• Apparently I’m a sucker for punishment

    21Dec
    Categories: MS/AD/InfoCards/CardSpace Comments Off

    In preparation for some code I’m going to release soon, I want to put up my own domain, which I hope will contain an Identity Metasystem RP.

    The question I want answered is — will I be able to use your standard, run-of-the-mill, six-bucks-a-month hosting solution to accept Information Card transactions? If not, what exactly do I need? Can I used Shared SSL? Must I have a dedicated IP address? What happens if I don’t? How will good ol’ cPanel SSL Manager work for me?

    I’m not going to dive down this rathole until the new year, but in the meantime, I’m up for guesses, bets, and other opinions on what I will find, or what I should try, or how many web hosting accounts I’ll go through during this process. Let’s hear it for 30-day money back offers!

    Obviously the less a webmaster has to do (or pay for) to become an RP, the better… although I do envision a feature description to the effect of “Information Card Readiness” or something like that becoming standard in the future.

    I don’t expect this to be pretty – but here’s hoping that my pain can at least be your entertainment :)

  • What, only 5?

    20Dec
    Categories: Me, my life, and I Comments: 6

    Tagged by Pat:

    1. As a newborn, one of the muscles in my neck was shorter than the other – giving me what my parents feared was a permanently crooked view of the world.
    2. As a kid, I wanted to be a “paranormal researcher” when I grew up – after reading many, many ghost stories, I was positive that they would just know I was a kindred spirit and talk to me…
    3. As a teenager, I read up to 3 romance novels a day – I bought them for 15 cents each at the used bookstore. My strong preference was the “Harlequin Presents” series.
    4. As a twenty-something, I spent time climbing mountains and managed to fall off of one, resulting in a fancy helicopter rescue and immediate orthopedic surgery. Ask me sometime, I’ll show you the scars.
    5. These days, as a thirty-something, I am not only a D.I.N.K., but also a D.I.L.D.O. (double income, little dogs only)

    Well now, whomever shall I tag? Bob, Gil, Craig, Dale, and Bill, please tell us FIVE things we’d never otherwise know about you…

  • When AD Meets IdP

    20Dec
    Categories: MS/AD/InfoCards/CardSpace, conferences Comments Off

    I have been working with the folks over at NetPro on putting together a 1/2 day tutorial on CardSpace, to be taught during the workshop day of the Directory Experts Conference in Las Vegas, on April 22nd, 2007.

    Originally I had envisioned a blow-through of all the bits of the Identity Metasystem, demonstrating cross-platform abilities of multiple identity selectors, relying parties, and IdPs. The problem with this, is that such a tutorial does not necessarily align with the typical job description of the attendees of DEC; DEC attendees are deep subject matter experts in Active Directory & MIIS. They are not necessarily the people who will architect or implement authentication or SSO solutions – yet they are intimately concerned with how their identity data is used throughout the Enterprises they represent, and also how that data is communicated to third parties.

    Perhaps the initial approach would be interesting from a pure geek viewpoint to many DEC Attendees – but the thing about a tutorial is that the tutorial day costs extra to attend, and I think that most attendees would not be comfortable spending corporate $$ if they can’t see a direct benefit to their Enterprise.

    It literally took me until today to see the light — today I finally realized that these folks primarily need to be concerned with one particular part of the Identity Metasystem, because they are the future Identity Providers of the corporate world!

    Luckily, the DEC folks are very flexible and accomodating, and in fact Gil (NetPro’s CTO) has created a wiki for people to review sessions, give feedback, and generally be involved in the DEC 2007 organization process. Gil wasn’t originally sure about my initial plan on CardSpace for the reasons I’ve mentioned above, he’s waiting to see if there is interest on the part of his attendees — I’m hoping that the revised plan I’ve got below will be more applicable and will constitute worthwhile business value that attendees can take back to their employers.

    So on that note, if you have attended or will be attending DEC, or if you are interested in any way at all, check out my plan below, and check out the CardSpace Tutorial wiki page to give us feedback, indicate interest (or lack thereof), or offer suggestions as to how we could improve this plan! I really do think that it would be informative and useful to DEC Attendees to understand this technology, and I hope we can inspire the interest of enough people to keep this workshop on the roster!

