Wednesday, April 22, 2009
Kantara or Kan't ara?The Liberty Alliance announced on Monday that it was morphing into another organization called Kantara (supposedly the Arabic word for "bridge," but as someone else pointed out that would more likely be anglicized as Qantara). I've been waiting for an actual list of founding organizations to be published before I commented, but I must say that Johannes has nailed it when he writes:
"Well, I'm looking for the list of announced supporters, and all I find are five testimonials, at least three of which are from long-term Liberty members. No OpenID Foundation, no OSIS, no Identity Commons, no Project VRM, no OASIS, IETF, W3C and so forth. Very few vendors, too. In my mind, that is pretty far from the threshold needed for success of any kind for any new kind of identity organization."The folks at Liberty have been trying for almost a year to launch this organization. I participated in a meeting they held with Identity Commons last fall (see "YAUG - Yet Another Umbrella Group" and "more IDtbd ") and I find that the organizing documents for Kantara have not changed a single iota from those roundly denounced and rejected at that meeting.
One is lead to wonder, once again, what this organization can do that others - already existing - can't handle more efficiently, and with less of a Liberty Alliance heavy hand.
Monday, September 15, 2008
more IDtbdWhen I posted about the IDtbd group meeting last week (see YAUG - Yet Another Umbrella Group) I worried that perhaps I was the only one not seeing the benefit of this proposed organization. Now OpenID's David Recordon has posted his notes on the meeting which - looking at those parts of the meeting I attended - appear to very accurately reflect what was said. And it would appear that those present who are not members of the Liberty Alliance remained quite skeptical of the new group. The objections, as David notes, are fairly generally accepted:
He also notes that Sun's (and Liberty Alliance secretary) Bill Smith raised a strong objection to what I'd written and was "...Asking for all future meetings to be private with no public notes so that people can speak more frankly. " Sadly, that's what I've come to expect from the Liberty Alliance - let's not discuss our differences, let's simply stifle them. That organization was born in darkness from a small group of invited participants which brooked no intrusions or comments from the outside and which reserved the chairs on its oard of Directors to only those first invited organizations for a very long time.
What's really fascinating is that IDtbd claims to want "To promote harmonization" but evidently needs to stifle dissent in order to do so!
Monday, September 08, 2008
YAUG - Yet Another Umbrella GroupThis morning at DIDW I sat in on a session called "Identity Community Initiatives Working Together On A New Future" which was an organizational meeting for a new "umbrella" group called IDtbd (TBD - To Be Determined - cute, eh?). What I heard, though, led me to call this group SOLA: Son of Liberty Alliance. It's not just that the moving forces behind the group are from Liberty but also the proposed structure seems to derive from Liberty.
While the avowed messages of the group are, perhaps, laudable:
VISION: To promote harmonization, interoperability, and adoption of privacy-respecting, secure, identity-based access to digital services.
the reality is one more layer of bureaucracy on top of already top-heavy structures. As just one example, someone wishing to create an OpenID project would, I'd think, join the OpenID Foundation. The OpenID Foundation is a constituent member of Identity Commons. IDTBD proposes that both Identity Commons and the OpenID Foundation become members of it. But the person creating the project could also become a member. Of course, that (to me) means the project never gets developed because the developer is spending too much time on hierarchical organization meetings as well as too much money seeking to be heard by those organizations.
The only positive thing I heard this morning, the only thing I can wholeheartedly support, was Bill Smith's statement that he wouldn't hesitate to call on the Liberty Alliance to dissolve in favor of this new organization. Well, I can agree with part of that. There are too many organizations and dissolving the Liberty Alliance (without creating a descendant) would be "...a consummation Devoutly to be wished."
Wednesday, April 09, 2008
Your mother was a hamster and your father smelt of elderberries!Here I'd thought I'd offered Kim Cameron a bit of an olive branch in the virtual/meta/uber directory discussion. But did he take it? Yes, he did, then attempted to whack a bunch of folks about the head and shoulders with it!
In a further attempt to clarify what he meant, Kim says:
"By 'next generation application' I mean applications based on web service protocols. Our directories need to integrate completely into the web services fabric, and application developers must to be able to interact with them without knowing LDAP."
Why Kim feels that LDAP is beyond the ken of today's application developers is beyond me, but the darker part of this is that he seems to say that only through the use of the Microsoft-controlled WS-* protocols (you can read their propaganda at their web site) can this be achieved. Nonsense.
Still, if any developers feel that only XML based scripting is acceptable to use, then I'd suggest they consider the very good LDAP replacement, DSML which has, sadly, languished for a number of years. Or there's SPML (for provisioning services). Even XACML could be used (although it would need a bit more work). The point is that there are open protocols, openly arrived at, that will do the job and today's application designers are bright enough to know how to use them.
