Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« September 2005 | Main | November 2005 »

October 31, 2005

Video Podcasting Talks

I want to be able to easily take a Powerpoint or Keynote deck and an audio file (MP3), sync them and turn them into an MP4. Can I use iMovie to do this?

5:34 PM | Comments (5) | Recommend This | Print This

How LCD Screens Work

The other day someone asked my how an LCD projector worked compared to an LCD screen on your laptop. Their general impression was that the laptop screen was like a bunch of LEDs, so how could you "project" that? I didn't really know. I knew that it was backlit and that's why you could project it, but had no idea how it worked. I asked Kelly Flanagan and he didn't really know either, but he sent me this really good tutorial showing how it works--interactive and everything. Apparently this is just one in a whole collection called Einstien's Legacy.

3:30 PM | Comments () | Recommend This | Print This

Personal Democracy on Steve Uquhart

The Personal Democracy Forum has a story on Steve Urquhart's Senate campaign to unseat Orrin Hatch.

2:55 PM | Comments (3) | Recommend This | Print This

Video iPod and Tivo

Friday I picked up a new iPod (60Gb, Black). I spent the weekend figuring out how to get video onto it from my Tivo, DVDs, etc. Here's what I've discovered, so far:

As I posted the other day, it's easy to download programs from your Tivo to your desktop. What isn't easy, on a Mac, is converting the shows to MPEG2 from the wrapper that Tivo puts them in. As I said in the earlier post DirectShop Dump will do that on a PC. You have to install the Tivo Desktop Connection first. I happen to have Virtual PC running on my OSX box, so I do that to avoid transferring multi-gigabyte files around. It's really pretty quick, even in Virtual PC.

Next I followed this instructions to use VLC to convert the video for use with the iPod. They worked for the most part. The result is an odd, square aspect ratio MPEG4 that is too big (vertical pixels) to load on the iPod. I loaded this up with Quicktime, changed the aspect ratio/pixel settings to 480x240 (see the Properties window), and then saved it out--that's pretty fast. I had a problem with VLC crashing on me over and over again for a while, but deleting my VLC preferences solved the problem.

For DVDs, I used a nifty little program called HandBrake. I resized them to be 320 pixels wide. Works pretty good, although I seem to be getting some audio glitches every 60-90 seconds. In a movie, their not too bad, but the Eagles Melbourne concert wasn't as nice as it could have been.

I have Quicktime Pro, which should work, but there are some problems. First, it won't play the MPEG2 files that DirectShow Dump (or Tivo) produces. I'm not sure why. Also, it's slooooooow. I used it to convert an hour of video on a G4 Powerbook and it took about 36 hours. VLC doesn't it in about an hour and twenty minutes.

I doubt I'll watch much TV on the iPod, but I do like to take shows I've Tivo'd on trips with me for the airplane or hotel room. My Powerbook works find for that, but sometimes the smaller form factor would be nice. I also want to try driving the TV from the iPod and see how that works. That would be nice as well.

Update: redoing the aspect ratio the video in Quicktime makes it look right in iTunes, but when you sync it with the iPod, you still get a weird tall aspect ratio on playback. I'm still exploring.

9:51 AM | Comments (3) | Recommend This | Print This

TinyDisk: Lessons for Web Applications Builders

At the CTO Breakfast, someone also brought up TinyDisk, a complete, shared filesystem built on to of TinyURL. If you're not familiar with TinyURL, it's a URL mapping service that let's you create a small, easily emailed URL to replace a long complicated one. Nice service that I've used several times.

TinyDisk is a demonstration by Acidus. TinyDisk shows that anything that stores anything on the Web can be used to store something else by encoding the something else into the Web-based storage system. In the case of TinyDisk, it's a Web-based file system that slices up a file, encrypts it, and stores it out on TinyURL.

TinyDisk is a program from saving and retrieving files from TinyURL and TinyURL-like services such as Nanourl. It overlays a write-once-read-many anonymous, persistent and globally shared filesystem. Once something is uploaded, only the database admin can delete it. Everyone can read it. No one can know who created it. Think of it as a magical CD-R that gets burned and placed on a network.
From Most Significant Bit Labs :: TinyDisk
Referenced Mon Oct 31 2005 07:52:54 GMT-0700 (MST)

The presentation from Phreaknic describing this is worth looking at. Here are recommendations from the presentation on what to do to prevent your Web application from being repurposed:

  • Do lots of validation on data you receive form the user!
  • Do not allow arbitrary amounts of user

TinURL isn't doing this. The basic idea behind TinyDisk is that it writes an arbitrary amount of information into a database with an HTTP command and then reads this information out of the HTTP 302 redirects Location header.

This kind of thing isn't new, of course. A file system built on top of GMail has been out for a long time. But, it shows that GMail isn't special and that as soon as you give someone a Web application that stores data, it may not get used for what you want. The presentation also gives tips for writing non-sanctioned extensions:

  • Write things as generically as possible. Your “API” is subject to change :­)
  • Don't try to make any money with your extension (even Google ads). Theft of service.
  • Throttle your app to reduce impact on original site.
  • Contact authors, maybe you can help them.
  • Don't do it. Get the raw data that site is using for free(US Census, geo surveys, public domain references) and implement your own web app.

In the case of TinyDisk, Acidus wrote a replacement for TinyURL to test against called NanoURL using 2 pages of PHP and a MySQL database.

7:46 AM | Comments (1) | Recommend This | Print This

October 28, 2005

CTO Breakfast Report

I really enjoyed this morning's CTO breakfast a lot. At the suggestion of some attendees, I tried to moderate it a little and keep it more focused on new and interesting technology. Here are some of the things we talked about:

Riya is a new photo sharing service that includes face recognition. You can identify people by selecting their face and typing in something (name, keyword, etc.) The service then will identify that same face using that keyword in any other photos you've uploaded. Very cool. There are some obvious privacy concerns... Right now, it's invitation only and I'd love to get an invitation, but it's also IE only, so I guess I don't care. There's a discussion of Riya at Techcrunch.

