Andre Durand

Discovering life, one mistake at a time.

Archive for the ‘Identity’

New PingFederate Sharepoint Integration

September 25, 2007 By: Andre Category: Identity


Provides SharePoint Server Users Secure Internet Single Sign-On Based on SAML and WS-Federation

ID World, San Francisco CA – September 25, 2007 – Ping Identity
Corporation today announced that the PingFederate Integration Kit for
Microsoft® Office SharePoint® Server 2007 and Microsoft Office
SharePoint Portal Server 2003 is now available for download from When used with award-winning PingFederate, this
new kit provides Office SharePoint Server 2007 and SharePoint Portal
Server 2003 users with secure Internet single sign-on that is based on
the SAML and WS-Federation federated identity standards. Continue…

See you at Digital ID World 2007!

September 20, 2007 By: Andre Category: Identity

I’m pumped!

  • The Federation Users Group is approaching 100 registrations
  • We’ve got our party Monday night with Covisint
  • We’ll be previewing PingFederate 5.0
  • We’ve got our boat cruise Wednesday night
  • and we’re showing some killer payment meets identity demo’s with ACI

See you there.

Social Intelligence and Brain Development

September 19, 2007 By: Andre Category: Identity

I was watching a Discovery show last night on child brain development. Having studied a bit of this in college, I was under the impression that the density of neural connectivity was a proxy for IQ. While that still ultimately may be true, I learned something new. Recent studies have shown that in early brain development, neurons reach out and establish a dense set of connections, almost in anticipation of what might be called upon in future development. Later, many of these connections die. What determines a pathway which remains versus one that withers is classically Darwinistic. Those that are stimulated (used) remain, and all others Atrophy. This would partially explain why it is so important to stimulate the brain through different problem solving activities, music, the arts etc. during early childhood brain development.

As I tinker with social networking, I can’t help but correlate the social intelligence people develop at a macro level to childhood brain development and the entire concept of neural connectivity. While most of us may have many connections (some more than others according to LinkedIn), the quality and directness of our network, and how we choose to cultivate (stimulate) those connections ultimately dictates / predicts our ‘social intelligence’.

Life is indeed fractal.

No email Zen for me…

September 13, 2007 By: Andre Category: Identity

Ashish recently forwarded me a number of articles on achieving email zen — that is, the art of a clean in-box. Email habits, good or bad, die hard. In my particular case, I thought I had things basically under control, using the ‘Mark as Unread’ feature of Outlook to maintain visual flags for me to follow up on items that required attention. I think I have around 12,000 items in my inbox, dating most the way back to the start of Ping Identity. At any moment in time, I know there are some 20 or so items that require some sort of follow-up or future attention, but I hadn’t discovered the little feature in Outlook which allows me to instantly go back in time to aggregate all of this little triggers — until this morning.

Interestingly, if you’ve never clicked on the below link, the “unread” shows as empty. So this morning, having learned of this “filter by unread” feature, I clicked on it. Needless to say, my computer basically froze, and I watched with awe and terror as the counter climbed to over 3000 unread emails. This basically represents, 3000 things that in some manner of speaking, at some point in time, I thought worthy of some sort of follow-up.

eCommerce meets Identity Metasystem

September 11, 2007 By: Andre Category: Identity

Everyone at Ping knows I have a real hot button for the words ‘identity’ and ‘payment’ spoken in the same sentence. It’s with great pleasure then that I announce Ping Identity’s Ashish Jain and
Patrick Harding have been working with Sid Sidner, a master engineer at
ACI Worldwide and architect for ACI’s virtual SET wallet and 3D-Secure
products to bridge the worlds of eCommerce,
payment systems and the identity metasystem.

In two weeks, the
companies will demonstrate the use of managed Information Cards for
secure online purchasing. You’ll be able to see the demo at Ping
Identity’s Federation Users Group
, taking place during Digital ID World 2007 or at a dedicated
presentation by Sid on Tuesday at 2:05pm.

Worldwide is the world leader in retail payments – over half the
plastic card transactions in the world (55 billion last year) go
through ACI’s software at banks, merchants and networks in over 85
countries.  Ping Identity is
one of the leaders in the development and implementation of Information
Cards.  The two companies have put their heads together to develop a
demo of shopping with a payment Information Card.  They will be showing
this during Digital ID World 2007 at Ping Identity’s booth, #404.

identity metasystem concept embodied in Information Cards has
applications beyond pure authentication.  For example, Information
Cards could be excellent for supplying payment data to an e-commerce
merchant during a purchase.

It would go like this: A payment
provider such as a bank or PayPal issues a consumer a payment
Information Card.  Then the consumer can use it at participating
merchants.  They simply click a button which activates the identity
selector software on their PC, phone, or set-top box – an identity
selector like Microsoft’s CardSpace or any of the other ones being
developed.  The consumer selects the payment Information Card of their
choice, enters their PIN, and the identity selector gets the payment
information from the payment provider and returns it to the merchant.

consumer will like it because they don’t have to type in the card
number, expiration date, CVV, and billing address.  The merchant will
like it because the clickpath to order submission is shorter; they will
should get better merchant fees and fraud risk; and they don’t have to
store sensitive cardholder information in their databases.  The payment
provider will like it because they can dramatically lower their
e-commerce fraud.