    When AD meets IdP:

    What it Means to be a User-Centric Identity Provider in an Active Directory Driven Enterprise

    With Microsoft’s release of Windows CardSpace, forward-looking enterprises will begin analyzing how user-centric technologies can be used to solve authentication problems both within and outside the Enterprise. In order to implement these technologies, information stored within AD (and other data repositories) will be accessed and distributed by a service layer referred to as an “Identity Provider”.

    This tutorial aims to help Active Directory Administrators understand what user-centric identity is from the Identity Provider perspective, and how this service can be architected to both conform to and complement already existing AD policies and data.

    Questions to be answered during the course of the tutorial:

    • What is an IdP and why would an Enterprise want to stand one up?
    • What kind of control will Identity Provider administrators have over the data passed?
    • How will admins know who is asking for what data?
    • What kind of business problems could be solved?
    • What audit capabilities exist?
    • How will this service work with provisioning efforts?
    • How will this service integrate with what may be already implemented?
    • What is the status of IdP efforts in this space, and when will popular adoption come?
    • What are the liability factors to take into account?
    • What are the necessary steps in standing up an IdP Service that rests on AD?
    • What AD-specific data could or should be passed?

    Sign up for Pamela Dingle’s CardSpace tutorial at Dec 2007, and find out about how this new industry direction could affect you!

    Well? What do you think? We need active conversation to know whether or not this is the right way to go…

  • IIW 2006b – Content

    15Dec
    Categories: General Identity Stuff, MS/AD/InfoCards/CardSpace, conferences Comments Off

    Here are the things that I want to remember about IIW 2006b in Mountain View CA – meeting all sorts of brilliant people, trying to make Kaliya’s massive unconference schedule stick to the wall so that the lines matched between sheets, ordering larb gai at dinner PET PET, strategizing over lattes, impromtu demos and work sessions, suggesting new voices for TomTom (ya hoser), and late night life philosophy trading… Yeah, we had fun.

    And now for the geeky bits:

    1) OSIS update: This was one of the first sessions of the day, and I found it fascinating. Session notes are here.

    My takeaways (FWIW as an outside observer):

    • We won’t see any release of an Identity Selector by a vendor until certain things are ironed out on the IP front. Who knows how long that will take. What a bummer.
    • I find that there is a disconnect between how insiders see OSIS and how outsiders see OSIS, which seems to results in the need for constant expectation adjustment at these public meetings. The insiders grok all the history, how it evolved, how this group and that group blended & merged to form today’s OSIS working group, and what they hope to accomplish. Perfectly logical, but inwards facing. Outsiders don’t see that stuff. They see an entity that calls itself a system, and which seems to offer an opportunity to rationalize a whole bunch of separate efforts into a more easily understood whole — in other words, an outwards facing project. As far as I can tell, the current OSIS goals are primarily about making sure the vendors get it all ironed out between themselves. It is a critical function. At the same time, however, the rest of us are already clamoring to build on that foundation. The external rationalization needs to come, one way or another. Perhaps OSIS will start a second committee – after all, it is a logical place for this work to occur, and also, this is where all the thought leaders are. If not — well I guess we’ll have to wait and see who picks up that particular torch.

    2) Lightbulb: Pat’s code is always fun to see in action, but what excited me was the integration he showed with the Sun Access Manager product. That opens up a whole raft of possibilities… Now that I’ve seen it, I might have to take a shot at OpenID-enabling our company mail server, just for fun :-D

    3) Sxipper Demo: Sxip showed off their new service, which lives at sxipper.com. The goal is to simplify online interactions with both registration and login forms. It looked purty, definitely worth trying out.

    4) Speed-Geeking: This was the highlight of the conference for me. I was able to get a quick glimpse of many different development efforts, a number of which I’m sure I would have missed had they been only in a full-time conference session. Since my primary focus is on the CardSpace stuff, I hadn’t been attending as many of the OpenID-facing sessions, but some of the OpenID demos really opened my eyes. I think the most fascinating demo was the one that was given by Avery Glasser – but I’ll save my thoughts on that topic for another entire entry :)

    5) Kim’s Code: Kim showed off PHP code that utilized new XML security libraries that I can’t wait to get my grubby little paws on.

    6) The Ruby on Rails guys: After Kim’s talk, 3 guys decided to take fate into their own hands and code an RP in Ruby on Rails. Justin, Trenton, and Devlin worked into the night figuring all of this out from scratch, and they made a significant dent in the code, too. It was really really fun to watch them work. I hope we get to see the fruits of these efforts at the next speed-geeking session!

