Tuesday, November 29, 2005

fyi Above the Cloud: Clients virtualize beyond recognition


Pointer to article: http://www.networkworld.com/columnists/2005/112805kobielus.html

James Kobielus, Network World, 11/28/05:

Client virtualization is an underlying theme in many recent industry announcements.

In virtualization, the external interface of every service becomes unmoored from its implementation in particular physical platforms, operating systems, application frameworks and software components. Essentially, a client becomes virtualized when its GUI grows abstracted from the resources of the local access device, be it a PC, handheld or other computer. The virtualized client may rely on both local and remote network resources to render its interface, furnish its processing power, store its data, route its print jobs and handle other core client functions. Users remain blissfully unaware of what blend of distributed resources is actually driving their presentation experience.

Vendors are avidly exploring ways to virtualize client environments. Take Microsoft Windows Vista, for example. In the long, tortured ramp-up to the release of this client operating system, Microsoft has removed most of the new functional components - including security and file-system enhancements - that were supposed to make Vista worth waiting for. What's primarily left is a client virtualization technology called Windows Presentation Foundation (WPF), which allows the Windows GUI to be dynamically rendered, tailored and customized by applications, in keeping with a declarative markup syntax called Extensible Application Markup Language (XAML). Essentially, WPF/XAML enables a virtualized separation of the Windows presentation interface from the underlying application code.

Microsoft has even decoupled WPF/XAML from Vista, taking the Windows platform another step down the road to total virtualization. WPF/XAML - and all Vista features - also will be made available as retrofits for legacy Windows operating systems, including XP and Server 2003. Essentially, this new technology will become the virtualized presentation layer to all Windows versions.

There's even more to Microsoft's client virtualization story. Earlier this month, Microsoft announced its Windows Live strategy, under which operating system and application features will be provided as hosted software as a service. Essentially, Live is aimed at making free Microsoft-hosted services - such as e-mail, instant messaging, search, file sharing, VoIP, software delivery and RSS aggregation - integral to Microsoft's not-free client software. When the client operating system goes "live," per Microsoft's strategy, it blurs the practical boundary between those functions the client performs from local resources and those it relies on the service fabric to accomplish.

But let's not give Microsoft all the credit for the trend toward client virtualization. Enriched browsers of all varieties - including Macromedia Flash and other vendors' plug-ins - are blurring the practical distinction between clients and servers even further. Enriched browsers such as those supporting Asynchronous JavaScript + XML (AJAX) deliver a more GUI-like user experience than a basic browser. AJAX-capable browsers, such as Internet Explorer and Firefox, shift the presentation emphasis away from downloading individual Web pages toward navigating within richer, structured, client-side content caches. The enriched browser can execute more application logic, cache more content and perform more rendering locally than a basic browser. And it offloads some or all of these functions from portals, Web sites and other presentation servers.

The offloading can go both ways, of course: Most of the processing power of PCs can be centralized into server chassis, per the network PC approach first introduced in the late 1990s. A new twist on that approach - the blade PC - is the most important development in desktop management in many years. Blades from pioneers HP, ClearCube and IBM virtualize desktop resources into manageable slices of a server's centralized resources, transforming the innards of each PC into a blade that can be installed in a server chassis. The user relies on a thin-client windowing protocol such as Citrix's Independent Computing Architecture to interface remotely to what is, essentially, a full-featured dedicated PC.

Clearly, virtualization is transforming client-side computing beyond all recognition. The presentation tier is blurring into the application-server, middleware and networking infrastructures.

fyi Dutch Firm Wants End of Dot Com


Pointer to article: http://www.newsfactor.com/story.xhtml?story_id=39695

Kobielus kommentary:

These alternative-root DNS registrars feel like the future of the Internet. Think of the possibilities. Create your own TLDs, register them with Google, and you’re in business. Assuming, of course, that anybody would use a Google-provided TLD search service. Which, if Google ever offers such a service, I assume everybody will. Or if not Google, whatever constellation of federated search engines eventually replaces Google. And somebody or thing will replace Google, believe it or not. De jure regulated TLDs are so yesteryear. ICANN? Everybody can, if they want to. Alternative-root registrars? Everybody will have the power to be their own root, or registrar, if they get visibility in search services. The world doesn’t want to kowtow to the US on domains. Nor to any other centralized registry, or static oligarchy of registrars. Mesh registries. Dynamic search, binding, and domain routing. A self-describing, discovering, configuring Internet on the most basic level.


Monday, November 28, 2005

imho risk analysis when an identifier is lost


Pointer to article: A

Kobelius kommentarius:
Thanks for the blogfodder. Now for responses to your particular queries:

• IdM and cellphones: Cellphones bring device identity—in particular, the IMSI--into the IdM mix. 1992—the year GSM got going—was the pivotal year.
• IdM and webservices: Web services—in particular, the URL—have made all the world’s resources directly addressable, or potentially so. 1995 was the inflection year. It was the year of the Web, of the URL, of the beginning of the all-points-addressable world economy/society.
• Why did CORBA fail: Not a clue. Perhaps because it sounds like a scary snake. Or perhaps because Web services, as a middleware environment, had from the start something CORBA never did: universal adoption across all platforms. In particular, the full force of Microsoft. The foundation year was 1999, when SOAP was announced.
• Federations may be difficult in the first place: Federations are as simple or difficult as you want/need to make them. What are you federating? For what purposes? How deeply and thoroughly are you federating diverse environments? Federating involves a lot of sweat equity. Once you’ve begun to federate, de-federating is painful. The important year was 2002, when, in the context of a Burton Group Catalyst hospitality suite, I brought a dozen vendors together to demonstrate early interoperability using a limited subset of pre-standard SAML. Kudos to Don Bowen, Hal Lockhart, and everybody else who thrashed through all the low-level federation issues, from an integration standpoint.
• Business and practical realizations of this based on incentive or economic impact: Stay tuned to Liberty Alliance for federation implementation and policy guidelines. The pivotal year for them was 2003, when it became clear that the industry needed them for this role, on an ongoing basis, and they could gracefully hand off standards development to OASIS. I was delighted to play a teeny-tiny part in consulting to them in the beginning, during my Burton Group years. Kudos also to Dan Blum.

It’s risky to lose your self-identification as an analyst. That’s why the blogosphere is so invaluable. Stay the same, in the game. Stay yourself, keep your health. Weathering desertion requires self-assertion. Continuous re-insertion.

See you one of these days. I don't recall actually meeting face to face at the July event. Sorry we couldn't sync live earlier this month. Rain check, OK?


Sunday, November 27, 2005

imho retroactive (accountability) how did you get that information


Haiku: al

How did you get a particular piece of identity information on somebody else? That’s a bit like asking how a particular dollar bill with a particular serial number ended up in your wallet. Or how you came down with your latest headcold.

