Trust vs Confidence

Over the years, in my own mind, I have built specific semantics around the terms 'Trust' and 'Confidence'. These are closely related to the validity of 'Proof'... I think that often the use of these terms in the vernacular are too fuzzy to be of use in identity system discussions. I would posit:


Security and its many mechanisms are used to establish trust; once trust is established, you just trust. My canonical use-case for this is access to the school blog. I can grant or revoke write access to my kids' school blog. I give access to people who I trust will only post age appropriate material. I could use manual or automated mechanisms to check posts before they are published but the effort or cost outweighs the risks. I choose to trust. Trust is a human, emotional, social construct that implies a loosening of control. Trust can be Continue reading "Trust vs Confidence"

Eight years and counting

Well it was 8 years since I last posted here and 12 years since I started this blog and I have to ask... what has changed, what has been achieved in all that time?  I've been out of touch with this space for a while and i'm going to go on a little personal voyage of discovery to see what I can learn and see if any of the fundamental problems have been solved.

My first step is going to be attempting to articulate in abstract terms what I consider to be 'the fundamental problems'.

My primary point of interest since this all started has been to give people access to and appropriate control over data about themselves and their transactions. It is well known that the likes of Google, Facebook, Experian, Equifax and many others make their money trading in data generated by or about us. These companies Continue reading "Eight years and counting"


If you have a chance; check out this proposed session for SXSW: Have you noticed that when you search the internet you probably don't see results from the stuff that you pay for (subscriptions, stuff available through your local library, etc...)? this panel will discuss how we could fix that... If you think that would be useful.. go give it the thumbs up.


I have written about reputation in the past and continue to evolve my thinking on the subject. I had an interesting interaction last weekend with Lillie Coney of EPIC while on a panel together at ALA. Lillie described the legal frameworks that exist to both protect and circumvent our privacy as a lawyer and a privacy expert she described the steps necessary to strengthen our privacy position in the law. I found myself pushing back on Lillie; expressing that Reputation systems are just as important as systems of accountability for privacy as legal frameworks. If we had more time I think we might have had an interesting discussion on the subject.

Here's the summary I reached in my head: I do not deny that the legal system works to protect our privacy interests at certain levels. However, as an individual with a compaint against a large company I have very Continue reading "Accountability"

Is anybody out there

It's been a long time since I blogged :-( and even now I'm just asking a question...

Now that I am actually implementing SAML stuff, specifically Shibboleth (mainly web sso). What book would you recommend I buy?


What is SSO

One of the hottest issues in Identity Management is often referred to as SSO; Single Sign-On. However it is a horribly misunderstood and misused term. I will try to give a brief overview of what SSO is and isn't.

What most people mean when they say SSO is the user experience of accessing multiple services and systems but only having to 'log-in' once. On the face of it SSO sounds great but there are some pitfalls that we have to be wary of. If we aren't very careful, the 'ease' of SSO is bought at the cost of privacy.

The type of SSO that I am going to explore is the "HTTP Redirect" SSO mechanisms that are widely deployed for SSO on the web. This includes OpenID, Shibboleth (Web SSO), SAML (WebSSO), FaceBook, Yahoo! and Google, to name a few. These protocols differ in many details and have different strengths Continue reading "What is SSO"

IDM 101

I am now blogging at I am going to be posting a series of posts that introduce basic Distributed Identity Management concepts, as I understand them.

I can't decide if I should double post those posts here as well:

reason to post here..

although it is all basic stuff I am interested how much my understanding and articulation of the basics aligns with your understanding.

reasons not to post here..

if you want to read the stuff over there... you can just get that feed too.

What should I do?

What’s in a claim?

