Time to Act!

Did you know that a vote is on at the OpenID Foundation to approve an initial implementer’s draft of OpenID Connect?

Your action is required.

If you haven’t looked at these specs yet,  go to http://openid.net/connect.    If you have only limited time, check out the Basic Client Profile to get an idea of what we’re talking about, or look at Nat Sakimura’s OpenID Connect in a Nutshell.

If you don’t even know what I’m talking about,  you need to go find out.  OpenID Connect is an identity layer on top of OAuth 2.0.   It abandons the redirect-based structure of OpenID 2.0 completely, and instead embraces the API security layer.   While OAuth 2.0 takes care of the mechanism of asking for a token and using that token,  OpenID Connect creates a scope that protects a standardized set of identity services:  these services provide roughly the same set of attributes, authentication context, and session expiry information that you would get in a SAML assertion.

SAML, OAuth 2.0, and OpenID Connect, when taken together, allow identity and issuer/session information to become a known common quantity, traded either on the front channel or the back channel, consumable by the largest enterprises and the simplest mobile applications, and secured at any level of assurance.

If you are already an OpenID Foundation member, you simply need to visit a website, login with your openid, and cast your vote.  Go to https://openid.net/foundation/members/polls/62 to cast your vote.

If you aren’t an OpenID Foundation member, becoming a member is simple and affordable, you can join as an individual for USD $25.  Visit https://openid.net/foundation/members/registration to join, and then you too can cast a vote.

You only have 5 more days, voting closes on February 15th,  do not wait until the last minute!

Google Plus: Minus 1

Google Plus started out so well!  It was pleasant, easy, and there was a lovely gratification in adding people to circles and being added in return.  It felt like finally, perhaps somebody at Google had figured out how to be social!  People were sharing, and communicating, and suddenly it seemed like maybe there might be an alternative to Facebook that had a chance.

And then…. Google started enforcing their real names policy.  Obsessively.  The fly in the ointment?  While Google can state that they require real names, they have no definitive way to determine which names are real.  The result is an offensively discriminatory process of identifying names that don’t appear to conform and requiring proof of identity only from those people.

My question to Google:  what exactly are you trying to accomplish?  Because I thought you were trying to create a welcoming place where insights and observations were shared with fellow end users who have formed a relationship with each other.   A place where users invite each other to talk and manage relationships themselves.

Instead, the real names policy is a gating factor, at a time when the service is just struggling to gain critical mass.  You have real people with odd names being banned from using plus and required to prove their identity.  You have people with excellent internet reputations banned because they publish under a nickname.   The result is a ridiculously easy-to-game entrance requirement that punishes those who genuinely want to express their individuality, while offering a loophole the size of a planet for anyone else to slide through.

And for what?   In the identity industry we often talk about trading value for value.  In theory, users are willing to take extra steps in order to get extra value.  Is Google Plus about high assurance transactions for which the friction, pain and invasiveness associated with identity vetting is a worthwhile trade?  No. Completely outside of any question of whether a real names policy is right or wrong, enforcement of this policy is bad for business, if the business is supposed to be that of creating a popular and well-used platform that keeps users inside their Google bubble all the time.

The people I want in my social circles prove themselves over time. They say smart things and engage in positive ways. Requiring government identification before engaging in casual conversation would be considered horribly antisocial in real life – why does Google think it’s ok in the social networking world?   They are choking the life and personality out of their own service, before it has even had the chance to flourish.

Is it worth trying to communicate the facepalm that is Google Plus’s real names enforcement to Google in some quantifiable sense?  Perhaps the numbers-oriented folks at Google might look at a huge number of accounts that have been banned from the plus service and say “hey, maybe that’s bad”?   If so it might be worth adding that nickname in parentheses to your profile.  If Google is going to force identity vetting, they should be prepared to do it for all 20 million accounts.  And they should be prepared to monitor, and maintain, and police, and arbitrate.  And what will be the result?  An accountable digital space.   Sounds like a blast, right?  Party at Google Plus, bring your flights of fancy along for the ride…

 

Why Identity Management Matters

A few weeks ago, a convicted sex offender abducted a 10 year old girl from a shopping mall in my hometown (link).  The attacker posed as a police officer, but when the girl asked too many questions, she was simply picked up and carried to a van, which then sped away from the mall. Even as the girl’s father searched the mall for his daughter, police pulled over the same van for speeding.  The officer at the traffic stop ran the attacker’s drivers license, gave him a ticket, and let him go.