Retroactively, tracing the chain of custody of any fluid entity—data, currency, infectious diseases, etc--is a task for forensic investigators. And a particularly labor-intensive task at that. You only track accountability for that chain in order to assign responsibility—hence sanctions—and to break the chain of transmission from being exploited further.

Identity is currency, of course, and currency has a way of flowing across all boundaries, even when the “authorities” used their fiercest weapons to stanch the flow. I hate to be fatalistic about it, but humans are addicted to currencies of all sorts. Stubborn human addictions—money, sex, drugs, etc.—have a way of crashing all boundaries everywhere, and are quite clever at concealing their tracks. A couple of years ago, I wrote the following poem as a meditation on this phenomenon, in which the liquid transnational entity (ambition, money, semen, disease, etc.) seems to have a calculating mind all its own:


Open borders are
dominions liquid as

Common currencies
cross land to land as hands pass

The path of a sneeze
is everywhere open to


Not really a triple-haiku: 5-6-4/5-7-3/5-7-5, not 5-7-5/5-7-5/5-7-5. Rigid calculation can become robotic. Truly infectious strings change their outer markers to foil defenses.

Plagiarism is becoming a surprisingly easy offense to detect. Every original author’s body of work is marked by that author’s unique style. It’s fascinating how researchers can algorithmically detect my or anybody else’s natural writing style, in terms of sentence structure, word choice, and other recurring elements. Essentially, your body of original written work is a key element of your personal iSoR, traceable back to only you (unless you’ve been plagiarizing others wholesale since the moment you first laid hands on keyboard). To the extent that others steal whole chunks of your written oeuvre and claim it as their own, they are laying their thievery wide open to detection.

Here’s something else I wrote in the 90s that’s relevant to this meditation:


Bet we’ll strangle on strings
Enemies will seek out catchphrases
Everybody who ever banged the boilerplate
Rounded up into hit lists
Caught in crosshairs
All ten million
Pressed away.


Written in 1998, when search engines were in their infancy. Google and kin are now the number one answer to the “how did you get that information” question. They’re also the principal means through which our personal iSoRs are exposed to the world’s view.

In perpetuity.


P.S. A few hours ago I wrote/posted "imho identity privacy reputation." Now it's been scooped up by http://planetidentity.org/. They misspelled my surname. So did Alison Statton and Spike. Some stuff I put out there not expecting anybody to notice. And folks do. By the way, is there some universal dyslexia that causes people to transpose i and e in the middle of unfamiliar words? And even in very familiar words. Wierd!

imho concentration of information


Chicago Liberty: ahs

Franconia Fraternity:
Earlier in this imho thread, I introduced the notion of an “identity system of records,” or iSoR. I introduced it in the context of how a credit bureau that has no prior B2C account relationship with a particular individual (whose identity the bureau tracks) might authenticate/authorize someone who purports to be that individual to access the individual’s system of records:

“Essentially, they authenticate you by doing a Q&A session in which you and they match your respective iSoRs. They pose a series of multiple-choice questions to you, drawn from data in your iSoR (held by them), and score your responses. These are questions that only you (the identity subject, mining your own personal iSoR which you, hopefully, have never divulged in its entirety to any other party) can be expected to answer correctly. If you answer the Q&A session perfectly—or near perfectly—the credit bureau authenticates you and authorizes you to access the iSoR that they hold on you.”

One issue I didn’t raise in this context is: What if the subject of the iSoR doesn’t have a clue about their own assets, investments, finances, and transactions? What if they haven’t kept their own centralized/consolidated iSoR? What if their iSoR is hopelessly out of date or inaccurate? What if you’ve trashed older records corresponding to those that the credit bureaus still maintain? What if you’ve kept all of these records (paper and/or electronic) but haven’t gotten around to sorting through it and documenting it concisely for your own consumption? Then you--the subject of the credit bureau’s iSoR--are likely to fail the iSoR-matching zero-knowledge Q&A test. And you will be prevented from accessing and, if necessary, correcting your own credit history.

In an ideal world, each of us would preside over our own personal IdP domain, and others—including big impersonal institutions—would bid for access to our identity data—to our iSoR. One corollary of that vision is that each of us would be the master concentration point for all identity data, current and past, that constitutes our iSoR.

But let’s get real. That’s a big burden for most people, and a supremely boring tedious activity. Personally, I’d rather be listening to www.kexp.org than poring through mutual fund statements. Tracking our own financial profiles/histories becomes a bigger pain in the neck as you accumulate more investments and engage in a growing volume of transactions. The longer you’ve lived, the more challenging it becomes. Just imagine the burden that awaits your heirs when, upon your demise, they attempt to aggregate your overstuffed financial iSoR onto theirs.

Who can keep track of this stuff? That’s why the wealthier hire financial advisers to help them track their assets. Which is just another institution you trust to manage your iSoR. Perhaps you can also task this institution with the ongoing job of tracking and requesting corrections to copies of your iSoR that are held by other institutions.

Which institution do you trust more? How do you know when your personal iSoR manager isn’t robbing you blind? How do you know when this and other institutions are in cahoots in that endeavor?

Concentrate on your identity information. Concentrate on your finances. Concentrate on your concentrators.

Don’t let yourself get hypnotized by confidence artists.


imho identity privacy reputation


A basic holler in light and syrup: rahB

Holistic attestation:
Reputation is one of those words that creep me out. As an identity management (IdM) construct, it’s even vaguer than role (which I recently, October 20, in this blog, defined as “an identity in its full governance context”).

Reputation feels anti-governance, hence unfair. It feels oppressive. It’s the collective mass of received opinion, good and ill, weighing down on a particular identity. It feels like a court where the judge, jury, prosecuting attorney, jailer, and lord high executioner are phantoms, never showing their faces, but making their collective force felt at every turn. It feels like outer appearances, not inner character, ruling our lives.

Reputation is one part prejudice—-as in pride and prejudice—-as in the oppressive mass of received opinion that unfairly pins the victim into a mean, narrow, constrained existence—-as in always having to defend yourself against whoever whatever wherever whenever. Reputation as a collective weapon in the service of conformity and mediocrity.

Reputation is another part consequence—-as in never being able to live down or escape the past—-as in everybody everywhere keeping a collective dossier on your every activity—-as in never being able to start over with a clean slate.

Reputation isn’t an identity, credential, permission, or role. It isn’t exactly an attribute, in the same sense that, say, your birth date or hair color are attributes. And it isn't something you claim any privacy protection over--it's the exact opposite: the court of public opinion over which you have no sovereignty and little direct control.

