Andre Durand

Discovering life, one mistake at a time.

Archive for October, 2007

Blown away

October 31, 2007 By: Andre Category: Identity

Yea I know, not very spooky, but Lunch just blew me away.

Snap Observation: MySpace & Facebook

October 31, 2007 By: Andre Category: Identity

Myspace = an artistic whiteboard for personal expression
Facebook = a utility for staying updated on what your friends are up to

For the first time, I think I’m starting to get ‘social networking’, and Facebook is much closer to a useful tool for me. I also find it curious how one of the best features of Facebook is really a derivative of ‘presence’, or an ability for people to project what they’re doing and where they are.


October 29, 2007 By: Andre Category: Identity

Apparently, as Steve Donovan tells me, dyslexia is indeed a treatable disease, which is a good thing, as we got spanked. I owe a lot of people steak dinners, and will be serving them up with my new Red Sox colors here very soon.

SAML SSO for Google Apps

October 24, 2007 By: Andre Category: Identity

Working with Google engineers over the past few days, one of our engineers today validated the use of PingFederate for establishing SAML single sign-on into Google Apps. Using our Integrated Windows Authentication (Windows IWA) integration kit,
a user can log into Windows (to Active Directory), open their browser,
and immediately gain secure SAML access to their Google email and other
applications and documents. Below are the notes from the engineer who
validated this interoperability.


an admin account for Googleapps. In the admin account, provide Google
with the URL for its SSO service and upload your public key such that
Google can verify your SAML.responses. That the only configuration
necessary on the Googleapps account.

On the PingFederate side,
create a new connection (in our test-case, we used the PingFederate IWA
adapter) and defined the entityID and ACS URL for Google.

Below are the steps that describe how this works:

  1. User
    makes a request to reach to a Google host application. In this case I
    was trying to access to Gmail account I had, and the URL for that was
  2. Google generates a SAML authentication request.
  3. We
    receive the SAML request and then authenticate the user. Since we are
    using the IWA adapter, the user already has a valid session.
  4. We generate a SAML response that contains the authenticated user’s username and send it to Google ACS.
  5. Google’s ACS verifies the SAML response using our public key and redirects the user to the destination URL.
  6. The user has been redirected to the destination URL and is logged in to GMail.

course, you can try all of this for free, just download PingFederate,
get anactivation key, select an integration kit, and have at it. Future
tech notes and a graphic explaining what we’ve done will follow.

Go Rockies!

October 23, 2007 By: Andre Category: Identity

thanks mark

ProQuo Launched Today

October 23, 2007 By: Andre Category: Identity

The average US citizen
receives 44 lbs of junk mail every year, so creating a more efficient
way to actively manage the marketing offers you want is a strong start
to improving this broken paradigm.

I’m really pleased to announce that today, ProQuo launched. There’s a lot of history behind ProQuo that I’ll get into at a later date, but suffice it to say, the company began as a result of some brainstorming sessions we had here at Ping Identity nearly two years ago. Under the vision and guidance of Steven Gal, ProQuo’s CEO (check out his new blog BrokenID), Dean Leffingwell (a Ping board member), and with a lot of hard work by the entire ProQuo team, this new service was created to provide agency-like services for consumers, helping them make meaningful choices about how companies used their personal data, beginning with a service to manage junk mail opt-out, and marketing offers opt-in.

ProQuo let’s consumers choose which marketing they want to stop, and which they want to stay on (e.g., some people love their local coupons). And ProQuo will protect people with a revolutionary new privacy policy that goes far beyond any company I’ve ever seen in the consumer data business.

Personally, I think there is a strong connection with this vision, and what Doc Searls has been working on with VRM, and of course, the entire thing is rooted in identity.

Check it out

Rearden Commerce wins IDDY Award with PingFederate

October 19, 2007 By: Andre Category: Identity

Rearden Commerce was the recipient of the 2007 Liberty Alliance IDDY award at Digital ID World. They won the award and was recognized for the speed with which they deployed a SAML-based single sign-on solution based on PingFederate from Ping
. Rearden Commerce’s initial deployment of Ping Identity’s
PingFederate went live on July 9, 2007 and within one month, Rearden Commerce
federated with 15 companies supporting 10-20 percent of all user sessions.
Through PingFederate,
the Rearden Commerce platform provides single sign-on capabilities via a wide
variety of industry open standards, including SAML (Security Assertion Markup
Language) 1.0, 1.1 and 2.0 protocols or the WS- Federation protocol, enabling
corporations to provide secure seamless access to their employees without any
additional user authentication.

I’d love to say that great software alone made this possible, but the reality is, Chuck Mortimore of Rearden Commerce is an exceptionally bright guy, who simply knows how to get things done.

More on Rearden Commerce

Delivered as Software as a Service (SaaS) to more than half a million
employees in more than six hundred companies, the Rearden Commerce Personal
Assistant leverages federation technology to help users find and purchase the
services they need based on their preferences and company policies. Identity
federation allows enterprises a standards-based approach to securely link and
exchange identity information across partner, supplier and customer
organizations. It effectively bridges separate security domains to provide
companies with the ability to secure their cross- boundary interactions —
removing friction, improving productivity, gaining efficiency and enabling
competitive differentiation.   

Through the use of federation technology, organizations deploying the
Rearden Commerce Personal Assistant have been rapidly achieving high levels of
user adoption. By making it easy for their employees to find and buy services
from preferred providers offering negotiated discounts, organizations typically
save 20-30 percent on the services purchased through the system.


Defrag Me

October 16, 2007 By: Andre Category: Life

One of my best friends, Eric Norlin, co-founder of Ping and Digital ID World has started a new conference, Defrag. It’s taking place in Denver early November, and he’s got quite the line-up of people attending. I can’t wait, and since I’ve already paid, he can’t accuse me of lobbyconning.

Only 4%

October 16, 2007 By: Andre Category: Identity

They installed one of those LCD screens that display a mixture of factoids and commercials in our elevators a few months back. Apparently, in a recent survey, they asked people what they thought their CEO deserved for “National Boss Day” (whatever that is). The answers, as you’d guess, were pretty funny, and only 4% surveyed thought their boss was deserving of the CEO title. Ouch.

Open Source CardSpace C Library

October 16, 2007 By: Andre Category: Identity

Ping today announced the release a new open source CardSpace Relying Party C
Library. This component will help Web developers create
applications that can accept Information Cards for single sign-on.

We partnered with Microsoft to produce these C libraries, and they are designed for generic use with any Web site or service. They are licensed under the BSD license and can be downloaded at To download a reference sample application, which demonstrates how the C Library
can be easily embedded in a PHP application, feel free to visit