Andre Durand

Discovering life, one mistake at a time.

Archive for the ‘Identity’

Open Source CardSpace C Library

October 16, 2007 By: Andre Category: Identity

Ping today announced the release a new open source CardSpace Relying Party C
Library. This component will help Web developers create
applications that can accept Information Cards for single sign-on.

We partnered with Microsoft to produce these C libraries, and they are designed for generic use with any Web site or service. They are licensed under the BSD license and can be downloaded at To download a reference sample application, which demonstrates how the C Library
can be easily embedded in a PHP application, feel free to visit

Simply Amazing

October 14, 2007 By: Andre Category: Identity

Paul Potts Video – Sharing this video is a gift.

Transcending Your Limitations

October 11, 2007 By: Andre Category: Identity

Bernie Daina, a friend who specializes in corporate organization, was talking about what he looks for in a resume before an interview. Among other things, he spoke about looking for an individual who continually transcends their limitations.

This is a topic quite close to my heart, because, it speaks to the possibility that some individuals actual can and do fundamentally improve themselves over time.

I’m not an ‘operator’ CEO, and likely never will be. Fact is, I don’t posses the talents of an ‘operator’. But I’m tenacious, open-minded, and aware of this. When I look for partners, I look for people who fill this lack of skill.

Realizing this limitation, I’ve become conscious about working at it, and I’m determined improve and transcend this limitation, if not in myself, then by choosing to surround myself with operators. Will I ever be better than someone who’s training and genetics are simply more in tune with world-class operator-like behavior? Never, but that doesn’t mean that I can’t be effective.

It’s funny how people get labeled, and how those first impressions stick with people long beyond their useful life. I used to be offended when people referred to my lack of talent in a particular area as if it were a fact beyond reproach. I’m no longer intimidated by such comments, because I’ve come to realize that in 90% of all cases, that bias is actually true, and a reinforced and learned phenomenon.  It’s not personal, it’s just what people have learned to be true in most cases.

I think it says a lot about a person if they are self-aware of their limitations, but strive to apply discipline and hard work to overcome them. Those are the sort of people I’d like to be around.

Checking your Virtual Ego at the Door

October 10, 2007 By: Andre Category: Identity

I was talking with a friend the other day about virtual organizations, and he mentioned something I considered hugely insightful. He’s building a virtual organization, and mentioned that as a CEO, you’ve got to be willing to check your ego at the door, because, when you walk into your office, you won’t see lots of bodies walking around your floor to feed your ego.

I am a big fan of the concepts behind the virtualized corporation, and believe there is an entire frontier of efficiency to be gained by corporations that embrace methodologies to harness talent, no matter where it resides. Think of this as “off-shoring” to the extreme.

That said, many of today’s ego-maniacal CEO’s are likely to have a tough time with this new paradigm. Which is fantastic news for those entrepreneurs willing to check their ego at the door, and truly disrupt the old guard.

Zen of Being All-In

October 08, 2007 By: Andre Category: Identity

I was listening to Bernie Daina (a friend of mine) discuss the Corporate Lifecycle, a description of what any startup goes through as it matures. From Entrepreneurial (filled with Promise) to Professional (filled with Purpose) to Bureaucratic (filled with Politics) to Expiring (filled with Paranoia). One of the things he stressed was that in the initial phase of any company (the entrepreneurial phase), it is typical to find people filled with both promise and accepting of ambiguity. As the cement is not yet dry on the formula for making money, experimentation is welcome and natural part of the culture.

As a company matures, it transitions into purpose and professionalism. In this phase, the company has discovered its mission, knows where its going, and moves to consolidate its assets, narrow its focus and align its resources.

Call it what you will, this is the moment when a company moves ‘all-in’. Having been an entrepreneur involved in three startups now, I recognize all too well what it feels like to live in ambiguity and to hedge ones bet in the early phase of a company. Having moved beyond that here at Ping Identity, I now have a new sense of purpose and the peace of mind that I can only attribute to a mental state of ‘all-in’ thinking.

There’s no turning back, there’s no alternate route, there’s no hedging. There’s only the one mission, and the associated obstacles which stand in your way, which will either be achieved, or not, without ambiguity.

This doesn’t mean you don’t invest in the future, or place long-bets on potential disruptions or strategic initiatives, it just means that you understand what your purpose is, and you’re prepared to give it your all.

e-Commerce Information Cards Demo

October 05, 2007 By: Andre Category: Identity

Sid from ACI Worldwide just posted the e-Commerce demo we built together for Digital ID World 2007. The demonstration allows you to download and load a bankcard into your Information Card Selector on your desktop, and then use that card to make a purchase at a fictitious commerce site selling coffee.

Wisdom of Timing by Sid Sidner

October 04, 2007 By: Andre Category: Identity

I’ve been chatting with Sid Sidner of ACI Worldwide this morning. Sid and ACI were our partner on an Information Cards meets Payment Networks demo at Digital ID World this past week. Sid always writes very wise and thought provoking emails, the one below was no exception as he shares his perspective on the role of timing in any emerging technology intersection. I couldn’t agree more with his thinking, but he puts it so elegantly, I felt like sharing.