Phil Burns brought up Planzo, an online calendaring system. It has RSS, but I can't see that it understands iCalendar format calendars (so I can display calendars I manage in iCal online). Meeting Wizard is a nice tool that has more functionality to me than a simple online calendar since it let's me schedule meetings among various participants.

We had a nice discussion of quality assurance for both software and data. Lots of good ideas. Steve Gray drove up from Cedar City just to participate in that one. He's a principal in Test Foundry and specializes in Web load testing. He's got to love what he does to get up a 4am to drive to a discussion about QA!

We had a short discussion of 37 Signal's WriteBoard and that prompted a discussion of SubEthaEdit, the shared editing solution for Macs, and SynchroEdit, a Web-based shared editing tool that I saw demoed by Chris Allen at IIW2005. Chris is big on social and collaborative software and brought some real world identity needs to IIW2005.

We also talked about Gada.be and XRIs. In fact, since I came back from IIW2005, I've told three different groups about XRIs.

11:39 AM | Comments (4) | Recommend This | Print This

October 27, 2005

IIW2005: Day Two Wrap-Up

Today we ran the conference using something called "structured open space." Kaliya Hamlin was anxious that we use it as a way of creating discussion. I'll admit that I was somewhat skeptical, but it turned out very well. Here's how it worked:

  • As people came in at 8:30 we put them at tables with 8-10 people and told them to introduce themselves. About every 20 minutes we made them switch tables and reintroduce themselves to the new crowd. All along the way they were supposed to tell people what questions they most wanted answered in the workshop today.
  • At 9:30 we called everyone together in front of a big matrix we had posted on the wall. The rows were for different spaces at the Hillside Club and the columns were times in 30 minute blocks. Everyone had a chance to write a topic on a piece of paper and post it on the matrix. Posting a topic meant you agreed to host or moderate it.
  • We broke up and let people chose which topics they went to and what the discussion was.

There were some very good discussions, people explaining things to each other, groups whiteboarding concepts, discussions of follow-on cooperation, and even people making commitments to write code. This is exactly what we had hoped would happen.

In hindsight, we probably should have had 45 minute blocks. Thirty minutes wasn't quite enough time. We would have also been better off with a few whiteboards and big pads of paper on easels. Still, none of that was anything that was a show-stopper.

At 3:00pm, we called everyone together in a big circle and did a mini-debrief. Here's some of the comments (relatively unedited and without attribution) that I copied down as people spoke:

  • Encouraged by feedback on YADIS
  • Lots of passion came out in the last couple of days
  • Very creative ideas here. Some so far beyond the edge that it's absolutely whacky.
  • What books should we read?
  • Social affordances for women are very different from those for men. Take that into account as you build systems.
  • A lot of people didn't trust presenters on details of their implementation. Do we not know and trust each other or do we not know enough about the various solutions.
  • The understanding in the security community is that almost all designs are bad and when they're put out there they will be attacked. Design criticism is given with that in mind.
  • We all need to work on making our own stuff more understandable.
  • There have been real leaps forward in understanding how these things can work together.
  • Two really cool things happened this afternoon: we got a good grip on things that could happen with Identity Commons and a list and wiki surrounding identity rights agreements.

We're planning to do another one of these in about 6 months. It won't be exactly the same format, but the goal will be the same: encourage cooperation and cross pollinate the Internet identity space. Watch this space for more details as they become available.

8:27 PM | Comments (1) | Recommend This | Print This

IIW2005: Identity Rights Agreements

This afternoon there was a good sized group that got together to discuss Identity Rights Agreements.

One big problem is the legal status of such agreements. Mary Rundle was very helpful to the discussion here.

One point was that an organization (like Identity Commons) could create a "trustmark" that Web sites that take identity data could display saying they agree to abidee by IRAs. This provides some prtection under trademark law, but may not be the best way really punish violaters.

Data protection privacy commissioners want to create a regime for protecting personly identifying information. What we're saying in the discussion of IRAs is that we can build systems that allow users to easily indicate their privacy preferences, at least for some classes of data. What's missing is the legal framework in the middle to make such agreements legally binding.

There's two sides to this: identity owners and identity consumers. I've thought of IRAs being about the identity owner side. There's the other side of trustmarks that indicate what a site's policies are.

We shouldn't have a fixed set of artfully designed icons, but rather a set of choices that lead to the agreements. This is basically what Creative Commons does: make some choices, end up with a few fix choices.

Ultimately, we need to think about negotiation. What if I don't want my credit card stored, but the site policy is to store it. I don't want to enter a negotiation to see whether I or they are willing to compromise.

I-names and other systems creating identity records seem like a great place to start. The interface could let users select IRAs for each identity data field and then be responsible for packaging it into the standard for wrapping identity data (be that hCards, vcards, or something else).

IRAs aren't about technological (DRM) or even legal enforcement, although ultimately legal enforcement may be possible. IRAs are about expressing preferences. If users can express their preferences, service providers can start to cater to them and advertise their willingness to cater to them.

2:42 PM | Comments (2) | Recommend This | Print This

IIW2005: Attention Data as Identity

Attention data is the record of what you've read, what you're spending time on, and what you should be paying attention to. Two different groups are thinking about attention data in a general way: Attention.xml and Attention Trust. My impression is that Attention.xml is more about the technology needed to track yourself while Attention Trust is more "rights" to "data you own."