    7) OSIS in Action: It was great to see Dale Olds and Mary Ruddy demonstrate RP & IdP interactions using an open source stack. Talk about a wonderful milestone to hit – it was obvious that some serious love and care had gone into the making of this demo. During the session, there was an interesting discussion around ways in which an RP can deal with mid-session elevation of privileges that I think is just the tip of the iceberg, and which demonstrates the massive body of best practices that need to emerge surrounding information card based user interactions. The scenario at hand was as follows: a user needs one set of claims to have read access to the site, and should they wish to write to the site, they need a single extra claim. If the RP asks for the extra claim as an optional claim at initial login, they need to somehow communicate to the user (a) That the optional claim exists (since it isn’t particularly obvious in the CardSpace GUI), and (b) in what exact context the optional claim is meaningful. These are critical conversations to have, and I enjoyed taking part.

    Ha, well there you go, more opinion than you ever wanted on IIW 2006b…

  • A Different Kind of Firefox Extension

    12Dec
    Categories: MS/AD/InfoCards/CardSpace Comments: 1

    If you haven’t seen Garrett Serack’s announcement, Kevin Miller has just released an extension for Firefox that will trigger the CardSpace client directly from the browser in all the same circumstances that IE7 would trigger CardSpace to start.

    I’ve downloaded it and tried it with the resources immediately available to me, and it seems to work beautifully! There isn’t much to see, you install the .xpi and if you have the .NET framework installed, everything else works beautifully. In the case where the .NET framework isn’t or can’t be installed, it appears that the plugin just falls through.

    I understand that in fact, the plugin is not hard-coded only to start CardSpace, but instead to start the identity selector of choice – this is a critical future feature, and I can’t wait to find out more about the mechanism used.

    Garrett has already rewritten his detection script as well, so no worries on that front.

    Beautiful work Kevin, my hat is off to you! I may never start IE7 again…

    One note, if you download the add-on instead of directly installing, it may save as a .xpi.zip file. Don’t try to extract it – just rename it to .xpi and it will work. Er, not that I was caught out by such a simple thing… no not at all…

  • IIW 2006b – Logistics

    08Dec
    Categories: General Identity Stuff, conferences Comments Off

    I don’t know even where to start, in talking about the last week. Many of you who are likely to be reading this were probably at the Internet Identity Workshop in Mountain View CA. For those who weren’t, you missed out on a pretty spectacular meeting of the minds.

    I have so much to say, that I’m going to have to divvy up the content into multiple entries. Before I even get into all the things that inspired me technically, I want to talk about the conference itself.

    In my opinion, IIW 2006b was well organized, well situated, and well provisioned. Whoever thought of having a Barista onsite for both days should be given a medal, it was so very civilized to wander over and grab a latte between talks. I also liked the fact that there were recycling bins for cans and bottles – maybe it’s just where I come from, but throwing cans into the garbage makes me feel like a bad person. Recycling seems low on the priority list of most conference organizers these days, so it was nice to see a blue bin around.

    The recommended hotel was beautiful, and the service was flawless. How nice to be in a hotel where everything isn’t bolted to the floors and the walls, where the rooms contained things like vases and a stereo and a pack of cards, and where if you became thirsty and picked up the bottle of water next to your bed, it said ‘compliments of Hotel Avante’ instead of showing a hefty price tag.

    Most importantly, the structure of this conference was perfect for what everyone wanted to accomplish. Tuesday and Wednesday were dedicated, not to the people that the organizers thought were important, but to the people who had something to say, or something to show. It was great to see who was making progress at what, and to meet new people tackling fresh problems, and to watch conversations start and evolve, instead of having to follow a strictly pre-organized rhythm. I also loved seeing someone like Pat Patterson demonstrate code that was written the day before – as he noted, you don’t get to see such things when you have to submit your slide decks weeks in advance.

    To be honest, IIW 2006b seemed less like a conference and more like an enthusiasts club. And, seeing that I am nothing if not enthusiastic, you can imagine why I might have had such a good time :)

    Stay tuned for my report on the oodles of user-centric geek goodness that went down…

    Update: Just in case you thought I was the only one who had a good time…

Disclaimer


These thoughts are mine. Everyone else can get their own blog.