Thursday, December 29, 2005

poem Clock


Still from "Cessation":
Jean-Luc's frame-by-frame

of teeth entering

holes with precisely
enough clockwise turn

to advance the film
one solitary

tick and tension in
a tough medium

to click this reel of
frozen times forward.

Wednesday, December 14, 2005

fyi Cyber Security Group Flunks Washington


Pointer to article:

Kobielus kommentary:
Wonderful—-a relatively non-partisan issue that I can use to bash Bush, to illustrate his cluelessness on cybersecurity issues. Does anybody seriously think, if Al Gore were elected in 2000, that he would have paid as little attention to cybersecurity as this Republican administration has? He wouldn’t have used 9/11 (and it would have happened under either party’s watch) and its aftermath (and we would have invaded Afghanistan, though probably not Iraq, under a Dem administration) as a convenient excuse to ignore every national security issue that didn’t involve wasteful militarization and irresponsible troop deployments.

Whew—-got that out of my system. To be fair to the current administration, even if the Dems were in power now, cybersecurity (as a national security issue) would be a neverending circus. It’s already a lightning rod for political grandstanding, sensationalism, paranoia. Remember the good old McCarthy days when Commies were everywhere? That’s nothing compared with the identity thieves, virus spreaders, DDoS starters, spam blasters, spyware snoops, and other betes noirs that pervade this new threatscape. Many of the baddies are inhuman, literally (bots), or are human to the extremely limited extent that an untraceable physical finger clicked on an untraceable physical mouse button at some point in the past and triggered a chain reaction that still mushrooms around us.

Name me a politician—or even a single IT industry visionary—who has crafted a comprehensive enough plan for national or global cybersecurity? I mean, a plan, program, or set of governance principles that can effectively frame collective responses to all of the cyberthreat vectors now and in the unforeseeable future? Of course you can’t.

There’s no governance structure that can past this test. Everybody would flunk. Cybersecurity gores all.


P.S. Speaking of Washington, we recovered our car last night, which was stolen last Wednesday. Was abandoned on a residential street in the southeast quadrant of the Nation's Capital. Thank you Officer Sanders, and your partner who let us use her cellphone (Nextel's signal was fine and strong), and the lady who gave Egidia tea and a warm place to hang while we were waiting to have the scene "processed" by the authorities and to restart the vehicle. The thieves did considerable damage. I doubt we'll catch them, but I do have surveillance photos of them stealing it from the parking lot of my wife's place of employment. They apparently live near where they abandoned the vehicle, because there's no nearby Metro stop or main thoroughfare nearby to facilitate a quick escape. They seemed to bolt from the vehicle in hurry, having left it running (draining gas and battery), and leaving their break-in tool. At least those are my hunches on how to identity/target/trackdown these mofos. But I'm no Columbo. Good thing we leave nothing of value in our vehicles. No sensitive identity data. A car, which many people use as a lockbox, is a potential goldmine of identity data. I will throw out the open box of Cheez-Its they left behind, though.

Tuesday, December 13, 2005

fyi GAO finds 2.3M domain names registered with false data


Pointer to article:,10801,106935,00.html?source=NLT_WK&nid=106935

Kobielus kommentary:
I’d call this Internet governance issue number one: at least one out of 10 domains is registered with false contact info.

From an Internet security standpoint, so much depends on the authenticity and accuracy of domain contact info within the Whois database: prosecuting online fraud, tracking malware, canning spam, warding off DDoS, identifying intellectual property violations, and so forth.

I’m shocked that the Working Group for Internet Governance only mentions the Whois database once in its recent 285-page tome on the topic, and only with reference to protecting the privacy of domain owners. ICANN, for its part, clearly hasn’t lit a fire under registrars to investigate, vet, and proof domain owners to a greater degree before registering their domains.

No matter who governs the Internet—ICANN or some body under UN auspices—we can’t rely on a domain registry that’s not authoritative. We can’t have rogue, spoofed, façade domains. They are number one threat to everybody’s trust in the integrity of the entire Internet governance structure. They are obvious harbors for criminal activity.


Friday, December 09, 2005

fyi Wikipedia Tightens Rules For Posting


Pointer to article:

Kobielus kommentary:
And you thought I was being melodramatic when I said reputation is a creepy concept.

Quoting the referenced article: “Wikipedia, the open online encyclopedia that's written and monitored by volunteers, has changed its rules for submitting articles after a posting incorrectly linked the assassination of Robert F. Kennedy to a former administrative assistant. A May 26 posting on John Seigenthaler Sr., an assistant to the attorney general in the early 1960s, said Seigenthaler was ‘thought to have been directly involved in the Kennedy assassinations of both (President) John (F. Kennedy), and his brother, Bobby.’ Although Wikipedia founder Jimmy Wales has said that erroneous submissions are usually corrected within minutes, the Seigenthaler "biography" stayed on the site for 132 days before it was corrected. In addition, the "scurrilous text" appeared on search engines and, Seigenthaler said in a Nov. 29 editorial in USA Today. ‘I have no idea whose sick mind conceived the false, malicious “biography” that appeared under my name for 132 days on Wikipedia, the popular, online, free encyclopedia whose authors are unknown and virtually untraceable,’ Seigenthaler said.”

Now, read again my earlier statement on reputation: “Reputation feels anti-governance, hence unfair. It feels oppressive. It’s the collective mass of received opinion, good and ill, weighing down on a particular identity. It feels like a court where the judge, jury, prosecuting attorney, jailer, and lord high executioner are phantoms, never showing their faces, but making their collective force felt at every turn. It feels like outer appearances, not inner character, ruling our lives….Who, if anyone, are the "reputation authorities"? What, if anything, is a "reputation assertion"? How can we--the identified reputed parties--have any assurance that our reputation isn't determined by the collective malice of bad people who mean to distort and destroy us? How can we be sure that a balanced, fair evaluation of our reputation rises above the din and confusion? Who/what, if anything, is our public reputation (PR) agent/advocate in a world of free-floating ungovernable reputation?”

Not all of us have access to the editorial pages of USA Today to defend our good names. So, if the bad people propagate lies about us through Wikipedia, even for the short time necessary to ruin our reputations, what countermeasures do we have of equal or greater force to restore ourselves, and to hunt down those who’ve destroyed us?

Wikipedia needs strong authentication on all postings. And living people who are mentioned in Wikipedia entries need to be notified immediately upon publication, so that they can immediately correct the errors.

Of course, who’s to say who’s telling the truth about somebody: The original author, the aggrieved subject, or neither of them? How often will Wikipedia’s editors get caught in a tug of war? How reliable can Wikipedia’s entries be, under such circumstances?

Wikipedia’s reputation is what’s being damaged by all this.


Wednesday, December 07, 2005

personal Year gone by


One weird stressful year, since late last. Among other things, car towed once (a year ago) and stolen (today). Lost a job, then found another. Aged beyond my eldest long-departed parent. Aged enough to see my eldest child attain majority. Saw my eldest sibling get married. Worked insanely hard. Published, didn't perish. Built some new skills. Kept my weight down in the optimal. Firmed up some muscles. Accomplished a great deal, but just absolutely bone-tired. Weathered more rejection and dejection than I can normally stomach. Been a year and a half since took a real vacation. Closed out "Pieces of Fate," and started a blog. Regained my pride. Made some connections and confessions. Asserted and expressed myself. Took no guff. GMMFM, MF. Lost some hair. Gained no stature, or some, no sure. Improved my posture. Kept on developing my thinking along as many modalities as I could stand, and then some. Rolled with the arbitrariness of it all. Regulated my regularities. Consumed my coffee and my KEXP. Passed the pretty without comment. Passed the mirror of recognition time and again. Passed my 20th year in my chosen/fated career. Passed a lot of ancient tension and peculiarity out of my system. Older now, thinner, taut, not necessarily wise. I’ll leave it at that. Chat with me now and then. Don’t be a stranger. Be a friend. Do the human thing. Come calling.


Tuesday, December 06, 2005

fyi What is Web 2.0?


Pointer to article:

Kobielus kommentary:
John Hagel provides the right balance of openness and skepticism in his commentary on this topic. One quibble I have is with his use of the term “meme.” I can’t stand this neologism and its faux-analogy with genetics. Whatever happened to “trend,” “pattern,” “theme,” or “motif”? Hmmm…if we can agree to define “meme” as a portmanteau of “motif” and “theme,” then I’ll graciously come down from my high horse and agree to accept it into my personal lexicon. Or at least make my peace with it.

But more substantively, Hagel provides the right balance between induction and deduction in his approach to “Web 2.0” as a trendy (meme-y?) topic.

On the inductive side of the fulcrum, he calls attention to the O’Reilly Media folks who coined the term and primarily discuss it in the form of a tired/wired hip list of then vs. now Web hot topics: “There’s no denying that the meme has taken hold, having been developed only about 18 months ago by Dale Dougherty of O’Reilly Media. Unfortunately, as the Wikipedia entry on Web 2.0 reports, Dale never really defined the term, using examples rather than a definition to communicate its meaning: "DoubleClick was Web 1.0; Google AdSense is Web 2.0. Ofoto is Web 1.0; Flickr is Web 2.0."

On the deductive side, Hagel attempts to divine the underlying trends that distinguish “then” (the Internet/Web in the 90s) from now. He defines “Web 2.0” as “an emerging network-centric platform to support distributed collaborative and cumulative creation by its users.” He deconstructs his definition into its constituent concepts and defines each in context of emerging patterns/trends/etc. All of it a good high-level discussion.

My problem with all of this is that “Web 2.0” is so wrongheaded a term that it undermines his and others’ discussions of what’s really going on.

First off, the “Web” is just one of many Internet environments that’s evolving, and it’s distracting to lump blogs/RSS/syndication, SIP/VoIP/IMS, mobility/WiFi, SOA/XML/SOAP/Web services, messaging/collaboration, identity federation, and other important trends under this umbrella. Tim Berners-Lee was an important figure in the evolution of all this, but it doesn’t all spring from or bear the DNA of this particular Dr. Zeus.