We had a discussion this morning at IIW2005 about attention data and identity. It's clear that attention data is founded on identity, it's less clear that attention data is identity in the sense of "digital identity" as it's commonly defined as a collection of attributes, preferences, and traits. A few points of interest from the discussion:

  • Attention, or everything I do, defines me in a way that is both self-asserting, and, so long as it's accurate, definitive in the aggregate. This is the technological expression of "I can't hear what you say because what you do is screaming so loudly in my ears."
  • Do user's "own" their attention data to the extent that they have the right to compel another entity to hand it over? For example, when I visit Amazon, they track my clickstream. I can track it as well (by hand, with a browser plugin, etc.) Should Amazon be compelled to hand over my clickstream data to me? This was an issue of hot debate in the discussion.

12:25 PM | Comments () | Recommend This | Print This

October 26, 2005

IIW2005: Summary at Between the Lines

I posted some thoughts and a summary of Day One at Between the Lines.

11:01 PM | Comments () | Recommend This | Print This

IIW2005: Pictures

I've posted some pictures I took today at IIW2005 on my Gallery. There's also some at Flickr that are tagged with iiw2005. I tried to get every speaker, but missed a few--just got busy writing and forgot to take a picture. Sorry.

10:17 PM | Comments () | Recommend This | Print This

IIW2005: Joel Getzendanner on Identity Commons

Joel Getzendanner is introducing Identity Commons. Identity Commons (IC) is not a service provider, a technological alternative, or an umbrella organization. IC is a place for those working on identity. IC is technologically neutral. IC is intended to be a community of shared intent. IC is participant owned, egalitarian, and tries to keep control and content as local and distributed as possible. IC wants minimal authority over participants.

The Identity Commons Web site seems to be mostly about i-names at this point, the primary thing they've been involved in thus far. That probably ought to be redone to more accurately reflect the real goals of the organization.

I have to admit that this discussion left me wondering where the beef was. There was a lot of "we believe in goodness" and "we are a place to work together" without much in the way of "here's a proposal for you all and how we can help."

6:34 PM | Comments () | Recommend This | Print This

IIW2005: Paul Trevithick on Higgins Trust Framework

Identity is a three-body problem. When you use a credit card, there's pre-existing trust between the airline and the bank (brokered by Visa). You're the third party in that equation. Lots of groups that we belong to, lots of implementations. People want to manage relationships between extremely diverse contexts.

This is where the Higgins Trust Framework (HTF) comes in. The goal of the HTF is to address four challenges: the lack of common interfaces to identity/networking systems, the need for interoperability, the need to manage multiple contexts, and the need to respond to regulatory, public or customer pressure to implement solutions based on trusted infrastructure that offers security and privacy. A context includes identifying information, profile information, reputation information, and relationships.

The technical work consists of the following tasks:

  1. Create a framework/API – an abstraction layer for identity and social networking services
  2. Create a set of exemplary context “provider” implementations (plug-ins)
  3. Create an exemplary app that demonstrates how to use the extensible framework
  4. Enable developers to leverage Higgins in their applications

This is all in Java and inside Eclipse. Higgins could provide an API for developers to incorporate identity and trust in applications. Context specific modules need to be built. The project is open-source.

I'll admit that at this point, I'm still wondering exactly what this is. A demo would be cool.

5:56 PM | Comments () | Recommend This | Print This

IIW 2005: Brad Fitzpatrick on OpenID

OpenID is similar to LID in that URLs are used for identifiers. Identity URLs can be static web pages so there's a low barrier to entry. Also, no SSL is required, nor is a browser plugin. OpenID is simply a way to prove you own a URL.

OpenID can be stateful or stateless. Stateful access is faster, but requires more infrastructure to support.

When you grab a URL, the URL has a way of saying who the identity server is (in the <link/> tag). The identity server provides a way for the person claiming the URL to prove (i.e. a password) that they are the person who owns the URL. Delegation happens on the page associated with the URL, rather than on the server.

OpenID isn't a trust system, a solution for all identity problems, of perfectly secure. There's no associated data in the protocol itself. This is susceptible to man-in-the-middle attacks and DNS spoofing.

5:17 PM | Comments () | Recommend This | Print This

IIW2005: Johannes Ernst on LID

Johannes starts off with a discussion of REST because that's critical to his design principles for LID. He describes it this way: "everything that matters on the Internet has a URL, can be bookmarked, can be found via Google, can be hyperlinked, can be tagged, and can be accessed with a browser." People got very argumentative here. REST discussions do that.

Johannes' conclusion: people need URLs. Similar argument to Drummond and XRIs, but with a different conclusion. Johannes gives a use case based on Doc's Company Relationship Management scenario and me trying to find a hotel in Berkeley. This isn't so different than Priceline, but it would be decentralized and user-controlled.

To do this you have to

  1. I publish a need
  2. Vendor finds the need
  3. Vendor decides on an offer
  4. Vendor communicate an offer

If the need is published as a URL, then Google can be used to find it. If a person has a URL, that is the perfect place to point to other information, including needs that I have. In fact, I did that in a non-structured way when I published my need on my blog.

LID allows you to create as many "identifier" URLs as you like. These can be kept separate or they can delegate back to a canonical LID URL. Traversals to specific data within the URL is specified using XPATH queries on the identifier URL. Format of the return data can also be specified (HTML or XML).

The crowd was untypically hostile on this talk. I think the issue is that people are expecting every proposal to solve every problem when I don't think Johannes is saying he developed the complete package. He's taking an iterative, solve a few problems at a time approach. I'm actually fairly impressed with how this has matured over the years. Even so, the feedback was valuable and Johannes is good at taking feedback, so I think it was a positive experience.

