand over my clickstream data to me? This was an issue of hot debate in the discussion.

12:25 PM | Comments () | Recommend This | Print This

October 26, 2005

IIW2005: Summary at Between the Lines

I posted some thoughts and a summary of Day One at Between the Lines.

11:01 PM | Comments () | Recommend This | Print This

IIW2005: Pictures

I've posted some pictures I took today at IIW2005 on my Gallery. There's also some at Flickr that are tagged with iiw2005. I tried to get every speaker, but missed a few--just got busy writing and forgot to take a picture. Sorry.

10:17 PM | Comments () | Recommend This | Print This

IIW2005: Joel Getzendanner on Identity Commons

Joel Getzendanner is introducing Identity Commons. Identity Commons (IC) is not a service provider, a technological alternative, or an umbrella organization. IC is a place for those working on identity. IC is technologically neutral. IC is intended to be a community of shared intent. IC is participant owned, egalitarian, and tries to keep control and content as local and distributed as possible. IC wants minimal authority over participants.

The Identity Commons Web site seems to be mostly about i-names at this point, the primary thing they've been involved in thus far. That probably ought to be redone to more accurately reflect the real goals of the organization.

I have to admit that this discussion left me wondering where the beef was. There was a lot of "we believe in goodness" and "we are a place to work together" without much in the way of "here's a proposal for you all and how we can help."

6:34 PM | Comments () | Recommend This | Print This

IIW2005: Paul Trevithick on Higgins Trust Framework

Identity is a three-body problem. When you use a credit card, there's pre-existing trust between the airline and the bank (brokered by Visa). You're the third party in that equation. Lots of groups that we belong to, lots of implementations. People want to manage relationships between extremely diverse contexts.

This is where the Higgins Trust Framework (HTF) comes in. The goal of the HTF is to address four challenges: the lack of common interfaces to identity/networking systems, the need for interoperability, the need to manage multiple contexts, and the need to respond to regulatory, public or customer pressure to implement solutions based on trusted infrastructure that offers security and privacy. A context includes identifying information, profile information, reputation information, and relationships.

The technical work consists of the following tasks:

1. Create a framework/API – an abstraction layer for identity and social networking services
2. Create a set of exemplary context “provider” implementations (plug-ins)
3. Create an exemplary app that demonstrates how to use the extensible framework
4. Enable developers to leverage Higgins in their applications

This is all in Java and inside Eclipse. Higgins could provide an API for developers to incorporate identity and trust in applications. Context specific modules need to be built. The project is open-source.

I'll admit that at this point, I'm still wondering exactly what this is. A demo would be cool.

5:56 PM | Comments () | Recommend This | Print This

IIW 2005: Brad Fitzpatrick on OpenID

OpenID is similar to LID in that URLs are used for identifiers. Identity URLs can be static web pages so there's a low barrier to entry. Also, no SSL is required, nor is a browser plugin. OpenID is simply a way to prove you own a URL.

OpenID can be stateful or stateless. Stateful access is faster, but requires more infrastructure to support.

When you grab a URL, the URL has a way of saying who the identity server is (in the <link/> tag). The identity server provides a way for the person claiming the URL to prove (i.e. a password) that they are the person who owns the URL. Delegation happens on the page associated with the URL, rather than on the server.

OpenID isn't a trust system, a solution for all identity problems, of perfectly secure. There's no associated data in the protocol itself. This is susceptible to man-in-the-middle attacks and DNS spoofing.

5:17 PM | Comments () | Recommend This | Print This

IIW2005: Johannes Ernst on LID

Johannes starts off with a discussion of REST because that's critical to his design principles for LID. He describes it this way: "everything that matters on the Internet has a URL, can be bookmarked, can be found via Google, can be hyperlinked, can be tagged, and can be accessed with a browser." People got very argumentative here. REST discussions do that.

Johannes' conclusion: people need URLs. Similar argument to Drummond and XRIs, but with a different conclusion. Johannes gives a use case based on Doc's Company Relationship Management scenario and me trying to find a hotel in Berkeley. This isn't so different than Priceline, but it would be decentralized and user-controlled.

To do this you have to

1. I publish a need
2. Vendor finds the need
3. Vendor decides on an offer
4. Vendor communicate an offer

If the need is published as a URL, then Google can be used to find it. If a person has a URL, that is the perfect place to point to other information, including needs that I have. In fact, I did that in a non-structured way when I published my need on my blog.

LID allows you to create as many "identifier" URLs as you like. These can be kept separate or they can delegate back to a canonical LID URL. Traversals to specific data within the URL is specified using XPATH queries on the identifier URL. Format of the return data can also be specified (HTML or XML).

The crowd was untypically hostile on this talk. I think the issue is that people are expecting every proposal to solve every problem when I don't think Johannes is saying he developed the complete package. He's taking an iterative, solve a few problems at a time approach. I'm actually fairly impressed with how this has matured over the years. Even so, the feedback was valuable and Johannes is good at taking feedback, so I think it was a positive experience.

4:09 PM | Comments () | Recommend This | Print This

IIW2005: Dick Hardt on Identity 2.0

Dick starts with a discussion of the SXIP 1.0 architecture. One of the things I note as I listen to Dick is the nomenclature problem. We have some people calling users "users" and others calling them "principals", some calling the relying party the "membersite", identity providers can be "homesites," and so on. This is hard to keep straight. You need a score card to keep up. I'm not picking on Dick here--he's picked his words and they're as good as anyone else's. The Identity Gang wiki has an identity lexicon that is attempting to "create a minimal set of terms that enable discussion of the technical operations, technical architecture, and user experience of user-centric identity systems."

SXIP 1.0 provides SSO with user control and has been available since February 2004. SXIP has gathered a lot of feedback and used that to derive SXIP 2.0. Some design requirements (with a nod to Kim's seven laws):

• Relying party must provide reason for a request and give the usages.
• Personas should be compartmentalized by context (online church group vs. online gambling group)
• Release data only with user consent.
• Granular control over release information
• Users should be able to chose their agent (separate rootsite from homesite in SXIP)
• Separate transaction for acquiring claim from presenting the claim.
• Provide identities for public identifiers for anonymous identity transactions.
• Provide a low barrier to entry. Zero footprint for the user. Name-value pairs for membersite.
• Interoperate with and use existing standards.
• Provide a user-consistent experience by ensuring that the user always sees the same agent regardless s of context.

(I didn't catch all of these. Hopefully Dick's slides will be online later.)

These design guidelines have changed SXIP and influenced the 2.0 architecture. In addition, there have been some security improvement based on an IBM security review.

