Identity, Security & Me

Its the end of an era!

I have been at Enline plc for nearly 10 years now (must be nearly a record), working predominantly in a consulting role at a number of different levels from implementation through to architecture. During that time I have seen a lot of changes within the company as well as number of changes for me personally. However, I have now decided that it is time to move on and take the next big step on that career ladder.

Therefore, as a result, I have accepted a position as a Senior Technical Strategy Consultant with Cap Gemini and will be starting with them mid-September. My role will still be in the Identity Management space with an initial focus on Federation working as a Federated Identity Architect. I see this as a very positive move for me and one that I think I will find challenging but at the same time rewarding.

As far as Enline goes, I have nothing but respect for the people who work there and show the dedication and commitment required to make a small company as successfully in a competitive market as Enline has been for over 20 years and continues to be. I have had the opportunity to work with some very skilled and talented people who have taught me a lot, not just professionally but also personally. I have made some great friends at Enline who I will stay in touch with.

I wish Enline every success for the future in the same way that they have done for me.

Meanwhile, I look forward to seeing what challenges and opportunities my new role presents in the coming months.

Jason Kolb has posted the fourth part of his series on “Reinventing the Internet”. I have blogged about two of his previous three posts here and here.

I don’t know where Jason gets his inspiration but I continue to be impressed.

However, there are a couple of queries I have about his most recent flash of genius.

Firstly, he talks about how applications will no longer work in the traditional sense:

“Thus, instead of a user registering to use an application as it
typically done with Web applications these days, we need to turn this
concept around and the application now needs to register with the user.”

My question around this would be how the application would deal with users’ permissions. If I own my private server and therefore my own online Identity, are the only claims that I hold on the server self-asserted ones? Therefore, when I launch and application, how does it know what permissions to give me in the application? Is this just based on the self-asserted claims that I make? Alternatively, does Jason envisage this private server plugging into something like CardSpace so that I could use third-party verified claims instead of just my own when accessing external applications.

Furthermore, Jason talks about the uses of the private server:

“The user can use it to administer their public Web presence, send and
receive messages, launch applications, and a bunch of other fun stuff
which I’ll talk about another time.”

I wonder if the launching of applications could be done by using something like Heartbeat-ID that I have talked about previously? Is this the sort of way Jason was thinking about launching and running applications or has he not gone to that level of detail yet. Plus, it does rely on Heartbeat-ID open-sourcing their software used to launch applications.

Jason has clearly thought through his idea well and I can’t wait to see a working prototype put out to the wider Identity community for comments, feedback and input.

Jason Kolb has blogged the third part of his idea of how to give an online identity to the masses and what they can do with it. This extends his previous postings (here and here) which I commented on here.

I find this whole concept of his very interesting indeed. What he seems to be doing is taking the existing URI based Identity services (e.g. OpenID, LID etc) and extending them so that, in his words:

“As cool and ingenious as technology like OpenID
is, it’s really a band-aid of sorts to fix the fact that people’s data
doesn’t currently live at their own domain.  When everyone owns their
own domain (the how of which I posted about in part two), the problem just goes away.”

According to his post, Jason has started working on getting the software for the sites needed up and running. I will be following this with great interest to see where it goes. On the face of it, his idea seems very solid and looks to only extend the hard work that Netmesh and other people have put into protocols like OpenID and take it to the next level.

After moving my blog to its new location, I have started to look at how I can customise it and add functionality.

As an advocate of Identity Management and user-centric identity, I thought it only fitting that I add OpenID support as my first plugin. As a result, you will now find that in order to leave a comment on my blog you can either:

1) Register as normal
2) Use your OpenID.

This plugin is courtesy of Snaky and can be found here.

Defining Application-Centric IdM

Whilst catching up with everyones feeds after my recent holiday, I came across this post by Nishant Kaushik of Oracle about Application-Centric IdM and its definition.

During his post he states:

“The idea is that instead of each application having to build these
infrastructures as part of their functionality, they can just avail of
them as ready made, standards-based services. Application-centric IdM
moves away from the traditional system management style of IdM,
focusing instead on the creation of an IdM infrastructure that
customers deploy to expose these services for their applications to
plug into their own business processes. It makes identity (and
security) an integral, yet abstracted part of the development process.”

I’m not sure I fully understand the difference between what he is describing as Application-Centric IdM and Enterprise IdM as we have known it for some time.

He seems to be saying that you abstract the IdM and security requirements of the application out into a separate, open standards based layer and then use this from within your application. To me, this is what your access management application (a la SiteMinder, CoreID, Tivoli Access Manager etc) have been doing for years and what each of these vendors have further developed (mainly through acquisition) to encompass IdM as well (a la Identity Manager (CA), Identity Manager (Sun), Tivoli Identity Manager etc). Do these vendors not already provide the functionality that Nishant is referring to in this new term of Application-Centric IdM. Through the use of provisioning, it is already possible to manage application permissions from an abstracted and centralized platform.

I may have missed the point of Nishant’s post. If so, please feel free to correct me but at the moment I aren’t sure why there seems to be this new term for something that has been around for some time.

Gloria Gaynor and Security

Saw this great post by Emergent Chaos. It seems Gloria Gaynor now does security!