4:09 PM | Comments () | Recommend This | Print This

IIW2005: Dick Hardt on Identity 2.0

Dick starts with a discussion of the SXIP 1.0 architecture. One of the things I note as I listen to Dick is the nomenclature problem. We have some people calling users "users" and others calling them "principals", some calling the relying party the "membersite", identity providers can be "homesites," and so on. This is hard to keep straight. You need a score card to keep up. I'm not picking on Dick here--he's picked his words and they're as good as anyone else's. The Identity Gang wiki has an identity lexicon that is attempting to "create a minimal set of terms that enable discussion of the technical operations, technical architecture, and user experience of user-centric identity systems."

SXIP 1.0 provides SSO with user control and has been available since February 2004. SXIP has gathered a lot of feedback and used that to derive SXIP 2.0. Some design requirements (with a nod to Kim's seven laws):

  • Relying party must provide reason for a request and give the usages.
  • Personas should be compartmentalized by context (online church group vs. online gambling group)
  • Release data only with user consent.
  • Granular control over release information
  • Users should be able to chose their agent (separate rootsite from homesite in SXIP)
  • Separate transaction for acquiring claim from presenting the claim.
  • Provide identities for public identifiers for anonymous identity transactions.
  • Provide a low barrier to entry. Zero footprint for the user. Name-value pairs for membersite.
  • Interoperate with and use existing standards.
  • Provide a user-consistent experience by ensuring that the user always sees the same agent regardless s of context.

(I didn't catch all of these. Hopefully Dick's slides will be online later.)

These design guidelines have changed SXIP and influenced the 2.0 architecture. In addition, there have been some security improvement based on an IBM security review.

3:31 PM | Comments () | Recommend This | Print This

IIW2005: Drummond Reed on XRIs

XRI is a syntax and resolution protocol for abstract identifiers---identifiers that are independent of the underlying network location, domain, application, or storage. It's an abstraction layer for identifiers of all types. You can use an XRI anyplace you can use a URI. An XRI can be downcast into a URI. There is also a standard way of making an XRI clickable called XRI Resolution. XRI is the product of an OASIS technical committee.

In the same way that URI's unify the filename, IP address, and domain name layers into a single namespace, XRIs integrate URIs with names in the telephone, postal and future networks.

XRIs provide a way to create persistent identifiers, but that's not he killer app for XRIs. There is also, a need for reassignable identifiers as well, and XRI allows those in the same syntax. XRIs can start with a global context symbol. Any XRI can be the global root for an identifier community through cross referencing.

On the Internet, URIs have created a system of proper nouns. Everything has a name, but there are no general nouns for use in discussing common ideas. In English, you don't have to know what the other person calls things because we have nouns that give us the same names for things. So +resume could stand for a resume, regardless of how I've named it. xri:///(=windley)/(+resume) could map in to http://phil.windley.org/windley_resume.pdf and you could find it by knowing my identifier and the right noun for a resume.

An XRID is an XRI resolution document. XRIDs are XML documents that are returned from an HTTP GET request on an XRI. It gives not only the resolution, but also synonyms, authorities, local path resolvers, and service endpoint URI descriptions.

Three uses of XRIs: i-names, open tagging, and XDI (the XRI data interchange format). I-names provide a way of creating a universal contact that abstracts email addresses, phones, physical addresses, and so on. They also provide privacy protection. XRI is the basis for i-names, but XRI is not an authentication protocol. It simply provides a simple way for relying parties to discover a user's authentication service endpoint (or YADIS file).

Open tagging provides a way to create a tag dictionary using XRIs. The tag dictionary provides a way for everyone to talk about their own tag namespace (like URIs provide a way for me to create my own unique identifiers).

1:24 PM | Comments () | Recommend This | Print This

IIW2005: Brett McDowell on Liberty Alliance

Brett McDowall is speaking on Liberty Alliance to "engage the bottom-up community." The vision of Liberty Alliance (LA) is a networked world in which individuals and businesses can share identity information in a protected way. LA is working on technology standards and guidelines, business and privacy guidelines, and an ecosystem of interoperable products and services.

The board and sponsors of LA are most of the big companies you'd recognize. But 50% of the membership is either non-profit or a company with less than 100 employees.

Liberty ID-WSF 2.0 is based on SAML 2.0, WS-Security, and WS-Addressing. An earlier version relied on ID-FF which has been merged into SAML 2.0 in the spirit of convergence. ID-FF, however, is still in use all by itself and it deployed in various places.

Some design points: identity based Web services are associated with the principal's identity and can be invoked by a principal's identity. Attributes are shared only with the permission of the principal. Credentials can be discovered.

There's more than 1 billion Liberty-enabled identities and devices in use by the end of 2006 based on LA member deployments.

LA is willing to interoperate with WS-* services, but there are some issue, including where they are in the acceptance cycle and closed standards bodies.

LA is working on a robust client that would offer similar benefits to the InfoCard client. Numerous use cases were listed.

Questions: how can LA be used with REST? Can LA support light (vs. SOAP/heavy) architectures? Participate in LA workshops, become LA members so that "bottom-up identity" use cases and requirements are included in architectural decisions. "The world belongs to those who show up."

12:36 PM | Comments (2) | Recommend This | Print This

IIW2005: Mike Jones on Identity Metasystems

We're trying to get to a world where there is a ubiquitous, user-centric identity solution for the Internet. The result should be a safer, more trustworthy Internet.

Mike is showing a user experience for InfoCards, Microsoft's proposed identity solution. First time I've seen it. The solution, of course, is very thick client oriented since InfoCards is built into the OS. The vision is nice because there's a common experience for using InfoCards across every Web site.

A ubiquitous identity solution must accommodate mutually contradictory requirements based on context. For example, most of the time we don't want people to be able to track their identity, but in some cases (e.g. corporate audit requirements) that may be necessary.

Success, by Mike's definition, includes ubiquity, security-enhancing design and implementation, single, simple user experience across systems, simplicity in the programming model. Achieving success requires broad collaboration, encapsulation and transformation of underlying systems, technology standards, and ensuring participant benefits.