3:31 PM | Comments () | Recommend This | Print This

IIW2005: Drummond Reed on XRIs

XRI is a syntax and resolution protocol for abstract identifiers---identifiers that are independent of the underlying network location, domain, application, or storage. It's an abstraction layer for identifiers of all types. You can use an XRI anyplace you can use a URI. An XRI can be downcast into a URI. There is also a standard way of making an XRI clickable called XRI Resolution. XRI is the product of an OASIS technical committee.

In the same way that URI's unify the filename, IP address, and domain name layers into a single namespace, XRIs integrate URIs with names in the telephone, postal and future networks.

XRIs provide a way to create persistent identifiers, but that's not he killer app for XRIs. There is also, a need for reassignable identifiers as well, and XRI allows those in the same syntax. XRIs can start with a global context symbol. Any XRI can be the global root for an identifier community through cross referencing.

On the Internet, URIs have created a system of proper nouns. Everything has a name, but there are no general nouns for use in discussing common ideas. In English, you don't have to know what the other person calls things because we have nouns that give us the same names for things. So +resume could stand for a resume, regardless of how I've named it. xri:///(=windley)/(+resume) could map in to http://phil.windley.org/windley_resume.pdf and you could find it by knowing my identifier and the right noun for a resume.

An XRID is an XRI resolution document. XRIDs are XML documents that are returned from an HTTP GET request on an XRI. It gives not only the resolution, but also synonyms, authorities, local path resolvers, and service endpoint URI descriptions.

Three uses of XRIs: i-names, open tagging, and XDI (the XRI data interchange format). I-names provide a way of creating a universal contact that abstracts email addresses, phones, physical addresses, and so on. They also provide privacy protection. XRI is the basis for i-names, but XRI is not an authentication protocol. It simply provides a simple way for relying parties to discover a user's authentication service endpoint (or YADIS file).

Open tagging provides a way to create a tag dictionary using XRIs. The tag dictionary provides a way for everyone to talk about their own tag namespace (like URIs provide a way for me to create my own unique identifiers).

1:24 PM | Comments () | Recommend This | Print This

IIW2005: Brett McDowell on Liberty Alliance

Brett McDowall is speaking on Liberty Alliance to "engage the bottom-up community." The vision of Liberty Alliance (LA) is a networked world in which individuals and businesses can share identity information in a protected way. LA is working on technology standards and guidelines, business and privacy guidelines, and an ecosystem of interoperable products and services.

The board and sponsors of LA are most of the big companies you'd recognize. But 50% of the membership is either non-profit or a company with less than 100 employees.

Liberty ID-WSF 2.0 is based on SAML 2.0, WS-Security, and WS-Addressing. An earlier version relied on ID-FF which has been merged into SAML 2.0 in the spirit of convergence. ID-FF, however, is still in use all by itself and it deployed in various places.

Some design points: identity based Web services are associated with the principal's identity and can be invoked by a principal's identity. Attributes are shared only with the permission of the principal. Credentials can be discovered.

There's more than 1 billion Liberty-enabled identities and devices in use by the end of 2006 based on LA member deployments.

LA is willing to interoperate with WS-* services, but there are some issue, including where they are in the acceptance cycle and closed standards bodies.

LA is working on a robust client that would offer similar benefits to the InfoCard client. Numerous use cases were listed.

Questions: how can LA be used with REST? Can LA support light (vs. SOAP/heavy) architectures? Participate in LA workshops, become LA members so that "bottom-up identity" use cases and requirements are included in architectural decisions. "The world belongs to those who show up."

12:36 PM | Comments (2) | Recommend This | Print This

IIW2005: Mike Jones on Identity Metasystems

We're trying to get to a world where there is a ubiquitous, user-centric identity solution for the Internet. The result should be a safer, more trustworthy Internet.

Mike is showing a user experience for InfoCards, Microsoft's proposed identity solution. First time I've seen it. The solution, of course, is very thick client oriented since InfoCards is built into the OS. The vision is nice because there's a common experience for using InfoCards across every Web site.

A ubiquitous identity solution must accommodate mutually contradictory requirements based on context. For example, most of the time we don't want people to be able to track their identity, but in some cases (e.g. corporate audit requirements) that may be necessary.

Success, by Mike's definition, includes ubiquity, security-enhancing design and implementation, single, simple user experience across systems, simplicity in the programming model. Achieving success requires broad collaboration, encapsulation and transformation of underlying systems, technology standards, and ensuring participant benefits.

The goal of InfoCard is to be incremental to the current Web experience, rather than changing it completely. At the point where you're providing credentials, you could present the same login information you presented before or present an InfoCard claim.

Some choices Microsoft made:

• The protocol used to pass claims, etc. is separate from the payload. This allows changing payloads without changing the protocol. Design decision: do not tie solution to protocol designed around a single payload type.
• The identity selector is different and independent from the software provided by the identity provider. It's identity provider agnostic. The identity provider could be on the net, on the PC, on your phone, etc. Design decision: identity selector is a different process from the process running the identity provider.
• The identity selector is different from the metadata store. This allows metadata to be stored where ever it's convenient. Design decision: metadata store does not run in the identity selector process.
• Auditing and non-auditing identity providers are both allowed. Design decisions: support different levels of auditing requirements from relying parties and identity providers.
• Guarantee separation of contexts. Identifiers are unidirectional and the identifiers given to one relying party can't be linked to the identity given to another. Claims released to relying party is base don what they ask for.
• Facilitate data rejection. Claims in card are provided each time the relying party asks for authentication, so identity data can be thrown away by the identity provider.
• Claims do not equal trust. Higher levels of software, built on InfoCard must deliver that.
• The human token and the computational token are not the same. The use sees human friendly representation of the identity information to be released. That won't necessarily be the same format that the data is passed around. Design decision: cryptographically bind display token and computation claims to allow audit of identity provider by user or relying party auditor.
• Authentication goes both ways. Identity systems typically used to prover identity of user to relying party, but to reduce phraud, we also have to prove relying party to the user. Design decision: prove identity of sites to users before users ever interact with sites.
• Suppress complexity to allow users to have a consistent experience. This increases security. Localization of secrets is a factor.

11:47 AM | Comments () | Recommend This | Print This

IIW2005: Marry Ruddy on Use Cases

Mary Ruddy is speaking on Use Cases for the Social Web. Our hope is that by discussing use cases, we can lay a foundation for later discussion and give everyone a common frame of reference. Mary makes the point that use cases are stories. Keeping the discussion about stories helps people from different technology backgrounds to relate.

Use cases: SSO, social commerce (Doc's example or recommender's, reviewers, and affiliates), augmented social networks, Katrina networking (lost and found people), soccer registration, Internet banking authentication, health care, etc. Question: can we move beyond authentication?