Secondly, the “2.0” faux-version-number is ridiculous. The distributed Internet business/tech/cultural environment is evolving continuously on so many levels that it’s absurd to conceptualize it in terms of versions, or to even hint that versions are relevant anymore in this versionless new world.

Rather than fixate on the dumb “Web 2.0” term, let’s revisit Hagel’s definition of the underlying phenomenon: “an emerging network-centric platform to support distributed collaborative and cumulative creation by its users.” This is a good and valid statement of the dominant trend, though not quite as tight as it could be.

I suggest “a continuously self-reinventing environment.” That gets to the heart of Hagel’s definition, syncs with the genesis of the Internet as a research network continuously reinventing itself, and encompasses what others are trying to suggest with their diverse then-vs-now “Web 2.0” hiplists. In fact, the hiplists themselves are the fundamental reality: when we’re all reinventing everything in our environment all the time, the most effective way of getting your head around it all is to do period “round-ups” of then-vs-now tired/wired lists. These lists mark off important milestones in the everchanging environmental landscape.

Just as critics will soon be publishing their year-end 2005 tired/wired lists for movies, TV, lifestyles, etc.

Just as cultural commentators have long used decades as a convenient grouping mechanism (50s vs 60s vs 70s vs 80s etc) to chart long-running trends.

And just as Western society has long grouped historical developments into “modern” vs. “ancient” or “traditional.” Modern this and that. It’s all just a way of declaring what you consider hip with the contemporary world and want to see serve as a basis for future development. Recognizing of course that the world is fundamentally versionless.

Walk down any street in any city and see the mix of old and new architectural styles. The modern world doesn’t bulldoze the past out of the development equation.

There are no virgin or versioned worlds. There’s no World 2.0--just World 2005, followed by World 2006 and so on and so forth.


Thursday, December 01, 2005

fyi Mail order selective disclosure of organizational role


Pointer to blogpost:

Kobielus kommentary:
Mark Wahl’s commentary is an excellent discussion of assurance in identity management. It touches on a particular type of assurance: the confidence we place in human beings’ apparent intentions, their competency, their honesty, and so forth. Their apparent halos. Their personal assurance.

Wahl notes that we tend to trust strangers more if those individuals have all the external appearances—such as clothing, glib talk, personalities, and racial/ethnic backgrounds—associated with roles, or peoples, or stations in life, that we trust. The more of those external appearances that fit into our comfort zone, the more vulnerable we are to being duped by the occasional wolf in sheep’s clothing:

• The highway robber in a cop uniform.
• “Frank Abagnale Jr, subject of the movie Catch Me If You Can, improved the effectiveness of his check fraud scam by wearing an airline pilot's uniform, pilots being regarded as ‘generally credible and respected professionals’ and so be less likely to be cashing bad checks.”
• The suits we encounter in daily life who convince us to part with our life savings, or waste a big chunk of it on some unique, useless pile of sh*t that only their company provides, and only for a limited time, and only to special customers like yourself and your lovely wife, who obviously have the intelligence and sophistication and experience with such things to recognize and truly appreciate blah blah blah……..

In other words, the social-engineering attack. The con. In one of my recent blogposts, I analyzed the notion of “reputation,” construing it as a type of personal assurance in identity management. “In the IdM context, reputation is more of an assurance or trust level—an evaluation of the extent to which someone is worthwhile to know and associate with.”

In our respective blogposts, Wahl and I were approaching the subject of personal assurance from slightly different angles. He was focusing on the assurance we place in people that we know next to nothing about, other than the fact that they look and act trustworthy—wear the suit, talk the talk, etc. By contrast, I was looking at the assurance we place in individuals about whom we think we know tons, because we have access to what we regard as reliable hearsay/gossip, which tells us that so and so is a good or bad person, an acceptable or excessive risk, etc. He was focusing on the cultural stereotypes that drive our snap judgments of personal reliability, and I was focusing on the cultural grapevine that further confirms or informs those judgments.

This got me to thinking of something I was discussing with an old acquaintance the other day. This person—his name is a common cognate of my grandfather’s Christian name—asked if I would be interested in authoring an article on the possibility of “profiling” IT personnel to measure the extent to which they posed an “insider threat”: someone who was likely to betray their employer’s trust by stealing, compromising, or damaging data, software, hardware, and other IT assets. We just engaged in general brainstorming, but didn’t agree to anything in particular. I offered a few observations, and told him that he’s free to use anything I suggested, if he wished. I assume he’s reading this blog now, and recognizes himself. He’s still welcome to take the ball and run with it.

It just occurred to me that this “insider threat profiling” topic is an application of personal assurance. Before I launch into my further thoughts, I need to come back to Wahl’s post—in particular, the following excerpt:

• “In science fiction author Philip K. Dick's novel A Scanner Darkly, the character Fred, an undercover narcotics agent, would wear a ‘scramble suit’ all the time that he was not undercover. This suit protect's the wearers identity by preventing visual identification: it would encase the wearer and project onto itself random images derived from 1.5 million possible elements of human representations: ‘As the computer looped through its banks, it projected every conceivable eye color, hair color, shape and type of nose, formation of teeth, configuration of facial bone structure--the entire shroudlike membrane took on whatever physical characteristics were projected at any nanosecond, and then switched to the next.... the wearer of a scramble suit was Everyman and in every combination (up to combinations of a million and a half sub-bits) during the course of each hour. Hence, any description of him--or her--was meaningless.’”

Hmmm…someone’s external appearance/demeanor is like a suit that they put on (consciously or otherwise), and that others use as a primary input in assessing personal reliability and integrity. Which reminds me of a teeny-tiny poem I dashed off a few years ago:

• “TAKE SHAPE//we button nerves/and join the fray/a suit's a shape/we wear all day”

We hire people and invest them with responsibilities for many reasons. One of the big reasons is that they wear a trustworthy “suit” that seems right for the role to which we plan to assign them. We’ve all heard of, and occasionally worked with, the “empty suit.” How do we submit the “suit” to a multidimensional “profiling” that allows us to fathom the depth—and angel-to-devil ratio--of the person within? Given that human beings are so complex, creative, and unpredictable, how can we even pretend to know how anybody will behave under all possible future scenarios, and whether they’ll succumb now and then to the temptation to betray their employer in order to pad their own pockets? Or just to wreak havoc for the hell of it?

The cop-out answer is to say we can’t possibly assess other people’s trustworthiness and potential for mischief. But every one of us does it all the time with everybody we know, including our closest family and friends. We do it with bosses, co-workers, customers, and business partners as well. We all rely on intuition: some of us have particularly sharp intuitions, while others are hopelessly naïve and credulous.

How can we assess the trustworthiness of IT staff? These are people in whom you’ve invested responsibility for managing your company’s most critical data, applications, systems, networks, and business processes. Identity management (IdM) systems, in particular, are the most sensitive IT assets, because they drive authentication, authorization, encryption, auditing, and other critical security services that span most applications. How much assurance can you truly place in your IdM, PKI, and trust infrastructure if you have no trust in the people who manage it?

Which brings me back to the notion of personal assurance and profiling of IT staff. Personal assurance is not something you can measure in the abstract. Temptation can bring out the worst in any person. And aren’t the temptations available to IT staff just deliciously juicy? Those temptations become ever more acute as IT personnel realize that they are the high priests and priestesses of sensitive corporate apps and systems that few others understand, and as IT people realize they can easily cover up their misdeed and erase or efface any audit trails.

To the extent that you attempt to profile individuals for their potential to pose insider threats, you must consider the interplay between character and circumstance. Who is this complex individual? And what roles are they performing with respect to places, processes, and platforms in your organization?

Who is this individual? That’s the “character” issue, and you can begin to measure character in terms of some broad personal attributes: background (i.e, resume, transcripts, etc.), aptitudes (i.e, skills, certifications, tests, inclinations, dispositions, etc.), recommendations (i.e., reputation, hearsay, references), and record (i.e., actual documented performance as attested by reliable others, not by the individual themselves).

What roles are they performing? That’s the “circumstance” issue. You can measure circumstance, hence opportunity for mischief, by looking at how much power you’ve given them—or are contemplating giving them-- over your IT environment. Absolute power corrupts absolutely.

If you have exactly one IT person who does everything, you’ve created an opportunity for absolute abuse. How much assurance do you have in that one person’s character, however measured? If they’re the only IT “insider,” and you’ve tasked no other “insider” to serve as a check/balance/whistleblower, you’ve invested that one person with absolute assurance.

Which I’m assuming they’ve earned. They’re a familiar face and name, not some anonymous schmoe you recently hired off the street without checking their references, background, criminal record, etc.



Tuesday, November 29, 2005

fyi Above the Cloud: Clients virtualize beyond recognition


Pointer to article:

James Kobielus, Network World, 11/28/05:

Client virtualization is an underlying theme in many recent industry announcements.

In virtualization, the external interface of every service becomes unmoored from its implementation in particular physical platforms, operating systems, application frameworks and software components. Essentially, a client becomes virtualized when its GUI grows abstracted from the resources of the local access device, be it a PC, handheld or other computer. The virtualized client may rely on both local and remote network resources to render its interface, furnish its processing power, store its data, route its print jobs and handle other core client functions. Users remain blissfully unaware of what blend of distributed resources is actually driving their presentation experience.

Vendors are avidly exploring ways to virtualize client environments. Take Microsoft Windows Vista, for example. In the long, tortured ramp-up to the release of this client operating system, Microsoft has removed most of the new functional components - including security and file-system enhancements - that were supposed to make Vista worth waiting for. What's primarily left is a client virtualization technology called Windows Presentation Foundation (WPF), which allows the Windows GUI to be dynamically rendered, tailored and customized by applications, in keeping with a declarative markup syntax called Extensible Application Markup Language (XAML). Essentially, WPF/XAML enables a virtualized separation of the Windows presentation interface from the underlying application code.

Microsoft has even decoupled WPF/XAML from Vista, taking the Windows platform another step down the road to total virtualization. WPF/XAML - and all Vista features - also will be made available as retrofits for legacy Windows operating systems, including XP and Server 2003. Essentially, this new technology will become the virtualized presentation layer to all Windows versions.

