Andre Durand

Discovering life, one mistake at a time.

Archive for November, 2006

Of Leaders and Niche Players

November 30, 2006 By: Andre Category: Identity

I got a kick out of the below slide presented by Ray Wagner here at the Gartner Identity and Access Management Conference. H E L L O. Gartner doesn’t do a Magic Quadrant for Identity Federation, but as I sat there in the back looking at this, Ping’s very own Ryan Hunter posed an interesting question.

Is the placement of Ping in the upper right purposefully subconscious? Hmm… I don’t know, it seems a bit risky doesn’t it?

Watching the Identity Grass Grow

November 30, 2006 By: Andre Category: Identity

I’m at the Gartner Identity & Access Management Summit here in Las Vegas. Having participated in Digital ID World since 2002, the Burton Catalyst Conference for the past three years, and now looking forward to my first Internet Identity Workshop next week, it’s really interesting to see how far the identity industry has evolved in the past five years.

You can literally feel the stratification of the technology adoption curve by looking around the show floor, listening to the conversations and feeling the temperature and the energy.

Clearly, different conferences, started at different times and run by different personalities attract different types of technology enthusiasts, and in looking around at this show, I now have my first dose of predominantly Early Majority purchasers (not a surprise considering this is Gartner).

From the tone of the questions, it feels a lot like Identity 101 all over again — but alas, this is different crowd, a new crowd, and they aren’t so interested in talking about it as much as they are just being told what to do. From a vendor perspective, this is actually quite exciting, because it means a lot of this stuff has graduated from its early infancy and is now reaching the main stream. Clearly Gartner has a sense for that by jumping in here with their own conference. Timing is everything.

If I were to line up the various conferences against the adoption curve, here’s how I’d do it.

  • Internet Identity Workshop – 100% Innovators (all passion, promise & personality)
  • Digital ID World – 30% Innovators, 40% Early Adopters, 30% Early Majority (passion and personality blended with a dose of reality)
  • Burton Catalyst
    – 10% Innovators, 50% Early Adopters, 40% Early Majority (reality sprinkled with a bit of passion and presonality)
  • Gartner Identity & Access Management – 1% Innovators, 10% Early Adopters, 89% Early Majority (cold hard reality)

What’s Your Razor Blade Strategy?

November 23, 2006 By: Andre Category: Identity

I was talking yesterday with a guy who sells software in the real estate industry, which is just today waking up to the concepts of identity federation and SAML.

He was describing how RSA Security effectively gives away their federation software when they have an opportunity to win the SecureID OTP token business. This isn’t a surprise, as RSA has long since known what it’s cash-cow is. Federation is just the latest (albeit likely soon to be the largest) form of token dispenser.

We’ve long since known that strong authentication and federation were linked markets, but this is the first time I’ve heard of a vendor playing to that connection.

Basically, the second authentication becomes portable, relying parties start requested that the primary authenticator increase their level of authentication assurance, and this drives to the need for tokens and stronger forms of authentication.

Thus, when busines requirements start demanding cross-domain SSO, you can bet that strong authentication requirements aren’t too far behind.

In recognition of this, Ping Identity developed PingLogin, a consumer-facing authentication framework, which both centralizes and simplifies the ability to plug-and-play various methods of strong authentication. We also demo’d this strong auth and SAML federation integration at last years the Burton Conference with ActivIdentity.

Having authentication vendors wake up to identity federation as a driver for strong authentication is a good thing, because until now, they’ve completely missed what is already likely the largest infrastructural driver for growing their business, and one can’t survive withouth the other.

Fit for DFJ

November 16, 2006 By: Andre Category: Identity

At the Ritz in Half Moon Bay for the Draper Fisher Jurvetson annual portfolio get together. The entire DFJ crew is larger than life. If you don’t believe in energy and aura, you would after meeting these guys. Tim Draper himself reminds me of superman, both in physical appearance and personality.