In the IdM context, reputation is more of an assurance or trust level—an evaluation of the extent to which someone is worthwhile to know and associate with. Here’s the definition of assurance from my forthcoming essay, “Federated E-Business Assurance: the Policy-Driven Basis for Trusted Collaboration” (the essay, which I co-authored with Rob Sherwood, will be included in a book of security visionary thinking to be published by Homeland Defense Media:

“Assurance…generally refers to the degree of confidence that a relying party can have when accepting a password, certificate, token, assertion, claim, or other credential that is associated with a particular identity. Fundamentally, assurance is the confidence that someone else is reasonably safe to do business with. Assurance serves the relying party, allowing them to strongly verify the authenticity and validity of others’ identities, attributes, credentials, and assertions. It provides the relying party with the information they need to determine whether to refrain from, closely monitor, and/or repudiate online interactions in which such verification is lacking. It also gives the relying party the confidence that, if adverse consequences result from doing business with someone, the responsible parties can be pinpointed effectively so that appropriate legal, business, and other remedies can be pursued.”

Reputation is relying parties’ evaluation of our reliability, of their liabilities, and of the degree to which associating with us makes them ill at ease. Appearances are assurances, for good or ill.

Relying parties—-the ultimate policy decision and enforcement points in any interaction—-need many levels of assurance if they’re going to do business with us. They gather assertions and data from many IdM “authorities” (authentication authorities, attribute authorities, etc.) before rendering their evaluations and opening their kimonos. They—-the relying parties—-make reputation evaluations based on information fed in from trusted authorities, from their own experiences with us, from whatever reputation-relevant data they can google across the vast field of received opinion and public record.

Who, if anyone, are the "reputation authorities"? What, if anything, is a "reputation assertion"? How can we--the identified reputed parties--have any assurance that our reputation isn't determined by the collective malice of bad people who mean to distort and destroy us? How can we be sure that a balanced, fair evaluation of our reputation rises above the din and confusion? Who/what, if anything, is our public reputation (PR) agent/advocate in a world of free-floating ungovernable reputation?

This topic leaves me queasy. Reputation still comes down to appearances, no matter how you approach it. It comes down to spin. Tell the spinning to stop. I'm about to hurl.


Saturday, November 26, 2005

imho lack of global identifier


Tag: vag

On August 18 of this year, in this blog, I floated the following thought:
“DNA…is our ‘birth day credential’ (or rather, conception moment credential, but first presented publicly on our birth day). Why do we take a baby’s footprint upon birth, but not their DNA print? Why aren’t DNA prints strongly bound to a digital master of our very first identifier: our birth certificate? Absent that, how can we know for sure whether the person claiming to be Jane Doris Doe for the purpose of applying for a credit card account is in fact the person who was born with a particular DNA print and assigned that name at birth (or assigned a name that they later changed to Jane Doris Doe, perhaps upon marriage or adoption)? If we can’t strongly bind a person’s human name to their DNA at birth, and bind each new name (legally changed) to their previous legal name, always anchoring it all in their birth day credential, then assurance is never strong.”

For the DNA birth day credential (henceforth, BDC) to become a truly global identifier, we would need to put several huge projects on the road to fruition:

• Persuade the entire human race—all governments, religions, cultures, etc—to recognize the primacy of this new identifier
• Get all hospitals, doctors, midwives, and mothers everywhere to promptly take a DNA sample of every newborn (and stillborn?) that emerges from the womb
• Secure the sworn, legal testimony or affidavit of a witness, notary, or some other person who witnessed the birth and DNA sampling of each newborn, attesting for its linkage to a particular baby given a particular traditional birthname and born to a particular woman at a particular day/time/place
• Institute laboratories everywhere that process DNA samples, identify the BDC, and recommend to local birth registrars the issuance of digital birth certificates that cryptographically bind the BDC to the new child’s traditional birth name
• Check the uniqueness of each requested BDC (or, for identical twins, triplets, etc, the uniqueness of their shared BDC) prior to issuance of the BDC birth certificate(s), thereby guarding against BDC fraud
• Issue the BDC certificate, assigning each one a globally unique identifier, and signing the certificate with the birth registration authority’s unique signing key
• Post the BDC certificate to an online registry infrastructure where they can be indexed and searched
• When changes of traditional birthnames are requested, get all governments, courts, religions, etc everywhere to issue namechange certificates that associate the name change to a particular BDC and its globally unique identifier, and to digitally sign the namechange certificate with the namechange authority’s unique signing key
• Post the namechange certificate to an online registry infrastructure where they can be indexed and searched
• Federate this whole infrastructure under global trust, policy, security, legal, regulatory, and treaty relationships among all the world’s nations, peoples, religions, etc.
• And….oh yes…all of us currently alive would need to submit our own DNA for a retro-BDC-ing, to literally populate this unique identification scheme and make it useful/global here and now

I’m probably overlooking some important things that need to happen to make this a reality. I’m not saying it’s practical or feasible or even desirable here and now. Or that the human race is ready for this federated birth registry on some deep cultural level.

I’m still working through all those issues in my head. Or not.


imho bottom up: companies want to own the data


Start: napS-

The only data—literally, “given”—is the persistence, in the aggregate, of demand, currency, and customers, none of it truly “owned” by any company, any more than any one organism can own the air we all breathe.

Sure, companies want to own the data. They want to own everything, and not have to answer to others or be “stewards” of resources owned elsewhere. They want to be self-contained autonomous ever-expanding universes.

Your and my identity is their prime resource. It’s a given, just as the sun shines. Their dreams of owning our identities are part and parcel of the imperial business ethic, which the late, great Peter Drucker inadvertently sloganized when he said the purpose of business is to “create” customers. Yes, to create customers—you and I--just as God created the heavens and earth, and then set about naming every beast of the land, sea, and air. If you’ve gone to great lengths to create a productive little ecosystem, wouldn’t you too take a proprietary interest in the identities of every creature under your dominion?

Companies want to expand forever—which is, of course, impossible in a closed universe. Under such circumstances, one creator will quickly dominate all others and deprecate them to some subordinate rank, be it lackey angel or apostate devil. Companies quickly realize that the customer they think they created in fact predated and will survive them—and has an identity and sovereignty and loyalty to no one but themselves. The customers are in fact the gods of commerce, and will just as readily destroy a company as create and sustain it.

You can’t own customers. You can only earn their repeat business. And you can’t own their identities. You can only ask for customers to continue recognizing your identity, and recognize your right to continue existing as a business. Yes, you can collect and hold their identity data. But you can’t hold customers indefinitely unless you vanquish all competition.

Or continue to ask the sovereign identity holder for access to their datum. And give them something of value in exchange for this precious currency.