At the time police pulled over the van, there was no public bulletin, no specific information about a kidnapping, nothing to make the officer suspicious about the man and the girl.  That officer had only one source at his disposal that could have caused him to question the situation in front of him: data delivered from a search on the drivers license of the attacker.  The officer should have been able to see that the man was a convicted sexual predator with a violent history towards children.  Did the officer actually see this data?  I don’t know.  If the officer did have access to that information, he did not make a correlation between the van’s passenger and the impropriety of a sexual predator being alone with a child. It is always easy to connect the dots after the fact  of course, but the real question is:  how could that police officer have been assisted in connecting those critical dots in real time?  What needed to change in that situation to cause an inkling of suspicion, just enough for a few extra questions, a slightly more in-depth interview?

The ultimate goal of the identity management industry is to have correct information available in the moment when it is needed, presented in a fashion that changes decisions for the better.   We have fancy names for this: corporate agility, visibility, business intelligence and so on; but those fancy terms go away when I think of that night, that scared little girl, and the police officer who didn’t understand the context of the situation in time to help.

In this case the story had a happy ending:  the attacker, likely realizing that the police would eventually put two and two together, dropped the girl off unharmed at a fast food restaurant.  What remains are questions from the community – the next time an officer happens to be in the right place at the right time, will the availability, accuracy, timeliness and relevance of the data he has access to save a life or cost it?

Audio Visual Nirvana

I admit it – I’m currently obsessed by two things: sound and style.  In sailing, rule #1 is: look good.  It turns out that you have to be able to sail well to obey that rule.  I’ve decided that the same rule should apply to my audio visual life at home.  In my mind, this means four things:

  • Excellent sound and picture quality everywhere.
  • Control of the sound and picture from anywhere.
  • No computers next to AV equipment.
  • No visible wires.  Anywhere.

To truly obey rule #1, I’ve discovered a few things.  Placing devices into iPod docks does not work.  It’s inconvenient, and you have to walk into the room to control the sound.   I want my phone with me, not connected to my home stereo.  Also — connecting speakers directly to a computer sucks.  I don’t want “computer speaker” sound.  I want stereo HiFi.  I want to be able to shake the room while I’m working, but pause the sound in all parts of my house instantly if my phone rings, without taking a step.

Here is the solution I’ve come up with.  To the tech-religious nuts who read this – I’m sure it can be done equally well with some other product suite.  I’m not trying to sell you on my choice of platform, only the end result. Do please use whatever you want to build the same thing if it makes you happy.

Here is my architecture:  if you want details, read below.  With the architecture below, I get fantastic quality stereo from any of the bottom three devices, to any of the top two high-quality zones.  My office stereo is completely physically separate from my desk, nicely tucked away in a bookcase. And I can control either of these zones from my iphone without getting up from wherever I’m sitting.

The Architecture

The Details

My system works through the use of the following bits:

  • Home Sharing:  this is an iTunes feature that lets you broadcast music and video from an iTunes Library.
  • Airplay:  this is a feature of iPod/iPhone apps for music, photos, and movies that let you choose a remote output source.
  • Remote:  this is a free app from the app store (made by Apple) that lets you connect to and control both iTunes Libraries and devices like AppleTV.
  • AppleTV:  this is a device from Apple that streams audio and video from Home Sharing, Airplay, and other internet sources and outputs to HDMI and/or digital audio.
  • Airport Express:  this is a device from Apple that streams audio only from Home Sharing and Airplay sources using digital audio or RCA.

All of the named entities in the above diagram are network entities with unique IP addresses in my home network.  Gemini and Soyuz are computers running iTunes with Home Sharing Enabled.  Soyuz is an old 12″ powerbook that is now acting as a server, both containing my music and video library, and acting as a Time Machine backup server.  Sputnik and Apollo are audio sources that show up when the Airplay icon is selected from any of Atlantis, Soyuz or Gemini.

Setup is pretty well plug & play – you will need the airport utility to configure the Airport Express from your computer, because it has no video interface.  The AppleTV can be configured from your TV.  All of the devices connected to the AV equipment are for all intents and purposes invisible. There are a few notes though:

  • All of the devices must both be on the same network and home sharing must be enabled with the same Apple ID.  Apple sees all, would you expect anything else? Note that while Home Sharing Apple IDs must match, the Library itself can sync to the iTunes store with a different Apple ID, so this architecture does allow everyone to keep their own AppleIDs for apps etc.
  • This solution only works with iTunes.  If I watch a video on YouTube in my office browser, there is no way to get that sound to my office stereo (I can go to my living room and play it on the apple TV though, because the apple TV can directly stream from YouTube).
  • As far as I know, there is no need for any Apple computers to use this setup.  A PC running iTunes can replace either Gemini or Soyuz.
  • You’ll pay as much for the Airport Express as your Apple TV even though it is lesser tech from an A/V perspective, because the Airport Express can also be configured as a wireless router.
  • No  proprietary cables are needed for these solutions, not that this saves you any money, the standard stuff costs a fortune.  The cost of assorted speaker wire for 5.1 audio, HDMI cables, digital audio cables, and an RCA-to-mini-audio-jack collectively surpassed the cost of both the appletv and airport express combined.
  • You stream photos to the AppleTV, both as a screensaver and for slideshows.   I have my screensaver set up to stream photos from my Favorites list in Flickr, meaning every time I add to that list, I’m enriching the photography shown on my wall while music is being played, or while AppleTV is not busy with other things.
  • If I stream video from an iTunes Library, it will be from Soyuz, which is hard-wired to my wifi router.  Currently my plan is to rip my DVD collection to iTunes – at that  point, I won’t even need a DVD player.
  • The weakest link in this whole setup is iTunes itself.  Maybe one day Apple will wake up to the fact that iTunes should be a personal DJ system – allowing you to classify, organize, and moderate your media content with the most sensitive of nuances — as you’re listening, not in advance.  In my opinion, they’ve put a pinto at the center of their media empire, instead of the lotus esprit that they should be capable of.

