A framework for identity frameworks

Well, it is an identity metasystem...

Confused about how the emerging identity standards and systems fit together and which to work with? You're not alone. There's a lot of talk – and quite a few demos – of interoperable identity systems, but how do you know how well they really fit together? That's what the ITU focus group on identity management was set up to thrash out: read what the chairman told me about the group at Dev Reg

I am fed up with phishing, with having hundredsof logins to Web sites that are some permutation of email address, my standard user ID and the two standard disposable passwords I use for logins that are worthless to me and with having to type the wretched details in when I have remembered them. I want a nice and easy, secure, visual way of identifying myself. That's one reason I like CardSpace, which is Microsoft's implementation of a technology called information cards, which is intended to bring together a range of identity technologies in an abstraction called the identity metasystem (the same way we have file systems and printer drivers). I like Open ID too, because enough developers have heard of it that they might start using it on their sites - as AOL and Digg and others just have.

Just before AOL and Digg blessed Open ID, Microsoft did too, so I talked to Kim Cameron about what it meant. A short portion of the conversation is on the Developer Register as Identity brings Microsoft and Internet 2.0 together.

But please, don't tell me things like 'I won't trust CardSpace because I don't trust IE' without A going and reading up on the security background of CardSpace 2 being prepared to tell me what you think the security problem is. Want to complain about Microsoft technology? Make sure you know as much as I do about the way this is designed (or preferably more and you can teach me something)

Mistakes in Identity: The Register

I've written a lot about developments in identity systems this year; this time I've been writing not about new features but about old problems and whether the new approaches will make a difference. It turns out that some of the old systems provide good principles. If someone changes the address on your credit card but not the address you've set with an online identity provider, the credit card company can cross-check with your preferred address - or they can just choose to trust you. The less information a company keeps, the fewer liability issues. Small pieces, widely distributed; stealing all of my identity would be like a treasure hunt. Plus, why Dale Olds from Novell thinks identity might be the wrong word to use for all of this: read on at Developer Register...
A roundup of some recent writing, not counting pieces for print that will take it a while to make it online (PC Plus) or may not be available online (Windows XP).

Another identity piece for the Developer Register, this time on an interesting project that combines Novell's directory experience with open source and the identity metasystem that Kim Cameron has been championing. I had some fun with the name too (Bandit).
Unmasking Novell's identity plans

Last week's Digital Business section of the FT had three of my pieces, all on the same page:
Finding room for photos and songs
Digital photos, MP3 and iTunes music, video clips, e-mail, downloaded bank statements. You might already have a terabyte (1,024 gigabytes) of data at home, scattered across different hard drives, DVD backups and memory cards – and you’ll have more soon.
Read more about 1TB NAS
A little (robotic) help from your friend
Ageing populations, rising healthcare costs, an increasing number of people who refuse to retire – and the robot vacuum cleaner that might help.
Read more about iRobot
Audio files: no longer too big to store nor too hard to search
We talk far more than we type. Podcasts, online video, internet radio, recordings of meetings and phone conversations – so much information today is contained in audio files. But how to index it, search it and access it?
Read more about audio searching

I expected my first piece for Tom's Hardware to be for the new UK site, where I'll be writing about home entertainment, MP3 players, media centres and other fun topics. As it happened, it was a review of the Nokia 770 Internet tablet with the new version of the OS that I collaborated on with sbisson, commissioned by the US parent site, though it's appearing on both so I'm boosting the local traffic in my link!
PDAs and smartphones can browse the Web, but small screens and poor support for JavaScript and plug-ins can make browsing a cramped and unsatisfying experience. UMPCs give you a standard browser but they're still too big (and expensive) to carry all the time. Nokia's 770 Internet tablet fits - not necessarily neatly - in the middle, in terms of size, price and features.
Read the rest.

Rather sadly, PC Advisor will not be having an Office Advisor column for me to write any more, due to some changes in the title. I shall miss writing these pieces as I've found such a lot of useful tips and tools myself, but I count Office (both Microsoft and more generally office software) as one of my key areas so I'm sure I'll carry on covering similar topics elsewher, including possibly some more specific tutorials in PC Advisor's workshop section.

Whatever happened to PGP

In March, we caught up with Jon Callas (CTO of PGP Corporation) and had a very interesting discussion about identity versus security versus authorisation vs access. Some of the most interesting things Jon had to say are preserved in a piece I've just done for The Register (http://www.theregister.co.uk/2006/05/21/pgp_update/). Did you know Skype is a big PKI? Pieces like this are ripe to plug into an identity metasystem that crosses the streams.

It's all about information overload really

Two pieces published yesterday, one in the Developer Register, the other in the FT Digital Business section, one about Higgins and the attempt to simplify the way developers work with identity, the other about the horrible state of the average inbox and what Marc Smith, Microsoft's research sociologist, thinks software should do about it.

Higgins is one of the interesting individual developments in identity that will go to make up an identity metasystem; enough small pieces and I won't have to call it Kim Cameron's idea for an identity metasystem, or designate it in any way because it will be widespread enough to really be a metasystem. Breaking identity up into little pieces tightly managed is one of those ideas it's easy to dismiss because it's a big thing; everyone has to play if it's going to work because it has to work with everything. It's like my childhood reaction to learning about communism; 'what a nice idea, it's a shame people aren't actually like that' (a hardened cynic by the age of 11). TCP and printer drivers were big ideas; one of them won because it was obviously a better solution, one because it made things easier for users and developers. (Guess which I think is which!). There are enough people and pieces and players and financial penalties coming together that we might get Identity 2.0. I'll be writing more about this for DevReg, covering Intel Research's project and what PGP is up to these days.

SNARF is one of those nifty tools that can dig you out of a hole (I'll point it at the email I skimmed whilst travelling in case I missed anything crucial) but it's only a prototype done to find out what people need. The nice thing about that is that if baby steps are useful, bigger lessons might be another big shift. The principle I took from my AI degree was that we don’t know enough about why we work the way we do to emulate or simulate it usefully, but we do know enough to start making interfaces that make it easier to work the way we do.

Marc Smith is hugely fun to talk to and a joy to interview, because he comes out with lines like No one is giving me more heartbeats per day or more minutes; there is no Moore’s Law for humans. I am not becoming twice as intelligent and half as cheap; if anything the cost is going up and I’m slowing down."

Implementing InfoCard

My first piece for the Developer Register is online now, covering Implementing InfoCard. There have been plenty of pieces on the philosophy and the politics of InfoCard and the identity metasystem, but I wanted to concentrate on the technical and implementation details - all four will have to work for anything to succeed. MIX 06 was excellent timing because I was able to get the latest details from the InfoCard team and talk with Kim Cameron and Pault Trevithick together, explaining why InfoCard and Higgins actually complement rather than compete.



RSS Atom
Powered by LiveJournal.com
Designed by Tiffany Chow