Mary makes an interesting point that we want to know about people who recommend things to us because who they are matters in our level of trust in the recommendation. A simple example: when someone recommend a hotel, it's useful to know if they paid for it themselves or they were on an expense account.

Rohit Khare raises the question of anti-use cases. Often we over identify people. User preventable identity linking, sharing, and forwarding. These are more circumstances that are common to every use case. An interesting link to yesterday's post on identity and presence is that the laws governing what can happen to your identity have to do with presence.

Persistence identity and reputation are pillars of building a community. Introduction is a key part as well. Reputation brokers for relying parties that move between systems. Without trusted third parties, the community won't scale.

10:49 AM | Comments () | Recommend This | Print This

IIW2005: Doc Searls

Doc is leading out today giving a foundation for why identity matters. Markets are places where people meet to exchange things and make culture. Free markets are not "your choice of silo."

Doc notes that the difference between "content" and "speech" is critical. Congress can't regulate speech, but they can regulate the movement of content (his example is the FCC broadcast restrictions on obscenity). The 'Net needs to be a place for free speech and where free enterprise happens. This is an example of an issue that is not about left or right, Democrat or Republican. It can be non-partisan.

Independent customers need independent developers. The 'Net is a place where demand supplies itself. Big brand companies don't innovate here. Big companies aren't bad, but this isn't what they do.

Our wallets are examples of market silos. The silos in our wallets haven't been federated. Companies are figuring out how to silo their data, but customers need to be able to initiate relationships on their own between the silos in their wallets.

Our founding problem is that industry won the industrial revolution. Crafts were replaced by jobs, work was reduced to labor, occupations were reduced to positions, somewhere in the organization. whole notion of "human resources" says that we are fodder to be interchanged at the will of the company. Our names, often were related to our craft. We've lost the meaning of our names.

Doc's use case for this is renting a car. Airlines have federated with rental car companies, but if you go to the "partner page" on an airline site, its a the land of silos. They've replicated the airport experience on the Web. How lame is that? Wouldn't it be better if the rental car companies had to compete for your business. CRM systems don't "relate" Like all CRM systems, they're an instrument of marketing BS.

Thoughts for the workshop:

• Commercial vendors aren't the only ones with silos. Standards and open source projects can be silos too.
• Let's look past interoperation. Let's help each other out, if we can. Reach across boundaries of judgment.
• There are good reasons for every product and project.
• What "building material" do we have that we can offer to each other--stuff we can use.
• Let's leave here with commitments to do stuff we hadn't even thought of before we got here.

10:09 AM | Comments () | Recommend This | Print This

IIW2005 IRC Channel

If you're trying to follow along at home, there is an IRC channel at irc.freenode.net/#identity

9:24 AM | Comments () | Recommend This | Print This

Business Ignitor in Utah County

Connect Magazine is hosting another Utah County installment of its Business Ingnitor Series today (Wednesday Oct. 26th) from 3:30 - 5 p.m. at the Lindon Los Hermanos. Josh Coates of Berkeley Data Systems will be the speaker. You can register at Connect. Students get in free, so if you're interested, head on over. (When registering, students should register with a school e-mail address and select the "pay at the door" billing option. No one with an e-mail account from a school will have to actually pay at the door.) I'm in Berkelely for the Internet Identity Workshop, so unfortunately, I won't be there.

7:30 AM | Comments (1) | Recommend This | Print This

October 25, 2005

Identity and Presence

I put a piece about the difference between identity and presence information at Between the Lines. The difference is pinpointed by iTunes in its use of proxies for presence to enforce its DRM policies--badly, as it turns out.

10:47 PM | Comments () | Recommend This | Print This

October 24, 2005

A Better Command Line Find

If you're coming to OS X from UNIX, like me, then you're probably comfortable with the command line and you probably know your way around the find command. I use it all the time for finding files. Since I upgraded to Tiger, I use Spotlight a lot more, but there are still times when I want to find things on the command line. Apple has thoughtfully provided a Spotlight enabled version of find called mdfind

Using mdfind is easy: just type the command followed by whatever you'd enter in the Spotlight search box. You'll get back a list of files, just like from find, that can be used with other shell commands. The difference is that if you type mdfind "BYU Purchasing" you'll not only find files with the string "BYU Purchasing" in the filename, but also inside the file itself.

Another difference is that mdfind searches the entire disk index by default. To limit it to certain directories, you can use the switch -onlyin followed by the directory name. Because mdfind is using the Spotlight index, it's very fast--much faster than a regular find.

mdfind can search a file's metadata as well. The tricky part is that you have to know the name of the metadata tags that you're interested in. The command mdls can be used to list the metadata attributes of a file, once you know the attribute, you can use it to search for files with that same attribute in an expression. For example, the following expression finds all the HTML files in my Documents folder:

mdfind -onlyin ~/Documents "kMDItemKind  == "HTML document"    

The command mdimport -A will show you all the attributes that you can search by and give a short description of each. For example, you can use 'kMDItemRedEyeOnOff' to tell you whether 'red eye' correction was on or off.

Naturally, mdfind can only find things in the index and Spotlight doesn't index the entire harddrive or even every file type. If you want to put something in the index that Spotlight doesn't do normally, you can use the mdimport command to do that. The other command used to control indexing is mdutil which can switch indexing on or off for a volume, erase and rebuild an index, and show the status of indexing.

For some things, I suspect, I still use the comfortable old find command, but as fast as mdfind is, I'll be turning to it more and more often.

9:58 PM | Comments () | Recommend This | Print This

Yet Another Decentralized Identity Interoperability System

There have been several proposals for Internet identity systems over the past 18 months or so, including Microsoft's InfoCard proposal, SXIP, and several URL-based systems including LID, OpenID, and Passel. Today Brad Fitzpatrick (of LiveJournal/Six Apart and inventor of OpenID), Johannes Ernst (of NetMesh and LID), and David Recordon announced a proposal to build an interoperability framework for LID and OpenID called YADIS (Yet Another Decentralized Identity Interoperability System). Here's part of what they said in the announcement:

Working on this problem, we realized quickly that what we were really building was a bottom-up, light-weight interoperability framework for personal digital identities since we addressed the problems in a quite general manner. Working on this, it became clear very quickly that the resulting interoperability architecture was much more broadly applicable. In our view, it promises to be a good foundation for decentralized, bottom-up interoperability of a whole range of personal digital identity and related technologies, without requiring complex technology, such as SOAP or WS-*. Due to its simplicity and openness, we hope that it will be useful for many projects who need identification, authentication, authorization and related capabilities.