The goal of InfoCard is to be incremental to the current Web experience, rather than changing it completely. At the point where you're providing credentials, you could present the same login information you presented before or present an InfoCard claim.

Some choices Microsoft made:

  • The protocol used to pass claims, etc. is separate from the payload. This allows changing payloads without changing the protocol. Design decision: do not tie solution to protocol designed around a single payload type.
  • The identity selector is different and independent from the software provided by the identity provider. It's identity provider agnostic. The identity provider could be on the net, on the PC, on your phone, etc. Design decision: identity selector is a different process from the process running the identity provider.
  • The identity selector is different from the metadata store. This allows metadata to be stored where ever it's convenient. Design decision: metadata store does not run in the identity selector process.
  • Auditing and non-auditing identity providers are both allowed. Design decisions: support different levels of auditing requirements from relying parties and identity providers.
  • Guarantee separation of contexts. Identifiers are unidirectional and the identifiers given to one relying party can't be linked to the identity given to another. Claims released to relying party is base don what they ask for.
  • Facilitate data rejection. Claims in card are provided each time the relying party asks for authentication, so identity data can be thrown away by the identity provider.
  • Claims do not equal trust. Higher levels of software, built on InfoCard must deliver that.
  • The human token and the computational token are not the same. The use sees human friendly representation of the identity information to be released. That won't necessarily be the same format that the data is passed around. Design decision: cryptographically bind display token and computation claims to allow audit of identity provider by user or relying party auditor.
  • Authentication goes both ways. Identity systems typically used to prover identity of user to relying party, but to reduce phraud, we also have to prove relying party to the user. Design decision: prove identity of sites to users before users ever interact with sites.
  • Suppress complexity to allow users to have a consistent experience. This increases security. Localization of secrets is a factor.

11:47 AM | Comments () | Recommend This | Print This

IIW2005: Marry Ruddy on Use Cases

Mary Ruddy is speaking on Use Cases for the Social Web. Our hope is that by discussing use cases, we can lay a foundation for later discussion and give everyone a common frame of reference. Mary makes the point that use cases are stories. Keeping the discussion about stories helps people from different technology backgrounds to relate.

Use cases: SSO, social commerce (Doc's example or recommender's, reviewers, and affiliates), augmented social networks, Katrina networking (lost and found people), soccer registration, Internet banking authentication, health care, etc. Question: can we move beyond authentication?

Mary makes an interesting point that we want to know about people who recommend things to us because who they are matters in our level of trust in the recommendation. A simple example: when someone recommend a hotel, it's useful to know if they paid for it themselves or they were on an expense account.

Rohit Khare raises the question of anti-use cases. Often we over identify people. User preventable identity linking, sharing, and forwarding. These are more circumstances that are common to every use case. An interesting link to yesterday's post on identity and presence is that the laws governing what can happen to your identity have to do with presence.

Persistence identity and reputation are pillars of building a community. Introduction is a key part as well. Reputation brokers for relying parties that move between systems. Without trusted third parties, the community won't scale.

10:49 AM | Comments () | Recommend This | Print This

IIW2005: Doc Searls

Doc is leading out today giving a foundation for why identity matters. Markets are places where people meet to exchange things and make culture. Free markets are not "your choice of silo."

Doc notes that the difference between "content" and "speech" is critical. Congress can't regulate speech, but they can regulate the movement of content (his example is the FCC broadcast restrictions on obscenity). The 'Net needs to be a place for free speech and where free enterprise happens. This is an example of an issue that is not about left or right, Democrat or Republican. It can be non-partisan.

Independent customers need independent developers. The 'Net is a place where demand supplies itself. Big brand companies don't innovate here. Big companies aren't bad, but this isn't what they do.

Our wallets are examples of market silos. The silos in our wallets haven't been federated. Companies are figuring out how to silo their data, but customers need to be able to initiate relationships on their own between the silos in their wallets.

Our founding problem is that industry won the industrial revolution. Crafts were replaced by jobs, work was reduced to labor, occupations were reduced to positions, somewhere in the organization. whole notion of "human resources" says that we are fodder to be interchanged at the will of the company. Our names, often were related to our craft. We've lost the meaning of our names.

Doc's use case for this is renting a car. Airlines have federated with rental car companies, but if you go to the "partner page" on an airline site, its a the land of silos. They've replicated the airport experience on the Web. How lame is that? Wouldn't it be better if the rental car companies had to compete for your business. CRM systems don't "relate" Like all CRM systems, they're an instrument of marketing BS.

Thoughts for the workshop:

  • Commercial vendors aren't the only ones with silos. Standards and open source projects can be silos too.
  • Let's look past interoperation. Let's help each other out, if we can. Reach across boundaries of judgment.
  • There are good reasons for every product and project.
  • What "building material" do we have that we can offer to each other--stuff we can use.
  • Let's leave here with commitments to do stuff we hadn't even thought of before we got here.

10:09 AM | Comments () | Recommend This | Print This

IIW2005 IRC Channel

If you're trying to follow along at home, there is an IRC channel at irc.freenode.net/#identity

9:24 AM | Comments () | Recommend This | Print This

Business Ignitor in Utah County

Connect Magazine is hosting another Utah County installment of its Business Ingnitor Series today (Wednesday Oct. 26th) from 3:30 - 5 p.m. at the Lindon Los Hermanos. Josh Coates of Berkeley Data Systems will be the speaker. You can register at Connect. Students get in free, so if you're interested, head on over. (When registering, students should register with a school e-mail address and select the "pay at the door" billing option. No one with an e-mail account from a school will have to actually pay at the door.) I'm in Berkelely for the Internet Identity Workshop, so unfortunately, I won't be there.

