Monday, October 31, 2005

Purisma Launches Revolutionary Solution for Custom…

The basic concept seems to be similar to that developed by SRD that IBM purchased this year. This whole section of knowlege generation through correlation whether it is through desktop content or database content is something that would be interesting to watch. And the next step that would come in is who is allowed to see the information that is found this way.
So due to privacy issue it would be really tough to use these type of products across multiple channels of the companies. Before the companies really go ahead and start doing these corelations they will really need think a lot!

IdentityBridge Provides Protocol Translation to Li…

I donot get the business model for this i.e. what is the customer base for this product? The way I have seen not many people have purchased federated SSO products and the one that have expect the vendor to provide implementation of the two competing protocol and all the associated version. Now after purchasing a federation product why would you want to buy a protocol translating product.
Need to really understand the why do I need it!!

Saturday, October 29, 2005

Expedia Ensures Customer Security

Hmmm... is this the beginning of the adoption of SAML as federation protocol by corporatate websites. It would really help everybody if it really kicked off... But I am not sure how well the identity systems of the enterprises are to be able to go to the next step of federation. Guess if the service providers build it, they will come!!

Yet Another Decentralized Identity Interoperability System

Assumptions:
  • Open
  • Identity is in URL format (guess email is not enough?)
  • easy for developer
Profiles
Browser based Authentication:
  1. The service provider contact the IDP URL to get the capability and based on the authentication protocol chosen start the authentication - Now a few things here. First of all this means that SP needs to understand all the authentication protocols i.e. be it LID, OpenID or something else. Does not make a lot of sense but fine, lets continue.
  2. SP uses the "protocol supported way" to redirects user to IP which authenticates the user
  3. Profile exchange: Well if you need to get specific data about the user you need to ask for the Identity URL like IDURL?xpath=field that is needed&lid=SP's Identity
Now only thing is why do we need to have this new "federation" protocol when we already have it in Liberty and SAML. I guess it is all about the removal of SOAP and making the protocol simple. Other than that why sitdown and redo work that people have already done? Won't it make more sense to sit with the others and get a single way to get the same thing. The Liberty has already done the work. It seems the protocol needs to be enhanced just to make the user part of the existing standards and give them control over their data during profile transfer and linking. So guess let's wait and watch.

Friday, October 28, 2005

IIW2005: Attention Data as Identity

I love the idea that I can sell my web browser's bookmarks and history. How I wish I had not deleted my browser history.
But I guess Attention Date = Identity is too far-fetched. It could be more like a profile or persona but does that uniquely identifies me? Well guess that goes to what do you mean by identifies. If the identification is a "checksum" of my data then yes but other than that it resembles more like the way a corporation would like to see me i.e. a classification system.

Analytics and Web 2.0

Based on what I have seen the Identity in Web 2.0 is about > It is owned by User instead of corporation > Since it is owned it has to be managed by user which brings up the issue of what if user donot manage it actively > it is distributed by user which means user has to look at all the fine prints on what a company that is going to accept its data will do with it. Well I am not sure how different it is compare to now!! > All the work that the identity does is owned by user. guess it is no different than now unless we can build services which can make this process more secure and thus give the law and user more faith on the identity systems. Then the next step comes in of allowing users to sell its attention/web history to the analytics??

Identity as a Service

The identity as a service makes sense just like Credit card services. I have heard business plan around them almost a year back but did not hear anything after that. May be now is the time to search them out.

Tuesday, October 18, 2005

Identity in 2.0

Some summary!!

Beyond Java

So far the way I see it the language have come one after other i.e. machine code, assembly, 3gl structured languages and scripting language being the next stop. But this has not really caught on. To me this is due to the fact that most of the people see scripting language need to replace structured languages like Java, C, etc. May be better way to look at it is to see scripting languages built over structured language where the third party or OSS base components would expose hooks to write business logic using scripting language and business processes will be a configuration (like a workflow configuration) process rather than code development process. Even then I have not been able to solve how the frontend is going to integrate with this development model.

Case Study: Furthering Role-Based Access Enterpr…

Two obeservations 1. Now case studies are mostly from University which seems to be due to company's not going on record with the products that they have implemented. 2. TNT has interesting technology and looks goods as a way to take the identity to a level where it would be easier, probably faster and cheaper if this is based on standard so that cisco routers would be able to use the information and route stuff without any compatibility issue. 3. Another thing that bothers me is the IP stack changing technology which may be found intrusive by most of the people a. It is coming from a host firewall guys and it is free while the appliance costs some money b. This technology can support multiple domains and configurations (like vpn technology) Good technology to follow till a big company buys it and integrates and tests it well making the client free (the acrobat/plugin model). .

Monday, October 17, 2005

Ringtone Purchasing Round 2

I am not sure how can the third party deliver an application or service without information about the platform from which the ring tone request was sent (if that is not provided along with cell phone number but then I am just an Identity guy not a cell phone tech expert and do not know about the standard in this field). But I am bothered by cell phone company as “big brother” who own the medium, authentication technology, and the gateway to ecommerce over an unencrypted medium which makes them a very big owner of information on user physical identity, habit, social connections (guess phone usage given you a good idea). I am sure the silos within the company itself may be keeping this information distributed but as the integration of these identity silos are completed over time think of the information they have access to (if the ecommerce through cellphone takes off). So going back to your earlier article, this is probably the biggest difference between Apple iTunes and ring tone purchase model. In case of iTunes, the Apple is not in a good position to collect this kind of data and the transactions can not be correlated while in case of Cellphone the company can become quickly very powerful and start selling user’s habits and social contact info (without providing their personal information) to ring tone providers to allow them to better customize the ads etc on per-user basis. Is it good or bad will probably depend on what that information is used for!

Friday, October 14, 2005

Ringtone Purchases vs Legal Music Downloads

The basic difference between the two approach is that of Federation. Interesting thing to look at with regards to how future federations would work. An important issue that it brings out is that I would really want to understand how that mobile charging works (in terms of privacy and transaction). Does this system makes the identity provider i.e. your cell phone the single point that can use and sell your buying habits to the highest bidder (or all the bidders).

Bank hits back at phishing with security trial

Guess they never read this . But at the same time a start! Still the idea of transaction authentication is better than person authentication. A good food for thought w.r.t. my ideas around identity.

Jabber HTTP Authentication Protocol

Living in the Browser world we tend to forget that there is a big issue around cross-client federation. More on this later.

Tuesday, October 11, 2005

Experts give identity management advice

Points raised
  1. Process and System Integration are challenges
  2. "Identity Management is viewed to be responsibility of employees in charge of physical security" This is totally against all my experience in financial industry where the identity management is typically part of the Risk Management group and that co-ordinates with physical and HR to develop and implement identity management solutions. But at the same time HR is the golden data source in most of the place.
  3. "Get the background check process right" which is typically performed by HR during on-boarding process.
  4. "One ID across the organization" mostly a dream every body wants but nobody has (but there are instances where organization have been able to achieve it atleast for employees though not for customers.
  5. "Biometric is the key to solve duplication" but biometric can not be converted into identifier. It is used as authentication data but not as identifier.