Wednesday, November 23, 2005

imho profiling


Whence: lezt

Profiling, a formerly innocuous term, has gained negative connotations in recent years. Now it’s almost always construed in the context of “racial profiling.” It’s suffering the same fate as “exploitation” (prior to feminism, this simply referred to usage, consumption, and/or deriving some advantage from some resource) and “notorious” (prior to John Dillinger, this simply meant a person of note, regard, or reputation).

In an IdM context, profiling refers to the ability to compile sufficient identity data for the purpose of targeting individuals of note so that one may derive some advantage from one’s business association with those individuals. It needn’t always be to the disadvantage of the subjects of the profiling, of course (Dillinger analogy notwithstanding—this is one individual who certainly wished he hadn’t stood at the business end of the FBI’s targeting strategy—also, one thinks of the paparazzi, who certainly exploit others’ notoriety, thereby increasingly that notoriety/marketability and pissing off their subjects in the process—paparazzi profile based on one single criterion: the price that a candid photograph of the subject can fetch).

The subjects of profiling needn’t always be unwilling victims. To the extent that we the subjects control our own profiles and can parcel out access to relying parties, we can stay out of everybody’s crosshairs, or put our identities out in the public arena for maximum exposure to and exploitation by others. To the extent that we can inspect/correct the profiles that others hold on us, we can at least prevent unfair exploitation. Correcting errors in your online credit histories (held by D&B etc.) is one such way in which we can gain some modicum of control over the legitimate and quite powerful profiles that others hold on us. Every American now can get a free copy of their credit history from the major bureaus each year, and correct them—all online

It’s interesting how these bureaus authenticate you—the anonymous web browsing entity with whom they have no prior business relationships—for the purpose of authorizing you to view your credit history (and request corrections to that profile). Essentially, they authenticate you by doing a Q&A session in which you and they match your respective identity systems of records (iSoR—I love this acronym, which I just concocted now) associated with your credit history. In other words, they pose a series of multiple-choice questions to you, drawn from data in your iSoR (held by them), and score your responses. These are questions that only you (the identity subject, mining your own personal iSoR which you, hopefully, have never divulged in its entirety to any other party) can be expected to answer correctly. If you answer the Q&A session perfectly—or near perfectly—the credit bureau authenticates you and authorizes you to access the iSoR that they hold on you.

This is essentially a “zero-knowledge proof” of your identity, in which you’ve divulged nothing to the relying party that the relying party didn’t already know. All of which reminds me of a research paper recently co-authored by muse: “Establishing and Protecting Digital Identity in Federation Systems.” In it, muse and collaborators provide an approach for protecting user attributes against identity theft. Their approach involves associating various attributes from a user’s private iSoR (my term, not theirs) with each other and with a user’s identity. In order for somebody/anybody (the user included) to exploit the user’s identity for any purpose—such as to authenticate to a credit bureau, say--that entity needs to marshal a specified subset of the user’s private iSoR as a “proof of identity.” The approach allows the user to provide that “proof of identity” to any relying party—and lets the relying party to verify the proof of identity cryptographically—without the user ever needing to disclose any particular piece of privately held iSoR data. Essentially, the user is a private IdP, and federates their personal data attributes to any SP in such a way that the user only needs to establish that they are the sovereign IdP for that data—whatever its values may be—and never loses control over their private iSoR/profile. The SP simply matches the personal IdP-presented private-iSoR proof-of-identity to the shadow iSoR that they hold on you.

At least, that’s what I think is going on in the paper. Interesting stuff. But mine eyes are sore from trying to divine the math.


Tuesday, November 22, 2005

imho Formal model based secruity


Spellmaker: tzel

Remember the good old days when developers produced something called “programs”? The march of virtualization-—and of SOA-—has hastened the demise of “programs” as the basic unit of development, in favor of more diffuse constructs: models, patterns, and services. A little over a year ago, I wrote a column for Network World (http://www.networkworld.com/columnists/2004/090604kobielus.html) on this topic. Rather than attempt to paraphrase myself, I’ll simply quote myself, and pray that John Gallant and Susan Collins won’t ding me for reusing, at length and for no personal remuneration, content that I authored but their publication, technically, owns (and isn’t reuse the foundation of SOA-based blogging?):


“SOA is a disruptive approach to building distributed services. Until now, we've developed new functionality on and within concepts such as platform, application and language. Each of these concepts has traditionally had a well-defined sphere of reference: The platform hosted the application, and the application was developed in a language. Now all that is changing, thanks to the emergence of SOA.

The first of the old computing concepts to wither away will be the platform. This term originally applied to operating systems, then included application servers that implement a particular development framework (Java 2 Platform Enterprise Edition or .Net) over one or more operating systems. But the growth of standards-based, distributed Web services has made it clear that fewer and fewer business processes will execute entirely within the confines of a J2EE 1.3 server or Windows Server 2003, or Linux, but will execute across them all. When all platforms share a common environment for describing, publishing and invoking services, the notion of self-contained platforms disintegrates in favor of SOA, which is essentially a platformless service cosmos.

Another casualty of this evolution is the notion of applications as discrete, functional components that execute on particular platforms. SOA is founded on the notion of virtualization. Under this paradigm, services describe abstract interfaces within standard, platform-independent metadata vocabularies such as WSDL. The underlying service functionality may be provided from components on any platform without needing to change the interface. Under SOA, the application dissolves into a service that may have no fixed implementation but simply bids for on-demand networked software and hardware resources.

Programming languages also are becoming something that fewer developers touch directly. Visual model-driven development and automated code generation are at the forefront of the SOA revolution. You're more likely these days to see a vendor boast of its ability to support visual modeling in Unified Modeling Language than development in Java, C# or any other declarative programming language. For complex, orchestrated, multiplatform Web services, visual modeling is the most effective approach for specifying, implementing and maintaining the end-to-end logic and rules on which the service depends.

SOA has spawned a range of terms to describe what developers actually develop. IT professionals increasingly define their creations in terms of services, models and patterns, rather than platforms, applications and languages. The notion of patterns will become critical to discussions of distributed services. A pattern is a generic approach - such as service proxying or service coordination - to architecting interactions in the infrastructure. Every pattern defines its own abstract Web services functional elements and SOAP-based interactions.”

Where formal model-based security (yes, I've proofread the subject line, and am keeping the muse's original typo intact) is concerned, what are the dominant patterns? Can we even begin to discuss patterns in an area as all-encompassing and pervasive as security. Let’s limit our discussion to identity management (IdM). And, while we’re at it, limit it to federated IdM. If we accept that limited scope, the dominant patterns are defined by the use cases that a federated IdM environment addresses. Even then, we’ll need to spell out the dimensions of use cases, rather than enumerate the possible patterns themselves, because recombinant explosion, reflecting the diversity of real-world requirements and environments, defies our efforts to define off-the-shelf cookie-cutter federated IdM environments.