The use of infocards does not dictate a specific authorization pattern. There are at least 3 authentication patterns at play that I can see... Identification, Roles based and Claims based... We can, and do, use all three of these interchangeably and simultaneously. I will explain what I think these three patterns are:

Identification:- Provide a previously know ID that relying party can resolve to a user record that has all of the additional information needed to make permission decisions. In this case only one claim is ever needed... the ID as one assumes that ALL other information is in the user record. The major problem with this pattern is that sharing the same ID between different relying parties is often impractical and definitely bad from a privacy standpoint. Using pair-wise PPIDs does not really satisfy the Identification pattern as all you are enabling is the ability to say "this is Continue reading "What’s in a claim?"

The winner is:

As you know, I have been trying to decide how I think we should model the ‘roles’ claims for the ICF’s pilot Library Card project (see my last post: The Claim Game). I have talked, emailed and blogged with a bunch of people who have opinions on the subject and have come to the following conclusions.

Off the point for a moment: There seems to be some consensus that if the policy description and interpretation step that goes on between the relying party and the ‘selector’ was richer then we may have better options open to us. However, today the Information Card specification is what it is and I don’t recommend putting a hold on our project in the hope that it might change.

The options that we have are either to have a single ‘roles’ claim that contains a list of the roles that the user has been granted, Continue reading "The winner is:"

The Claim Game

I-Cards provide a mechanism to deliver claims to relying parties (RPs) . The first i-card claims that we all became familiar with were the ones built into the CardSpace v1 client. While one COULD build an RP that asked for claims that were not one of this standard set the chances of finding a user with a card that had any other claims was pretty slim.

We are now entering the next stage of i-card evolution and adoption where we want to start to extend the list of claims. I am finding that the simple patterns established by the first claim set makes this issue seem more trivial than it is.

The pattern that I personally, mistakenly, thought I was seeing in the WS-*, InfoCard, dance was:

RP says to Card Selector: “I want a nickname claim”
Card Selector says to User: “Pick one of these cards that has a nickname Continue reading "The Claim Game"

Resolution Revolution

So I learned a little this week about sockets and it has given me pause to think about the realities of 'success' in regards to MASSIVE the adoption of the protocols that I tend to talk about on this blog.

They say a little knowledge is a dangerous this... well here I go... head first:

DNS resolution has been under attack recently (last 6 month) from a new set of poisoning attacks. One of the main reasons the attacks work is because DNS uses UDP and not of TCP. The basic fix that has been implemented is Source Port Randomization but even that has been brute force attacked.... so people speculate as to what else could be done. One idea was make every request twice and the answers MUST match (this is known as debouncing). Another option proposed is, just use TCP instead of UDP.

So here's what I find Continue reading "Resolution Revolution"

Is this reputed to be a reputation?

There's a great thread going on about reputation on one of the lists I read. I tried to respond to the thread, which is something I NEVER do, but apparently it has been too long since I was active so it wouldn't let me.... So I'm weighing in here for any one to check if they like.

Another definition of reputation:

Reputation is the result of running an evaluation algorithm over a set of input data.

Some sample input data:

a) Number of sale transactions and number of complaints
b) Number of IM connection requests and number of IM spam reports
c) Ebay reputation, Credit score and number of points on my drivers license.
d) How much 100 people, selected at random, like Diet Coke

The evaluation algorithm can be very simple or very complex.... Ebay's is arguable very simple and Fair Issac's has a very complex algorithm.

Arguably the Continue reading "Is this reputed to be a reputation?"

The next stage

Well now the rubber is going to meet the road....

The people that I now call associates, and my boss, know a LOT more than I do about the management of massive repositories of distributed data. So now I get to test some of the ideas that I've talked about here over the years...

I now work at OCLC, the Library People. My job is specifically working on Identity Management and Authentication. These things obviously only make sense in the context of controlling access to information resources.

As I learn the differences between what I have guessed is important and what really is important for the OCLC use cases I'll let you know how good or bad my thinking of the last couple of years has been.

I will still be engaged in the standards process and will bring the OCLC needs to the table as concrete examples of Continue reading "The next stage"

The times they are….

If you are reading this you probably know me and my work.