The architectural assumptions are exactly what one would expect from this group:

• Fully decentralized, and no one point of control
• Let many (interoperable) flowers bloom
• URLs as identifiers
• RESTful and easy to use for developers

One obvious question: where's Passel? Seems like it would fit here. I'm looking forward to hearing more about this at the Internet Identity Workshop.

9:43 PM | Comments () | Recommend This | Print This

IIW2005 Blog Aggregator

I've set up an RSS aggregator for IIW2005 so that people not attending the conference will have a one-stop place to keep up with what attendees (and others) are saying about it in their blogs. If you're going to be blogging about IIW2005 and the presentations, please send me the URL of your RSS feed so that I can add it to the list.

In addition, we'll be recording the sessions and podcasting them later.

11:10 AM | Comments () | Recommend This | Print This

October 22, 2005

Blueprint for Action

I picked a copy of Thomas Barnett's new book, Blueprint for Action : A Future Worth Creating. I really enjoyed his last book, The Pentagon's New Map, so I'm anxious to dig into the new one. I'm going to interview Barnett for IT Conversations in a few weeks. If you've got anything you'd like me to ask him, let me know.

5:05 PM | Comments () | Recommend This | Print This

October 21, 2005

Speedpitch Lunch

If you're a Utah entrepreneur, or are willing to fly, Paul Allen and FundingUtah.com are hosting a speedpitching lunch on Nov 8.

Here's how it works:

Ten of Utah's top entrepreneurs will give five-minute pitches to several groups of 3-5 accredited angel investors rotating in a fast-paced, musical chairs style. After the end of the event, entrepreneurs will be available for question and answer sessions on an individual basis.

SpeedPitching will enable promising entrepreneurs to present their ideas to a large number of angel investors in an intimate setting. In addition, angel investors will learn about Utah's most promising business opportunities without the drudgery of long, impersonal presentations.

From Speedpitching Luncheon
Referenced Fri Oct 21 2005 10:54:11 GMT-0600 (MDT)

10:43 AM | Comments () | Recommend This | Print This

October's CTO Breakfast

Next Friday at 8am we'll get together for October's CTO Breakfast. I'll just be getting back from two days at the Internet Identity Workshop, so I'm sure I'll be fired up about that. I've also had several people lately ask about building quality assurance organizations and their role in software development, so I thought that would be a good thing to discuss with the group. I'd love to know what people are doing now and think they ought to be doing. Of course, any technology-related topics you're interested in are welcome as well.

As usual, we'll be holding the breakfast at the food court at Canyon Park Technology Center (Building L). See the CTO Breakfast page for more information and directions. Also on that page are dates for future meetings. Note that November's meeting actually will be on Dec 2 and there will be no meeting at the end of December. In January we'll switch to the last Thursday of the month until April.

If you're interested in technology and building products, then you're welcome--even if you've never been a CTO. :-)

7:57 AM | Comments () | Recommend This | Print This

October 20, 2005

Wanted: MITS Altair 8800

I'm looking to buy a MITS Altair 8800 computer if you know anyone who's got one. I'm mostly interested for sentimental reasons. I built one in 1976 and would love to have one. The price, of course, would depend on condition and acccessories. I want something that works. My fingers ache to toggle in 8080 machine code on the front panel switches and see the blinking lights.

3:33 PM | Comments (1) | Recommend This | Print This

October 19, 2005

Tracking Your Printer

The EFF has been working to crack the code that some color printers put on every printed page. It's been long known that printer manufacturers put these codes in many color printers at the behest of the Secret Service, who's concerned about the potential for counterfeiting. The EFF, however, has revealed just how these codes work (with images).

The images really bring this home. Just think about every document you print containing tracking codes that link it back to the printer in your office or home. The privacy concerns are huge. Imagine that you print a handbill complaining about working conditions and post it in the lunchroom. You might have thought it was anonymous, but in fact, your employer can link it right to the source. I'm not really a big privacy freak, but I don't like this at all.

1:56 PM | Comments () | Recommend This | Print This

October 18, 2005

Surfing Your Tivo

I'm probably just hopelessly behind, but in case you are too, I thought I'd post this. If your TiVo is networked (i.e. connected to your home LAN), but can surf the now playing list with a browser and download the shows. Just point your browser at

https://your-tivo-ip-number/  

The https is important. Otherwise, you end up looking at a do nothing splash page. You'll be asked to authenticate (HTTP authentication). Use tivo as the user name and your media access key (MAK) as the password. You can get the MAK from your Tivo under Setup.

Once you download the program, you'll find it's in some kind of wrapper and has the extension .tivo. You can turn it into a MPEG file using DirectShow Dump. Unfortunately, this is a PC only program. I don't know of an OS X equivalent. Once the show's in MPEG format, you can use it on your Mac. Theoretically, you could use Quicktime Pro to create a version compatible with the new iPod, but I haven't tried that.

As soon as I downloaded my first file, I realized that I need a GigE network in my home (and on the Tivo)--not to mention bigger hard drives.

4:47 PM | Comments (1) | Recommend This | Print This

IIW2005 Hotel Redux

OK, I chickened out. After I posted that I was staying at the Hotel Shattuck, David Kearns posted a note indicating it hadn't gotten good reviews. Looking at other hotels on the site, I wasn't too thrilled with them either. So, I switched to the FourPoints Sheraton in Emeryville. I've stayed there before and know what I'm getting there. I'm not that adventurous when it comes to where I sleep.

11:12 AM | Comments (1) | Recommend This | Print This

October 17, 2005

Cogito Is Hiring

Cogito, a Utah-based company that makes a very unique graph-based data storage and analysis system, is hiring. Here's what they're looking for:

• UI Developer - C#, .NET experience, enough development experience so as to not require much hand-holding. Lots of hustle – prolific. Must want to be a heads-down developer, not a leadership position.
• Data Broker Architect - Significant enterprise application development experience with emphasis on back-end DB, integration and meta-data experience. Java enterprise experience. Familiarity with the major enterprise applications and databases. This position will require large scale design and small team leadership abilities.
• Data Broker Developer - Same as Architect desired, but will settle for less for this position. This position is not a leadership position.
• Engine Developer (2) - Java development experience. Strong computer science skills. Ability and interest in complex and abstract problems. These positions are not leadership positions.

If you're interested, pop right over to their Web site. Tell them I sent you. :-)

3:40 PM | Comments () | Recommend This | Print This

IIW2005 Hotel

I just made reservations at the Hotel Shattuck for IIW2005 based on nothing more than gut feel. Let me know if I've made a huge mistake. If you're looking for a hotel for IIW2005, there's a list on the wiki.

There's a little more than 60 people currently signed up. If you're planning on coming and haven't registered yet, it would help us a lot if you could do so soon so that we can order food. Also, if you'd like a t-shirt, you have to order it yourself.