“I fundamentally believe in Kim’s vision and the seven laws of identity.  This is
grounded in the reality of human existence, which is a powerful basis for a
business plan.  However payments are a huge, complex, entrenched system with
liberal sprinklings of greed and politics all the way through it, so it takes
awhile for it to change.  ACI is always looking for an “event”, something that
forces the system to change.  Debit cards were an event.  The change from
single DES to triple DES encryption was an event.  The introduction of EMV
smartcards in Europe was an event.

EMV will come to the U.S. but it is still a ways off.
 Payment and phones will intersect, but that is a ways off, at least on a
massive scale.  Payments in PCs, phones, and set-tops will someday get strong
security.  Integration with TPM chips will be important, as will better

Kurzweil, the genius inventor, stresses that timing is critical to successful
inventions.  That is why he spends so much time tracking trends.  I agree
completely.  It is why I spend so much time thinking about the future of
e-payments.   We want to be prepared for the future, for The Event.  We don’t
want to blow our resources on premature events, but we don’t want to be late to
market, either.  It is important to be a visionary; it is also important to be
cautious.  To me this is the essence of great commercial engineering and

I was thrilled to have an
opportunity at DIDW to sensitize the identity community to the aspects of a
major, real-world identity system.  Enterprise and national identity are cool,
but financial identity is cooler, I think.  There is nothing like money and
commerce to focus the mind.  I also like being able to make noise inside ACI and
the PCI in general, to get them thinking about the world beyond plastic.  It is
a classic technical evangelist role.  My astrological sign is Aquarius.  I have
been teaching and bringing knowledge to people all my life.  It is something I
do well, I think.  Too well according to my girlfriend, Joan – she rightly
points out that I should shut up and listen more.

Speaking in OASIS IDtrust Workshop in Barcelona

September 29, 2007 By: Andre Category: Identity

I’ve been invited to speak at the IDtrust workshop taking place at the Burton Catalyst Europe conference in October (Barcelona – yahoo!). I’m pretty excited about this opportunity, as there is a lot of federation going on in Europe, and it will be great to level-set. The talk begins at 9:30am, and is going to focus on the future of identity federation. Here’s a sort summary.

Exiting 2007, federated identity management finds itself on the cusp of industry-wide breakout. With the promise of true identity portability, privacy and user control in the balance, now more than ever is a time for us to work collaboratively towards achieving the nirvana of “identity dial-tone.”

Achieving a tipping point in federation hasn’t come easy, but this session will explore the underlying forces at play and provide a perspective on how several seemingly competitive approaches simultaneously attacking the same problem has accelerated what will be the inevitable outcome.

Federated Strong Desktop Authentication with Wave Systems

September 25, 2007 By: Andre Category: Identity

I’ve known Steven and Peter Sprague for several years now. Steven is the CEO of Wave Systems, a company that’s developed a number of really nice security and strong authentication technologies which leverage the trusted computing module built into most intel chips and mother boards.

I actually use their product on my laptop to authenticate to my Dell using a fingerprint reader. It’s really slick.

Monday we announced a collaboration to leverage their strong two factor authentication technologies to enable desktop federation. It works like this. A user performs strong authentication to Active Directory using the Wave Systems replacement of the Windows Login. Once logged in, they have an active Kerberos session on their desktop. From there, PingFederate takes over using our IWA Integration Kit and SAML enables the desktop. To the user, it’s all invisible. They simply open their browser, and their session is automagically enabled for SAML single sign-on.

There are 100M machines now shipping with the TCM, and the Wave software is shipped by Dell and a number of other PC makers. My intuition tells me there’s a lot here we can do together given a little time to further this integration between our two products.

New SaaS Program Creates Revenue Opportunity for SSO

September 25, 2007 By: Andre Category: Identity

We announced today at Ping a new program that
gives Software-as-a-Service (SaaS) providers the ability to offer
secure, standards-based single sign-on (SSO) to their enterprise
clients. The new program basically creates a revenue share with SaaS providers, allowing them quick access to to Ping Identity’s
award-winning PingFederate server on a unique
“pay-as-you-go” pricing model that aligns with SaaS business models,
joint marketing and joint support.

Under the terms of this
new program, SaaS providers will receive PingFederate servers and
Integration Kits for development and production use. When they sell
secure SSO to their clients, they share the
resulting revenue with Ping Identity. Also, program members can
optionally resell PingFederate to their clients who do not already have
SAML or WS-Federation capabilities, or refer their clients directly to Ping Identity and subsequently earn a referral fee.

SaaS providers, this new program offers several important benefits:
incremental revenue at a low cost of sales, reduced integration and
operations costs, and minimal to no upfront capital and engineering
costs. SaaS providers joining the program will also be able to
participate with Ping Identity in marketing, sales and support
activities including joint Webinars, listing in Ping Identity’s SaaS
vendor directory on its Web site, lead sharing, joint RFP responses, sales education and support training.