There's even more to Microsoft's client virtualization story. Earlier this month, Microsoft announced its Windows Live strategy, under which operating system and application features will be provided as hosted software as a service. Essentially, Live is aimed at making free Microsoft-hosted services - such as e-mail, instant messaging, search, file sharing, VoIP, software delivery and RSS aggregation - integral to Microsoft's not-free client software. When the client operating system goes "live," per Microsoft's strategy, it blurs the practical boundary between those functions the client performs from local resources and those it relies on the service fabric to accomplish.

But let's not give Microsoft all the credit for the trend toward client virtualization. Enriched browsers of all varieties - including Macromedia Flash and other vendors' plug-ins - are blurring the practical distinction between clients and servers even further. Enriched browsers such as those supporting Asynchronous JavaScript + XML (AJAX) deliver a more GUI-like user experience than a basic browser. AJAX-capable browsers, such as Internet Explorer and Firefox, shift the presentation emphasis away from downloading individual Web pages toward navigating within richer, structured, client-side content caches. The enriched browser can execute more application logic, cache more content and perform more rendering locally than a basic browser. And it offloads some or all of these functions from portals, Web sites and other presentation servers.

The offloading can go both ways, of course: Most of the processing power of PCs can be centralized into server chassis, per the network PC approach first introduced in the late 1990s. A new twist on that approach - the blade PC - is the most important development in desktop management in many years. Blades from pioneers HP, ClearCube and IBM virtualize desktop resources into manageable slices of a server's centralized resources, transforming the innards of each PC into a blade that can be installed in a server chassis. The user relies on a thin-client windowing protocol such as Citrix's Independent Computing Architecture to interface remotely to what is, essentially, a full-featured dedicated PC.

Clearly, virtualization is transforming client-side computing beyond all recognition. The presentation tier is blurring into the application-server, middleware and networking infrastructures.

fyi Dutch Firm Wants End of Dot Com


Pointer to article:

Kobielus kommentary:

These alternative-root DNS registrars feel like the future of the Internet. Think of the possibilities. Create your own TLDs, register them with Google, and you’re in business. Assuming, of course, that anybody would use a Google-provided TLD search service. Which, if Google ever offers such a service, I assume everybody will. Or if not Google, whatever constellation of federated search engines eventually replaces Google. And somebody or thing will replace Google, believe it or not. De jure regulated TLDs are so yesteryear. ICANN? Everybody can, if they want to. Alternative-root registrars? Everybody will have the power to be their own root, or registrar, if they get visibility in search services. The world doesn’t want to kowtow to the US on domains. Nor to any other centralized registry, or static oligarchy of registrars. Mesh registries. Dynamic search, binding, and domain routing. A self-describing, discovering, configuring Internet on the most basic level.


Monday, November 28, 2005

imho risk analysis when an identifier is lost


Pointer to article: A

Kobelius kommentarius:
Thanks for the blogfodder. Now for responses to your particular queries:

• IdM and cellphones: Cellphones bring device identity—in particular, the IMSI--into the IdM mix. 1992—the year GSM got going—was the pivotal year.
• IdM and webservices: Web services—in particular, the URL—have made all the world’s resources directly addressable, or potentially so. 1995 was the inflection year. It was the year of the Web, of the URL, of the beginning of the all-points-addressable world economy/society.
• Why did CORBA fail: Not a clue. Perhaps because it sounds like a scary snake. Or perhaps because Web services, as a middleware environment, had from the start something CORBA never did: universal adoption across all platforms. In particular, the full force of Microsoft. The foundation year was 1999, when SOAP was announced.
• Federations may be difficult in the first place: Federations are as simple or difficult as you want/need to make them. What are you federating? For what purposes? How deeply and thoroughly are you federating diverse environments? Federating involves a lot of sweat equity. Once you’ve begun to federate, de-federating is painful. The important year was 2002, when, in the context of a Burton Group Catalyst hospitality suite, I brought a dozen vendors together to demonstrate early interoperability using a limited subset of pre-standard SAML. Kudos to Don Bowen, Hal Lockhart, and everybody else who thrashed through all the low-level federation issues, from an integration standpoint.
• Business and practical realizations of this based on incentive or economic impact: Stay tuned to Liberty Alliance for federation implementation and policy guidelines. The pivotal year for them was 2003, when it became clear that the industry needed them for this role, on an ongoing basis, and they could gracefully hand off standards development to OASIS. I was delighted to play a teeny-tiny part in consulting to them in the beginning, during my Burton Group years. Kudos also to Dan Blum.

It’s risky to lose your self-identification as an analyst. That’s why the blogosphere is so invaluable. Stay the same, in the game. Stay yourself, keep your health. Weathering desertion requires self-assertion. Continuous re-insertion.

See you one of these days. I don't recall actually meeting face to face at the July event. Sorry we couldn't sync live earlier this month. Rain check, OK?


Sunday, November 27, 2005

imho retroactive (accountability) how did you get that information


Haiku: al

How did you get a particular piece of identity information on somebody else? That’s a bit like asking how a particular dollar bill with a particular serial number ended up in your wallet. Or how you came down with your latest headcold.

Retroactively, tracing the chain of custody of any fluid entity—data, currency, infectious diseases, etc--is a task for forensic investigators. And a particularly labor-intensive task at that. You only track accountability for that chain in order to assign responsibility—hence sanctions—and to break the chain of transmission from being exploited further.

Identity is currency, of course, and currency has a way of flowing across all boundaries, even when the “authorities” used their fiercest weapons to stanch the flow. I hate to be fatalistic about it, but humans are addicted to currencies of all sorts. Stubborn human addictions—money, sex, drugs, etc.—have a way of crashing all boundaries everywhere, and are quite clever at concealing their tracks. A couple of years ago, I wrote the following poem as a meditation on this phenomenon, in which the liquid transnational entity (ambition, money, semen, disease, etc.) seems to have a calculating mind all its own:


Open borders are
dominions liquid as

Common currencies
cross land to land as hands pass

The path of a sneeze
is everywhere open to


Not really a triple-haiku: 5-6-4/5-7-3/5-7-5, not 5-7-5/5-7-5/5-7-5. Rigid calculation can become robotic. Truly infectious strings change their outer markers to foil defenses.

Plagiarism is becoming a surprisingly easy offense to detect. Every original author’s body of work is marked by that author’s unique style. It’s fascinating how researchers can algorithmically detect my or anybody else’s natural writing style, in terms of sentence structure, word choice, and other recurring elements. Essentially, your body of original written work is a key element of your personal iSoR, traceable back to only you (unless you’ve been plagiarizing others wholesale since the moment you first laid hands on keyboard). To the extent that others steal whole chunks of your written oeuvre and claim it as their own, they are laying their thievery wide open to detection.

Here’s something else I wrote in the 90s that’s relevant to this meditation:


Bet we’ll strangle on strings
Enemies will seek out catchphrases
Everybody who ever banged the boilerplate
Rounded up into hit lists
Caught in crosshairs
All ten million
Pressed away.


Written in 1998, when search engines were in their infancy. Google and kin are now the number one answer to the “how did you get that information” question. They’re also the principal means through which our personal iSoRs are exposed to the world’s view.

In perpetuity.


P.S. A few hours ago I wrote/posted "imho identity privacy reputation." Now it's been scooped up by They misspelled my surname. So did Alison Statton and Spike. Some stuff I put out there not expecting anybody to notice. And folks do. By the way, is there some universal dyslexia that causes people to transpose i and e in the middle of unfamiliar words? And even in very familiar words. Wierd!

imho concentration of information


Chicago Liberty: ahs

Franconia Fraternity:
Earlier in this imho thread, I introduced the notion of an “identity system of records,” or iSoR. I introduced it in the context of how a credit bureau that has no prior B2C account relationship with a particular individual (whose identity the bureau tracks) might authenticate/authorize someone who purports to be that individual to access the individual’s system of records:

“Essentially, they authenticate you by doing a Q&A session in which you and they match your respective iSoRs. They pose a series of multiple-choice questions to you, drawn from data in your iSoR (held by them), and score your responses. These are questions that only you (the identity subject, mining your own personal iSoR which you, hopefully, have never divulged in its entirety to any other party) can be expected to answer correctly. If you answer the Q&A session perfectly—or near perfectly—the credit bureau authenticates you and authorizes you to access the iSoR that they hold on you.”

One issue I didn’t raise in this context is: What if the subject of the iSoR doesn’t have a clue about their own assets, investments, finances, and transactions? What if they haven’t kept their own centralized/consolidated iSoR? What if their iSoR is hopelessly out of date or inaccurate? What if you’ve trashed older records corresponding to those that the credit bureaus still maintain? What if you’ve kept all of these records (paper and/or electronic) but haven’t gotten around to sorting through it and documenting it concisely for your own consumption? Then you--the subject of the credit bureau’s iSoR--are likely to fail the iSoR-matching zero-knowledge Q&A test. And you will be prevented from accessing and, if necessary, correcting your own credit history.

In an ideal world, each of us would preside over our own personal IdP domain, and others—including big impersonal institutions—would bid for access to our identity data—to our iSoR. One corollary of that vision is that each of us would be the master concentration point for all identity data, current and past, that constitutes our iSoR.

But let’s get real. That’s a big burden for most people, and a supremely boring tedious activity. Personally, I’d rather be listening to than poring through mutual fund statements. Tracking our own financial profiles/histories becomes a bigger pain in the neck as you accumulate more investments and engage in a growing volume of transactions. The longer you’ve lived, the more challenging it becomes. Just imagine the burden that awaits your heirs when, upon your demise, they attempt to aggregate your overstuffed financial iSoR onto theirs.

Who can keep track of this stuff? That’s why the wealthier hire financial advisers to help them track their assets. Which is just another institution you trust to manage your iSoR. Perhaps you can also task this institution with the ongoing job of tracking and requesting corrections to copies of your iSoR that are held by other institutions.

Which institution do you trust more? How do you know when your personal iSoR manager isn’t robbing you blind? How do you know when this and other institutions are in cahoots in that endeavor?

Concentrate on your identity information. Concentrate on your finances. Concentrate on your concentrators.

