Andre Durand

Discovering life, one mistake at a time.

Archive for December, 2005

.COM 2.0

December 21, 2005 By: Andre Category: Life Nets $3.5M For
Ajax-Powered Instant Messaging. 3 people. You gotta to love it. 

Blogging is the Open Source of Traditional Journalism

December 20, 2005 By: Andre Category: Life

I just had lunch with a friend who’s been a professional journalist for
several years. We were talking about how blogging is slowly changing
the way traditional media companies view the relative value of their
print publications in relation to their growing online product
offerings, and how the very existence of blogs (volunteer expert
opinion) is putting enormous pressure on traditional paid-for
journalists. It occurred to me that blogging represents not only the
long-tail of journalism, but also the open-source of traditional
journalism, in that it is eroding, in many respects, what is viewed as
something which should be paid-for as versus what is freely contributed
by those that have taken a personal interest in writing about a
particular topic.

I’ve only spent a few minutes thinking of the parallels, but could the
Innovator’s Dilemma and shifting profits be at work? Value optimization
and therefore profits are clearly shifting. In the attention economy
where you can’t know everything, and generalists are a dying breed, and
information dissemination via blogs, RSS and word of mouth will rule

Federation: Everywhere or Shared Infrastructure

December 15, 2005 By: Andre Category: Ping Identity

We recently reviewed a Burton 2005 year-end wrap up report on Identity
Management. In the report, Burton makes some
statements with respect to where federation functionality will be
consumed in the long-term. While there is plenty of room for debate, Patrick
Harding here at Ping made an
interesting observation which I felt appropriate to share.  

Burton Group Statements

  • Long term, federation isn’t a separate product
  • Federation standards already seeping into many product
    classes: Firewalls, gateways, application servers, and IdM
  • Federation likely won’t be point-to-point like SSL; various
    tiers of the infrastructure will act on claims as necessary
  • Systems need to federate, but that doesn’t necessitate an uber-federation system

Email Exerpt from Patrick Harding

“My point was that if every piece of infrastructure (i.e.
firewalls, SSL VPN’s, App servers, IdM systems, apps, proxies, XML
gateways etc etc etc) can consume or generate a SAML Assertion then the
overall trust model becomes completely unwieldy. At a minimum every
piece of infrastructure needs keys for all partners to create or
validate signatures and in addition the processing capabilities to
map/retrieve the correct identifiers and attributes that can be
understood or have been received from a partner. I made the point that
this is analogous to saying every piece of infrastructure has its own
CA, or every piece of infrastructure has its own password

Federation Everywhere

“There has to be a separate layer of
infrastructure to manage federation partners for federation to
scale. One mechanism is a push model where an admin
console reaches out to every piece of SAML enabled infrastructure and
adds/deletes partners (and the keys) as well as setting the correct
expectations for identifiers and attributes. This is extremely hard
(think provisioning) in a heterogeneous environment. The second
mechanism is for each piece of infrastructure to request that the
federation layer create or consume SAML Assertions on its behalf. On
the creation side, a piece of infrastructure asks the federation layer
for a SAML Assertion it can use to access partner X. On the consumption
side, a piece of infrastructure asks the federation layer to consume an
externally generated SAML Assertion and return a SAML Assertion that
can be used internally for that piece of infrastructure.”

Federation As Shared Infracture

Attacking Competition where it Hurts: Their Business Model

December 07, 2005 By: Andre Category: Musings

One of the most disruptive ways to attack a set of competitors is to attack their business model. Just take a look at how Google can undermine whole market segments by shifting the business and revenue model to paid for by advertisers. At least if you’re beat on features, you have a chance at catching up, but when your entire economic model is attacked, and the price for your product effectively goes to zero, as is the case when Google subsidizes internet applications through advertising, you’re pretty much done unless you can figure out how to shift in time.

Where’s the Beef in Web 2.0?

December 07, 2005 By: Andre Category: Life

I’m not sure I get the hype around Web 2.0. Yea, the whole web as a platform concept is pretty cool but as best I knew, that was the plan when we started talking about “the network is the computer”. The new focus on user contributed content, tagging and Ajax interaction is cool, but I’m not sure that it justifies the hype. 

Ping Releases Apache Module for WS-Federation Single Sign-on

December 07, 2005 By: Andre Category: Ping Identity

Ping today announced a new open source Apache Module for extending ADFS and WS-Federation Single Sign-On into Apache environments and applications. The new toolkit (with source code) will be released on December 15th and made available for free download from, Ping Identity’s sponsored open source website for federation toolkits. In addition to this, we announced our intention to support WS-Federation in PingFederate, our commercial, stand-alone federation server which today implements SAML 2.0 federation functionality.

About the WS-Federation for Apache Toolkit

The WSFedAuth Apache module will guard access to protected Apache 2.0 resources as configured by the administrator and/or application developer. 

If a user is identified correctly (as determined by possessing an AuthToken cookie) then access to the resource is granted, otherwise the module will initiate the WS-Federation Passive Profile to establish the identity of the user. The module is designed to interoperate with STS’s that adhere to the WS-Federation: Passive Requestor Interoperability Profile V1.2 (9/19/2005).

In summary, the WSFedAuth Apache module will redirect an unauthenticated user to a WS-Federation STS server. Once authenticated by the STS the user is redirected back to the Apache server where the WSFedAuth module will consume and validate the returned RSTR message. Once validated the module will create an AuthToken cookie and redirect the user back to the original application resource.

