Andre Durand

Discovering life, one mistake at a time.

Archive for the ‘Ping Identity’

Identity goes ‘Platinum’

June 03, 2004 By: Andre Category: Ping Identity

I’ve noticed an interesting trend recently with respect to general enterprise recognition surrounding the importance of ‘identity’. I’ve spoken with several companies in the past four weeks who have all indicated that ‘identity’ is being treated as a ‘platinum’ technology or strategic directive. Some companies are even letting initiatives surrounding security slide as a result of their focus on identity, as they see identity as more central to their integration, management and security agendas.

I suspect this is all an early indication of identity moving to center stage within the next 12 to 18 months.

Interview with Halley Suitt of Worthwhile

June 01, 2004 By: Andre Category: Ping Identity

Did an interview with Halley of Worthwhile here about Ping’s birth.

ID Getting Hot…

April 17, 2004 By: Andre Category: Ping Identity

The Heat Index – April 2004

TheInfoPro (TIP) interviewed 175 Fortune 1000 companies about their purchasing plans for nearly 40 IT security products and services. The Heat Index is TIP’s ranking of these technologies by the immediacy of planned implementation and level of security spending — the higher the score, the higher the priority and the greater the spending level. The values are normalized, so the maximum is 100 and the minimum is zero. Here are the 15 top-rated technologies:

1. Identity Management Infrastructure 100
2. User Provisioning Infrastructure 90
3. Single Sign-on Infrastructure 89
4. Intrusion Prevention — Perimeter Perimeter 87
5. Wireless LAN Security Infrastructure 84
6. Patch Management Management 73
7. Vulnerability Management Management 66
8. Security Dashboard for Ops Management 65
9. Intrusion Detection — Perimeter Perimeter 63
10. Secure Messaging Perimeter 63
11. Secure Wireless Devices Infrastructure 61
12. SSL VPNs Perimeter 61
13. Enterprise Security Management (ESM) Management 59
14. Intrusion Detection — Host Infrastructure 58
15. Intrusion Prevention — Host Infrastructure 56

Social Networks – Not ready for prime-time in current incarnation…

March 21, 2004 By: Andre Category: Ping Identity

Eric, myself and Doc Searls are speaking tomorrow afternoon (Tuesday, March 22, 2004) here at PC Forum 2004 on the subject of social networks and federated identity.

To be honest, I can’t quite recall how this particular subject was selected, because personally, I see neither a hard nor immediate intersection of the two anytime soon. That said, as I’ve spent the past two years thinking of and writing about identity and federation, I thought I’d focus instead on some thoughts surrounding the current social networking attempts…  

In early observation and through some tinkering around, in my opinion, I’m not yet sold on the current approach taken by many of the social networking sites. The reasons being…

Social Networking Systems strive to capture a social map of our connections and relationships manually rather than deduce or construct them through automatic means. Data-Collection via Manual Means = BAD & IS INHERENTLY INACURATE & ALMOST IMMEDIATELY OUTDATED.

Furthermore, networking is only a conscious or purposeful activity for a small percentage of the population.

To be a truly powerful technology, as well as both more relevent to the larger population as well as inherently more accurate, social networking systems should focus on an automated means of data-collection (the data itself has no alterior motive or ego).  One way to do this might be to insert (with the users permission), agents or listeners ‘in-stream’ to our existing communications systems (such as Spoke) and then focus the attention on the algorithms which accurately reconstruct a social map of our connections as well as the relative strength & context of the connection.

Illustration of Problem Associated with the Manual Approach: How many of you have received a request to ‘network’ from an individual who you don’t recognize? I’ve received several. Now, my memory’s not too good, so often times, I’m afraid that I should know the individual, and just can’t remember them. What to do? If I accept the connection, I’ve got a rogue individual in my ‘network’ that shouldn’t be there. If I decline, then I might be perceived as rude. More on the promise of future utility and the possibility that my reputation as ‘popular or useful’ might somehow be gaged by how many connections I have than for practical reasons, I accept most of these connection requests. Furthermore, how many of you have taken the time to run through your connections and ‘tag’ them with ‘friend, business acquaintance or family member?’.

In summary:

  • My social network will never be accurately mapped in a ‘place’ or ‘destination’ as long as the process of creating the map is external to my day to day activity.  

  • Starting from my existing personal networks as represented by my IM, email and phonebook contacts, it should be completely possible to first mine and then automate (through smart algorithms) the process of creating a social network map, and do so in a way which bypasses the inherent problems associated with manual data-collection.





The Identity Waterfall Effect

March 14, 2004 By: Andre Category: Ping Identity

While a growing number of people are beginning to grasp the central theme of identity when attempting to solve various IT challenges surrounding integration, management and security, I’ve been fascinated by how they get there. Initially at least, the problem domain is classified as falling into one of the three categories mentioned above. However, no matter where the problem is initially attacked, the solution focus invariably slides down, like a cascading waterfall, to land within the domain of identity. I believe this occurs because only through identity can distributed trust be established at all levels of the network and true dynamic scalability of everything talking to everything without sacrificing security, auditability & accountability be achieved. I call this the Identity Waterfall Effect, and until identity becomes a ubiquitous component of our network infrastructure, all integration, management & security solutions are doomed to resolve only point or domain specific problems. 

Federated Identity Adoption Statistics

February 22, 2004 By: Andre Category: Ping Identity

We recently conducted a survey of 138 SourceID downloaders, asking them a series of questions designed to better understand  why they were federating (SSO or other) and with whom (partners, customers etc.). We were surprised to see nearly 41% of all respondants saying they were federating internally first.  