Don’t let yourself get hypnotized by confidence artists.


imho identity privacy reputation


A basic holler in light and syrup: rahB

Holistic attestation:
Reputation is one of those words that creep me out. As an identity management (IdM) construct, it’s even vaguer than role (which I recently, October 20, in this blog, defined as “an identity in its full governance context”).

Reputation feels anti-governance, hence unfair. It feels oppressive. It’s the collective mass of received opinion, good and ill, weighing down on a particular identity. It feels like a court where the judge, jury, prosecuting attorney, jailer, and lord high executioner are phantoms, never showing their faces, but making their collective force felt at every turn. It feels like outer appearances, not inner character, ruling our lives.

Reputation is one part prejudice—-as in pride and prejudice—-as in the oppressive mass of received opinion that unfairly pins the victim into a mean, narrow, constrained existence—-as in always having to defend yourself against whoever whatever wherever whenever. Reputation as a collective weapon in the service of conformity and mediocrity.

Reputation is another part consequence—-as in never being able to live down or escape the past—-as in everybody everywhere keeping a collective dossier on your every activity—-as in never being able to start over with a clean slate.

Reputation isn’t an identity, credential, permission, or role. It isn’t exactly an attribute, in the same sense that, say, your birth date or hair color are attributes. And it isn't something you claim any privacy protection over--it's the exact opposite: the court of public opinion over which you have no sovereignty and little direct control.

In the IdM context, reputation is more of an assurance or trust level—an evaluation of the extent to which someone is worthwhile to know and associate with. Here’s the definition of assurance from my forthcoming essay, “Federated E-Business Assurance: the Policy-Driven Basis for Trusted Collaboration” (the essay, which I co-authored with Rob Sherwood, will be included in a book of security visionary thinking to be published by Homeland Defense Media:

“Assurance…generally refers to the degree of confidence that a relying party can have when accepting a password, certificate, token, assertion, claim, or other credential that is associated with a particular identity. Fundamentally, assurance is the confidence that someone else is reasonably safe to do business with. Assurance serves the relying party, allowing them to strongly verify the authenticity and validity of others’ identities, attributes, credentials, and assertions. It provides the relying party with the information they need to determine whether to refrain from, closely monitor, and/or repudiate online interactions in which such verification is lacking. It also gives the relying party the confidence that, if adverse consequences result from doing business with someone, the responsible parties can be pinpointed effectively so that appropriate legal, business, and other remedies can be pursued.”

Reputation is relying parties’ evaluation of our reliability, of their liabilities, and of the degree to which associating with us makes them ill at ease. Appearances are assurances, for good or ill.

Relying parties—-the ultimate policy decision and enforcement points in any interaction—-need many levels of assurance if they’re going to do business with us. They gather assertions and data from many IdM “authorities” (authentication authorities, attribute authorities, etc.) before rendering their evaluations and opening their kimonos. They—-the relying parties—-make reputation evaluations based on information fed in from trusted authorities, from their own experiences with us, from whatever reputation-relevant data they can google across the vast field of received opinion and public record.

Who, if anyone, are the "reputation authorities"? What, if anything, is a "reputation assertion"? How can we--the identified reputed parties--have any assurance that our reputation isn't determined by the collective malice of bad people who mean to distort and destroy us? How can we be sure that a balanced, fair evaluation of our reputation rises above the din and confusion? Who/what, if anything, is our public reputation (PR) agent/advocate in a world of free-floating ungovernable reputation?

This topic leaves me queasy. Reputation still comes down to appearances, no matter how you approach it. It comes down to spin. Tell the spinning to stop. I'm about to hurl.


Saturday, November 26, 2005

imho lack of global identifier


Tag: vag

On August 18 of this year, in this blog, I floated the following thought:
“DNA…is our ‘birth day credential’ (or rather, conception moment credential, but first presented publicly on our birth day). Why do we take a baby’s footprint upon birth, but not their DNA print? Why aren’t DNA prints strongly bound to a digital master of our very first identifier: our birth certificate? Absent that, how can we know for sure whether the person claiming to be Jane Doris Doe for the purpose of applying for a credit card account is in fact the person who was born with a particular DNA print and assigned that name at birth (or assigned a name that they later changed to Jane Doris Doe, perhaps upon marriage or adoption)? If we can’t strongly bind a person’s human name to their DNA at birth, and bind each new name (legally changed) to their previous legal name, always anchoring it all in their birth day credential, then assurance is never strong.”

For the DNA birth day credential (henceforth, BDC) to become a truly global identifier, we would need to put several huge projects on the road to fruition:

• Persuade the entire human race—all governments, religions, cultures, etc—to recognize the primacy of this new identifier
• Get all hospitals, doctors, midwives, and mothers everywhere to promptly take a DNA sample of every newborn (and stillborn?) that emerges from the womb
• Secure the sworn, legal testimony or affidavit of a witness, notary, or some other person who witnessed the birth and DNA sampling of each newborn, attesting for its linkage to a particular baby given a particular traditional birthname and born to a particular woman at a particular day/time/place
• Institute laboratories everywhere that process DNA samples, identify the BDC, and recommend to local birth registrars the issuance of digital birth certificates that cryptographically bind the BDC to the new child’s traditional birth name
• Check the uniqueness of each requested BDC (or, for identical twins, triplets, etc, the uniqueness of their shared BDC) prior to issuance of the BDC birth certificate(s), thereby guarding against BDC fraud
• Issue the BDC certificate, assigning each one a globally unique identifier, and signing the certificate with the birth registration authority’s unique signing key
• Post the BDC certificate to an online registry infrastructure where they can be indexed and searched
• When changes of traditional birthnames are requested, get all governments, courts, religions, etc everywhere to issue namechange certificates that associate the name change to a particular BDC and its globally unique identifier, and to digitally sign the namechange certificate with the namechange authority’s unique signing key
• Post the namechange certificate to an online registry infrastructure where they can be indexed and searched
• Federate this whole infrastructure under global trust, policy, security, legal, regulatory, and treaty relationships among all the world’s nations, peoples, religions, etc.
• And….oh yes…all of us currently alive would need to submit our own DNA for a retro-BDC-ing, to literally populate this unique identification scheme and make it useful/global here and now

I’m probably overlooking some important things that need to happen to make this a reality. I’m not saying it’s practical or feasible or even desirable here and now. Or that the human race is ready for this federated birth registry on some deep cultural level.

I’m still working through all those issues in my head. Or not.


imho bottom up: companies want to own the data


Start: napS-

The only data—literally, “given”—is the persistence, in the aggregate, of demand, currency, and customers, none of it truly “owned” by any company, any more than any one organism can own the air we all breathe.

Sure, companies want to own the data. They want to own everything, and not have to answer to others or be “stewards” of resources owned elsewhere. They want to be self-contained autonomous ever-expanding universes.

Your and my identity is their prime resource. It’s a given, just as the sun shines. Their dreams of owning our identities are part and parcel of the imperial business ethic, which the late, great Peter Drucker inadvertently sloganized when he said the purpose of business is to “create” customers. Yes, to create customers—you and I--just as God created the heavens and earth, and then set about naming every beast of the land, sea, and air. If you’ve gone to great lengths to create a productive little ecosystem, wouldn’t you too take a proprietary interest in the identities of every creature under your dominion?

Companies want to expand forever—which is, of course, impossible in a closed universe. Under such circumstances, one creator will quickly dominate all others and deprecate them to some subordinate rank, be it lackey angel or apostate devil. Companies quickly realize that the customer they think they created in fact predated and will survive them—and has an identity and sovereignty and loyalty to no one but themselves. The customers are in fact the gods of commerce, and will just as readily destroy a company as create and sustain it.

You can’t own customers. You can only earn their repeat business. And you can’t own their identities. You can only ask for customers to continue recognizing your identity, and recognize your right to continue existing as a business. Yes, you can collect and hold their identity data. But you can’t hold customers indefinitely unless you vanquish all competition.

Or continue to ask the sovereign identity holder for access to their datum. And give them something of value in exchange for this precious currency.


Wednesday, November 23, 2005

imho profiling


Whence: lezt

Profiling, a formerly innocuous term, has gained negative connotations in recent years. Now it’s almost always construed in the context of “racial profiling.” It’s suffering the same fate as “exploitation” (prior to feminism, this simply referred to usage, consumption, and/or deriving some advantage from some resource) and “notorious” (prior to John Dillinger, this simply meant a person of note, regard, or reputation).

In an IdM context, profiling refers to the ability to compile sufficient identity data for the purpose of targeting individuals of note so that one may derive some advantage from one’s business association with those individuals. It needn’t always be to the disadvantage of the subjects of the profiling, of course (Dillinger analogy notwithstanding—this is one individual who certainly wished he hadn’t stood at the business end of the FBI’s targeting strategy—also, one thinks of the paparazzi, who certainly exploit others’ notoriety, thereby increasingly that notoriety/marketability and pissing off their subjects in the process—paparazzi profile based on one single criterion: the price that a candid photograph of the subject can fetch).

The subjects of profiling needn’t always be unwilling victims. To the extent that we the subjects control our own profiles and can parcel out access to relying parties, we can stay out of everybody’s crosshairs, or put our identities out in the public arena for maximum exposure to and exploitation by others. To the extent that we can inspect/correct the profiles that others hold on us, we can at least prevent unfair exploitation. Correcting errors in your online credit histories (held by D&B etc.) is one such way in which we can gain some modicum of control over the legitimate and quite powerful profiles that others hold on us. Every American now can get a free copy of their credit history from the major bureaus each year, and correct them—all online

It’s interesting how these bureaus authenticate you—the anonymous web browsing entity with whom they have no prior business relationships—for the purpose of authorizing you to view your credit history (and request corrections to that profile). Essentially, they authenticate you by doing a Q&A session in which you and they match your respective identity systems of records (iSoR—I love this acronym, which I just concocted now) associated with your credit history. In other words, they pose a series of multiple-choice questions to you, drawn from data in your iSoR (held by them), and score your responses. These are questions that only you (the identity subject, mining your own personal iSoR which you, hopefully, have never divulged in its entirety to any other party) can be expected to answer correctly. If you answer the Q&A session perfectly—or near perfectly—the credit bureau authenticates you and authorizes you to access the iSoR that they hold on you.