Excellent

Jason Kolb has recently been discussing here how the internet is forming an integral part of our lives. He further goes on to describe (here) his quite ingenious plan for giving out domain names to the masses. Not top-level domains as current internet savvy people have, but sub-domains that the ordinary “Joe Public” can have. As Jason states:

“Obviously, it’s not feasible to expect the general public to pay $7.99
a year for something as abstract as a domain name.  The only way to
really make this happen, I realized, is to give them away.  However,
it’s not realistic to think that there’s any possible way to buy
everyone on earth a domain name.  The registration fees alone would
just be massive.  However, you can give away sub-domain names, for absolutely nothing.”

What a great idea Jason! I can’t believe that no-one has thought of this before but it does appear that you are the first.

Not only does this make sense to allow more people to gain their own “online presence” but also removes the problem of finding unique top-level domain names. I know this too well already. Recently, I have jumped on the domain name ownership list by deciding to host my own online presence. When I went looking for a domain name to use I tried to two obvious ones (well obvious to me):

www.toal.com
www.paultoal.com

Both were already registered. Therefore, as you will see if you are reading this, I ended up opting for

www.pdtoal.com

What Jason is doing is minimising this problem. However, how long before I can’t register paultoal.atmy.name or pdtoal.myidentity.name because someone else has got them

I’m back!!

After 4 days in Amsterdam I have returned. What a great place. Both Natalya and I really enjoyed our time there. As usual, we tried to cram loads of stuff in to a very tightly packed 4 days. I can safely say that we managed it. Without boring you too much with all the details, below are some of the main places we visited and things we did together with details of what I thought of them. If you want to see my photos, then click here.

By the way, many thanks to the people who emailed me with suggestions for things to do during my visit to the capital of The Netherlands (see my previous post).

Anne Frank’s House (more info)
We did this on the first day and I was extremely impressed with it. However, it was a little bit spooky walking round the actual house that Anne and her family were hidden in during WWII and thinking about what they must have gone through.
Verdict: 9/10 - A definite recommendation

Van Gogh Museum (more info)
I must admit that I aren’t a great art lover at the best of times but thought I couldn’t come to Amsterdam without trying to appreciate some of the many art exhibitions. Whilst I found the first couple of floors of paintings quite interesting, my interest started to slip by the third floor and the currently touring japanese exhibition.
Verdict: 7/10 - I’m sure an art buff would love it

Boom Chicago (more info)
We booked this before we went through Expedia. From the write-up it looked like the TV show “Whose Line is it Anyway”, i.e. improvised comedy. The show was preceded by a three course meal and cocktails (optional) and then two hours of side-splitting humour. I was in tears half of the time, I found the show so funny.
Verdict: 10/10 - The highlight of the holiday. A must-see!!

Half Day Trip to Delft Pottery (more info), The Hague (more info) and Madurodam (more info)
After sitting on the bus for an hour we had a quick 30 minute look around a hand-made pottery factory (the factory itself wasn’t hand-made, just the pottery :-). We then sat on the bus for another eternity whilst been shown a panoramic tour of “The Hague”. We got to see all sorts of important buildings. However, we didn’t leave the coach. We then finished off at Madurodam, the miniature village. This was the best part of the tour although we only got 1 hour here so it was a quick jog around, much to the digust of Natalya who wanted to spend at least 2 hours here. However, the village itself was very interesting with the level of detail amazing.
Verdict: 7/10 - Should have had more time at Madurodam

Heineken Experience (more info)
This was an exhibition situated in the ex-factory of Heineken. It was extremely interesting and most of the exhibits etc were actually within parts of the factory. For example, some of the exhibits were inside the aluminium tanks that they used to leave the beer to stand for several weeks. The museum was helped along by the 3 free drinks you got as part of the admission price. Surprisingly, to drink you could have Heineken, Heineken or more Heineken (although they did do soft drinks for the softies!).
Verdict: 9/10 - Well worth seeing

Canal Boat Cruise
Well what can I say about this. I think this is almost a mandatory tour for all tourists to Amsterdam. You sit in a boat for an hour and get driven around the canals with interesting architecture being pointed out.
Verdict: 8/10 - A nice sit down Overall Verdict: I would definately visit Amsterdam again. It was interesting, clean, easy to get around and there was plenty to do and see. Also, it is close enough that you could fly out for a couple of days and not feel you have spent all your time travelling. Now that I am back, I have plenty of catching up to do regarding the identity and security world. I’m sure there will be more posts on that soon.

Now that I am back, I have plenty of catching up to do regarding the identity and security world. I’m sure there will be more posts on that soon.

Next week Natalya (my wife) and I will be going to Amsterdam for a few days without the kids (I’ll miss them but similarly can’t wait).

Neither of us have been there before so don’t know the best places to go. I know I can look on the gazillion web sites out there but was hoping for some personal recommendations based on peoples’ first hand experiences.

So, if you have been to Amsterdam and can recommend:

• Places to eat
• Places to go that are not the typical tourist haunts
• Things that are a must to do
• Best ways to get around

then please get in touch and leave me a comment.

We already have a couple of things arranged so will have about two days spare.

Thanks in anticipation!

A recent post by Rohan Pinto here, made me think of a comment my 5 year old daughter came up with at the weekend.

Whilst driving along we passed a house which had concrete covering the bricks. The concrete was painted a rather horrible bright blue colour. My daughter enquired:

“Daddy, how does a house made of paint stay up?”

You can’t fault her observation and logic!!