fidzu : Identity

At F8 today, Facebook rolled out their Facebook Connect platform. With a small amount of code, other sites can integrate the Facebook identity system into their site. The keynote reminded me of early days of Microsoft as they rallied developers to build on their platform by explaining how the platform can help them and being [...]

23 Jul 2008 10:13pm GMT

Businesses spend a great deal of time and money trying to identify their customers. By "identify" I mean not just get a name and credit card number, but find, learn about, and discover the attributes, preferences, and even desires...

23 Jul 2008 9:38pm GMT

With the announcement of OpenSSO Express Support, it is now possible to get support for the selected builds of OpenSSO. Details of the supports and FAQs are available at the OpenSSO wiki.

23 Jul 2008 7:26pm GMT

To follow on from a couple of recent posts (Sins of Commission and Policy and Technology evolve at different rates), I see that the ECHR (European Court of Human Rights) has ruled against the UK government in a case about phone tapping. Civil Rights campaigners including the UK Liberty group (as opposed to the Liberty Alliance) brought the case in 1999 to complain about the 1985 Interception of Communications Act. It's taken 9 years to get a ruling to the effect that that Act conferred "very wide discretion [...] on the State to intercept and examine" communications, and that this was not balanced by adequate protection against the abuse of those powers.

The interceptions in question related specifically to communication between the UK mainland and Ireland, and were operated by the MoD (Ministry of Defence). The Director of the Irish Council for Civil Liberties said the ruling found that "the UK's relatively sophisticated rules on data interception have failed to prevent unlawful interference with privacy rights".

Since the action was brought, the 1985 Act has been replaced by the 2000 Regulation of Investigatory Powers Act (RIPA), and I believe it was in 1998-99 that the offices of Surveillance Commissioner and Interception of Communications Commissioner were establshed (though if you know better, please leave a comment). I suspect that one response open to the government, then, is simply to maintain that any shortcomings of 1985-1999 have been addressed by the new legislative and regulatory measures put in place between then and now. As I understand it, though, RIPA confers far wider powers than the ICA did... (witness the extent to which RIPA, unlike the ICA, is used not so much to mount surveillance on IRA bomb cells, but to monitor that other offshore menace - people who clam-pick from unauthorised beds...).

At any rate, at that point I started to wonder; has the UK's governance regime for intercepted communications become more, or less 'sophisticated' since that time, and are we more, or less open to unlawful interference with privacy rights than we were then? The privacy and civil rights campaigners seem to wonder the same thing; they are calling for the current rules to be re-examined in the light of the ECHR case.

23 Jul 2008 5:14pm GMT

Jeff Bohren, in commenting on my post about "Attention architects" thinks I've overlooked an element for our Digital ID World discussion:

Dave Kearns wants to get everyone together to talk it all out. Helpful, I suppose, but limited because of the absence of enterprise application vendors. Without application vendor buy in, identity management is going to continue to be a mess.

Not an oversight, Jeff, but planned that way. Too often the vendors dominate the conversation - and pay little attention to what the customer wants. True, they claim to listen and they claim that the next version includes those features "our customers have asked for," but we all know the real truth. The plan - and it isn't my plan, but was promulgated by Boeing's Marty Schleiff - is to develop sort of a consensus roadmap for how it should be done - what steps the enterprise identity architects think should happen and in what order. Vendors who can satisfy that roadmap will reap the reward. Vendors who ignore it will wind up in my "where are they now?" file.

23 Jul 2008 3:43pm GMT

We released a new version of our popular Windows IWA Integration Kit. This is the integration kit that allows companies to leverage their Windows authentication for use in SAML or WS-Federation single sign-on.

New features in this release include:

· Improved Kerberos/NTLM fallback authentication

· Improved NTLM support for multiple domains

· Improved logging and exception handling

· Simplified adapter configuration

· Added support for Microsoft Vista Internet Explorer 7

You can download the new kit from our website at www.pingidentity.com.

23 Jul 2008 3:27pm GMT

The iPhone apps for Typepad and Wordpress made me jealous. But I found that there's a plugin for MovableType that provides a servicable interface for the iPhone. Typing HTML on the iPhone keyboard isn't easy. But if you have...