Integration with ADFS

The WSFedAuth module can be configured to trust a local ADFS Resource STS. This implies that the ADFS Resource STS has been implemented within the same security domain (and likely the same DNS domain) as the Apache web server.

  • it is the responsibility of the ADFS Resource STS to establish trusts with multiple ADFS Requestor STS’s.

  • the ADFS Resource STS handles identity and attribute mapping

  • the WSFedAuth module ONLY has to trust the key/cert of its local ADFS Resource STS

The WSFedAuth module can ALSO be configured to trust a remote ADFS Requestor STS.

  • in effect the WSFedAuth module becomes a Resource STS from the perspective of the ADFS Requestor STS

  • the WSFedAuth module is limited to only trusting a single ADFS Requestor STS (i.e. the Apache server can only support a single Identity Provider)

  • the WSFedAuth module will not perform any local identity/attribute mapping



Truly Creative Problem Solving

December 04, 2005 By: Andre Category: Life

I never understood my father growing up. That’s because he spent much of it in the 27th dimension (he’s a Mathematician who specializes in Topology), while I meandered in the 3rd. I have great respect for his mathematical genious, but when translated into every day problem solving, you get some pretty entertaining results. Here’s just a few of the ways my father keeps things in order. 

Hair-Drying the Ice from the Walkway
My father first boiled several pots of water and dumped them over the ice, creating an ice-arena in front of our house. Quickly realizing his mistake, he went to retrieve my wife’s hairdryer and an extension cord.  It was 11 degrees outside. Needless to say, neither worked.

Vacuuming the
We used to have a large yellow tree in our front lawn which shed a blanket of bright yellow leaves each year. I’m not sure why he didn’t just use our lawnmower to clean them up, but feeling compelled to pick up the leaves prior to mowing, he pulled out the vacuum cleaner, and proceeded to suck them up. I guess that makes sense right? If you need to clean something up, you use the vacuum cleaner? The neighbors got quite a kick out of that.

Dusting with Oven-Off
My mother once caught my father cleaning the house with Oven-Off. I guess the logic was, if it clean the tough grease found in old ovens, it should be more then sufficient to wipe out a little dust here and there. Right?

Money Order Fraud – TWO FOR TWO

December 03, 2005 By: Andre Category: Life

Unbelievable. I wonder if any private party selling a car online these days is actually getting real offers? It’s obvious that the fraudsters are hitting just about everyone in Thus far, I’m two for two. Two offers, both from money and check order scammers. I’d love to track this guy down. I wonder if there is an official law enforcement agency which deals with this? 

BEGIN LATEST EMAIL SCAM ]======================================


Thanks for responding to my request regarding to the sale of the car,after viewing the pixs and other informations provided on the internet,I think the price is o.k by me and I really appreciate buying the car and i hope to complete the payment as soon as possible.
Actually I bought a car from a seller in Atlanta GA at the price of $X0,000 and i sent payment to him,on getting to the pick up,my shiper agent discovered that the car has been wrecked on the front door (driver’s side) and the seller did not inform me of this so i had to cancel the transaction.
Since your own car is cheaper,with more options and less milage,I have decided to complete the payment so that i can assume the new owner.I have actually discussed with him on how to refund me the funds so that i can complete payment for your car,we have disccussed and he has agreed to send you a casheirs check on my behalf.
Please note that the check is for the purchase and shipment of the car so when you get the check payment,you deduct the agreed cost of the car ($X9,000) and refund the remainder ($X,000) to my agent so that he can use it to handle the shipment.
Please email me the following info so that he can send you the funds, my shiper agent will contact you for the pickup of the car as soon as you receive the payment.
(1) Payment Name (2) Mailing Address for delivery of  the payment(3)  Direct contact phone number.
Please note that,you will western union the difference to my agent as soon as you receive the payment so that he can use it to handle the shipment.
Thanks as I look forward to hearing from you soon.
ph  +44 703 1915 618
Fax +44 709 2862 973

Respect: What separates the UFC from World Heavy Weight Boxing

December 02, 2005 By: Andre Category: Ping Identity

I recently upgraded all my TV’s to Comcast HDTV. I had been a
DirectTV customer for over 6 years. The reason, Comcast basically gives
you the HDTV receivers with DVR, while DirectTV makes you buy them. It
would have cost me $1200 to upgrade all of the TV’s in the house. With
a slightly alterered channel lineup, I’ve noticed a lot of Ultimate
Fighting Championship programming in HD, so I’ve been watching it

While I enjoy boxing, I’m not a huge fan. What liking I did have for
the sport has deminished significantly in recent years, with the lack
of professionalism of both the boxers and certainly the promoters.

On the other hand, I’ve grown a tremendous amount of respect for the
individuals who fight in Ultimate Fighting. Having been in martial arts
for 7 years, I know first hand how a significant part of the training
teaches you a respect for others, a respect for life and and to strive
for a balance in both your spiritual and physical life. Many if
not most of the UFC fighters are trained in mixed martial arts, and as
a result, it’s clear by their behavior both before and after the fights
that they’ve learned to live with a certain humility and respect for
their peers just not found in professional boxing. The rhetoric which
preceeds a fight is often tempered by snippets of respect for their
opponent. While it is indeed a rather primal and brutal sport, I hope
at least they can maintain the calibur of individuals they are
currently attracting.