3:32 PM | Comments () | Recommend This | Print This

Robb and Barnett

If you've followed Tom Barnett, as I have, and know John Robb (former COO of Userland) then this interchange between the two will interest you. John wrote a piece for the NYTimes called "The Open Source War." Tom offered a critique. Nice to see it all come to my feedreader.

2:29 PM | Comments () | Recommend This | Print This

Means, Motive, and Opportunity

I just finished a post at Between the Lines on the importance of the Massachusetts vs. Microsoft battle over whether Office is included in the Massachusetts enterprise architecture. Bottom line: government CIOs have had the means and motive to make such a move. Massachusetts' actions have given them the opportunity to make the same move.

On the same subject, David Berlind's comprehensive report on the process Massachusetts followed in the ETRM process should be a must read for any government CIO or IT manager.

11:25 AM | Comments () | Recommend This | Print This

October 14, 2005

IIW2005 Shirts Are OK

I ordered a couple of IIW2005 shirts from Cafepress to make sure they looked OK. I ordered the long-sleeved T and the Ash Gray T. Both looked good. The logo looks great--no jaggies or anything and the T-shirt quality is good. I'm happy with them.

9:43 PM | Comments () | Recommend This | Print This

Trading Performance for Better Design

Phil Windley and Rick Adam at the Business Ignitor talk.

It's a timeworn tale in the world of computers: a new technological advance relaxes some design constraints and some of the increased headroom is used by the designers to add modularity of the design with abstract interfaces. Only this time, the story isn't about computers--it's about airplanes.

Yesterday I flew my plane up to Ogden to moderate a discussion with Rick Adams, CEO of Adam Aircraft. If you're not a pilot, you probably haven't heard of Adam Air, but it's one of the hot new companies in aviation. I was surprised to learn that Rick isn't a lifelong aircraft industry type. Rather, he's a CIO turned software entrepreneur who took up flying in the early 90's. He was fed-up with not being able to buy the plane he wanted, so he decided to build it.

It's hard for a software techie to understand, but the pace of innovation in aircraft is painfully slow. If you stuck a 1945 pilot in my Turbo Arrow, he or she would feel perfectly at home (as long as you turned the GPS off). Aircraft manufacturing has been dominated by the FAA who sees it's job as making sure no one ever flies. Keep that in mind next time someone proposes that we need government regulation to make computers secure or protect data privacy.

Adam Aircraft is building two planes, the A-500, a conventional engine twin, and the A-700, a personal jet. To give you an idea how moribund the aviation industry is, Adam Air is the first airplane manufacturer to certify a complex aircraft ("complex" has a formal meaning in aviation) in over 40 years. Yup, no new designs have been approved for four decades. Adam Air has spent over $80 million getting the A-500 certified. So, before you can ever deliver your first aircraft to a customer, you're out $80 million. That's got to give an investor pause.

Another surprise to non-pilots is just how wimpy private planes are. They don't have much payload capacity. For example, if I put four adults in my plane, I can't fill the fuel tanks more than 3/4's full. Consequently, airplane manufacturers try to shave weight where ever they can. Rick told me about an engineer who wouldn't design the wiring harness that goes from the front of the plane to the back until he had an exact measurement. Rick said "make it six inches longer" and the engineer balked. A few more inches is a few more ounces of weight.

You can imagine in this kind of environment, how aeronautical engineers would feel about modular designs. The same way 1960's programmers felt about operating systems. Nice, but way too expensive in terms of performance. Every plane design is a one-off; hardwired in the same way that a software developer would handcraft assembly language code when performance really matters.

The A-700, is going through certification now, but the process shouldn't be as expensive. Why? Because of the modular design. Many of the components in the A-700, like the landing gear, have already been certified as part of the A-500 certification. The designers were careful to create the interfaces between the components in such a way that they could retain their certification as long as they were used within certain design envelops.

Why the move to modular designs now? Partly because someone with modular design expertise came along and didn't know how airplanes "have always been built." And partly because of a technology that enables this innovation: composite materials. Composites don't directly result in modular architectures, but since they weigh less for an equivalently strong member than aluminum, some of the weight constraints that designers have always lived with can be relaxed and that enables more modular design.

8:29 AM | Comments (4) | Recommend This | Print This

Thin is In

IFlyAKite Desktop in Javascript

I'm not sure what the purpose of this site is, but it's cool. If the purpose is to show just how far Javascript can be pushed to create a rich-client feel inside a browser, then I'd say they've succeeded. Apple will probably try to shut this down, but they ought to leave it up as a monument to dedication.

8:16 AM | Comments (1) | Recommend This | Print This

October 12, 2005

Ways of Thinking, Ways of Doing

In a recent column, Jon Udell says "much of what seems to be modern innovation is, in fact, rediscovery of ... Lisp and Smalltalk." He goes on later to say:

If existing tools can do more than we realize, we could spare ourselves a bit of grief. But probably not a lot. Translating ways of thinking into ways of doing always takes longer than we predict.

From The spiral staircase of SOA | InfoWorld | Column | 2005-09-28 | By Jon Udell
Referenced Wed Oct 12 2005 09:55:00 GMT-0600 (MDT)

This is an interesting point and one that's under-appreciated, particularly by academics. For example, I've frequently maintained that anyone with a CS degree can understand XML and cut through the hype in a few sentences:

• XML is a way of describing context free grammars.
• An XML schema is a BNF for a particular grammar (it can contain more, but this is a good start).
• XML parsers are interpreted versions of LEX and YACC.
• A DOM is a standardized parse tree.
• XSL is an interpreted pretty—printer.

This pretty much says it all except for Jon's point. Because there's nothing new in the principles behind XML, good programmers have been using the principles of XML for years, but by creating the "way of doing" we call XML and encapsulating those principles in standards and tools, Tim Bray and others gave those techniques to the masses.

9:49 AM | Comments (3) | Recommend This | Print This

Why Bloggers Blog

A study by public relations firm Edelman shows that the number one reason bloggers blog is to "establish themselves as a visable authority in their field." Number two was to "create a record of my thoughts." Of course, for many of us, there's more than one reason. The body of the survey was aimed at understanding the potential for PR firms to use bloggers to get their word out.

9:38 AM | Comments (3) | Recommend This | Print This

Google News Reader

Yesterday Google announced their news reader. I played with it a little and wrote a review over at Between the Lines. My bottom line: I like it and I'm going to keep using it.