The DFJ crew have definitely set the bar on logo’d swag however — and I love it! It’s bold, just like the firm, no holds barred, just go for it! You can’t miss the theme though, it’s all about performance. The only thing missing was a headband and Chapter 11 repellent wrist bands.


I took the photo with my phone, so you can’t see my DFJ breath-mint.

Identification: Physics or Economics?

November 16, 2006 By: Andre Category: Identity

Paul Madsen proposes a new law of identity which basically correlates the tendancy within nature to fill a void with the tendancy to identify that which is anonymous.

What is anonymity but an ‘identity vacuum’ (its etymology
means “without a name”)? Anonymity refers to a state in which there is
insufficient identity information to allow a user to be identifiable
within some set. So, like a vacuum, it’s a state defined by the absence
of something, namely identifying information. Also like a vacuum,
anonymity need not be absolute; you can have partial anonymity as you
can have partial vacuums.

From a slightly different perspective, I wrote about this some months back.

I’m not sure whether it’s some law of physics which better describes the observation, or some law of economics. It might very well be both, but I’ve never thought about how physics might actually sit underneath and explain aspects of economics.

In the endless pursuit of increasing efficiency, we are now in a phase of ‘tagging / identifying’ everything. Governments and companies are highly economically motivated to do so, as it will allow them to more effectively manage their citizens or business, capture new revenue, serve their customers better, reduce churn, etc. Their motivations are largely economically driven.

The process of identification helps to unleash the delta of inefficiency associated with today’s management of nearly everything which is unidentified. Logistics, supply chain, inventory control, time management, asset management, everything that’s happening with bar codes, RFID etc. etc. fall into this category.

Phil Becker describes the phase we’re in as the phase of Identity Management, where the activity is identifying so that we can manage, secure and control more effectively. He goes on to describe that the next phase is management BY identity, where the world dynamically recalibrates itself around ones identity. Yahoo as versus My Yahoo are a good example of this. When you create an account on Yahoo, you are in phase one. When you then revisit the My Yahoo page after login, you are seeing Phase II in action. The content dynamically organizes itself around your identity preferences — this is management by identity.

Anyway, back to the point, because there is so much to be gained economically from identification, we are all being tagged (identified) whether we like it or not. Of course, this is happening over and over again. The key for us now as individuals is to figure out how we take back, in a sense, some aspect of control over what is happening in the identity infrastructures all around us.

U.S. Dept. of Justice Selects Ping Identity for SSO

November 15, 2006 By: Andre Category: Ping Identity

Ping Identity today announced that PingFederate has been selected by the U.S. Department of Justice to provide SAML federated single sign-on to over 7,300 local law enforcement agencies nationwide, and over 700,000 law enforcement officials throughout the US.

In a sister press release, Ping Identity has also announced the immediate availability of PingFederate 4.1, a new version of PingFederate which is specifically designed for use within the Federal Government. The new version is GSA E-Authentication certified, comes with new integrated support for x.509 smart card federation, and is deployable with support for new Hardware Security Module Integration.

“This contract award followed strict federal guidelines for usability, ease-of-integration, interoperability and security,” said Andre Durand, CEO of Ping Identity. “Identity Federation continues to remove barriers between organizations. PingFederate fundamentally enables organizations – in both the private and public sectors – to better execute their missions and achieve collaborative success via cross-domain single sign-on.”

About PingFederate

Award-winning PingFederate is a standalone federation server with multi-protocol capabilities for SAML 1.0, 1.1, 2.0 and WS-Federation single sign-on. PingFederate can be downloaded directly from Ping Identity at PingFederate is certified Liberty Alliance SAML 2.0 interoperable and GSA E-Authentication compliant. For more information, please contact Ping Identity toll-free at + 1 877.898.2905 or 1 303.468.2882, or email

Loose Coupling my way to Relevance

November 14, 2006 By: Andre Category: Ping Identity

Speaking of connections. Paul Madsen of ConnectID has a lot of opinions. While I suspect they are not *officially* representative of the views of either his 9am to 5pm employer or his participation at Liberty, they make both more relevant to me by way of their loose coupling.