23 Jul 2008 3:09pm GMT

You wouldn't guess it from the announcement, but WordPress 2.6 completely changes the cookies set when a user authenticates, and in the process breaks quite a few WordPress Authentication Plugins, including Pamelaware for WordPress. I am fiddling with the fix now, but haven't quite perfected the process; I can set the new cookies, using the new [...]

23 Jul 2008 2:47pm GMT

先週金曜の 「第 3 回 Liberty Alliance 技術セミナー」, 開始直前にいきなりものすごい土砂降りになったにもかかわらず 110 人を越える方が参加されたとのことで, パネリストのひとりとして関わった自分としても, なんかうれしい. どうもありがとうございました.

当日ぼくが使ったスライドは以下. 基本的には Infocard Authentication Scenario Details や OpenID Bootstrapping ID-WSF 2.0 の内容を整理しただけなんだけど, それぞれを読み解くときの参考になれば幸いです.

23 Jul 2008 2:44pm GMT

As you probably know, I live in Washington DC. I take photographs in DC as well. We've got a few quirky rules here about that. For example, if you are on National Park land, you cannot use any photographic equipment that touches the ground. As you can imagine using tripods becomes a bit tricky. But [...]

23 Jul 2008 2:43pm GMT

今日, 会社の入ってる世田谷ビジネススクエアではお祭りが開催されてた. 今年はジャリズムを呼んだそうで, ものすごい人出.

「Sun だから世界のナベアツが来たんですね!」 by 大渕さん

23 Jul 2008 2:38pm GMT

I am headed to this year's Defrag conference and I pumped to do so. I didn't get to go last year which I really regretted, and Eric hasn't let me forget that either. I will be moderating a panel called: Can identity be a filter for information overload? Eric and I are in search of interesting people [...]'…

23 Jul 2008 2:25pm GMT

I'm sure you've been following the Terry Childs case. Mr. Childs was a sysadmin in San Francisco who decided to change a few passwords and thus locked the city out of their new wide area network. Though it is still not clear why Mr. Childs did this, he had been recently written up for poor [...]

23 Jul 2008 1:55pm GMT

The government has quietly launched two quite fascinating initiatives. I have no idea why there wasn't more fanfare. I was even at OpenTech, where one was announced, and I didn't know! Firstly, Show Us A Better Way Ever been frustrated that you can't find out something that ought to be easy to find? Ever been baffled [...]

23 Jul 2008 1:46pm GMT

If you are wondering why I've been so quiet for the last few weeks it's because my team has been heads-down working on the launch of OpenSSO Express, an early access version of the next release of Access Manager that is fully supported and indemnified by Sun. In short, customers that buy Sun Access Manager now also receive access to OpenSSO Express under a single license.

Customer can choose what they want to deploy. If our commercial builds have all the features you need and you want a traditional offering then use Sun Access Manager. If you are focused on innovation or key features that are not yet supported in our commercial release, but are available via OpenSSO then deploy OpenSSO Express. Regardless of what you choose you get a fully tested offering that includes Sun support and indemnification.

To help explain the benefits of this model I sat down with Redmonk's Michael Coté to discuss. Check out the podcast and let me know what you think!

Also, for more information on this announcement check out . . .

OpenSSO Express Feature Article

OpenSSO Project

OpenSSO Wiki

Sun Access Manager Product Page

23 Jul 2008 1:15pm GMT

Since no one in my team knew how to write Firefox plugin nor ActiveX, I had to wade into the muddy waters again. Firefox was pleasant enough so it took just a weekend. Feeling great, I started on the ActiveX (actually a BHO) version today (yesterday? time sure flies) only to discover I'll have to dig deeper than usual, to the mucky land of asynchonous pluggable protocol, just to do what I was able to do in Firefox with only a fistful of javascript.

IE architecture is simply insane. Firefox is screwed up too (horrible docs, changing API, etc.) but it's Disneyland compared to IE. For example, what genius decided that InternetSetCookie, a low-level API call could throw up a user dialog when all it takes to set a cookie is to load a page in hidden brower control and set cookie from the document to avoid third-party cookie preference setting? Nuts!

Thankfully, I am going camping Thursday. I can't wait to leave the muck behind me for some time in the woods. Only problem is that the muck will still be there when I come back...waiting patiently.

23 Jul 2008 12:26pm GMT