9:25 AM | Comments (1) | Recommend This | Print This

October 11, 2005

Business Ignitor

Thursday Rick Adams, CEO of Adam Air will be speaking at this months edition of the Business Ignitor series. Rick's talk will be at the Ogden Airport at 3:30. Adam Aricraft recently announced that they're going to locate their manufacturing facility for their new line of planes in Ogden. Makes sense: Ogden's got a nice big airport and there's plenty of skilled aircraft workers from Hill AFB.

Rick will speak for 15 minutes or so and then I'll moderate questions from the audience. I'm planning on flying up from Provo--I don't need much of an excuse to fly. Sorry, my plane's already full. :-) If you drive, you can get directions from the Connect Web site.

6:38 PM | Comments () | Recommend This | Print This

Reverse the Question

In response to my questions about the word 'identity,' P. T. Ong says:

You don't get definitions right, it's hard to have lucid thoughts, let alone unambiguous communications.

"Do identical twins have different identities even if we can't tell them apart?" Define what you mean by "identity" and I'll answer your question.

We can't even answer basic questions about the "things" we are talking about because we don't have common definitions of them. Convinced yet about the importance of a well defined ontology for the digital identity community?

From Random Thoughts on Digital Identity: If a Tree Falls ...
Referenced Tue Oct 11 2005 13:36:26 GMT-0600 (MDT)

I didn't ask the question about identical twins and their identity because I need an answer. I asked it because I think it help illuminate the fact that people (regular people) know what 'identity' is and it's not a record on a computer. They might not be able to define it, but they know the answer to that question.

Tim Grayson gets a little miffed with Kim Cameron and Craig Burton for not being willing to enter into the ontological discussion. Kim has a post on the use of the term 'digital identity' in the collateral material for an XBox game. I'm inclined to think that 'virtual personality' is a better term for what the game makers want to convey, but may that sounds too much like schizophrenia?

1:36 PM | Comments () | Recommend This | Print This

Perimeter Defenses

Peter Coffee wrote an article referencing my book, Digital Identity.

It's hard to admit that you've been doing things wrong, especially when you've gotten really good at it. When a company—or even an entire industry—gets built on the foundation of a fatally flawed idea, something really big and obvious may need to happen before people are willing to move together toward a different approach.

I found an excellent example of this behavior in Phillip Windley's newly published book, "Digital Identity," from O'Reilly Media. Most good computer security metaphors have been overused to the point of dreary familiarity, but Windley critiques the current computer security paradigm with a comparison I haven't seen before—and one that I hope will prove persuasive in changing the terms of debate.

From Don't Wait for the Walls to Fall
Referenced Tue Oct 11 2005 13:13:03 GMT-0600 (MDT)

Peter goes on to discuss the difference between perimeter security based on keeping the bad guys out and identity-based security. My message boils down to a recognition that new business requirements (like working with customers using Web services) are knocking holes in our perimeter defenses and we need a new way to think about security.

1:10 PM | Comments () | Recommend This | Print This

October 10, 2005

Greasemonkey and Microformats

Mark Pilgrim's been busy creating GreaseMonkey scripts that read and understand microformats. His goal is an uberscript that can be used to pull microformat structure from Web pages. Mark says:

[I]magine searching such a database. And subscribing to your search results as a syndicated feed. It's coming. Within weeks, not years. All the data is out there; people are publishing this stuff anyway. If they publish it just 1% better (with appropriate microformatting), I can get 1000% more out of it. Or do you just use your browser to browse? That's so 20th century.

From [microformats-discuss] Re: Educationg Others
Referenced Mon Oct 10 2005 11:51:57 GMT-0600 (MDT)

11:48 AM | Comments () | Recommend This | Print This

Roadblocks to Ubiquity

In a post about Dick Hardt's Identity 20 talk, Jon Udell makes an important statement:

Even a tech-savvy person like me has a hard time envisioning, never mind comparing, the interaction scenarios proposed by various identity schemes including Sxip, Microsoft's InfoCard, Shibboleth, and federated PKI.

From Jon Udell: Envisioning identity
Referenced Mon Oct 10 2005 10:24:02 GMT-0600 (MDT)

Johannes Ernst picks up on that and adds:

I completely agree, and would add that nobody, not even the "insiders" really understand what consequences all the different proposed architectures have in terms of, say,

• who gets empowered and whose power diminishes
• how the attack vectors on those different architectures differ
• what governance structures are needed once any of this becomes a mass-market technology

From Johannes Ernst's Blog
Referenced Mon Oct 10 2005 10:25:17 GMT-0600 (MDT)

One of the things we're hoping will come out of first day of the Internet Identity Workshop (register) is a better understanding of just those issues. Indeed, that was the very motivation for organizing the workshop. I couldn't figure it out, so in a selfish way, asked everyone to come explain it to me. :-)

We're going to lead the day off with Doc Searls renewing and expanding on his user-centric identity themes. We'll follow that with a use case presentation and discussion from Mary Ruddy and Paul Trevithick. Then presentations about the underlying philosophy and architecture of some existing Internet ID systems you can use right now.

The schedule for Day Two is open and will be decided, Foo Camp style, on the morning of Day Two by the participants based on what they heard on Day One and what they would like to know more about. We have a number of proposed topics posted to the wiki already.

As Craig Burton has pointed out, Identity 2.0 changes everything. But, only "when Identity 2.0 infrastructure becomes ubiquitous. Free. A given. Like air and sunshine." We're a long way from that. Some of the current identity identity systems are even trying to be that. They're point solutions to specific problems and that's OK. Other's, however, have bigger aspirations. Jon rightly points out that some of the biggest roadblocks to those aspirations will be user issues. He says:

Civilians will ask questions like:

• How do I sign up?
• What kinds of credentials will I use?
• Where will those credentials work, and where won't they?
• What happens if I lose my credentials?
• How do I control the release of my private information?
• What are my rights concerning information that I do release?

These are questions best answered with live online demos, or screencasts, or both. Given the former, I can and will help with the latter.

From Jon Udell: Envisioning identity
Referenced Mon Oct 10 2005 10:45:38 GMT-0600 (MDT)

Johannes points to the other big roadblock: politics. Like it or not, some of the biggest issues involving identity revolve around power--who has it and who controls it. You can't discuss identity on the Internet without everyone secretly imagining the money that will be made and lost on how this particular worm turns.

10:21 AM | Comments (2) | Recommend This | Print This

October 7, 2005

Internet Identity Workshop Shirts

I've created a Cafepress store with the Internet Identity Workshop logo so that you can buy IIW2005 gear. Enjoy.

4:49 PM | Comments () | Recommend This | Print This

Craig Burton Cries 'Ubiquity'

Craig Burton and Kim Cameron have a couple of posts on Identity 2.0 and what's required to make it happen. I wrote about it at Between the Lines. Good stuff. Exactly the kind of discussion I hope we can have at the Internet Identity Workshop at the end of the month.