The principal elements of federated IdM models/patterns are, per the various use-case dimensions:

• Federation cross-domain topology: point to point, hub and spoke, decentralized, peer to peer
• Federation cross-domain transactional applications: identity, attribute, role, permission, and account provisioning; single sign-on; role-based access control; permission-based attribute sharing; digital rights management; secure messaging and collaboration; business process management; service management
• Federation middleware service layers: messaging, description, discovery, data management, metadata exchange, security, reliable messaging, event notification, pub/sub, transactions, orchestration, presentation, state/session management, service management
• Federation policy enforcement point deployment: intermediate systems, network perimeters, network endpoints
• Federation assurance levels: authentication assurance, credentials assurance, identity assurance, authorization assurance
• Federation governance: bilateral trust agreements; multilateral agreements

I’ve probably left out some important considerations. Regardless, any formal model of federated IdM security—or of security generally—needs to be built on such dimensions. Likewise, any model of the end-to-end set of compliance baselines that govern federations needs to mirror this multidimensionality.

Modeling’s the thing. Konceptual klarity uber alles. Mental acuity, model-based secruity.


Monday, November 21, 2005

imho Liability SP or institutions


Per your message: Span

Latest installment:

Lies and liability. Dupes and duplicity. Assertions and near-certain litigation.

When is the asserting party (the identity provider, or IdP) liable for asserting (deliberately or inadvertently) what, upon closer inspection, turns out to be an untruth, and when is the relying party (the service provider, or SP) liable for not using standard verification mechanisms prior to relying upon that untruth?

When is an assertion, if not a lie, simply null and void, in terms of having exceeded its maximum time to live, as specified in trust agreement between IdP and SP? Or, if not null and void, out of its intended context, in terms of being relied upon for an application that the IdP and SP agreed is out of bounds? Or being misconstrued as implying a higher degree of assurance than warranted by the policies and practices of the IdP, as asserted between consenting lawyers at conception (of the trust agreement between the two organizations)?

Federations, built on contractually codified “trust relationships,” threaded back and forth by assertions and actions taken in response to those assertions, can easily crash in acrimony. And liability can get muddied in the complexity of federated IdM environments. Add more assertions, messages, flows, and parties to a federation scenario, and you're effectively adding more legal nuance that a smart lawyer can swing to their client's advantage, wiggling out of any liability and shifting it to others in the federation.

Try explaining the intricacies of a multidomain SAML 2.0 federated SSO environment to a jury of your peers. It’s all just a mess of messages, after all. Are your federation agreements spelling out the precise choreography and content of assertions that constitute legal binding contracts among IdPs and SPs?

Do your lawyers truly understand any of this? Can they defend it effectively in a court of law?


imho Why don’t we have increasing mandates in security and privacy


Fro: gav-

Mandates are seismic waves that propagate throughout the striated distributed medium of modern e-business.

Mandates pierce the clutter and introduce changes across many layers, causing some shattering of the landscape, some mass evacuations, some inevitable terror and confusion. But mandates aren’t so scary when we see them coming from a long distance and can make plans. And they’re not so terrible when we’ve had a hand in shaping them. Any democratic system—laboring under a legislative/regulatory mill with full, extended public comment—meets those requirements. And any federated democratic governance structure—in which the ploddingly slow jabber-mill gets refracted and damped by endless cross-negotiations—absorbs such universal shocks so well that we barely see the chandeliers swing when the ground eventually does decide to hiccup.

We have had increasing mandates in security and privacy for several years now, and it’s only going to continue. In fact, every mandate that comes down the pike seems to concern security and privacy in various degrees—in the US, SarbOx, HIPAA, GLB, FFIEC, CAN-SPAM, etc.—in various US states, equivalent and/or consistent legislation/regulation—in other countries, same sets of concerns, different mandates.

Every mandate is a new source of “thou shalt comply” commandments on enterprises and service providers. Of course, there are as many “thou shalt comply” religions as there are governments, agencies, laws, and bosses upon the face of the earth. To the extent that you operate worldwide—or even in a single region—how can you effectively comply with requirements that issue from so many rule-gods, who don’t always talk/agree with each other up in the clouds of olympus, and who are changing their god-minds independently all the time? To the extent that all these rule-gods “federate” (i.e., agree to respect each others’ jurisdictions, honor each other’s decisions, and harmonize their respective approaches), your job (the haplessly hopelessly pliant and compliant clay/mud at their feet) is easier.

Compliance is the capacity of responding effectively to mandates. Mandates are imperatives issued by authorities. Authorities are the administrators of domains. Domains are the perimeters within which various human activities are conducted, administered, and regulated. Domains are more multi-dimensional than the hyper-mega-universe imagined by Stephen Hawking. Security/privacy domains can be defined as environments in their own right, or as strata within domains constituted on other grounds (e.g., management domains, orchestration domains).

Security/privacy, by forming part of every domain’s landscape, rocks the foundations of everything. Mandates introduce more fault lines into that bedrock. Federation takes those fault lines and arranges them into patterns that will do the least damage to domain perimeters, when the global shock waves eventually hit.

Mo’ metaphors, please.


Friday, November 18, 2005

imho Balance usability and Privacy


Muse: Bhar

Usability? I don’t want others to invade my privacy because it's a user-friendly thing to do.

Usability? Could the blinds on the windows of my house be any more usable? As Lily Tomlin said, living in the city means always knowing where your wallet is. It also means not simply leaving the places you own, such as your home and car. It means placing valuable items where they can’t be easily seen from outside, then shutting doors and windows behind you, locking them, giving them one extra tug to test the security of the lock, and then walking quickly away so that strangers don’t sense that a place with valuables is newly vacant and the live-in/drive-in sentry won’t be back for a decent interval. Oh…and taking the key with you, secreting in on your person, always being aware of its presence….or freaking out upon its apparent absence.

It’s not a question of whether this or any other privacy-protection scheme is usable. We’ll morph our habits in some weird ways to protect our dearest possessions. And we’ll forget that this strange new choreography of worry, wariness, and response isn’t first-nature. It only becomes second-nature after we’ve retooled our daily rhythms around it.

About privacy protection in computers, across the Internet….where do you put your personal key….and how do you sense it on, or adjacent to, your person? In my job, I have a USB token that holds a private key, which is associated with the public key bound to my identity on an X.509 cert, which is managed in a directory service, which is accessed by the various applications I access when I attempt to authenticate myself through that token….that key. I never leave my (physical) house in the morning without that key (physically) hanging on a sash around my (physical) neck. And I never leave the office later that day without that same key around that same neck. That’s part of my semi-neurotic kinesthetic key-sense: I must always have a sure sense of where every physical key (to every space/resource/asset I depend on) is (on or near my person) when I exit one Kobielus-locked space in transit to another Kobielus-locked space.