Founders of Jabber & Ping Discuss Future of Identity and Presence

January 19, 2004 By: Andre Category: Ping Identity

Jer called a few weeks back and said he wanted to visit some of his old Jabber friends from Denver. Having not seen Jer in some time, and wanting to re-spark some of our old conversations, this time around instant messaging, presence and identity, we flew Jer out to spend the day with us. Turns out we have a number of Jabberites in the Ping crew, so we got together for a photograph, just for old times sake.    

Identity Federation. Making Pizza Delivery More Efficient in 2015

January 05, 2004 By: Andre Category: Ping Identity

I received this email from a friend today which I thought was pretty funny…

Let’s hope it never comes to this. 



Operator: “Thank you for calling Pizza Hut. May I have your…”

Customer: “Hi, I’d like to order.”

Operator: “May I have your NIDN first, sir?”

Customer: “My National ID Number, yeah, hold on, eh, it’s 6102049998-45-54610.”

Operator: “Thank you, Mr. Sheehan. I see you live at 1742 Meadowland Drive, and the phone number’s 494-2366. Your office number over at Lincoln Insurance is 745-2302 and your cell number’s 266-2566. Which number are you calling from, sir?”

Customer: “Huh? I’m at home. Where d’ya get all this information?”

Operator: “We’re wired into the system, sir.”

Customer: (Sighs) “Oh, well, I’d like to order a couple of your All-Meat Special pizzas…”

Operator: “I don’t think that’s a good idea, sir.”

Customer: “Whaddya mean?”

Operator: “Sir, your medical records indicate that you’ve got very high blood pressure and extremely high cholesterol. Your National Health Care provider won’t allow such an unhealthy choice.”

Customer: “Dang . What do you recommend, then?”

Operator: “You might try our low-fat Soybean Yogurt Pizza. I’m sure you’ll like it.”

Customer: “What makes you think I’d like something like that?”

Operator: “Well, you checked out ‘Gourmet Soybean Recipes’ from your local library last week, sir. That’s why I made the suggestion.”

Customer: “All right, all right. Give me two family-sized ones, then. What’s the damage?”

Operator: “That should be plenty for you, your wife and your four kids, sir. The ‘damage,’ as you put it, heh, heh, comes to $49.99.”

Customer: “Lemme give you my credit card number.”

Operator: “I’m sorry sir, but I’m afraid you’ll have to pay in cash. Your credit card balance is over its limit.”

Customer: “I’ll run over to the ATM and get some cash before your driver gets here.”

Operator: “That won’t work either, sir. Your checking account’s overdrawn.”

Customer: “Never mind. Just send the pizzas. I’ll have the cash ready. How long will it take?

Operator: “We’re running a little behind, sir. It’ll be about 45 minutes, sir. If you’re in a hurry you might want to pick ’em up while you’re out getting the cash, but carrying pizzas on a motorcycle can be a little awkward.”

Customer: “How the heck do you know I’m riding a bike?”

Operator: “It says here you’re in arrears on your car payments, so your car got repo’ed. But your Harley’s paid up, so I just assumed that you’d be using it.”

Customer: “@#%/$@&?#!”

Operator: “I’d advise watching your language, sir. You’ve already got a July 2006 conviction for cussing out a cop.”

Customer: (Speechless)

Operator: “Will there be anything else, sir?”

Customer: “No, nothing. Oh, yeah, don’t forget the two free liters of Coke your ad says I get with the pizzas.”

Operator: “I’m sorry sir, but our ad’s exclusionary clause prevents us from offering free soda to diabetics.”

Radio Interview w/ Doug Kaye on Identity Federation

December 06, 2003 By: Andre Category: Ping Identity

Doug Kaye of IT Conversations interviewed me this past week on the subject of Identity Federation. We covered a lot of topics, and he asked some loaded questions, for which I was a bit verbose in responding. Thanks to Doug’s editing, the interview is actually pretty informative. Listen to Interview

Observation – How Federation Progression Appears Similar to Network Evolution

December 04, 2003 By: Andre Category: Ping Identity

Phil Becker of Digital ID World comments on Ping’s recent technology brief discussing the Topology of Federation.

I just finally got around to reading your topology white paper, and I was struck really hard by how this is all re-tracing the steps of basic computer architecture and comms.

The Service Provider Hub looks so strongly to me like a “terminal/host” mainframe application configuration drawing it’s scary.

The Identity Provider Hub starts to seem to me like its becoming early client/server with a “heavy client” or “thick client” (chose your term) feel, allowing it to be used across carefully controlled boundaries where setup, enrollment, and structure must still be enforced outside the system itself.

The Cross-Domain Federation is clearly the move to actual networked interconnection, rather than configurations made up of point-to-point or multi-point connections. The main transformation it creates seems the same as the one LANs created, allowing many peer-to-peer and other ad-hoc logical constructs to occur in the same “pipes” thus allowing far more flexibility etc. – all the benefits of networking, but also eliminating the ability of any outside structure to support the system in delivering security or predictability in operation and delivery of results (so the system must fully implement all of the rules and structure it needs – no crutches left.)

I don’t know if any of this has any deep meaning, or just reflects that this is how everything evolves (first a simple, hierarchical structure leveraging the existing infrastructures – works ok as long as there are only a few participants – then evolving in steps into the self defining, adaptive networked systems satisfying many different missions simultaneously). But for some reason I was struck hard by it when reading the paper and looking at the drawings.

Maybe I should call it “the progression” of technology, or something – from primitive, overly simplistic first steps to the fully networked, highly adaptive and flexible end point that lets it do what was always wanted (but which is really hard to understand and build.)