10:35 AM | Comments () | Recommend This | Print This

Powerbook Surgery: Upgrading the Hard Drive

It seems like I'm always running out of space on my hard drive. All those digital photos and trips to the iTunes Music store, I guess. At any rate, when I got a new 17 inch Powerbook a few weeks ago, I wanted more than the 100Gb that is offered by Apple. So, I downgraded it to 80Gb to save a little money and ordered a 120Gb drive (5400 RPM, Seagate). When the new PB arrived, I didn't even turn it on--just cracked the case and put in the new drive. There's a great site, called PBFixIt that has step-by-step instructions with photos for replacing almost any part on your Powerbook. They also sell parts. Their instructions for replacing the hard drive were excellent.

Once the new hard drive is in, you have to partition and format it. The installation disks that come with the Powerbook have an option, that I'd never noticed before, to do all of that using OS X's excellent GUI-based DiskUtility. Just boot from the CD and then select DiskUtility from the pulldown menu. In a few minutes, I was installing OS X from the disks and had 55Gb of free space. Now to find something to fill it with...

9:22 AM | Comments () | Recommend This | Print This

IdM Challenge

InfoWorld put six identity management products through the wringer in an environment designed to test them in real-world scenarios. Here's the conclusion:

Every so often, when we're lucky, widespread necessity and solution maturity collide head-on. This is exactly what's happening today in the sphere of identity management. Although the underlying concepts of identity management aren't new, it's becoming clear that the execution of these concepts by solutions vendors is ready for the mainstream.

Between mandates from on high, such as Sarbanes-Oxley, and needs from below, such as the need to address management headaches associated with the constant march of new applications into the core infrastructure, the time of managing disparate systems and applications in silos is necessarily drawing to a close.

Bringing disparate systems together for centralized user provisioning and access management is a significant challenge, as our testing showed, but it's more than possible -- it's inevitable. Automating your infrastructure by implementing an identity management solution is likely to be the largest IT project you'll undertake for years to come, but it also has the potential to be the most rewarding. The potential calm after the storm is not to be overstated.

Even within our limited testing scenario, it was clear that these products are still evolving.

Sun Identity Manager seemed the most mature overall, with strong integration and management capabilities, but still lacks the reporting and front-end polish we were expecting. IBM and Courion have similar work to do on the manageability front. Indeed, Courion needs to keep working on making the flexibility of its solution more accessible. Novell has paid much attention to its front-end tools, producing the easiest solution to configure and manage by far, but it still needs work on the back end to match the depth of Courion or Thor. Finally, Thor was strong from stem to stern, although their implementation process required a good share of custom coding as well.

From The identity management challenge | InfoWorld | Review | 2005-10-07 | By
Referenced Fri Oct 07 2005 08:56:36 GMT-0600 (MDT)

The feature also includes pieces on identity management in action and federation. Overall, a really worthwhile set of tests and collection of information--probably the most comprehensive I've seen.

8:53 AM | Comments (1) | Recommend This | Print This

October 6, 2005

Centralized and P2P Services

Over at Freedom to Tinker, Ed Felton points out that most interesting systems on the Web are built from distributed computers. That's not what makes an architecture P2P. He says: "[T]he issue isn’t whether the services uses lots of distributed computers. The issue is who controls those computers."

9:01 PM | Comments () | Recommend This | Print This

October 5, 2005

On the Word 'Identity'

On the way back from a meeting in Salt Lake this afternoon, I was pondering the word 'identity' and the way it is used in the physical world and the way we use it in the world of IT. Something I heard on NPR set off this navel gazing--I can't remember what. Coincidentally, when I got to my office, I found this post from Tim Greyson on the living language of identity. And so, a post...

If I ask my wife, kids, or neighbors "what is identity?" they answer in various ways that I think reduce, at their most basic level, to this: "identity the sum total of who I am...my uniqueness." It includes not only attributes like height, eye color, and so on, but also their personality, hopes, and dreams--everything that makes them them. One way of sussing this out is to ask: do identity twins have different identities? We would say yes, even when we can't tell them apart.

This is quite different of course than the dry technical definition of identity that I used in my book: a collection of attributes, preferences, and traits stored in a computer record. This technical definition serves the technology, but is only the slightest shadow of the natural definition. Certainly the identity record that Amazon has stored and associates with me is only an approximation of a small subset of my true self. And not even a very important subset.

Now, there's nothing wrong with a word having multiple meanings. That happens all the time. But, when the different meanings are not clear from the context and are easily misunderstood by the participants in a conversation, that's a problem. This is precisely the problem Tim is talking about, I think.

When I say "digital identity" to my wife, even after having lived with me while I wrote a book on the subject, she likely to think of something much more sophisticated than a simple computer record. And with good reason. For example, identity theft, which involves computers, makes people feel violated in a way that goes beyond records in databases.

In 1974, the family therapist Salvador Minuchin declared that “The human experience of identity has two elements: a sense of belonging and a sense of being separate.” That's another element of natural identity that isn't served well by the technical notion of identity. In the digital world, identity information is stored in silos, but in the physical world, it's almost impossible to keeps subsets of one's identity separated. The relationships matter as much as the properties.

I've been toying with writing another book that would look into this side of identity. The working title I've been carrying around in my head is "Digital Me: Identity and the Internet." As Tim says, words matter, and I think that words about identity matter a lot because it's so fundamental to life in the physical and digital worlds.

3:02 PM | Comments (4) | Recommend This | Print This

October 4, 2005

Gadget Board

Jason Holt's put together a gadget board, a prototyping board based on the Atmel microcontroller (see photo). His design has a built-in monitor program for controlling the board. The I/O features eight analog inputs, seven 0-5v inputs and one input with adjustable max voltage, eight high current MOSFET outputs, and 4 high current relays. Jason's offering the schematics, code, and instructions for free or will also sell you a completed board.

8:36 PM | Comments () | Recommend This | Print This

O'Reilly on Web 2.0

Tim's framing up the Web 2.0 idea and does a great job of explaining why it's different and why it matters. This quote, I think is pivotal:

At bottom, Google requires a competency that Netscape never needed: database management. Google isn't just a collection of software tools, it's a specialized database. Without the data, the tools are useless; without the software, the data is unmanageable. Software licensing and control over APIs--the lever of power in the previous era--is irrelevant because the software never need be distributed but only performed, and also because without the ability to collect and manage the data, the software is of little use. In fact, the value of the software is proportional to the scale and dynamism of the data it helps to manage.