Together with my team of awesome co-workers we have tried to help move the art and science of distributed identity management and distributed data sharing forward. I think we have done some good work and would like to think that we have contributed positively to the general progress.

Unfortunately, as many of you know, advancing technology doesn't actually pay the bills and we can't pay the bills any more :-(

ooTao as we know is going to go away. I thought that we had a purchaser for the company but it looks like that is going to fall through. I am devastated to think that body of knowledge and the body of work that we have built up over the last 4 years is just going to evaporate but it looks like that might be what happens. The Continue reading "The times they are…."

A Wag for the TAG

The interference of the W3C in the XRI vote at OASIS is unprecedented and disturbing. The W3C has rebuffed all efforts by the XRI TC to engage in any form of dialog about the technical merits of XRI. Despite repeated attempts by the XRI community to show the use cases that XRI is solving the TAG make vague statements like 'you can do everything in URL'... This statement is clearly and patentley meaningless without specifics....

It all well and good that SOME of the stuff that XRI does CAN be done in URI/URL but without specifying a STANDARD way of doing stuff the ability to do it is next to useless!!

There are parts of XRI that you simply CAN NOT DO with URI.... Like resolve an abstract identifier (urn).

There are hundreds of millions of users with services that use the xri specs (OpenID being the best known). The Continue reading "A Wag for the TAG"

Let every eye negotiate for itself

Paul's response to my latest post put me in mind of Claudio in Act 2 scene 1 of Much Ado About Nothing...

Let every eye negotiate for itself
And trust no agent; for beauty is a witch
Against whose charms faith melteth in blood.
Paul is correct that I must qualify my posts more carefully.

There is as yet no agreement on all of the mechanisms of claim and assertion exchange. While the ability to differentiate a self asserted claim and an issuer asserted claim in a managed infoCard is useful in some cases it is not the ONLY answer to the problem. The fact that I have a widely deployed client provider that wants to consume claims in this way is a pure Business Detail that should not impact the purity of the technical discussion.

As Paul points out a Better way to do this would be for us Continue reading "Let every eye negotiate for itself"

The Claim Game

ooTao's Managed InfoCards now include a verified email claim and verified i-name claim.

If you want to consume these claims you will need to ask for:
I have blogged previously about how you might validate an iname claim

We are publishing our own 'white list' of claims providers that we consider 'trustworthy' in order to 'trust' the verified email claim. More on that soon.

If you want to start consuming our verified claims at your RP just let us know and we can do some testing together.

Did Info Card help?

I like InfoCards... I like the idea that I will not have to remember the usernames and passwords. I am confident the MS will work out how to solve the 'portability issue'... BUT.... I just went through InfoCard hell!! I'm still shaking as the adrenaline that built up is trying to drain from my body... this can't be good for me. Let me tell you what happened.

After a long week at IIW and Data Sharing Summit and OpenSocial Spec meeting, I am finally checking in on the blogosphere at 5:30 am on Saturday morning and I see this really cool thread on Kim's blog. It's all about the qualities of Distributed Data Management that I have been talking about for years, but, it's Kim and Dave and Clayton Donley, who is the Senior Director of Development for Oracle Identity Management.... I get so excited, I have to add Continue reading "Did Info Card help?"

iPages a go-go

I was reading Kevin Marks post that looks at Brad Templeton's post about the interplay between data portability and behavior portability. As I commented on Kevin's blog I agree with them 80% but think that Brad's proposal has one flaw.

I disagree that it is practical or desirable to create a centralized data store. I think there are a couple of issues with that model. The first is the security implications of having everything in one place... that scares me. The second issue is, I think key, to the success of this model...

The 'place that I have access to all my data and can therefore run my OpenSocial apps', lets for the sake of ease call it my 'iPage' can and should provide me all of the user interactions I need to manage my virtually aggregated data. Specialized 'Widget Providers' should give me widgets that give me data domain Continue reading "iPages a go-go"