7:30 AM | Comments (1) | Recommend This | Print This

October 25, 2005

Identity and Presence

I put a piece about the difference between identity and presence information at Between the Lines. The difference is pinpointed by iTunes in its use of proxies for presence to enforce its DRM policies--badly, as it turns out.

10:47 PM | Comments () | Recommend This | Print This

October 24, 2005

A Better Command Line Find

If you're coming to OS X from UNIX, like me, then you're probably comfortable with the command line and you probably know your way around the find command. I use it all the time for finding files. Since I upgraded to Tiger, I use Spotlight a lot more, but there are still times when I want to find things on the command line. Apple has thoughtfully provided a Spotlight enabled version of find called mdfind

Using mdfind is easy: just type the command followed by whatever you'd enter in the Spotlight search box. You'll get back a list of files, just like from find, that can be used with other shell commands. The difference is that if you type mdfind "BYU Purchasing" you'll not only find files with the string "BYU Purchasing" in the filename, but also inside the file itself.

Another difference is that mdfind searches the entire disk index by default. To limit it to certain directories, you can use the switch -onlyin followed by the directory name. Because mdfind is using the Spotlight index, it's very fast--much faster than a regular find.

mdfind can search a file's metadata as well. The tricky part is that you have to know the name of the metadata tags that you're interested in. The command mdls can be used to list the metadata attributes of a file, once you know the attribute, you can use it to search for files with that same attribute in an expression. For example, the following expression finds all the HTML files in my Documents folder: 

mdfind -onlyin ~/Documents "kMDItemKind  == "HTML document"

The command mdimport -A will show you all the attributes that you can search by and give a short description of each. For example, you can use 'kMDItemRedEyeOnOff' to tell you whether 'red eye' correction was on or off.

Naturally, mdfind can only find things in the index and Spotlight doesn't index the entire harddrive or even every file type. If you want to put something in the index that Spotlight doesn't do normally, you can use the mdimport command to do that. The other command used to control indexing is mdutil which can switch indexing on or off for a volume, erase and rebuild an index, and show the status of indexing.

For some things, I suspect, I still use the comfortable old find command, but as fast as mdfind is, I'll be turning to it more and more often.

9:58 PM | Comments () | Recommend This | Print This

Yet Another Decentralized Identity Interoperability System

There have been several proposals for Internet identity systems over the past 18 months or so, including Microsoft's InfoCard proposal, SXIP, and several URL-based systems including LID, OpenID, and Passel. Today Brad Fitzpatrick (of LiveJournal/Six Apart and inventor of OpenID), Johannes Ernst (of NetMesh and LID), and David Recordon announced a proposal to build an interoperability framework for LID and OpenID called YADIS (Yet Another Decentralized Identity Interoperability System). Here's part of what they said in the announcement:

Working on this problem, we realized quickly that what we were really building was a bottom-up, light-weight interoperability framework for personal digital identities since we addressed the problems in a quite general manner. Working on this, it became clear very quickly that the resulting interoperability architecture was much more broadly applicable. In our view, it promises to be a good foundation for decentralized, bottom-up interoperability of a whole range of personal digital identity and related technologies, without requiring complex technology, such as SOAP or WS-*. Due to its simplicity and openness, we hope that it will be useful for many projects who need identification, authentication, authorization and related capabilities.

The architectural assumptions are exactly what one would expect from this group:

  • Fully decentralized, and no one point of control
  • Let many (interoperable) flowers bloom
  • URLs as identifiers
  • RESTful and easy to use for developers

One obvious question: where's Passel? Seems like it would fit here. I'm looking forward to hearing more about this at the Internet Identity Workshop.

9:43 PM | Comments () | Recommend This | Print This

IIW2005 Blog Aggregator

I've set up an RSS aggregator for IIW2005 so that people not attending the conference will have a one-stop place to keep up with what attendees (and others) are saying about it in their blogs. If you're going to be blogging about IIW2005 and the presentations, please send me the URL of your RSS feed so that I can add it to the list.

In addition, we'll be recording the sessions and podcasting them later.

11:10 AM | Comments () | Recommend This | Print This

October 22, 2005

Blueprint for Action

I picked a copy of Thomas Barnett's new book, Blueprint for Action : A Future Worth Creating. I really enjoyed his last book, The Pentagon's New Map, so I'm anxious to dig into the new one. I'm going to interview Barnett for IT Conversations in a few weeks. If you've got anything you'd like me to ask him, let me know.

5:05 PM | Comments () | Recommend This | Print This

October 21, 2005

Speedpitch Lunch

If you're a Utah entrepreneur, or are willing to fly, Paul Allen and FundingUtah.com are hosting a speedpitching lunch on Nov 8.

Here's how it works:

Ten of Utah's top entrepreneurs will give five-minute pitches to several groups of 3-5 accredited angel investors rotating in a fast-paced, musical chairs style. After the end of the event, entrepreneurs will be available for question and answer sessions on an individual basis.

SpeedPitching will enable promising entrepreneurs to present their ideas to a large number of angel investors in an intimate setting. In addition, angel investors will learn about Utah's most promising business opportunities without the drudgery of long, impersonal presentations.
From Speedpitching Luncheon
Referenced Fri Oct 21 2005 10:54:11 GMT-0600 (MDT)

10:43 AM | Comments () | Recommend This | Print This

October's CTO Breakfast

Next Friday at 8am we'll get together for October's CTO Breakfast. I'll just be getting back from two days at the Internet Identity Workshop, so I'm sure I'll be fired up about that. I've also had several people lately ask about building quality assurance organizations and their role in software development, so I thought that would be a good thing to discuss with the group. I'd love to know what people are doing now and think they ought to be doing. Of course, any technology-related topics you're interested in are welcome as well.

