Andre Durand

Discovering life, one mistake at a time.

Archive for September, 2007

Speaking in OASIS IDtrust Workshop in Barcelona

September 29, 2007 By: Andre Category: Identity

I’ve been invited to speak at the IDtrust workshop taking place at the Burton Catalyst Europe conference in October (Barcelona – yahoo!). I’m pretty excited about this opportunity, as there is a lot of federation going on in Europe, and it will be great to level-set. The talk begins at 9:30am, and is going to focus on the future of identity federation. Here’s a sort summary.

Exiting 2007, federated identity management finds itself on the cusp of industry-wide breakout. With the promise of true identity portability, privacy and user control in the balance, now more than ever is a time for us to work collaboratively towards achieving the nirvana of “identity dial-tone.”

Achieving a tipping point in federation hasn’t come easy, but this session will explore the underlying forces at play and provide a perspective on how several seemingly competitive approaches simultaneously attacking the same problem has accelerated what will be the inevitable outcome.

Federated Strong Desktop Authentication with Wave Systems

September 25, 2007 By: Andre Category: Identity

I’ve known Steven and Peter Sprague for several years now. Steven is the CEO of Wave Systems, a company that’s developed a number of really nice security and strong authentication technologies which leverage the trusted computing module built into most intel chips and mother boards.

I actually use their product on my laptop to authenticate to my Dell using a fingerprint reader. It’s really slick.

Monday we announced a collaboration to leverage their strong two factor authentication technologies to enable desktop federation. It works like this. A user performs strong authentication to Active Directory using the Wave Systems replacement of the Windows Login. Once logged in, they have an active Kerberos session on their desktop. From there, PingFederate takes over using our IWA Integration Kit and SAML enables the desktop. To the user, it’s all invisible. They simply open their browser, and their session is automagically enabled for SAML single sign-on.

There are 100M machines now shipping with the TCM, and the Wave software is shipped by Dell and a number of other PC makers. My intuition tells me there’s a lot here we can do together given a little time to further this integration between our two products.

New SaaS Program Creates Revenue Opportunity for SSO

September 25, 2007 By: Andre Category: Identity

We announced today at Ping a new program that
gives Software-as-a-Service (SaaS) providers the ability to offer
secure, standards-based single sign-on (SSO) to their enterprise
clients. The new program basically creates a revenue share with SaaS providers, allowing them quick access to to Ping Identity’s
award-winning PingFederate server on a unique
“pay-as-you-go” pricing model that aligns with SaaS business models,
joint marketing and joint support.

Under the terms of this
new program, SaaS providers will receive PingFederate servers and
Integration Kits for development and production use. When they sell
secure SSO to their clients, they share the
resulting revenue with Ping Identity. Also, program members can
optionally resell PingFederate to their clients who do not already have
SAML or WS-Federation capabilities, or refer their clients directly to Ping Identity and subsequently earn a referral fee.

SaaS providers, this new program offers several important benefits:
incremental revenue at a low cost of sales, reduced integration and
operations costs, and minimal to no upfront capital and engineering
costs. SaaS providers joining the program will also be able to
participate with Ping Identity in marketing, sales and support
activities including joint Webinars, listing in Ping Identity’s SaaS
vendor directory on its Web site, lead sharing, joint RFP responses, sales education and support training.

New PingFederate Sharepoint Integration

September 25, 2007 By: Andre Category: Identity


Provides SharePoint Server Users Secure Internet Single Sign-On Based on SAML and WS-Federation

ID World, San Francisco CA – September 25, 2007 – Ping Identity
Corporation today announced that the PingFederate Integration Kit for
Microsoft® Office SharePoint® Server 2007 and Microsoft Office
SharePoint Portal Server 2003 is now available for download from When used with award-winning PingFederate, this
new kit provides Office SharePoint Server 2007 and SharePoint Portal
Server 2003 users with secure Internet single sign-on that is based on
the SAML and WS-Federation federated identity standards. Continue…

See you at Digital ID World 2007!

September 20, 2007 By: Andre Category: Identity

I’m pumped!

  • The Federation Users Group is approaching 100 registrations
  • We’ve got our party Monday night with Covisint
  • We’ll be previewing PingFederate 5.0
  • We’ve got our boat cruise Wednesday night
  • and we’re showing some killer payment meets identity demo’s with ACI

See you there.

