Posted 12:46 PM (2) comments

He who steals my identity steals - not very much?

Good article in the Wall Street Journal today ("The Fallacy of Identity Theft") by Julia Angwin. She starts off:

"As far as I know, no one can steal my identity. Even if my bank account number, my credit card number and all my passwords are stolen, I am fairly confident that I will still be me and the thief will be a different person.

Yes, the criminal will be masquerading as me. But anyone who knows me – my husband, my children, my colleagues, my doorman, my employer – will not be fooled. If 'I' was actually stolen, I believe that would be called a kidnapping."

She goes on to show that the problem is really fraud, the people who have their identity "stolen" don't lose much and, in truth, the amount of fraud is dropping. Her conclusion?

"It turns out that 'identity theft' is one of the most brilliant linguistic constructs ever, with its terrifying specter of losing not just your money – but your soul. Maybe it's time that we renamed it what it is: a fear campaign designed to get us to buy expensive services that we don't need."

Excellent!

Labels: fraud, FUD, rant, theft

Posted 9:09 AM (4) comments

Smoke, mirrors - and numbers

RSA's Matt Flynn has been participating in the virtual directory/metadirectory conversation for some time, but his entry for today brings in more smoke and less clarity. Having been called out by Clayton Donley, Matt ripostes:

Also, it sounded like Clayton took my comments to mean that "everyone needs to be using Active Directory for everything", which was (I think obviously) not the intent. My point is that although the top 500 or 1000 companies may have a number of directories for various strategic uses, there are probably 20x that number of companies that use only Active Directory as the central and primary user store...

Now the problem here is in the numbers - the "top 500 ...companies" might harbor 5 million+ users. The "20x that number" (or, say, 10,000 companies) might total 50,000 users. Or, in other words, 1% of the total users are in all-AD environments, 99% are in heterogeneous situations. Which actually proves Clayton's point and refutes Matt's.

Additionally, of course, as long as most vendors (and most enterprises) make it so difficult to extend the schema of the central repository (whenever there is one) there will always be a need for a virtual repository for applications to use. The need for, and uses of, virtual directories is growing and is still a few years away from peaking.

Labels: FUD, metadirectory, virtual directory

Posted 6:02 PM (2) comments

A clueless manifesto

A big tip o'the hat to Jeff Bohren for drawing my attention to this note from Alex Karasulu of the ApacheDS project. Now remember, he's working on a Directory Server project. Yet he says:

The VD [Virtual Directory] implementations of today like Penrose, are just hacks without a formal computational basis to them. People trying to get a product to market rapidly to sell a company. We intend to enable virtualization eventually with a solid footing in the LDAP administrative model using this concept of a view. Views, as well as triggers/SPs will enable new ways to easily solve the problems encountered in the identity space. As a teaser just think what could be done in the provisioning space if AD supported triggers? Real technology will yield solid reliable solutions instead of these band aids we’re seeing during this identity gold rush.

Too bad he's not aware of Radiant Logic, Symlabs and the Oracle (nee OctetString) virtual directories - all of which have been around longer than ApacheDS and all of which support triggering mechanisms either through straight SQL or through policy implementations. They're pretty good with "views," also. I'm still looking for that "trigger" mechanism in the LDAP model!

Labels: FUD, metadirectory, open source, virtual directory

Posted 8:18 AM (0) comments

Wronging a right

My Network World colleague, Scott Bradner, opines today ("Examining DRM’s future within the Internet") about rights and content. But he makes the, now becoming classic, error of confusing Digital Rights Managment (DRM) with the practices of the RIAA. Not all uses of digital rights management have to do with entertainment. The technology shows promise in the area of privacy protection for personally identifiable information (PII). Sun's DReaM project is a good example.

The term "Identity Rights Management" (IRM) is sometimes used to differentiate this use of DRM, but that shouldn't be necessary. Too often DRM is used by lazy thinkers simply as shorthand for "thugs from the entertainment industries". Let's try to keep the technology issue seperate from the cultural and ethical issues.

Labels: DRM, FUD, journalism

Posted 10:05 AM (0) comments

Novell FUDdy duddy...

Sometimes the people who pull the biggest bonehead plays are those who should really know better. Novell's Volker Scheuber has attempted to explain what's wrong with virtual directory systems vis-a-vis metadirectory systems. Note that Novell is not currently offering a virtual directory system - even though they had the advantage over everyone in launching one, they just couldn't agree (both politically and technically) and how to get it done. It eventually got so bad that the product manager, Samm DiStasio, up and left for Redmond (where he's now director of the Windows Server Product Management Group at Microsoft)!

Scheuber states:

• All data is always available as long as the central identity vault is available. In a virtual directory implementation, some of the delegated data source may not be available and requests may return no or only incomplete data.
• A central identity vault is usually easier made high-available and fault-tolerant than a conglomeration of separate data stores.
• In heavy load/request environments the identity vault absorbs all client requests thus protecting the backend systems from having to handle the whole load.

While that may have been true 10 years ago when Novell was first developing what became DirXML, today's Virtual Directory uses what can be characterized as proxy technology to handle all of these situations. As Radiant Logic, one of the major providers of virtualized directory services, puts it, today's virtual directory can "...access data sources dynamically and integrate on-the-fly, or use synchronization services and integrate at the back-end in conjunction with virtualization; store identities in the internal directory store for stand alone directory service, or write back to another directory or database."

Any technology needs to be able to withstand legitimate criticism. But the sort of FUD that Scheuber is spreading neither helps him, his organization or the industry. And it certainly does no good for the potential customer.

UPDATE: Matt Flynn, reacting to the Novell posting, goes into great detail as to why the hybrid model is superior.

Labels: FUD, Novell, virtual directory