This is essentially a “zero-knowledge proof” of your identity, in which you’ve divulged nothing to the relying party that the relying party didn’t already know. All of which reminds me of a research paper recently co-authored by muse: “Establishing and Protecting Digital Identity in Federation Systems.” In it, muse and collaborators provide an approach for protecting user attributes against identity theft. Their approach involves associating various attributes from a user’s private iSoR (my term, not theirs) with each other and with a user’s identity. In order for somebody/anybody (the user included) to exploit the user’s identity for any purpose—such as to authenticate to a credit bureau, say--that entity needs to marshal a specified subset of the user’s private iSoR as a “proof of identity.” The approach allows the user to provide that “proof of identity” to any relying party—and lets the relying party to verify the proof of identity cryptographically—without the user ever needing to disclose any particular piece of privately held iSoR data. Essentially, the user is a private IdP, and federates their personal data attributes to any SP in such a way that the user only needs to establish that they are the sovereign IdP for that data—whatever its values may be—and never loses control over their private iSoR/profile. The SP simply matches the personal IdP-presented private-iSoR proof-of-identity to the shadow iSoR that they hold on you.

At least, that’s what I think is going on in the paper. Interesting stuff. But mine eyes are sore from trying to divine the math.


Tuesday, November 22, 2005

imho Formal model based secruity


Spellmaker: tzel

Remember the good old days when developers produced something called “programs”? The march of virtualization-—and of SOA-—has hastened the demise of “programs” as the basic unit of development, in favor of more diffuse constructs: models, patterns, and services. A little over a year ago, I wrote a column for Network World ( on this topic. Rather than attempt to paraphrase myself, I’ll simply quote myself, and pray that John Gallant and Susan Collins won’t ding me for reusing, at length and for no personal remuneration, content that I authored but their publication, technically, owns (and isn’t reuse the foundation of SOA-based blogging?):


“SOA is a disruptive approach to building distributed services. Until now, we've developed new functionality on and within concepts such as platform, application and language. Each of these concepts has traditionally had a well-defined sphere of reference: The platform hosted the application, and the application was developed in a language. Now all that is changing, thanks to the emergence of SOA.

The first of the old computing concepts to wither away will be the platform. This term originally applied to operating systems, then included application servers that implement a particular development framework (Java 2 Platform Enterprise Edition or .Net) over one or more operating systems. But the growth of standards-based, distributed Web services has made it clear that fewer and fewer business processes will execute entirely within the confines of a J2EE 1.3 server or Windows Server 2003, or Linux, but will execute across them all. When all platforms share a common environment for describing, publishing and invoking services, the notion of self-contained platforms disintegrates in favor of SOA, which is essentially a platformless service cosmos.

Another casualty of this evolution is the notion of applications as discrete, functional components that execute on particular platforms. SOA is founded on the notion of virtualization. Under this paradigm, services describe abstract interfaces within standard, platform-independent metadata vocabularies such as WSDL. The underlying service functionality may be provided from components on any platform without needing to change the interface. Under SOA, the application dissolves into a service that may have no fixed implementation but simply bids for on-demand networked software and hardware resources.

Programming languages also are becoming something that fewer developers touch directly. Visual model-driven development and automated code generation are at the forefront of the SOA revolution. You're more likely these days to see a vendor boast of its ability to support visual modeling in Unified Modeling Language than development in Java, C# or any other declarative programming language. For complex, orchestrated, multiplatform Web services, visual modeling is the most effective approach for specifying, implementing and maintaining the end-to-end logic and rules on which the service depends.

SOA has spawned a range of terms to describe what developers actually develop. IT professionals increasingly define their creations in terms of services, models and patterns, rather than platforms, applications and languages. The notion of patterns will become critical to discussions of distributed services. A pattern is a generic approach - such as service proxying or service coordination - to architecting interactions in the infrastructure. Every pattern defines its own abstract Web services functional elements and SOAP-based interactions.”

Where formal model-based security (yes, I've proofread the subject line, and am keeping the muse's original typo intact) is concerned, what are the dominant patterns? Can we even begin to discuss patterns in an area as all-encompassing and pervasive as security. Let’s limit our discussion to identity management (IdM). And, while we’re at it, limit it to federated IdM. If we accept that limited scope, the dominant patterns are defined by the use cases that a federated IdM environment addresses. Even then, we’ll need to spell out the dimensions of use cases, rather than enumerate the possible patterns themselves, because recombinant explosion, reflecting the diversity of real-world requirements and environments, defies our efforts to define off-the-shelf cookie-cutter federated IdM environments.

The principal elements of federated IdM models/patterns are, per the various use-case dimensions:

• Federation cross-domain topology: point to point, hub and spoke, decentralized, peer to peer
• Federation cross-domain transactional applications: identity, attribute, role, permission, and account provisioning; single sign-on; role-based access control; permission-based attribute sharing; digital rights management; secure messaging and collaboration; business process management; service management
• Federation middleware service layers: messaging, description, discovery, data management, metadata exchange, security, reliable messaging, event notification, pub/sub, transactions, orchestration, presentation, state/session management, service management
• Federation policy enforcement point deployment: intermediate systems, network perimeters, network endpoints
• Federation assurance levels: authentication assurance, credentials assurance, identity assurance, authorization assurance
• Federation governance: bilateral trust agreements; multilateral agreements

I’ve probably left out some important considerations. Regardless, any formal model of federated IdM security—or of security generally—needs to be built on such dimensions. Likewise, any model of the end-to-end set of compliance baselines that govern federations needs to mirror this multidimensionality.

Modeling’s the thing. Konceptual klarity uber alles. Mental acuity, model-based secruity.


Monday, November 21, 2005

imho Liability SP or institutions


Per your message: Span

Latest installment:

Lies and liability. Dupes and duplicity. Assertions and near-certain litigation.

When is the asserting party (the identity provider, or IdP) liable for asserting (deliberately or inadvertently) what, upon closer inspection, turns out to be an untruth, and when is the relying party (the service provider, or SP) liable for not using standard verification mechanisms prior to relying upon that untruth?

When is an assertion, if not a lie, simply null and void, in terms of having exceeded its maximum time to live, as specified in trust agreement between IdP and SP? Or, if not null and void, out of its intended context, in terms of being relied upon for an application that the IdP and SP agreed is out of bounds? Or being misconstrued as implying a higher degree of assurance than warranted by the policies and practices of the IdP, as asserted between consenting lawyers at conception (of the trust agreement between the two organizations)?

Federations, built on contractually codified “trust relationships,” threaded back and forth by assertions and actions taken in response to those assertions, can easily crash in acrimony. And liability can get muddied in the complexity of federated IdM environments. Add more assertions, messages, flows, and parties to a federation scenario, and you're effectively adding more legal nuance that a smart lawyer can swing to their client's advantage, wiggling out of any liability and shifting it to others in the federation.

Try explaining the intricacies of a multidomain SAML 2.0 federated SSO environment to a jury of your peers. It’s all just a mess of messages, after all. Are your federation agreements spelling out the precise choreography and content of assertions that constitute legal binding contracts among IdPs and SPs?

Do your lawyers truly understand any of this? Can they defend it effectively in a court of law?


imho Why don’t we have increasing mandates in security and privacy


Fro: gav-

Mandates are seismic waves that propagate throughout the striated distributed medium of modern e-business.

Mandates pierce the clutter and introduce changes across many layers, causing some shattering of the landscape, some mass evacuations, some inevitable terror and confusion. But mandates aren’t so scary when we see them coming from a long distance and can make plans. And they’re not so terrible when we’ve had a hand in shaping them. Any democratic system—laboring under a legislative/regulatory mill with full, extended public comment—meets those requirements. And any federated democratic governance structure—in which the ploddingly slow jabber-mill gets refracted and damped by endless cross-negotiations—absorbs such universal shocks so well that we barely see the chandeliers swing when the ground eventually does decide to hiccup.

We have had increasing mandates in security and privacy for several years now, and it’s only going to continue. In fact, every mandate that comes down the pike seems to concern security and privacy in various degrees—in the US, SarbOx, HIPAA, GLB, FFIEC, CAN-SPAM, etc.—in various US states, equivalent and/or consistent legislation/regulation—in other countries, same sets of concerns, different mandates.

Every mandate is a new source of “thou shalt comply” commandments on enterprises and service providers. Of course, there are as many “thou shalt comply” religions as there are governments, agencies, laws, and bosses upon the face of the earth. To the extent that you operate worldwide—or even in a single region—how can you effectively comply with requirements that issue from so many rule-gods, who don’t always talk/agree with each other up in the clouds of olympus, and who are changing their god-minds independently all the time? To the extent that all these rule-gods “federate” (i.e., agree to respect each others’ jurisdictions, honor each other’s decisions, and harmonize their respective approaches), your job (the haplessly hopelessly pliant and compliant clay/mud at their feet) is easier.

Compliance is the capacity of responding effectively to mandates. Mandates are imperatives issued by authorities. Authorities are the administrators of domains. Domains are the perimeters within which various human activities are conducted, administered, and regulated. Domains are more multi-dimensional than the hyper-mega-universe imagined by Stephen Hawking. Security/privacy domains can be defined as environments in their own right, or as strata within domains constituted on other grounds (e.g., management domains, orchestration domains).

Security/privacy, by forming part of every domain’s landscape, rocks the foundations of everything. Mandates introduce more fault lines into that bedrock. Federation takes those fault lines and arranges them into patterns that will do the least damage to domain perimeters, when the global shock waves eventually hit.

Mo’ metaphors, please.


Friday, November 18, 2005

imho Balance usability and Privacy


Muse: Bhar

Usability? I don’t want others to invade my privacy because it's a user-friendly thing to do.