Social Intelligence and Brain Development

September 19, 2007 By: Andre Category: Identity

I was watching a Discovery show last night on child brain development. Having studied a bit of this in college, I was under the impression that the density of neural connectivity was a proxy for IQ. While that still ultimately may be true, I learned something new. Recent studies have shown that in early brain development, neurons reach out and establish a dense set of connections, almost in anticipation of what might be called upon in future development. Later, many of these connections die. What determines a pathway which remains versus one that withers is classically Darwinistic. Those that are stimulated (used) remain, and all others Atrophy. This would partially explain why it is so important to stimulate the brain through different problem solving activities, music, the arts etc. during early childhood brain development.

As I tinker with social networking, I can’t help but correlate the social intelligence people develop at a macro level to childhood brain development and the entire concept of neural connectivity. While most of us may have many connections (some more than others according to LinkedIn), the quality and directness of our network, and how we choose to cultivate (stimulate) those connections ultimately dictates / predicts our ‘social intelligence’.

Life is indeed fractal.

No email Zen for me…

September 13, 2007 By: Andre Category: Identity

Ashish recently forwarded me a number of articles on achieving email zen — that is, the art of a clean in-box. Email habits, good or bad, die hard. In my particular case, I thought I had things basically under control, using the ‘Mark as Unread’ feature of Outlook to maintain visual flags for me to follow up on items that required attention. I think I have around 12,000 items in my inbox, dating most the way back to the start of Ping Identity. At any moment in time, I know there are some 20 or so items that require some sort of follow-up or future attention, but I hadn’t discovered the little feature in Outlook which allows me to instantly go back in time to aggregate all of this little triggers — until this morning.

Interestingly, if you’ve never clicked on the below link, the “unread” shows as empty. So this morning, having learned of this “filter by unread” feature, I clicked on it. Needless to say, my computer basically froze, and I watched with awe and terror as the counter climbed to over 3000 unread emails. This basically represents, 3000 things that in some manner of speaking, at some point in time, I thought worthy of some sort of follow-up.

eCommerce meets Identity Metasystem

September 11, 2007 By: Andre Category: Identity

Everyone at Ping knows I have a real hot button for the words ‘identity’ and ‘payment’ spoken in the same sentence. It’s with great pleasure then that I announce Ping Identity’s Ashish Jain and
Patrick Harding have been working with Sid Sidner, a master engineer at
ACI Worldwide and architect for ACI’s virtual SET wallet and 3D-Secure
products to bridge the worlds of eCommerce,
payment systems and the identity metasystem.

In two weeks, the
companies will demonstrate the use of managed Information Cards for
secure online purchasing. You’ll be able to see the demo at Ping
Identity’s Federation Users Group
, taking place during Digital ID World 2007 or at a dedicated
presentation by Sid on Tuesday at 2:05pm.

Worldwide is the world leader in retail payments – over half the
plastic card transactions in the world (55 billion last year) go
through ACI’s software at banks, merchants and networks in over 85
countries.  Ping Identity is
one of the leaders in the development and implementation of Information
Cards.  The two companies have put their heads together to develop a
demo of shopping with a payment Information Card.  They will be showing
this during Digital ID World 2007 at Ping Identity’s booth, #404.

identity metasystem concept embodied in Information Cards has
applications beyond pure authentication.  For example, Information
Cards could be excellent for supplying payment data to an e-commerce
merchant during a purchase.

It would go like this: A payment
provider such as a bank or PayPal issues a consumer a payment
Information Card.  Then the consumer can use it at participating
merchants.  They simply click a button which activates the identity
selector software on their PC, phone, or set-top box – an identity
selector like Microsoft’s CardSpace or any of the other ones being
developed.  The consumer selects the payment Information Card of their
choice, enters their PIN, and the identity selector gets the payment
information from the payment provider and returns it to the merchant.

consumer will like it because they don’t have to type in the card
number, expiration date, CVV, and billing address.  The merchant will
like it because the clickpath to order submission is shorter; they will
should get better merchant fees and fraud risk; and they don’t have to
store sensitive cardholder information in their databases.  The payment
provider will like it because they can dramatically lower their
e-commerce fraud.

An exciting aspect of this is that the
3D-Secure protocol used by Visa, MasterCard, and JCB, as well as the
PayPal protocol could easily be adapted to support Information Cards.