As usual, we'll be holding the breakfast at the food court at Canyon Park Technology Center (Building L). See the CTO Breakfast page for more information and directions. Also on that page are dates for future meetings. Note that November's meeting actually will be on Dec 2 and there will be no meeting at the end of December. In January we'll switch to the last Thursday of the month until April.

If you're interested in technology and building products, then you're welcome--even if you've never been a CTO. :-)

7:57 AM | Comments () | Recommend This | Print This

October 20, 2005

Wanted: MITS Altair 8800

I'm looking to buy a MITS Altair 8800 computer if you know anyone who's got one. I'm mostly interested for sentimental reasons. I built one in 1976 and would love to have one. The price, of course, would depend on condition and acccessories. I want something that works. My fingers ache to toggle in 8080 machine code on the front panel switches and see the blinking lights.

3:33 PM | Comments (1) | Recommend This | Print This

October 19, 2005

Tracking Your Printer

The EFF has been working to crack the code that some color printers put on every printed page. It's been long known that printer manufacturers put these codes in many color printers at the behest of the Secret Service, who's concerned about the potential for counterfeiting. The EFF, however, has revealed just how these codes work (with images).

The images really bring this home. Just think about every document you print containing tracking codes that link it back to the printer in your office or home. The privacy concerns are huge. Imagine that you print a handbill complaining about working conditions and post it in the lunchroom. You might have thought it was anonymous, but in fact, your employer can link it right to the source. I'm not really a big privacy freak, but I don't like this at all.

1:56 PM | Comments () | Recommend This | Print This

October 18, 2005

Surfing Your Tivo

I'm probably just hopelessly behind, but in case you are too, I thought I'd post this. If your TiVo is networked (i.e. connected to your home LAN), but can surf the now playing list with a browser and download the shows. Just point your browser at 

https://your-tivo-ip-number/

The https is important. Otherwise, you end up looking at a do nothing splash page. You'll be asked to authenticate (HTTP authentication). Use tivo as the user name and your media access key (MAK) as the password. You can get the MAK from your Tivo under Setup.

Once you download the program, you'll find it's in some kind of wrapper and has the extension .tivo. You can turn it into a MPEG file using DirectShow Dump. Unfortunately, this is a PC only program. I don't know of an OS X equivalent. Once the show's in MPEG format, you can use it on your Mac. Theoretically, you could use Quicktime Pro to create a version compatible with the new iPod, but I haven't tried that.

As soon as I downloaded my first file, I realized that I need a GigE network in my home (and on the Tivo)--not to mention bigger hard drives.

4:47 PM | Comments (1) | Recommend This | Print This

IIW2005 Hotel Redux

OK, I chickened out. After I posted that I was staying at the Hotel Shattuck, David Kearns posted a note indicating it hadn't gotten good reviews. Looking at other hotels on the site, I wasn't too thrilled with them either. So, I switched to the FourPoints Sheraton in Emeryville. I've stayed there before and know what I'm getting there. I'm not that adventurous when it comes to where I sleep.

11:12 AM | Comments (1) | Recommend This | Print This

October 17, 2005

Cogito Is Hiring

Cogito, a Utah-based company that makes a very unique graph-based data storage and analysis system, is hiring. Here's what they're looking for:

  • UI Developer - C#, .NET experience, enough development experience so as to not require much hand-holding. Lots of hustle – prolific. Must want to be a heads-down developer, not a leadership position.
  • Data Broker Architect - Significant enterprise application development experience with emphasis on back-end DB, integration and meta-data experience. Java enterprise experience. Familiarity with the major enterprise applications and databases. This position will require large scale design and small team leadership abilities.
  • Data Broker Developer - Same as Architect desired, but will settle for less for this position. This position is not a leadership position.
  • Engine Developer (2) - Java development experience. Strong computer science skills. Ability and interest in complex and abstract problems. These positions are not leadership positions.

If you're interested, pop right over to their Web site. Tell them I sent you. :-)

3:40 PM | Comments () | Recommend This | Print This

IIW2005 Hotel

I just made reservations at the Hotel Shattuck for IIW2005 based on nothing more than gut feel. Let me know if I've made a huge mistake. If you're looking for a hotel for IIW2005, there's a list on the wiki.

There's a little more than 60 people currently signed up. If you're planning on coming and haven't registered yet, it would help us a lot if you could do so soon so that we can order food. Also, if you'd like a t-shirt, you have to order it yourself.

3:32 PM | Comments () | Recommend This | Print This

Robb and Barnett

If you've followed Tom Barnett, as I have, and know John Robb (former COO of Userland) then this interchange between the two will interest you. John wrote a piece for the NYTimes called "The Open Source War." Tom offered a critique. Nice to see it all come to my feedreader.

2:29 PM | Comments () | Recommend This | Print This

Means, Motive, and Opportunity

I just finished a post at Between the Lines on the importance of the Massachusetts vs. Microsoft battle over whether Office is included in the Massachusetts enterprise architecture. Bottom line: government CIOs have had the means and motive to make such a move. Massachusetts' actions have given them the opportunity to make the same move.

On the same subject, David Berlind's comprehensive report on the process Massachusetts followed in the ETRM process should be a must read for any government CIO or IT manager.

11:25 AM | Comments () | Recommend This | Print This

October 14, 2005

IIW2005 Shirts Are OK

I ordered a couple of IIW2005 shirts from Cafepress to make sure they looked OK. I ordered the long-sleeved T and the Ash Gray T. Both looked good. The logo looks great--no jaggies or anything and the T-shirt quality is good. I'm happy with them.

9:43 PM | Comments () | Recommend This | Print This

Trading Performance for Better Design

Phil Windley and Rick Adam at the Business Ignitor talk.