Usability? Could the blinds on the windows of my house be any more usable? As Lily Tomlin said, living in the city means always knowing where your wallet is. It also means not simply leaving the places you own, such as your home and car. It means placing valuable items where they can’t be easily seen from outside, then shutting doors and windows behind you, locking them, giving them one extra tug to test the security of the lock, and then walking quickly away so that strangers don’t sense that a place with valuables is newly vacant and the live-in/drive-in sentry won’t be back for a decent interval. Oh…and taking the key with you, secreting in on your person, always being aware of its presence….or freaking out upon its apparent absence.

It’s not a question of whether this or any other privacy-protection scheme is usable. We’ll morph our habits in some weird ways to protect our dearest possessions. And we’ll forget that this strange new choreography of worry, wariness, and response isn’t first-nature. It only becomes second-nature after we’ve retooled our daily rhythms around it.

About privacy protection in computers, across the Internet….where do you put your personal key….and how do you sense it on, or adjacent to, your person? In my job, I have a USB token that holds a private key, which is associated with the public key bound to my identity on an X.509 cert, which is managed in a directory service, which is accessed by the various applications I access when I attempt to authenticate myself through that token….that key. I never leave my (physical) house in the morning without that key (physically) hanging on a sash around my (physical) neck. And I never leave the office later that day without that same key around that same neck. That’s part of my semi-neurotic kinesthetic key-sense: I must always have a sure sense of where every physical key (to every space/resource/asset I depend on) is (on or near my person) when I exit one Kobielus-locked space in transit to another Kobielus-locked space.

How usable can we make that key-mediated space-transition choreography from my point of view? How can I always maintain a sure sense of all relevant keys at all times without having to continually fuss and fret with physical keys and their locations on or around me and my environs? How can I track all the virtual keys that bind my identities to virtual space? How can I make damn sure that all of these physical and virtual keys have been employed (by me manually and/or the infrastructure intelligently) to secure my every last resource, including all my personal data?

And do it all so simply that it becomes second-nature? So that all the virtual doors and windows and locks and blinds are always secure, and all of my personal effects are secreted far away from virtual prying eyes?

And I don’t have to worry about any of this? No matter how neurotic I get about such things, especially as my life grows more complex, and the number of keys and doors and private spaces and privacy-sensitive data elements grows?

Usability of privacy-protection schemes on the Internet means always knowing where your keys are.

And still worrying.


imho Mandatory deployment of strong authentication: FFIEC


From here to her: sha

What I wonder about the Federal Financial Institutions Examination Council (FFIEC) mandate is whether I’ll have to go out and buy an SMS-capable cellphone in order to access my bank account online. Or, more fundamentally, whether I’ll have to carry around any piece of hardware—-cellphone, SecureID, smartcard, USB token, etc.-—for that purpose. For the purpose of having a second factor for strong authentication to prove that I’m me and that the money I’m getting, transferring, etc. is in fact truly mine.

Is the FFIEC’s mandate going to result in my financial institutions (plural—because I have my money in several) issuing me an “unfunded mandate” to acquire the requisite hardware/software? Will I need to buy/install/configure a separate hardware/software combo for each financial institution? Or will a single strong authentication scheme/token/credential be accepted by all financial institutions throughout the US/world? Will any of them subsidize my acquisition of that new factor?

This comes in the midst of another unfunded government mandate on the citizenry. In the next few years, TV broadcasters will be required by the government to abandon their existing frequency assignments and move their transmissions over to digital, on different frequencies, not backward-compatible with existing sets. That means that every American will need to go out and buy a digital converter (or several per household, depending on the number of sets you have) to continue to access existing being-moved-to-digital programming.

So, we’ll be cut off from online access to our money (possibly) if we don’t acquire the requisite strong authentication token(s). And we’ll be cut off from TV (very likely) if we don’t acquire the converter(s). Whose interests are being served here? Not mine. I’m comfortable with today’s security on online banking. I’m also not super-impressed by HDTV. I can definitely continue living happily with analog TV.

I don’t think any of this has filtered out into general public awareness yet. Does this sound like a huge cultural stinkpot ready to burst wide open? You bet.

But then again, I’m still smarting from the music format die-offs of the past 30 years: vinyl, 8-track, cassette—and, maybe eventually, CD, in favor of MP3s and beyond. Every obsolete format is an unfunded mandate from the recording industry to replenish my jamcache from scratch.

As Tommy Lee Jones said in “Men In Black”: “Great—now I’ll have to buy the White Album all over again.”

Or stop buying music altogether. By the way:


imho Corporate governance


Source: la

Corporate governance is one of those slightly quaint notions, like Robert’s Rules of Order, that seems to imply the need for rules of etiquette to bring order and decorum to what is, for all practical purposes, a knock-down drag-out brawl. Business must somehow govern itself, yes that’s the ticket.

Corporate governance is a Rorschach notion: you read into it your own preferences, prejudices, and cynicisms. For the fascistically inclined, it implies top-down command and control. In such a context, governance blurs into another trendy notion: compliance, or the paramount importance of responding to legal and/or regulatory mandates from above. For the anarchically predisposed, it suggests the barely constrained chaos of messy, meshy, federated, and overmatrixed modern business relationships. No real conscious governance there, unless you’re talking about the invisible hand (aka the iron competitive fist) of Adam Smith, which governs the business world with the same brutal logic as Darwin’s natural selection rules the biosphere. Those that survive and procreate govern this world, and the next, and the one after that. Not really intelligent design (to use another currently trendy phrase). More belligerent than intelligent, in terms of the dynamic that stamps the economic regime into nasty new shapes.

How can the rolling confusion of omnivorous capitalism produce something we can even begin to think of as governance? How can some coherent set of collective controls on self-interested human activity emerge in the absence of a coherent single “governor” (human, office, institution, constitution, etc.). Clearly, Adam Smith had an answer to that, when you’re talking about supply/demand effectively regulating markets of many buyers and sellers.

But what does “corporate governance” really mean in the current environment. What it actually refers to isn’t governance of markets. Rather, it actually means something closer to “business ethics,” or, even wimpier, “corporate citizenship.” In particular, how do we avoid repeat of the Enron, Worldcom, and other governance/ethics/criminal lapses within particular self-interested corporations over the past several years? How can corporate execs govern (i.e., restrain and refrain) themselves from raiding the cookie jar and robbing shareholders blind.

How can they comply with the Golden Rule, essentially, and not violate the public’s trust in the essential integrity of senior decision makers in large institutions? Or, if they step out of line, how can we the people crack the command/control whip of incarceration down on their sorry hides?

That’s governance, in the final analysis. And it requires government. Good old fashioned government. Unless the law enforcement, judicial, and prison systems are going to be “privatized.” In which case, how would those privatized governance institutions themselves be governanced?

There can be no effective corporate governance without good government. A big bad cop who can put you away.

Oooh…sounds more fascistic than I intended when I started this post.


Thursday, November 17, 2005

imho compliance: EU article 29


Nod to instigator: bhi

Direct marketing is the most ruthlessly efficient identity maw/mill ever devised by the mind of wo/man/y. The above-ground identity market that it spawned is a thing to both fear and admire.

Identity resale, not identity theft, is the thing we must beware—-or harness, as individual consumers, to our advantage. Personal data is empowerment in economic matters. The more of it that passes into others’ hands, the less power we (the subjects of that data) have in everyday life--unless we keep our hooks on that data, no matter where it might roam. Personal data—-in the hands of merchants, financial institutions, credit bureaus,government agencies, and other organizations--regulates the solicitations we’re exposed to, the offers that come our way, the approvals and acceptances we receive, and the sort of opportunities we never see because we fit nobody’s prime consumption profile.

Identity lists—-sifted, sorted, categorized, qualified, aggregated, vetted, circulated, validated—-they’re the prime ammunition in the war that merchants fight to woo and win us. We're the prize they seek. Our identities--the inalienably personal attributes that we've surrendered to the entire online cosmos--are the addresses that the economy uses to reach out and dazzle us with its cornucopia. The less direct mail we receive, the more marginal we are to the economy and society. The day you receive no more direct solicitations, you’ve fallen off the direct marketing radar. You’ve become unlisted. Unreachable. Irrelevant. Not worth appealing or listening to. A non-consumer. Someone who can't find what they truly need in an economy that no longer recognizes their existence.

If you want modern business to serve your interests, you want to stay on their direct-marketing lists. The greater volume and variety of solicitations that target our real needs, the better we’re able to seek out and strike the best bargain for ourselves. The day you’re on everybody’s lists, but nobody can use or resell that data without getting your explicit permission, you’re supremely empowered. And the day we can stop direct marketers in one country from outsourcing their identity list milling operations to foreign shores, you gain sovereign control over your identity across the entire planet. You can get the best deal from merchants anywhere in the world marketplace.

Which is why I applaud EU article 29, which harmonizes the regulatory regimes for direct marketers' handling of personal data across all of that confederation’s member states. I hope that some day this federation/harmonization of direct-marketing regulations extends to the US and all other countries.

Direct marketing can be a tool for personal empowerment, if they bid the sovereign identity holder for access to this information gold. All bulk identity merchants should comply with these rules, no matter where/how they operate.


Wednesday, November 16, 2005

imho Preventing identity theft


Indicator to homo articulensis: A

I. I dentity. Id entity. I dent it y. Id an entity. Identropy. Idempotency.

I’m old enough to remember the last great plague that never came, syukur kepada Allah. The swine flu scare of 1976. Now the bird flu “pandemic” watch of 2005. By the way, whatever happened to the familiar and scary enough “epidemic”? When did the threat of microscopic human annihilation get escalated to a new term? What’s next: “armageddondemic”?

That thought has absolutely nothing to do with identity theft. Except for the fact that we are constantly being braced by the media for a pan/epi-doozis of ubiquitous impersonation and spoofing that will steal our very souls. And it hasn’t come yet. Though clearly our cyber-lives are as bombarded with phishing and pharming and other corrosive identity scams as our bodies are bathed in a steady soup of micro-organisms.