An exciting aspect of this is that the
3D-Secure protocol used by Visa, MasterCard, and JCB, as well as the
PayPal protocol could easily be adapted to support Information Cards.

More on Click-Fraud

August 30, 2007 By: Andre Category: Identity

Click fraud occurs when a person or a computer program clicks on an ad to generate a fraudulent cost-per-click charge.

Quite coincidentally, Mike here at Ping forwarded me an article published only a few days back by

  • Yahoo has created a new Traffic Quality Center — an online resource designed to help
    provide greater transparency as to what the engine is doing to help
    define, prevent and protect against click fraud.
  • Microsoft’s adCenter
    now features Click Quality Reports, giving advertisers better visibility
    into click quality.
  • Google just-introduced the Ad Traffic Quality Resource Center and its Internet
    Protocol Address Exclusion — a product that allows advertisers to
    exclude IP addresses where advertisers don’t want their ads to appear.
    Google said it continues to develop new filters and systems used to
    detect invalid clicks.

I know that at least with Google, there is a method of petitioning to have some of our advertising dollars refunded if it can be proved that the charges originated from click-fraud.

Sounds to me like a perfect start-up business idea. That is, build a system that demonstrates where click-fraud occurred and run around to all of the advertisers listed on the link-farm web pages, exposing their fraudulent advertising charges and helping them receive refunds from the ad networks. If someone did this for Ping, I’d gladly pay 50% of the refund to that person.

Do this effectively, and I’ll bet the ad networks get their act together on this issue pronto.

Google’s Dirty Little Secret

August 27, 2007 By: Andre Category: Identity

My company recently signed up for a hosted marketing campaign solution which provides us all sorts of statistics on where and how traffic gets to us on the web.

The guy in charge of our marketing campaigns, and also our Google Adwords spend (which I’ve been a big supporter of for the past few years), recently ran a report and discovered nearly 2/3rds of our traffic generated from link-farm websites such as — which by the way advertises everything from Java Open Source tools to XXX adult websites.

Clearly no-one legitimate finds their SAML federation software through these websites, which have completely consumed nearly every domain not used by a real company. By simply tracking back the origination of the click-stream, we found most of the traffic originating from countries like Egypt, Indonesia, Turkey, Algeria etc.

I suspect these link-farms are making a killing off the billions being spent by legitimate companies hoping to find legitimate buyers through syndicated advertising networks such as Google Adwords (where we had been focusing the bulk of our online marketing budget).

It apparently doesn’t take a tremendous amount of sophistication to find out if your hard earned marketing dollars are being scammed by link-farms, zombies and botnets. If you spend any money at all in on-line advertising, you might want to look into where your clicks are coming from.

I’m not sure how much of this has been written about in the press, or even acknowledged as a problem, but the shear magnitude of the issue if extrapolated from our small little experience, is simply daunting.

I’m a fan of Google, and also of online advertising in general. I knew this was happening, but figured it represented perhaps 10%. Finding out it represented over 50% was the surprise.

Lake Powell 2007

August 24, 2007 By: Andre Category: Identity

Every year for the past 7 years a few friends and I have done a house boat trip to Lake Powell. The trip is, in my opinion, one of the very best vacations. These pictures speak the truth…

Photos Part 1:

Photos Part

$11 Billion Food Supplier does SAML 2.0 in 15 business days

August 06, 2007 By: Andre Category: Identity

We’re moving into a new phase here at Ping Identity, celebrating not just a customer win, but instead our customers success. Accelerating our customers time to production with federation is something we take very seriously.

Recently, an $11 billion food supplier purchased
PingFederate to enable web single sign-on for their 33,000 employees
connecting with Rearden Commerce, also a PingFederate customer (who now has 15 SAML connections in less than 1 month). The
secure connection was established using SAML 2.0.

Commerce provides corporate travel and expense management to enterprise
customers. From first interaction to having the software installed and
in production took less than 15 business days.

A connection a day, here we come.

Major Pharma Federates in 27 Days from Start to Finish

August 02, 2007 By: Andre Category: Identity

One of our customers, a major pharmaceutical company, successfully went into production with SAML-based single sign-on just 27 days after contract signatures!

is an impressive timeline when you consider that this was an enterprise-grade deployment between two companies and included the development and testing of a Custom PingFederate Integration Kit! 

The use case involves as many as 5000 employees of the pharmaceutical company
federating into an Idea
Management solution hosted by another SaaS vendor.  The solution includes 2 single connection
PingFederate servers on one side connecting to 2 single connection
PingFederate servers with the Service Provider (the 2 servers are for redundancy). Note that both sides were not required to use PingFederate, and either side could have used any SAML compliant
product. It just so happened in this case speed of deployment was a
major consideration, and after careful analysis, both parties
appreciated how only PingFederate could be installed and integrated in such short

The pharmaceutical company (acting
as the identity provider for their employees) is using the LDAP
Authentication Service to enable first mile integration.  The service
provider in this use-case had a requirement for a Lotus Domino
integration kit.  Ping Identity also provided a PingEnable Fderation
QuickStart bundle for shared implementation services and training
between the two federation partners.