From O'Reilly: What Is Web 2.0
Referenced Tue Oct 04 2005 11:15:54 GMT-0600 (MDT)

Some other key lessons that Tim cites:

• Leverage customer-self service and algorithmic data management to reach out to the entire web, to the edges and not just the center, to the long tail and not just the head.
• BitTorrent thus demonstrates a key Web 2.0 principle: the service automatically gets better the more people use it.
• Network effects from user contributions are the key to market dominance in the Web 2.0 era.
• Operations must become a core competency.
• Users must be treated as co-developers.
• Support lightweight programming models that allow for loosely coupled systems.
• Think syndication, not coordination.
• Design for "hackability" and remixability.

He wraps these up in a "feature list" for Web 2.0 companies:

• Services, not packaged software, with cost-effective scalability
• Control over unique, hard-to-recreate data sources that get richer as more people use them
• Trusting users as co-developers
• Harnessing collective intelligence
• Leveraging the long tail through customer self-service
• Software above the level of a single device
• Lightweight user interfaces, development models, AND business models

Think you're a Web 2.0 company? How do you stack up on this list?

11:14 AM | Comments (1) | Recommend This | Print This

Blogging Talk Encore

I'm giving an encore presentation of my talk on why blogging matters in TNRB 280 today at 3:30pm.

11:07 AM | Comments (3) | Recommend This | Print This

Government OSCON

GOSCON, the Government Open Source Convention, will be held in Portland on Oct 13 and 14, 2005.

10:53 AM | Comments () | Recommend This | Print This

SOA Governance: What We Can Learn from Cities

I've made the analogy between digital identity management architectures and city planning. A recent article in the Architecture Journal (from Microsoft) takes this analogy to it's conclusion with a well written piece that outlines the parallels and shows how what we know about city planning can inform our questions about SOA governance. The article cites these parallels between the two domains that indicate that ideas from one can be profitably translated into the other:

• The distribution of design
• The constancy of change
• The need for progressive improvement
• The recursive nature of the architecture

The article references and builds on an earlier article by Peter Helland that lays out the analogy in some detail and makes a case for one of the architect's best tools, standardization. Helland makes the following points:

• Progress requires standardization. (According to Helland, people didn't even wash properly until they had standard clothing.)
• Standardization is associated with commoditization.
• Standardization requires concentration of power (and if this involves pathological distortions of socio-economic relations, so be it).
• Infrastructure requires central investment. (Since we may regard infrastructure as an act of local standardization, it follows that it must involve concentration of power.)
• Central investment preserves the "sacred" or most important design features.

I just finished a review of Systinet's Registry 6.0 product for InfoWorld (to appear) and I'm in the process of reviewing Infravio's registry, X-Registry. Registries are a good example of infrastructure that requires a central investment, supports standardization, and enables governance. Without a registry, or something like it, for example, its difficult to manage the set of services that are considered "production" and support a QA process that promotes services to that status.

SOA governance calls for a careful balance between central power and distributed development and operation. The central power must enable interoperability without destroying the benefits that are gained from distributed, loosely coupled services.

Cynics of IT organization think of this process as a pendulum that constantly swings from "centralized" to "decentralized" and back again. I disagree. I think we're getting better at understanding the right balance between both models and I see real hope that hybrid models that find the right balance are closer than they ever were before.

10:19 AM | Comments () | Recommend This | Print This

October 3, 2005

Virtual Rights Online Symposium

Jaco Aizenman and John Clippinger are chairing an online symposium on virtual rights. Simple put, "[v]irtual Rights is the right to choose to have a Virtual Identity, and the right to choose not to have a Virtual Identity." More broadly, I think it refers to the rights people have surrounding their virtual identities as well. The effort has gained considerable ground in Costa Rica.

The online symposium will take place between Sep 30, 2005 and Mar 31, 2006 on a mailing list maintained by Jaco. Let him know if you're interested in participating.

I think this might be a good way of approaching privacy. In my IT Conversations interview with him, Dan Solve, characterized the current system we have as an "architecture of vulnerability," meaning that our privacy problems are built into the infrastructure. The virtual rights idea, might provide a governance model for build a privacy infrastructure that isn't vulnerable.

On the other hand, I think that the set of rights that people want to articulate, might be so restrictive that no reasonable commercial infrastructure could be built on top of them. There's a real need for balance in this area and so I'm anxious to see what comes of Jaco's symposium.

5:14 PM | Comments (1) | Recommend This | Print This

Persistence Configuration in EJB 3.0

In EJB 3.0, persistence is done using plain old java objects (POJOs). As far as I know, JBoss is the only J2EE capable application server supporting EJB 3.0 at this point. In the JBoss implementation the Hibernate roots of persistent POJOs are still very much visable. That's good news since that means that much of the Hibernate documentation can be used to understand EJB 3.0.

In JBoss, the default persitence properties are stored in

$JBOSS_HOME/server/all/deploy/ejb3.deployer/META-INF/persistence.properties

The meaning of most of the configuration parameters you see there can be found in the Hibernate configuration documentation.

By default, the persistence configuration on JBoss's EJB3.0 says to create new tables each time the application is deployed and to drop tables when it's undeployed:

hibernate.hbm2ddl.auto=create-drop

This means that your data will be lost each time you redeploy your application. Probably OK when you're developing your entities, but not what you want for a production database. To change this, you can either change the line to read

hibernate.hbm2ddl.auto=update

Theoretically, you can override the default in your persistence.xml deployment descriptor:

<entity-manager>
  <name>Animal</name>
  <jta-data-source>java:/DefaultDS</jta-data-source>
  <properties>
    <property name="hibernate.hbm2dll.auto"  Value="update"/> 
  </properties>
</entity-manager>

I found, however, in a few simple tests, that this didn't work.

The default data source in JBoss is the Hypersonic database. This is an easy way to get going. JBoss stores the data in

$JBOSS_HOME/server/all/data/hypersonic

with the name localDB. This name, along with other configuration parameters for the Hypersonic DB, which is given the JNDI name DefaultDS can be found in this file:

$JBOSS_HOME/server/all/deploy/hsqldb-ds.xml   

8:05 AM | Comments (3) | Recommend This | Print This

October 1, 2005

IIW2005 Program

The program for Day One (Oct 26th) of the Internet Identity Workshop has been published. I'm very excited about it. I think it's a great line-up and will give us a chance to see many of the major systems and ideas around Internet Identity side-by side.

The schedule for Day Two is open, being run as structured open space. As such, we're collecting topics and presentations for Day Two, but we'll decide on the schedule as the first order of business on that day.

As you can see, we also have a Bryant Cutler-designed logo. Feel free to use it in promoting the workshop.

If you're not registered yet, it's not too late. I hope to see you there.

7:47 AM | Comments () | Recommend This | Print This