Somehow, we’re building up behavioral antibodies to identity theft, which is not to deny the occasional clever idioklept who manages to slip through. E-mail is the onesie-twosie identity thief’s tool of choice, but it’s becoming a harder field to harvest. My sense is that we’ve evolved a complex set of mental defense mechanisms to any unsolicited commercial e-mail. And we’ve deprecated e-mail in our personal information ecosystems. We’ve learned to rely on IM for interpersonal messages of a short banal nature, blogs for pushed opt-in information feeds from trusted sources, browser bookmarks for pulled feeds of an occasional/need-to-know nature, and Google searches for any quick-and-dirty digging with relevance ranking. When the day comes (and it never will I assure you, and I also assure you that “comes” is not a double entendre) that I need to find a reliable source of penis-enlargement solutions, I won’t turn to my e-mail. I’ll use whatever brand Austin Powers endorses.

Quick question: Can anybody tell me how many wholesale identity thefts have been linked to spyware and database breaches? I don’t mean “theft” in the narrow sense of somebody laying their hands on a stadium-full of people’s credit card numbers. I mean “theft” in the even narrower—-but more accurate—-sense of people using pilfered credit card numbers to quickly steal a lot of money from many people and then head for the proverbial hills?

OK, it wasn’t a quick question. But here’s a quick answer. Nobody. Not a blessed person has ever been exposed, tried, and convicted of impersonating great numbers of people—-and thereby emptying their bank accounts—-using identity-linked data that was stolen over a network. If you my readers can point to a wholesale identity cybercon that paid off big time, please call my attention to it.

There’s no substitute for keeping an eye on your actual assets, such as by scrutinizing your account statements, transaction histories, credit histories, and so forth regularly. And following up quickly to nip suspicious activity in the bud.

But considering that your identity’s in a state of entropy everywhere, it’s “out there” for the taking. Vulnerable to every well-adapted invisible scam that percolates through the environment. Just as your health will almost certainly be “robbed” by the germs passing in and out of every orifice.

Identity theft is a flu that will eventually “get you.” Build immunity. Bounce back.


Thursday, November 10, 2005

fyi The Rise of the Virtual Machines


Puntero al articulo:,1895,1883590,00.asp

Komentario de Kobielus:
Virtualization is one of those venerable old computing concepts that has achieved new life in recent years.

Virtualization—like SOA--is so broad in scope that it’s becoming almost useless as a differentiator of any vendor’s offerings. In fact, virtualization is the umbrella concept of which SOA is one implementation approach. Grids are another. On-demand and utility computing are others.

Virtualization refers to environments that abstract external invocation interfaces from internal platform implementations of services and other resources. The external interface may conceal various facts about the implementations of the underlying resources. For example, the resources may run on diverse operating and application platforms; have been deployed on nodes in diverse locations; have been aggregated across diverse hosting platforms (or partitioned within a single hosting platform, either through virtual machine software, separate CPUs, or separate blade servers); and have been provisioned dynamically in response to a client request.

SOA refers to virtualized application environments that abstract external service-invocation interfaces from those services’ internal platform implementations. Under pure SOA, the external application interface—or API—should be agnostic to the underlying platforms. SOA is often software-oriented, but needn't be. Some refer to service virtualization or abstraction as “loose coupling.” Within Web services environments, WSDL “service contracts” provide the principal platform-agnostic APIs for service virtualization.

Grid computing refers to virtualized environments that are designed principally for brokering access to distributed, dynamically adaptable, parallel-processing resources. Grids may support massive parallel processing of jobs that have been partitioned in either symmetric or asymmetric fashion, in terms of the constituent processing tasks and datasets. However, grids are usually employed for massively parallel jobs in symmetric mode.

On-demand computing refers to virtualized environments that dynamically provision, aggregate, and allocate existing, distributed resources from various sources in real time in response to client demand. On-demand computing environments provide client access to resources that already exist—internally or externally—obviating the need to deploy additional physical servers, databases, and other platforms, nodes, and capacity for this purpose. Grid is just one type of on-demand computing environment: one that is geared to serving distributed processing and storage resources. However, server clustering, outsourced application service providers (ASPs), and client-based peer-to-peer (P2P) also qualify as on-demand computing environments. Grids offer distributed virtual hardware resources (“hardware as a service”), which may or may not be provided on an outsourced, pay-as-you-go, ASP basis (a la “software as a service”).

Utility computing refers to virtualized environments that provide on-demand computing as a general-purpose infrastructure to all applications and users. Grid is a distributed-execution environment that may be provided as a general-purpose infrastructure. Alternatively, a grid environment may be limited to a particular operating/application platform (such as a grid of Linux servers running Java 2 Enterprise Edition [J2EE]), or only process a particular type of application (such as finite-element modeling or parametric analysis). In these types of deployment scenarios, grid is not a general-purpose utility environment.

This article talks about “OS virtualization,” in terms of physically and logically partitioning server resources so that those partitions can run entirely distinct, cloned, replicated server virtual machines.

One can even talk about “client virtualization” In my upcoming Network World column on that topic, I define client virtualization as follows: “Client virtualization is an underlying theme in many recent industry announcements. Essentially, a client becomes virtualized when its GUI grows abstracted from the resources of the local access device, be it a PC, handheld, or other computer. The virtualized client may rely on both local and remote network resources to render its interface, furnish its processing power, store its data, route its print jobs, and handle other core client functions. Users remain blissfully unaware of what blend of distributed resources is actually driving their presentation experience.”

Dizzy? So, what again, Professor Kobielus, is virtualization? Can you give us the radically simplified definition? One that gets closer to an elevator pitch?

Last night the following nutshell definition of virtualization came to me, as in a dream (no actually, it was while working out, when my best thoughts tend to coalesce into crisp structures—body occupied full steam—mind free to focus on purely cerebral stuff, full steam also).

Just as GUIs became known two decades ago by the cute acronym “WYSIWYG” (what you see is what you get), I’d like to propose the following acronym for virtualization (of any sort):

• ARWIS (Ain’t Really What It Seems)

If we start from the textbook definition offered above—“abstract external interfaces from internal implementations,” then we can parse this coinage into its critical components:

• WIS Layer: What It Seems: “External interfaces”
• R Layer: Really: “Internal implementations”
• Ain’t Layer: “Abstract …. From ….”

The R Layer is what’s actually going on, behind the Ain't Layer, and it’s what deployers deploy, integrators integrate, and administrators administer. What it really R.

The WIS Layer is what users use and experience, oblivious to the R Layer. What we WISh it R.

The Ain’t Layer is what developers develop, to virtualize the WIS Layer from the R Layer. The Ain’t Layer are the service contracts (WSDL, etc.) and the WS-* and other interfaces that shield the WIS Layer from all the platform- and config-specific R stuff roiling around down there in the SOAP soup we call SOA.

You virtualize anything by applying a layer of Ain’t to get R WISh.


Saturday, November 05, 2005

poem Content


Information is indifferent
to its bondage status.

Like the kept cat,
it is mobile
and neither
slave nor

Continually fed and freshened,
it remains


Friday, November 04, 2005

fyi Sun Gets Secretive on Storage


Pointer to article:

Kobielus kommentary:
The latest in my current series of blogposts opining on more-or-less random stories from my daily e-mail newsletter gleanings.

Well, not totally random. I chose this one for the alliteration in the headline. Also, because I actually have something to say on this topic. But I didn’t pre-meditate the following comments. They’re just off the topic of my head. Mrs. Hacker, my 10th grade English teacher, told me the best analysis and writing is that which just flows spontaneously from your crazed cranium. I’ll put her statement to the test now (Mrs. Hacker—you out there still?).

Have you noticed how many identity management (IdM) vendors are targeting digital rights management (DRM) as the next great frontier beyond federation? Or, perhaps, they hope, DRM will leverage and extend their increasingly federated security infrastructures into a distributed permissioning infrastructure where the access-control policy enforcement points (PEPs) are more closely bound to the resources—apps, data, etc.—being protected? Epok’s federated data interchange environment—leveraging XRI and XDI--is one such example. Sun’s “storage encryption” or “storage security” roadmap (see article) is another. As soon as the morning coffee decompresses my wound-up nightfunk, I’m sure I’ll recall the other three dozen vendors I’ve come across recently who have similar roadmaps.

DRM drifts and diffuses itself far and wide throughout IdM, security, e-commerce, content publisher, and storage vendors’ end-of-decade dreams. I think a lot of the renewed attention to DRM recently comes from the rash of identity-theft “data breaches” that have grabbed front-page attention. All that data in storage is sitting ducks and buried treasure for those intrepid identity pirates who find the buried map and go with flashlights in the night down into the caverns guarded by semi-reliable genies. Suddenly, encrypting all that stuff in situ—on piled-high disks and tapes and whatnot--becomes the absolute imperative for storage managers everywhere, dictated by the lawyers, bosses, and regulators.

To make encryption—an ancient technology that has been used in storage systems for years in various capacities—seem suddenly cool—not simply mandatory--the vendors have started to lump it into the growing DRM umbrella. Acronym creep, equivalent to the vastly expanded scope of SOA in recent years. It’s not storage encryption anymore. It’s storage DRM. It’s breach-busting DRM. It’s federated DRM. It’s a new pipe DRM.

Ah…the coffee has kicked in. Ya feel it?


Tuesday, November 01, 2005

fyi Information Must Follow Users Freely


Pointer to article:,10801,105771,00.html?source=NLT_MW&nid=105771

Kobielus kommentary:
This is one of those opinion columns whose headline doesn’t do justice to its thesis, and whose thesis says nothing particularly new.

The author of the piece is talking about mobile computing, and of several undeniable trends in that area: growth in range of mobile access devices, access points, transports, roaming ranges, and collaboration and info-sharing applications. He is also talking about how identities are becoming more mobile, and how identities, attributes, roles, permissions, credentials, sessions, personalization settings need to follow users across access devices, access points, transports, ranges, and apps. And how service delivery to the mobile user always need to be tailored and localized to their precise personal “context,” however broadly or narrowly that’s defined, wherever and whyever they may roam.

All of that is applehood and mother pie, of course. Identities must be continually contextualized within the user’s environment—their human environment (office, home, etc.) and the infrastructures (directories, access management portals, etc.)—in order to support the diverse requirements of the users themselves, and of the authorities (e.g., employers) who provisioned those identities and the resources to which those identities enable access. As I noted in a recent blogpost, roles—for example—are simply identities contextualized into their governance structure of “place, process, and privileges.” “Office” and “home” are two types of “place,” and, within “office” there are usually specific hierarchies under which identities, roles, permissions, and credentials are granted and taken away.