How usable can we make that key-mediated space-transition choreography from my point of view? How can I always maintain a sure sense of all relevant keys at all times without having to continually fuss and fret with physical keys and their locations on or around me and my environs? How can I track all the virtual keys that bind my identities to virtual space? How can I make damn sure that all of these physical and virtual keys have been employed (by me manually and/or the infrastructure intelligently) to secure my every last resource, including all my personal data?

And do it all so simply that it becomes second-nature? So that all the virtual doors and windows and locks and blinds are always secure, and all of my personal effects are secreted far away from virtual prying eyes?

And I don’t have to worry about any of this? No matter how neurotic I get about such things, especially as my life grows more complex, and the number of keys and doors and private spaces and privacy-sensitive data elements grows?

Usability of privacy-protection schemes on the Internet means always knowing where your keys are.

And still worrying.


imho Mandatory deployment of strong authentication: FFIEC


From here to her: sha

What I wonder about the Federal Financial Institutions Examination Council (FFIEC) mandate is whether I’ll have to go out and buy an SMS-capable cellphone in order to access my bank account online. Or, more fundamentally, whether I’ll have to carry around any piece of hardware—-cellphone, SecureID, smartcard, USB token, etc.-—for that purpose. For the purpose of having a second factor for strong authentication to prove that I’m me and that the money I’m getting, transferring, etc. is in fact truly mine.

Is the FFIEC’s mandate going to result in my financial institutions (plural—because I have my money in several) issuing me an “unfunded mandate” to acquire the requisite hardware/software? Will I need to buy/install/configure a separate hardware/software combo for each financial institution? Or will a single strong authentication scheme/token/credential be accepted by all financial institutions throughout the US/world? Will any of them subsidize my acquisition of that new factor?

This comes in the midst of another unfunded government mandate on the citizenry. In the next few years, TV broadcasters will be required by the government to abandon their existing frequency assignments and move their transmissions over to digital, on different frequencies, not backward-compatible with existing sets. That means that every American will need to go out and buy a digital converter (or several per household, depending on the number of sets you have) to continue to access existing being-moved-to-digital programming.

So, we’ll be cut off from online access to our money (possibly) if we don’t acquire the requisite strong authentication token(s). And we’ll be cut off from TV (very likely) if we don’t acquire the converter(s). Whose interests are being served here? Not mine. I’m comfortable with today’s security on online banking. I’m also not super-impressed by HDTV. I can definitely continue living happily with analog TV.

I don’t think any of this has filtered out into general public awareness yet. Does this sound like a huge cultural stinkpot ready to burst wide open? You bet.

But then again, I’m still smarting from the music format die-offs of the past 30 years: vinyl, 8-track, cassette—and, maybe eventually, CD, in favor of MP3s and beyond. Every obsolete format is an unfunded mandate from the recording industry to replenish my jamcache from scratch.

As Tommy Lee Jones said in “Men In Black”: “Great—now I’ll have to buy the White Album all over again.”

Or stop buying music altogether. By the way: www.kexp.org.


imho Corporate governance


Source: la

Corporate governance is one of those slightly quaint notions, like Robert’s Rules of Order, that seems to imply the need for rules of etiquette to bring order and decorum to what is, for all practical purposes, a knock-down drag-out brawl. Business must somehow govern itself, yes that’s the ticket.

Corporate governance is a Rorschach notion: you read into it your own preferences, prejudices, and cynicisms. For the fascistically inclined, it implies top-down command and control. In such a context, governance blurs into another trendy notion: compliance, or the paramount importance of responding to legal and/or regulatory mandates from above. For the anarchically predisposed, it suggests the barely constrained chaos of messy, meshy, federated, and overmatrixed modern business relationships. No real conscious governance there, unless you’re talking about the invisible hand (aka the iron competitive fist) of Adam Smith, which governs the business world with the same brutal logic as Darwin’s natural selection rules the biosphere. Those that survive and procreate govern this world, and the next, and the one after that. Not really intelligent design (to use another currently trendy phrase). More belligerent than intelligent, in terms of the dynamic that stamps the economic regime into nasty new shapes.

How can the rolling confusion of omnivorous capitalism produce something we can even begin to think of as governance? How can some coherent set of collective controls on self-interested human activity emerge in the absence of a coherent single “governor” (human, office, institution, constitution, etc.). Clearly, Adam Smith had an answer to that, when you’re talking about supply/demand effectively regulating markets of many buyers and sellers.

But what does “corporate governance” really mean in the current environment. What it actually refers to isn’t governance of markets. Rather, it actually means something closer to “business ethics,” or, even wimpier, “corporate citizenship.” In particular, how do we avoid repeat of the Enron, Worldcom, and other governance/ethics/criminal lapses within particular self-interested corporations over the past several years? How can corporate execs govern (i.e., restrain and refrain) themselves from raiding the cookie jar and robbing shareholders blind.

How can they comply with the Golden Rule, essentially, and not violate the public’s trust in the essential integrity of senior decision makers in large institutions? Or, if they step out of line, how can we the people crack the command/control whip of incarceration down on their sorry hides?

That’s governance, in the final analysis. And it requires government. Good old fashioned government. Unless the law enforcement, judicial, and prison systems are going to be “privatized.” In which case, how would those privatized governance institutions themselves be governanced?

There can be no effective corporate governance without good government. A big bad cop who can put you away.

Oooh…sounds more fascistic than I intended when I started this post.


Thursday, November 17, 2005

imho compliance: EU article 29


Nod to instigator: bhi

Direct marketing is the most ruthlessly efficient identity maw/mill ever devised by the mind of wo/man/y. The above-ground identity market that it spawned is a thing to both fear and admire.

Identity resale, not identity theft, is the thing we must beware—-or harness, as individual consumers, to our advantage. Personal data is empowerment in economic matters. The more of it that passes into others’ hands, the less power we (the subjects of that data) have in everyday life--unless we keep our hooks on that data, no matter where it might roam. Personal data—-in the hands of merchants, financial institutions, credit bureaus,government agencies, and other organizations--regulates the solicitations we’re exposed to, the offers that come our way, the approvals and acceptances we receive, and the sort of opportunities we never see because we fit nobody’s prime consumption profile.

Identity lists—-sifted, sorted, categorized, qualified, aggregated, vetted, circulated, validated—-they’re the prime ammunition in the war that merchants fight to woo and win us. We're the prize they seek. Our identities--the inalienably personal attributes that we've surrendered to the entire online cosmos--are the addresses that the economy uses to reach out and dazzle us with its cornucopia. The less direct mail we receive, the more marginal we are to the economy and society. The day you receive no more direct solicitations, you’ve fallen off the direct marketing radar. You’ve become unlisted. Unreachable. Irrelevant. Not worth appealing or listening to. A non-consumer. Someone who can't find what they truly need in an economy that no longer recognizes their existence.