It's a timeworn tale in the world of computers: a new technological advance relaxes some design constraints and some of the increased headroom is used by the designers to add modularity of the design with abstract interfaces. Only this time, the story isn't about computers--it's about airplanes.

Yesterday I flew my plane up to Ogden to moderate a discussion with Rick Adams, CEO of Adam Aircraft. If you're not a pilot, you probably haven't heard of Adam Air, but it's one of the hot new companies in aviation. I was surprised to learn that Rick isn't a lifelong aircraft industry type. Rather, he's a CIO turned software entrepreneur who took up flying in the early 90's. He was fed-up with not being able to buy the plane he wanted, so he decided to build it.

It's hard for a software techie to understand, but the pace of innovation in aircraft is painfully slow. If you stuck a 1945 pilot in my Turbo Arrow, he or she would feel perfectly at home (as long as you turned the GPS off). Aircraft manufacturing has been dominated by the FAA who sees it's job as making sure no one ever flies. Keep that in mind next time someone proposes that we need government regulation to make computers secure or protect data privacy.

Adam Aircraft is building two planes, the A-500, a conventional engine twin, and the A-700, a personal jet. To give you an idea how moribund the aviation industry is, Adam Air is the first airplane manufacturer to certify a complex aircraft ("complex" has a formal meaning in aviation) in over 40 years. Yup, no new designs have been approved for four decades. Adam Air has spent over $80 million getting the A-500 certified. So, before you can ever deliver your first aircraft to a customer, you're out $80 million. That's got to give an investor pause.

Another surprise to non-pilots is just how wimpy private planes are. They don't have much payload capacity. For example, if I put four adults in my plane, I can't fill the fuel tanks more than 3/4's full. Consequently, airplane manufacturers try to shave weight where ever they can. Rick told me about an engineer who wouldn't design the wiring harness that goes from the front of the plane to the back until he had an exact measurement. Rick said "make it six inches longer" and the engineer balked. A few more inches is a few more ounces of weight.

You can imagine in this kind of environment, how aeronautical engineers would feel about modular designs. The same way 1960's programmers felt about operating systems. Nice, but way too expensive in terms of performance. Every plane design is a one-off; hardwired in the same way that a software developer would handcraft assembly language code when performance really matters.

The A-700, is going through certification now, but the process shouldn't be as expensive. Why? Because of the modular design. Many of the components in the A-700, like the landing gear, have already been certified as part of the A-500 certification. The designers were careful to create the interfaces between the components in such a way that they could retain their certification as long as they were used within certain design envelops.

Why the move to modular designs now? Partly because someone with modular design expertise came along and didn't know how airplanes "have always been built." And partly because of a technology that enables this innovation: composite materials. Composites don't directly result in modular architectures, but since they weigh less for an equivalently strong member than aluminum, some of the weight constraints that designers have always lived with can be relaxed and that enables more modular design.

8:29 AM | Comments (4) | Recommend This | Print This

Thin is In

IFlyAKite Desktop in Javascript

I'm not sure what the purpose of this site is, but it's cool. If the purpose is to show just how far Javascript can be pushed to create a rich-client feel inside a browser, then I'd say they've succeeded. Apple will probably try to shut this down, but they ought to leave it up as a monument to dedication.

8:16 AM | Comments (1) | Recommend This | Print This

October 12, 2005

Ways of Thinking, Ways of Doing

In a recent column, Jon Udell says "much of what seems to be modern innovation is, in fact, rediscovery of ... Lisp and Smalltalk." He goes on later to say:

If existing tools can do more than we realize, we could spare ourselves a bit of grief. But probably not a lot. Translating ways of thinking into ways of doing always takes longer than we predict.
From The spiral staircase of SOA | InfoWorld | Column | 2005-09-28 | By Jon Udell
Referenced Wed Oct 12 2005 09:55:00 GMT-0600 (MDT)

This is an interesting point and one that's under-appreciated, particularly by academics. For example, I've frequently maintained that anyone with a CS degree can understand XML and cut through the hype in a few sentences:

  • XML is a way of describing context free grammars.
  • An XML schema is a BNF for a particular grammar (it can contain more, but this is a good start).
  • XML parsers are interpreted versions of LEX and YACC.
  • A DOM is a standardized parse tree.
  • XSL is an interpreted pretty—printer.

This pretty much says it all except for Jon's point. Because there's nothing new in the principles behind XML, good programmers have been using the principles of XML for years, but by creating the "way of doing" we call XML and encapsulating those principles in standards and tools, Tim Bray and others gave those techniques to the masses.

9:49 AM | Comments (3) | Recommend This | Print This

Why Bloggers Blog

A study by public relations firm Edelman shows that the number one reason bloggers blog is to "establish themselves as a visable authority in their field." Number two was to "create a record of my thoughts." Of course, for many of us, there's more than one reason. The body of the survey was aimed at understanding the potential for PR firms to use bloggers to get their word out.

9:38 AM | Comments (3) | Recommend This | Print This

Google News Reader

Yesterday Google announced their news reader. I played with it a little and wrote a review over at Between the Lines. My bottom line: I like it and I'm going to keep using it.

9:25 AM | Comments (1) | Recommend This | Print This

October 11, 2005

Business Ignitor

Thursday Rick Adams, CEO of Adam Air will be speaking at this months edition of the Business Ignitor series. Rick's talk will be at the Ogden Airport at 3:30. Adam Aricraft recently announced that they're going to locate their manufacturing facility for their new line of planes in Ogden. Makes sense: Ogden's got a nice big airport and there's plenty of skilled aircraft workers from Hill AFB.

Rick will speak for 15 minutes or so and then I'll moderate questions from the audience. I'm planning on flying up from Provo--I don't need much of an excuse to fly. Sorry, my plane's already full. :-) If you drive, you can get directions from the Connect Web site.

6:38 PM | Comments (