Andre Durand

Discovering life, one mistake at a time.
Subscribe

Archive for June, 2005

Automobile Cloning

June 11, 2005 By: Andre Category: Ping Identity

My wife was telling me last night about auto-cloning, which is essentially auto-ID theft. People apparently copy registered VIN numbers and then use cars with the copied VIN’s to commit crimes. When the cops find the cars, they match the VIN’s back to regular Joe’s.


Looks like we need auto-biometrics. In my particular case, you could take a food-print (french fries, cookie crumbs mixed with slobber) from the car matt my daughters safety seat. I’m quite sure it’s a unique brew.

7 Reasons why InfoCards Matters

June 10, 2005 By: Andre Category: Ping Identity

Bryan, David and a few others over here in Pingland were kicking around some afternoon whiteboarding ideas on InfoCards. Figured since I’m getting back into my bloghead, I’d start posting a bit more…  



  1. It centers on the user. Users rule.
  2. It can stop Phishing attacks cold — as we know them today
  3. It’s better than Gator-like utilities or IE’s auto formfill for new account registration
  4. It provides users with the convenience of SSO
  5. It eliminates the need to manage weak passwords
  6. It’s a branding opportunity for 3rd party Identity Providers
  7. And of course, the client will be built into every Windows desktop

Challenges to overcome…



  • How to roam and maintain your InfoCards
  • How to recover if something bad happens to your computer
  • How to enable InfoCards on other operating systems
  • How to streamline the 1st time user experience

Implications



  • Existing consumer-facing (external) federation use-cases will be displaced by user-mediated exchanges of attributes between IdP’s and SP’s
  • A battle will ensue between companies looking to become the branded (most trusted) identity providers

InfoCards = Third Leg of Stool

June 07, 2005 By: Andre Category: Ping Identity


I’ve been giving a lot of thought lately to both the concept of a token generation/validation/exchange service, as is defined within the WS-Trust specification for a Security Token Service (“STS”) and Kim Cameron’s work around InfoCards. It all came about as a result of our participation with Microsoft demonstrating interoperability of a Ping developed (J2EE) version of WS-Trust and Microsoft’s new InfoCards client at Digital ID World 2005 in SF.


I think this is a scenario where 1+1+1 (SP’s + IdP’s + End User) is going to equate to much more than 3. The concept of InfoCards is, in my mind, the third leg of the stool. We must involve the end-user in the movement of information which pertains to their identity in order to create a balanced, sustainable equation where a balance of power exists among all three constituents in a mature identity ecosystem.  It’s the reason Ping got involved in identity in the first place!