Andre Durand

Discovering life, one mistake at a time.
Subscribe

Archive for February, 2006

PingTrust v1.0 Now Available – Identity for Web Services

February 13, 2006 By: Andre Category: Ping Identity

After 9 months of hard work and sweat (not by me of course, but the Ping engineering, sqa and marketing teams), I’m proud to announce that we released our 3rd major product here at Ping — PingTrust v1.0. It’s the first complete stand-alone WS-Trust server and Security Token Service for creating, validating and exchanging security tokens. While at this stage it’s focused mostly on large, internal enterprise use-cases, it serves as the foundation for our support of Kim Cameron’s work around InfoCards and consumer facing identity. It’s basically a Java STS, which is the foundation for creating an InfoCards server in support of Microsoft’s identity metasystem.


Why PingTrust



About PingTrust


Applications depend on user-level identity to protect critical resources, generate audit trails for regulatory compliance and support user-based billing. However, Web Services and SOA have lacked standards-based mechanisms for enabling trusted user identity, making these important functions difficult – if not impossible – without introducing proprietary application-level extensions that breach Web Services principles and introduce questionable security.


PingTrust builds on two open security standards that set the stage for true interoperability and a solution that scales. OASIS Web Services Security 1.0 (formerly WS-Security) allows for the embedding of security tokens in SOAP messages, while WS-Trust establishes a mechanism for obtaining and validating tokens from a Security Token Service (STS). PingTrust is such an STS. It supports both .NET and Java applications, Web-based and rich clients. PingTrust can operate on the Web Services Client-side, Provider-side or both sides of a Web Service transaction.



“With PingTrust, the concept of user session no longer ends at the application a user originally logs into, either directly or via federation,” commented Patrick Harding, chief technical officer, Ping Identity. “Instead, user session and identity now follow SOAP messages wherever they may go throughout the SOA.”


“By supporting WS-Trust, Ping Identity is providing a Security Token Service that can participate in the Identity Metasystem. This enables identity information to be exchanged using industry standard Web services, regardless of the underlying platforms” said Michael Stephenson, Director of Identity and Access at Microsoft. We look forward to Ping’s products interoperating with Microsoft technologies, including .NET, Active Directory and the upcoming ‘InfoCard’ technology.”


PingTrust: Caller ID for Web Services


Using PingTrust, a Web Services client can exchange the security token being used in the local security domain, such as a Kerberos ticket, for a SAML token that represents the original user’s identity in other federated security domains, including those at other companies. After being bound into a SOAP message and delivered to a Web Services Provider, the Provider will know who originated the request and will be able to use that information in determining how to process the request.



PingTrust is a lightweight, standalone, modular product that:



  • Provides out-of-the-box support for several token types including SAML 1.1 and SAML 2.0, x.509, Kerberos and username/password, and is extensible to support custom tokens
  • Provides a Web-based console for 100% GUI configuration
  • Moves identity-related security and cryptography code out of applications by consolidating token security token processing into a centralized, shared server
  • Aggregates trust management to dramatically simplify administration
  • Does not require a heavyweight identity management system

Datasheet | Download PingTrust v1.0


Business Models 101 — 1 Degree from Money is better than 6

February 03, 2006 By: Andre Category: Ping Identity

By now I’m sure you’ve all read about the concept of 6 degrees of
separation. Similar to my fascination with wave theory, I’ve been
intrigued with this concept as it applies to business models. How many
times have you heard of some great Internet related business concept
wherein the business model was at least 6 degrees removed from money
changing hands?

I’ve got a new filter when I evaluate ideas, which goes part and parcel
with my thinking around bootstrapped businesses, and that is, 1 degree
of separation is better than 2 — especially when it comes to how a
business will make money. In the ideal situation, you’d put yourself in
the 0 degrees of separation from money, such as a bank. You’ll notice
how most of the skyscrapers  in NY bear one of their names. Enough
said.

A Lost Art – English

February 03, 2006 By: Andre Category: Life

Email, instant messaging, voice chat — all of these venues of communication favor shorter,
more concise (but not necessarily more meaningful) flavors of conversation.


In a sense, in today’s speak, you’d have to write 10 pages
to convey the meaning of simply 1 paragraph as written below, and in the process,
you’d lose the very meaning you intended to communicate in a forest of jibberish.



Four score and seven years ago our fathers brought forth on this continent a
new nation, conceived in liberty and dedicated to the proposition that all men
are created equal. Now we are engaged in a great civil war, testing whether that
nation or any nation so conceived and so dedicated can long endure. We are met
on a great battlefield of that war. We have come to dedicate a portion of that
field as a final resting-place for those who here gave their lives that that
nation might live. It is altogether fitting and proper that we should do this.
But in a larger sense, we cannot dedicate, we cannot consecrate, we cannot
hallow this ground. The brave men, living and dead who struggled here have
consecrated it far above our poor power to add or detract. The world will little
note nor long remember what we say here, but it can never forget what they did
here. It is for us the living rather to be dedicated here to the unfinished work
which they who fought here have thus far so nobly advanced. It is rather for us
to be here dedicated to the great task remaining before us–that from these
honored dead we take increased devotion to that cause for which they gave the
last full measure of devotion–that we here highly resolve that these dead shall
not have died in vain, that this nation under God shall have a new birth of
freedom, and that government of the people, by the people, for the people shall
not perish from the earth. A. Lincoln 

Globalization: Turning the Globe into One Big Ford Production Line

February 03, 2006 By: Andre Category: Life

Globalization is turning the world into one large production line. Everyone, and indeed every nation must realign itself within a larger construct, focusing in on what it can do better than any other nation. Gone are the days when balance and equilibrium of a single countries ecosystem will suffice. In a more granular sense, this concept also applies to people, and therein lies both the dilemma and opportunity for America in the century ahead.