I'm reminded by Phil Hunt's post on this issue that his work on the Identity Governance Framework, now an OpenLiberty project, also satisfies the requirement of open protocols, openly arrived at.
Friday, February 15, 2008
Off Course-On TargetWayne Hodgins blog is called "Off Course-On Target" and subtitled "Where unexpected paths lead to great discoveries." Today he took a look at digital identity and fretted over the lack of uniform standards. But it's the analogy and stories Wayne tells - especially about how the shape of screw threads could have lost World War II for the allies - that make it such fascinating reading.
And the moral - perhaps best stated as "the perfect is the enemy of the good" - is something the entire IdM community should take to heart. Consensus and compromise should be our watchwords.
Tuesday, November 06, 2007
More self-issued stuffJeff Bohren jumps into the discussion but unfortunately misses the target and crashes badly.
He says: "First party claims such as personal info can and should be made directly by the consumer who owns them. Information Cards provide a convenient way to do that. I see no compelling business case for a third party to make first party claims in a B2C scenario." But there is a definite compelling reason - we rarely believe (or, at least, we shouldn't believe) without verification the claims that a stranger makes to us. Just ask any single woman who goes to a bar on a Saturday night! The third party, the trusted third party, provides validation for the claims. The claims are offered by the first party, directed by the first party and even initiated by the first party, but without the validation of the third party they are completely worthless.
He goes on to note: "The mistake is saying an identity oracle can divulge whether your credit is good enough for the purposes of the transaction without divulging your credit score itself. I don’t believe that is possible in practice. If you say 'Jeff’s credit score is as good as %90 of the people who have not defaulted on a loan of that amount', then you have for practical purposes divulged Jeff’s credit score. " Um, no, you haven't. Any more than the Oracle agreeing that you are of legal age to purchase alcohol could be said to 'divulge' your age. "Over 21" covers a whole lot of ground. A validation that I am of legal age to buy says nothing about whether I'm of legal age to claim Social Security benefits, far less is it an indicator of my actual age. For the credit score, the RP decides what score is acceptable and asks the Oracle if the first party's score meets that criteria. No numbers are divulged, but the transaction can proceed.
In general, we need to think of the Identity Oracle as a binary soothsayer - only yes or no answers are forthcoming.
Tuesday, October 30, 2007
The Peter Principle of ProtocolsA good Post today from Eve Maler reminding us that it's not just people, and it's especially not just on-line people, that have identity issues.
"I realize that the description I’m after is more like 'human-centric identity'. It comes with both online and offline scenarios and still needs to allow for (real-time or not) informed consent and attribute exchange."This might be a good time to, once again, plump for "persona" as the term for what many call "on-line identity" so that we can keep straight what a real identity is.
She also alludes to the fact that not all identity protocols need to be able to do everything.
There's still room for lightweight, on-line digital person identity systems (vide OpenID) to be used within limited situations. It's not a criticism of OpenID to suggest that it only be used in low-value transactions. What is wrong is to apply a sort of "Peter Principle of Protocols" to OpenID, extending the original Peter Principle (formulated by Laurence J. Peter almost 40 years ago) thru the "Generalized Peter Principle" promulgated by Dr. William R. Corcoran: "anything that works will be used in progressively more challenging applications until it causes a disaster." Let's keep, and improve, OpenID for the things it does best. Let's not try to teach that pig to sing.
Thursday, January 04, 2007
Someone else wants a personal directory!RedMonk posts about a service he'd like to see: "We could imagine that in Theory-land ... everyone’s identity and data is federated and queryable in a secure fashion." He goes on to mention two (of many) things he'd like to be able to do:
"1. I want to stop entering the same profile information over-and-over again. I probably create a user account 2-3 times a week (this morning it was Dishola.com), adding in the same email, username, picture, and “about me” info.
He even thinks that OpenID might provide the answer: "OpenID has been a promising bundle of technology and standards over the past year as well. I’ve been delighted to see sites of like LiveJournal and claimID adopting OpenID and I’m waiting to see the attribute (or “profile sharing”) parts evolve and get more use by other sites."
It could, but I'm not holding my breathe. For that matter, Liberty Alliance Attribute Provider (An attribute provider (AP) provides Identity Personal Profile (ID-PP) information. Sometimes referred to as an ID-PP provider) would also fill the bill. But I'm not holding my breathe there, either.
Maybe it's time to revisit the universal, self-published, loosely-coupled Personal Directory (Part 1, 2, 3, and 4) - the time is ripe!
© 2003-2006 The Virtual Quill, All Rights Reserved Home