If you want modern business to serve your interests, you want to stay on their direct-marketing lists. The greater volume and variety of solicitations that target our real needs, the better we’re able to seek out and strike the best bargain for ourselves. The day you’re on everybody’s lists, but nobody can use or resell that data without getting your explicit permission, you’re supremely empowered. And the day we can stop direct marketers in one country from outsourcing their identity list milling operations to foreign shores, you gain sovereign control over your identity across the entire planet. You can get the best deal from merchants anywhere in the world marketplace.

Which is why I applaud EU article 29, which harmonizes the regulatory regimes for direct marketers' handling of personal data across all of that confederation’s member states. I hope that some day this federation/harmonization of direct-marketing regulations extends to the US and all other countries.

Direct marketing can be a tool for personal empowerment, if they bid the sovereign identity holder for access to this information gold. All bulk identity merchants should comply with these rules, no matter where/how they operate.


Wednesday, November 16, 2005

imho Preventing identity theft


Indicator to homo articulensis: A

I. I dentity. Id entity. I dent it y. Id an entity. Identropy. Idempotency.

I’m old enough to remember the last great plague that never came, syukur kepada Allah. The swine flu scare of 1976. Now the bird flu “pandemic” watch of 2005. By the way, whatever happened to the familiar and scary enough “epidemic”? When did the threat of microscopic human annihilation get escalated to a new term? What’s next: “armageddondemic”?

That thought has absolutely nothing to do with identity theft. Except for the fact that we are constantly being braced by the media for a pan/epi-doozis of ubiquitous impersonation and spoofing that will steal our very souls. And it hasn’t come yet. Though clearly our cyber-lives are as bombarded with phishing and pharming and other corrosive identity scams as our bodies are bathed in a steady soup of micro-organisms.

Somehow, we’re building up behavioral antibodies to identity theft, which is not to deny the occasional clever idioklept who manages to slip through. E-mail is the onesie-twosie identity thief’s tool of choice, but it’s becoming a harder field to harvest. My sense is that we’ve evolved a complex set of mental defense mechanisms to any unsolicited commercial e-mail. And we’ve deprecated e-mail in our personal information ecosystems. We’ve learned to rely on IM for interpersonal messages of a short banal nature, blogs for pushed opt-in information feeds from trusted sources, browser bookmarks for pulled feeds of an occasional/need-to-know nature, and Google searches for any quick-and-dirty digging with relevance ranking. When the day comes (and it never will I assure you, and I also assure you that “comes” is not a double entendre) that I need to find a reliable source of penis-enlargement solutions, I won’t turn to my e-mail. I’ll use whatever brand Austin Powers endorses.

Quick question: Can anybody tell me how many wholesale identity thefts have been linked to spyware and database breaches? I don’t mean “theft” in the narrow sense of somebody laying their hands on a stadium-full of people’s credit card numbers. I mean “theft” in the even narrower—-but more accurate—-sense of people using pilfered credit card numbers to quickly steal a lot of money from many people and then head for the proverbial hills?

OK, it wasn’t a quick question. But here’s a quick answer. Nobody. Not a blessed person has ever been exposed, tried, and convicted of impersonating great numbers of people—-and thereby emptying their bank accounts—-using identity-linked data that was stolen over a network. If you my readers can point to a wholesale identity cybercon that paid off big time, please call my attention to it.

There’s no substitute for keeping an eye on your actual assets, such as by scrutinizing your account statements, transaction histories, credit histories, and so forth regularly. And following up quickly to nip suspicious activity in the bud.

But considering that your identity’s in a state of entropy everywhere, it’s “out there” for the taking. Vulnerable to every well-adapted invisible scam that percolates through the environment. Just as your health will almost certainly be “robbed” by the germs passing in and out of every orifice.

Identity theft is a flu that will eventually “get you.” Build immunity. Bounce back.


Thursday, November 10, 2005

fyi The Rise of the Virtual Machines


Puntero al articulo:

Komentario de Kobielus:
Virtualization is one of those venerable old computing concepts that has achieved new life in recent years.

Virtualization—like SOA--is so broad in scope that it’s becoming almost useless as a differentiator of any vendor’s offerings. In fact, virtualization is the umbrella concept of which SOA is one implementation approach. Grids are another. On-demand and utility computing are others.

Virtualization refers to environments that abstract external invocation interfaces from internal platform implementations of services and other resources. The external interface may conceal various facts about the implementations of the underlying resources. For example, the resources may run on diverse operating and application platforms; have been deployed on nodes in diverse locations; have been aggregated across diverse hosting platforms (or partitioned within a single hosting platform, either through virtual machine software, separate CPUs, or separate blade servers); and have been provisioned dynamically in response to a client request.

SOA refers to virtualized application environments that abstract external service-invocation interfaces from those services’ internal platform implementations. Under pure SOA, the external application interface—or API—should be agnostic to the underlying platforms. SOA is often software-oriented, but needn't be. Some refer to service virtualization or abstraction as “loose coupling.” Within Web services environments, WSDL “service contracts” provide the principal platform-agnostic APIs for service virtualization.

Grid computing refers to virtualized environments that are designed principally for brokering access to distributed, dynamically adaptable, parallel-processing resources. Grids may support massive parallel processing of jobs that have been partitioned in either symmetric or asymmetric fashion, in terms of the constituent processing tasks and datasets. However, grids are usually employed for massively parallel jobs in symmetric mode.

On-demand computing refers to virtualized environments that dynamically provision, aggregate, and allocate existing, distributed resources from various sources in real time in response to client demand. On-demand computing environments provide client access to resources that already exist—internally or externally—obviating the need to deploy additional physical servers, databases, and other platforms, nodes, and capacity for this purpose. Grid is just one type of on-demand computing environment: one that is geared to serving distributed processing and storage resources. However, server clustering, outsourced application service providers (ASPs), and client-based peer-to-peer (P2P) also qualify as on-demand computing environments. Grids offer distributed virtual hardware resources (“hardware as a service”), which may or may not be provided on an outsourced, pay-as-you-go, ASP basis (a la “software as a service”).

Utility computing refers to virtualized environments that provide on-demand computing as a general-purpose infrastructure to all applications and users. Grid is a distributed-execution environment that may be provided as a general-purpose infrastructure. Alternatively, a grid environment may be limited to a particular operating/application platform (such as a grid of Linux servers running Java 2 Enterprise Edition [J2EE]), or only process a particular type of application (such as finite-element modeling or parametric analysis). In these types of deployment scenarios, grid is not a general-purpose utility environment.

