Andre Durand

Discovering life, one mistake at a time.

Archive for February, 2003

What’s really important in a Tier 1 Identity – Control

February 13, 2003 By: Andre Category: Ping Identity

I was cleaning out my Ping documents folder when I came across this Word doc I had created back in April of last year. Holy Moly, it’s actually not that far off from some recent thinking I’ve been having.

The real issue between T1 and T2 is not where the data is stored, it’s who controls its use (permissions or access control). If you’ve followed the authorization, authentication, identity management, access control, meta-directory evolution at all, you know that behind the firewall, what’s been taking place is a consolidation of ‘control’ with respect to identities behind the firewall. The IT guys don’t care if the data is spread all over, what they care about is controlling the data.

I’d suggest that a T1 identity may in fact end up being no different. If you take a mirror image of what a ‘meta-directory’ or identity management does for an IT department behind the firewall, and apply it instead to a consumer, what you have is a ‘centralization of the management’ of what is fundamentally distributed, and that’s really what consumers care about.

The above graphics not completely technical correct with respect to the ‘latest latest’ thinking, but I was actually surprised to see how consistent some of the thinking has been over the course of the past several months.

Intersecting Identity, Jabber, Liberty, Presence and Spam

February 09, 2003 By: Andre Category: Ping Identity


There’s been a recent flurry of discussion in the past month (mostly taking place in private email) between guys like Doc Searls, Marc Cantor Eric Norlin, Mitch Ratcliff, David Sifry, Elliot Noss and others about disruptive technologies and the notion that Tier 1 Identity Infrastructure might find its way into existence sooner than I might have projected in my Three Phases of Identity Infrastructure Adoption. All of this discussion, some prodding by Doc and some poking around at Ryze (a community networking site which actually works), got me to thinking about run-away trains and what Doc and the (ClueTrain) describe as “wild-fires” and how they might relate to identity. While many run-away Internet successes have taken the form of some sort of website, many others have taken the form of some client-side “killer app” (e.g. Mozilla, ICQ, Napster, Kazaa etc.). So all of this got me to thinking about how the T1/T2 “chasm” would ultimately be crossed, and whether or not there wasn’t in fact a killer-app to be developed in the near-term which would in some way even the playing field for the end-user with respect to the conversation around ‘who controls my identity’.

Having recently spent the past six months dissecting the issues of Identity Federation (Whitepaper – PDF), and now that Bryan’s just about completed Ping’s first product in the identity space (SourceID SSO), I got to thinking about the intersection of Identity, Jabber, Liberty Alliance, P2P architectures and presence and it occurred to me that there might in fact be a ‘killer-app’ in the identity space worth pursuing now as a new open source project under SourceID.

Imagine If

Imagine if someone hijacked the Liberty Alliance protocol (designed by corporations for corporate federation of Tier 2 identities) and embedded it in a client of some sort. For the purpose of this discussion, let’s say the client was a Jabber IM client, and imagine if we extended the personal information in the Jabber client to include things which Bryan describes in his ‘Digital Estate’ article posted last year (which by the way was the original Ping vision). Now let’s take this concept two steps further — imagine if this new breed of Jabber client did more than just allow you make buddy-lists and chat in real-time, but actually allowed you to build your own Personal Area Networks (similar to a project we did at Durand back in 1995 called CommunityWare). To truly understand this notion, check out Ryze — a business and social networking community (website) which actually achieves much of the original thinking behind (now out of business). And lastly, what if, as Eric Norlin has suggested, we hijack email while we’re at it, putting an ’email like’ interface (many Jabber clients already have this) into the IM interface, but do so in such a way that only ‘certified’ individuals (people who have been added to your Personal Area Network or Roster) can actually send you email (thereby eliminating spam) — now we might have something both unique, new and interesting.

What would this buy us?

We’d have a P2P client with most of our basic T1 identity attributes built-in (name, contact info etc.) combined with many of the social networking aspects of our identity (the Ryze part). We’d have built-in presence awareness (which could be published via other protocols such as SAML or Liberty over time). We’d have an ability to confirm (with greater confidence) the authenticity (we could add some sort of credentialing system that corporations would be comfortable in recognizing) the identities of the people who become part of our personal area networks — what in the IM world we see as our buddy-list or roster. We’d have the ability to communicate (and this is THE important part) with corporate systems (through the Liberty protocol), or perhaps even more importantly, corporations would have an ability to communicate with us (the identity holder) as we’d list ourselves (in some recognized third party directory) as our own IDP (Liberty-speak for “Identity Provider”).

The key to making this all work would be to find a compelling enough stand-alone reason to download, install and run a client-side program which had the fundamental capabilities to speak the same language/protocol as that being installed by corporations to enable identity federation (Liberty).