Life is good :)

What a Team

In case you hadn’t heard, Ping Identity just hired Travis Spencer to work with Paul Madsen, Patrick Harding and myself in the Office of the CTO.

Score!!!

We’ll all be meeting up in January for our first in-person strategy session, and I can’t wait!

This Woman in Tech says: Thank you

I’ve been reading the various recent articles about women in tech bubbling around the interwebs with mixed feelings.  I’ve seen a lot of these debates go by, and although I have strong opinions (I know, you’re surprised, right?), I usually choose not to comment here.

There is only one thing that I find myself wanting to say publicly in this week’s resurgence of the debate, and that is: Thank you.   I have had the incredible blessing of being surrounded by group after group of intelligent, thoughtful men and women who have not only treated me equally and fairly, but have encouraged my abilities and helped me to reach greater and greater heights.  I have nobody to blame, but many to acknowledge – and why should the jerks get all the press time?

I may not be on anyone’s top 30 women in tech, and I may never be the CxO that people seem to so desperately need all women in tech to be, but I have a fulfilling and challenging job and I have achieved my primary goal in my career, which is to work with people who make me smarter every day. By the only standards that count (mine), I have it all.

I believe that a lot of women have fought difficult fights over the years so that I could have this kind of positive experience, and I know that not all women in tech have been so fortunate.  To those women who take on the establishment in this area – You have my support, gratitude and thanks.  You take the heat today so that the next generation of girls can simply accomplish and wonder what all the fuss is about.

Why am I writing this?  I don’t know. I suppose, it seems wrong for the unhappy examples to be the only examples out there. What I do know, is that I am one of the luckiest women in tech; the people who stand out in my life are not the ones who tried to hold me back, but the ones who have helped me fly.  Thank you, to some of these exceptional people: Darcy, John, Cliff, Don, Cullen, Alan, Tammy, Tim, Pete, Doug, Brian, Dave, Janelle, Kaliya, Gordon, Derek, Barb, Bob, Kim, Craig, Mike, Vittorio, Ben, Sydney, Dale, Patrick, Julie, Sean, Andrew, Gil, Laura, Andre, and so many more.

Digital Dumpster Diving

Brian Krebs wrote a fascinating post recently on keylogger results that are being posted in various cloud locations.  As Brian put it, insult is added to injury — not only has your machine been compromised, but the results are hanging out on the internet to be scavenged by random opportunists who know what to look for.

And to think that the biggest worry used to be shredding our documents to prevent physical opportunists from sorting through our leavings…

Photo credit:  http://www.flickr.com/photos/sumit/

Patience only goes so far

Mike Waddingham writes about how Facebook has run afoul of the Office of the Privacy Commissioner of Canada and will likely end up in court.

He notes:

I’ve never had a Facebook account.  I can be patient.

But those that still trust Facebook with personal information — and haven’t bothered to examine the minutia of the site’s privacy settings — will continue to have their personal information shared with 400 million users and thousands of advertisers, data aggregators and, well, pretty much anyone else on the Internet.  At least until the wheels of justice grind to conclusion…

You may not have a Facebook account – but when everybody else around you does, it’s like pulling one string out of a rug — you can still see the pattern.  You’re still in the photos.  Your holidays may still be announced.  Your birthday may still be announced. You’re still husband of, and father to, and friend of friend for all sorts of people who will share freely about you.  Perhaps you aren’t as semantically dereferenceable as you otherwise would be – but you aren’t invisible either.

On the other hand, if are ever accused of a crime, chances are that some other poor schmuck’s picture will end up on the evening news… that’s handy.

One last point — Mike forgot to add governments to the list of places you are sharing your personal information with.   Facebook gives governments the ability to collect and analyse the one thing that is still uncool for them to ask for – details of private lives.  As long as we all remain overfed and obsessed with who won Survivor and how to get an iPad, nobody will mind that Facebook is the worlds greatest surveillance tool.  I hope it stays that way for a very long time.