This article talks about “OS virtualization,” in terms of physically and logically partitioning server resources so that those partitions can run entirely distinct, cloned, replicated server virtual machines.

One can even talk about “client virtualization” In my upcoming Network World column on that topic, I define client virtualization as follows: “Client virtualization is an underlying theme in many recent industry announcements. Essentially, a client becomes virtualized when its GUI grows abstracted from the resources of the local access device, be it a PC, handheld, or other computer. The virtualized client may rely on both local and remote network resources to render its interface, furnish its processing power, store its data, route its print jobs, and handle other core client functions. Users remain blissfully unaware of what blend of distributed resources is actually driving their presentation experience.”

Dizzy? So, what again, Professor Kobielus, is virtualization? Can you give us the radically simplified definition? One that gets closer to an elevator pitch?

Last night the following nutshell definition of virtualization came to me, as in a dream (no actually, it was while working out, when my best thoughts tend to coalesce into crisp structures—body occupied full steam—mind free to focus on purely cerebral stuff, full steam also).

Just as GUIs became known two decades ago by the cute acronym “WYSIWYG” (what you see is what you get), I’d like to propose the following acronym for virtualization (of any sort):

• ARWIS (Ain’t Really What It Seems)

If we start from the textbook definition offered above—“abstract external interfaces from internal implementations,” then we can parse this coinage into its critical components:

• WIS Layer: What It Seems: “External interfaces”
• R Layer: Really: “Internal implementations”
• Ain’t Layer: “Abstract …. From ….”

The R Layer is what’s actually going on, behind the Ain't Layer, and it’s what deployers deploy, integrators integrate, and administrators administer. What it really R.

The WIS Layer is what users use and experience, oblivious to the R Layer. What we WISh it R.

The Ain’t Layer is what developers develop, to virtualize the WIS Layer from the R Layer. The Ain’t Layer are the service contracts (WSDL, etc.) and the WS-* and other interfaces that shield the WIS Layer from all the platform- and config-specific R stuff roiling around down there in the SOAP soup we call SOA.

You virtualize anything by applying a layer of Ain’t to get R WISh.


Saturday, November 05, 2005

poem Content


Information is indifferent
to its bondage status.

Like the kept cat,
it is mobile
and neither
slave nor

Continually fed and freshened,
it remains


Friday, November 04, 2005

fyi Sun Gets Secretive on Storage


Pointer to article:

Kobielus kommentary:
The latest in my current series of blogposts opining on more-or-less random stories from my daily e-mail newsletter gleanings.

Well, not totally random. I chose this one for the alliteration in the headline. Also, because I actually have something to say on this topic. But I didn’t pre-meditate the following comments. They’re just off the topic of my head. Mrs. Hacker, my 10th grade English teacher, told me the best analysis and writing is that which just flows spontaneously from your crazed cranium. I’ll put her statement to the test now (Mrs. Hacker—you out there still?).

Have you noticed how many identity management (IdM) vendors are targeting digital rights management (DRM) as the next great frontier beyond federation? Or, perhaps, they hope, DRM will leverage and extend their increasingly federated security infrastructures into a distributed permissioning infrastructure where the access-control policy enforcement points (PEPs) are more closely bound to the resources—apps, data, etc.—being protected? Epok’s federated data interchange environment—leveraging XRI and XDI--is one such example. Sun’s “storage encryption” or “storage security” roadmap (see article) is another. As soon as the morning coffee decompresses my wound-up nightfunk, I’m sure I’ll recall the other three dozen vendors I’ve come across recently who have similar roadmaps.

DRM drifts and diffuses itself far and wide throughout IdM, security, e-commerce, content publisher, and storage vendors’ end-of-decade dreams. I think a lot of the renewed attention to DRM recently comes from the rash of identity-theft “data breaches” that have grabbed front-page attention. All that data in storage is sitting ducks and buried treasure for those intrepid identity pirates who find the buried map and go with flashlights in the night down into the caverns guarded by semi-reliable genies. Suddenly, encrypting all that stuff in situ—on piled-high disks and tapes and whatnot--becomes the absolute imperative for storage managers everywhere, dictated by the lawyers, bosses, and regulators.

To make encryption—an ancient technology that has been used in storage systems for years in various capacities—seem suddenly cool—not simply mandatory--the vendors have started to lump it into the growing DRM umbrella. Acronym creep, equivalent to the vastly expanded scope of SOA in recent years. It’s not storage encryption anymore. It’s storage DRM. It’s breach-busting DRM. It’s federated DRM. It’s a new pipe DRM.

Ah…the coffee has kicked in. Ya feel it?


Tuesday, November 01, 2005

fyi Information Must Follow Users Freely


Pointer to article:

Kobielus kommentary:
This is one of those opinion columns whose headline doesn’t do justice to its thesis, and whose thesis says nothing particularly new.

The author of the piece is talking about mobile computing, and of several undeniable trends in that area: growth in range of mobile access devices, access points, transports, roaming ranges, and collaboration and info-sharing applications. He is also talking about how identities are becoming more mobile, and how identities, attributes, roles, permissions, credentials, sessions, personalization settings need to follow users across access devices, access points, transports, ranges, and apps. And how service delivery to the mobile user always need to be tailored and localized to their precise personal “context,” however broadly or narrowly that’s defined, wherever and whyever they may roam.

All of that is applehood and mother pie, of course. Identities must be continually contextualized within the user’s environment—their human environment (office, home, etc.) and the infrastructures (directories, access management portals, etc.)—in order to support the diverse requirements of the users themselves, and of the authorities (e.g., employers) who provisioned those identities and the resources to which those identities enable access. As I noted in a recent blogpost, roles—for example—are simply identities contextualized into their governance structure of “place, process, and privileges.” “Office” and “home” are two types of “place,” and, within “office” there are usually specific hierarchies under which identities, roles, permissions, and credentials are granted and taken away.

There’s long been the assumption in the mobile computing space that users are inexorably toward single “all-in-one” portable devices that they use across all contexts—personal and business, local and wide area, data and voice, messaging and conferencing, etc—within their lives. The corollary to that cherished belief is that the mobile computing environment must be similarly all-embracing, providing the substrate to enable identities and contexts to roam far and wide.

What’s interesting about mobile computing, of late, is that purpose-built devices—hence, purpose-built mobility infrastructure—are coming into the fore. Users are more likely than ever to have diverse devices—cellphone, WiFi laptop, Blackberry, GPS, etc.—and diverse mobile apps that they associate with various personal and business uses, roles, and contexts. It’s as if the Swiss army knife were being deconstructed into blades, corkscrews, punches, and other metallic piercing devices and those devices were being evolved separately for various Swiss army missions, with little concern for re-integrating them back into the mother knife platform.

Or is that too unsettling a metaphor? Good thing they’re pacifists.