Identity Interdependence

November 14, 2006 By: Andre Category: Ping Identity

The Declaration of Independence — Let fly a few centuries plus 10 years of
Internet, and I find myself intrigued with how outdated this title of one of our country’s most important manifestos now seems. What’s changed? It’s importance was, to the time, central.

I believe it’s the weight in which we emphasize the “I” in ‘independence’ and also now
‘identity’ that throws us off the mark in 2006.
Not that “I” isn’t central or important, but I
believe many default perspectives are biased perhaps towards overemphasizing it’s true importance in relation to others and the world. Like anything which can be defined via fractals, it’s the resolution we choose to look at things which makes all the difference.

I love America, and I’m not dissing one of this country’s most profound
artifacts, but I am saying that independence is not perhaps the goal in 2006. Does any person, company or nation really believe it can improve the quality of life for its constituents by becoming more independent?

For the most part, we enter the world alone and independent, but we exit the world intertwined, networked and
connected as humans, as companies, as countries.
In this regard at
least, we can measure the richness of our lives by the depth and number
of the relationships that are developed in the interim, our ‘interconnectedness’. 

This is more than a symbiotic way
of thinking — its mutuality.

Enlightenment in this context is more than a realization
that we are ‘inter’ dependent, but indeed a longing to be so, and all
that this entails with regards putting our ego in context.
While efficiencies are always gained through the process of networking (think “globalization”, “extended enterprise”, “outsourcing”), to consider
‘efficiency gained’ the end-goal would be to diminish in some
immeasurable way, the less objective benefits that we receive in knowing that we all either swim or sink together.
We now live in the age of
interdependence, yet no declaration is necessary, as networking, like
life, simply happens, and it’s this very realization that makes the
networking of identity so vital, so fundamental to our future as
individuals, as organizations and as societies.

If you didn’t
catch it, here’s the Cluetrain shortcode — Identity is useless until used in an interaction with another identity, and the very act of using it then shifts the resolution
of value to US. It’s the relationship between WE where I-dentity finds it’s utility (thanks Doc).

From a company point of view, this quote captures the shear inevitability of our march towards interdependency, but you could likely change the resolution to any level, and find this to be a true statement for all of life:

P&G has to look at the biosciences, we have to look at
nanotechnology, we have to use cutting-edge software and computing. How
can we build all of the scientific capabilities we need by ourselves?
The answer, of course, is that we can’t. Not even a company as big and
rich as P&G can afford a do-it-yourself approach to innovation not
in a world where thousands, tens of thousands, hundreds of thousands of
well trained researchers are working in labs in Russia, China and India
on all kinds of innovations that are relevant to the company’s huge
assortment of brands. 

P&G must look
outside the walls of its celebrated research labs, and beyond the
breakthroughs of its full-time scientists, to tap the brainpower o fthe
whole world. Even though P&G employs many of the smartest
scientists and engineers in their fields, the company’s vice president
of innovation understand that nobody is smarter than everybody — and
not everybody can work for P&G.”
Mavericks at Work.


November 14, 2006 By: Andre Category: Ping Identity

Doc Searls on the subject of Enterprise Software CompaniesCould you even find three words more boring?”

Fashion in Reverse

November 13, 2006 By: Andre Category: Life

You always see and hear about Asian pop culture dressing Western, but when’s the last time you heard about the reverse? My wife met a United flight attendant who travels to China quite often, and returns with clothing for friends. Needless to say, the Durand’s have a growing wardrobe of oriental clothing, and 3 out of 4 of us wore it to a recent party this past Saturday. It’s interesting to see how the growing fascination with China, especially as it relates to their clothing, is working it’s way in reverse to the US.