There’s long been the assumption in the mobile computing space that users are inexorably toward single “all-in-one” portable devices that they use across all contexts—personal and business, local and wide area, data and voice, messaging and conferencing, etc—within their lives. The corollary to that cherished belief is that the mobile computing environment must be similarly all-embracing, providing the substrate to enable identities and contexts to roam far and wide.

What’s interesting about mobile computing, of late, is that purpose-built devices—hence, purpose-built mobility infrastructure—are coming into the fore. Users are more likely than ever to have diverse devices—cellphone, WiFi laptop, Blackberry, GPS, etc.—and diverse mobile apps that they associate with various personal and business uses, roles, and contexts. It’s as if the Swiss army knife were being deconstructed into blades, corkscrews, punches, and other metallic piercing devices and those devices were being evolved separately for various Swiss army missions, with little concern for re-integrating them back into the mother knife platform.

Or is that too unsettling a metaphor? Good thing they’re pacifists.


Friday, October 28, 2005

poem Tickle


Touch tingles not much
but enough lingers your eyes
suggest your fingers.

fyi Spammers exploit bird flu fears


Pointer to article:

Kobielus kommentary:
I hope the anti-spam appliance vendors are keeping a master historical archive of spam tagged by time and topic.

That would be an invaluable tool for future historians to compile a profile of the evolving FUDload in the zeitgeist of these times. The “bird flu” is just the latest example of spammers’ ingenious exploitation of the never-ending human tendency to imprint new neurosis on the nervous system.

Actually, I’d like to see a “FUD registry” continually updated in real-time, culled from the current spamload. That would clue me into what cultural scareforces are primarily transient spooks, and then steel/shelter my heart accordingly.

And instruct my brain to filter out these phantoms flooding in through all media and human interactions. Not just from spam. If you can call that “media” or “human interaction.”

Which, shockingly, it resembles too closely to totally ignore. The greater the spamload, the harder it is for the recipient to do a mental Turing test that distinguishes human-generated vs. demon-generated messages. It all starts to blur into disembodied voices and forces, many of which are manipulators, howling at you continually to keep your nerves on edge.

Hmm…Halloween’s on Monday….I didn’t realize this post had a seasonal tie-in. Inadvertent. But there you have it.


Thursday, October 27, 2005

fyi Why Wikipedia isn't like Linux


Pointer to article:

Kobielus kommentary:
Actually, this article hinges on another comparison: Wikipedia vs. Encyclopedia Brittanica. Or Wikipedia vs. all traditional encyclopedias. Not just Wikipedia vs. Linux and other open source projects.

All of those comparisons are bogus, but especially those vis-à-vis traditional encyclopedias. And the “bogosity” (stick that in your Funk and Wagnalls) stems from presumptuous assumptions being made by everybody on this discussion: that an “encyclopedia” is or should be some authoritative source of all knowledge; and that one encyclopedia is all you should ever need for all your information needs.

Hey, folks, when’s the last time you consulted an encyclopedia of any sort when doing research? Or, when’s the last time you made an encyclopedia the first and last place you consulted when doing research? And it’s not an issue of Google and other search engines supplanting traditional reference works. I’m asking you to cast your minds back before the days of the ubiquitous Web, back when people visited physical locations known as “libraries,” and when people actually bought physical items called “books” that they kept in their homes.

Even back then, in the day, an encyclopedia, if you used it, was just the place where you dipped your information-seeking toes in the water of collective human knowledge. It was the place you started to familiarize yourself with some un- or semi-familiar topic, before moving onto other books, journals, magazines, newspapers, microfilm, and other materials where you could go in depth.

And, even if you, sitting in a physical public library, consulted an encyclopedia, you were likely to consult two or more encyclopedias—assuming you were in a library that had the budget and need for alternative encyclopedias. There has always been competition in the encyclopedia market. Many of us growing up bought the reader-friendly World Book series for our homes, but, when we went to high school or college, also consumed Brittanica, F&W, and whatever was available.

Now there’s Wikipedia, which has the great advantage of being free and being continually refreshed from all over the planet. Yeah, it’s got its strengths and weaknesses. But so do traditional encyclopedias. World Book, for example, too surface-oriented glossy. Encyclopedia Brittanica too ploddingly academic—and tiny typeface.

There’s room for all these reference works. If you’re a serious researcher—or even a semi-clued-in one—you’ll cycle through all these sources as need be. But you’ll be even more likely just to Google it and follow your queries through link after link through cross-references.

Which is how, come to think of it, the best researchers have navigated through the hardcover/hardcopy world of traditional encyclopedias, in which the cross-references between sections have always been just as important as the content of any particular section. The cross-references are the semantic map of the overall knowledge space, as managed by the editors of the encyclopedia.

That’s all there in Wikipedia too, but Web-based from the get-go. Developed from scratch in a reference medium where cross-referencing is part of its fundamental DNA.

So, IMHO, Wikipedia’s OK. But it’s not the authoritative source of all knowledge. Nor is any traditional encyclopedia. Nor is any particular library or other collection of informational materials.

No, IMHO, I’m the authoritative source on any particular topic, as long as I can gather all the relevant materials I need, from wherever, and sift/analyze/synthesize them into new knowledge that I can share with the world. Each of us is the authoritative source of whatever little knowledge-building project we choose to undertake at any time.

In the process of becoming an autodidact, we must also become an omnididact (made that one up too).

Which is the Wikipedia dynamic, isn’t it?


Thursday, October 20, 2005

fyi Still looking for a definition for 'role'


Pointer to Dave Kearns’ blog (couldn’t find URL pointing to this particular article, which appeared in Dave’s Network World Newsletter on Identity Management, October 19, 2005, and by the way Dave, thanks for pointing back to my blog…have you noticed that I’ve been slacking off in recent weeks in posting new stuff…thanks for your continued patronage everybody…and thanks for indulging my poetic musings… and how’s everything with you these days and….oh my gosh, this is going on too long and I need to launch into my kommentary while the thought is fresh so here’s the pointer to your site and by the way always love your stuff etc etc blah blah blah):

Kobielus kommentary:
I’ve glad that Dave cycled back to the discussion of what a role is. I’ve been storing up thoughts on roles like a squirrel his acorns. Dave’s search for an “ontology of identity management” resonates pretty strongly with me. I’m always searching for an ontology on every topic I encounter. The base bedrock simple powerful fundamental representation of the problem domain from which all more nuanced higher-level complex representations may be unfurled, and to which they may be reduced.

Anyway, here are those thoughts on roles. I’ll try to keep them succinct:

Role engineering is the black art of IdM. Almost every IdM project quickly launches a role-engineering exercise. Traditionally, roles have served as a convenient construct for simplifying assignment of permission sets to individual users, per their stable responsibilities/functions within an organization, process, or project. One of the primary benefits of roles—from an IdM/permission management standpoint—is that the privileges associated with a role can be managed in a single role object in the directory, without having to change the permissions of every single user (of which there could be thousands of users, each with myriad permissions) who belong to that role.

But role engineering is difficult to implement effectively. Partly that has to do with the fact that roles are sometimes difficult to generalize at an abstraction level sufficient to lump a significant number of like users together. When examining the diversity of real-world roles played by various individuals, one is sometimes tempted to create a unique role for each person (i.e., the “role of Jim,” encompassing the unique set of stuff that Jim does in our organization). Other problems with role engineering are that many people play many roles; that those roles are evolving continually; and those roles layer and interact with each other in diverse ways that are often specific to each individual.

Roles are multilayer constructs that are difficult to model clearly, and difficult to manage within an IdM user management environment. Per what Ed Zou of Bridgestream is quoted as saying in Kearns’ article: “Business units use [roles] to represent organization structure, responsibility, span of control and authority. For example, if Jane in the marketing department reports to the CEO, supports key sales initiatives at major accounts, manages three staff members, and participates in the revenue recognition team, she has four different business roles. Yet, most likely only two of these roles can be found in the directory: the direct reporting structure and the formal department that she belongs to. The other dimensions are difficult for directories to include and even harder to maintain. Her role changes and thus must be defined to be sensitive to business context, e.g., in-context roles."

Kearns ends his brief article with a call for new terms that the industry can use to describe this multi-level contextualization of roles. I’d like to propose just such a framework.

Essentially, a role is the contextual coordinate system within which an identity is described, qualified, characterized, and classified so that it can be managed effectively. In this regard, we can view any role as existing within a three-dimensional coordinate space:

• Place: This is the notion, highlighted above, of a role being defined in relation to the identity’s contextualization within a “direct reporting structure and formal department.” This is where “roles” and “groups” essentially overlap in semantic scope. For example, my role in Exostar is “senior technical systems analyst,” which is defined within the context of the “project office” which is defined within the context of the org supervised by the “chief technology officer,” which is defined with respect the entire org under the supervision and control of the “chief executive officer.” In this context, “place” simply refers to a standing persistent grouping of identities under an organization. A “project” (e.g., “revenue recognition team”) is another type of “place.”
• Process: This is role in the workflow context of somebody’s position in a flow of tasks, steps, documents, deliverables, etc. In the excerpt above, this corresponds to “supports key sales initiatives.” In that context, someone’s role may be “provides sales engineering support upon request” or whatever. In a document processing workflow, one’s role might be “document originator,” “document reviewer,” “document approver,” or so forth.
• Permission: This is role in the access control context: some stable grouping of permissions to access some set of apps, data, or other resources—a grouping that is associated with particular identities based on various criteria. Quite often, IdM professionals refer to role in this permission-management context. The NIST subject-object role model is built on it, as are the role-based access control features in many apps: read, write, modify, delete, append comments, and other privileges.

So, to sum up, the concept of roles may be applied in any or all of three management contexts:

• Place management
• Process management
• Permission management

Or, more succinctly: A role is an identity defined in its full governance context.

Just a little ol’ ontology I’ve been carrying in my head for a while. A kobelian coordinate system. Use it if you find a use. My ontology.