All that’s really happened here is that we’ve extended the word ‘identity federation’ to the identity holders desktop. Now I believe this would be a project well-worth pursuing… so let the discussion continue…

Liberty Alliance Whitepaper

February 07, 2003 By: Andre Category: Ping Identity

Liberty Alliance just released their first whitepaper, discussing interoperability with Passport, Verified by Visa and PingID. Read the Whitepaper (PDF)

The Dream (Nightmare) of A Secure Identity

February 07, 2003 By: Andre Category: Ping Identity

A-Clue.Com – by Dana Blankenhorn, Volume VII, No. VI
For February 10, 2003

My chiropractor has a problem. His partner in renting an office in Midtown Atlanta skipped town over the holidays. When he got back two rent bills were waiting for him, and half the office was trashed.

He was philosophical. The other fellow’s approach clashed with his. (My doc likes high-tech toys – a James Bond Chiropractic Center.) The other guy didn’t keep things clean enough. Maybe this was an opportunity to bring in some junior partners and really grow. “Or I’ll take anyone, a lawyer, even a writer,” he said, hopefully.

The point is that the man’s partner ankled away, and my chiropractor accepted it. This happens all the time in America. Identity is plastic, mutable, elective. You can start over as someone else, somewhere else. Fathers abandon children, abused mothers leave their husbands. Our ancestors did it (willing or un-) when they came here. Or when they went West. Or, as in this case, when times just got tough.

The ideal of “starting over,” however, clashes with a new technology imperative, a secure digital identity. The benefits are manifold. Payments are simplified, fraud is reduced, and if you’re an honest fellow (like me) the police won’t hassle you unduly, on the road or when getting on an airplane.

But the dream of digital identity runs into twin political realities. The Bush War on Terrorism treats everyone as a potential threat. Neither Democrats nor libertarian Republicans care for that. Then there’s that “start over” impulse. A truly secure identity would make that impossible. You can say “we’ll find the deadbeat dad” but the abused wife answers “he’ll be able to find me.”

So we have phony arguments, even red herrings, created to avoid admitting our fears directly. The technology isn’t good enough. Terrorists can pass bio-metric tests. If thieves break your identity they’ll take everything from you. The Republican Guard can use it to suppress all dissent. It all comes down to the same thing, really – we don’t trust, we want the potential “out.” So we putter along with things like photos on car licenses (which aren’t supposed to be the dreaded “papers” of Gestapo fantasy but act as such) or signatures on checks (very easy to fake). Identity theft keeps rising, and every time I go to the doctor (or the chiropractor) it seems they’ve changed computer systems and I HAVE TO FILL OUT ANOTHER BLOODY PAPER FORM (and with my handwriting).

The latest seminal paper on the subject, by Andre Durand seeks to divide the question of identity into three parts:

* Personal (My) Identity, who you are. This is what we most fear seeing compromised.

* Corporate (Our) Identity, either given by an employer (in the form of a
badge) or by the people we do business with (as an entry in a database). These are the identities that exist most today, identities given to us by the government (a Social Security Number) or someone we do business with (a credit card or frequent flyer number). These identities, for the most part, can be revoked, either by the company or by us. (The “Social” is an exception, which is what makes it both powerful and dangerous.)

* Marketing (Their) Identity, the dreaded “profile” based on what we buy and where we go. This is what companies have, and what they most often treat as property. You might also call this the “Customer Relationship Management” (CRM) identity. We got baby food flyers as soon as we had our kids, and we’re expecting a flood of ‘come to our college’ mail soon, based on this kind of identity.

The “Big Fear” of the Poindexter TIA plan is that all these identities might be combined and instantly revoked should someone accidentally (or on purpose) put out a “November 2015

  • August 2015
  • April 2014
  • February 2014
  • November 2013
  • August 2013
  • July 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • May 2012
  • January 2012
  • November 2011
  • October 2011
  • August 2011
  • July 2011
  • June 2011
  • November 2010
  • October 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • July 2008
  • June 2008
  • May 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • June 2006
  • May 2006
  • April 2006
  • March 2006
  • February 2006
  • January 2006
  • December 2005
  • November 2005
  • October 2005
  • September 2005
  • August 2005
  • July 2005
  • June 2005
  • May 2005
  • April 2005
  • March 2005
  • January 2005
  • December 2004
  • October 2004
  • September 2004
  • August 2004
  • June 2004
  • April 2004
  • March 2004
  • February 2004
  • January 2004
  • December 2003
  • November 2003
  • July 2003
  • June 2003
  • May 2003
  • April 2003
  • March 2003
  • February 2003
  • January 2003
  • December 2002
  • November 2002
  • October 2002
  • September 2002
  • June 2002
  • May 2002
  • April 2002
  • March 2002
  • January 2002
  • December 2001
  • November 2001
  • October 2001
  • September 2001