Naming Names

 Identity and Privacy  16 Responses »
May 242007
 

Phil Karlton said (at least once in my hear­ing any­way) that nam­ing things was one of the two hard tasks in com­puter sci­ence (read­ing X Toolkit Intrins­ics — C Lan­guage Inter­face, to which he con­trib­uted, will give you some idea why he said it); I dis­covered the truth of this yet again when writ­ing the FAQ for our Iden­tity Pro­vider for Open­ID. In this case, it was even more con­vo­luted, being about what to name the thing that names names.

When a Sun employ­ee signs up at the Sun IdP there is no neces­sity for them to put their real names in the fields marked “first name” and “sur­name”; they can use a fic­ti­tious name if they choose (or put noth­ing at all). In com­mon Eng­lish, this fic­ti­tious name is often called a pseud­onym. The vari­ous dictionary.com defin­i­tions of pseud­onym would seem to fit this usage very well, so I was pre­par­ing to use it in the FAQ. Except for, it turns out that those steeped in iden­tity man­age­ment ter­min­o­logy tend to find that plain-Eng­lish usage of the word confusing. 

In SAML, for example, a pseud­onym is defined as A pri­vacy-pre­serving name iden­ti­fi­er assigned by a pro­vider to identi­fy a prin­cip­al to a giv­en rely­ing party for an exten­ded peri­od of time that spans mul­tiple ses­sions; can be used to rep­res­ent an iden­tity fed­er­a­tion. In Liberty Alli­ance work, the defin­i­tion is An arbit­rary iden­ti­fi­er assigned by the iden­tity or ser­vice pro­vider to identi­fy a Prin­cip­al to a giv­en rely­ing party so that the name has mean­ing only in the con­text of the rela­tion­ship between the parties. The same or sim­il­ar mean­ing is used with­in WS-Secur­ity (the user iden­tity [is] provided in a SAML asser­tion as a pseud­onym) and WS-Fed­er­a­tion (A pseud­onym ser­vice allows a prin­cip­al to have dif­fer­ent ali­ases at dif­fer­ent resources/services or in dif­fer­ent realms, and to option­ally have the pseud­onym change per-ser­vice or per-login).

So in order to make life easi­er for those poor, eas­ily con­fused iden­tity man­age­ment experts, I’ll be using the term “fic­ti­tious name” in the FAQ, where I would oth­er­wise have used “pseud­onym”, an added cost of one let­ter and one word per usage. I hope they appre­ci­ate my efforts to help them.

Stumbling on Happiness

 Books  No Responses »
May 222007
 

Daniel Gil­ber­t’s Stum­bling on Hap­pi­ness is rightly pop­u­lar (I had to wait some time before it became avail­able at the loc­al lib­rary). Des­pite the title, it’s not one of these “sev­en steps to real hap­pi­ness” books. It’s more a book that tells you why people’s expect­a­tions of what will or should make them happy are often mis­placed. Lots of inter­est­ing bits of inform­a­tion about how the mind works, and what it does and does­n’t do, which explained a lot to me. A couple of examples: why is it that when you take a photo of some­thing, and then try to remem­ber it, all you get is a men­tal image of the photo you took? Why is it that the end­ing of a movie has a lar­ger effect on what you think about the movie than a ran­dom piece in the middle? All fas­cin­at­ing stuff and well worth read­ing if you want to under­stand why people do some of the things they do and think the way they do.

Which is not to say I don’t have quibbles with the book, I do, but those are minor. And mostly in the last chapter, where I won­der wheth­er some of the sur­veys he quotes would have had dif­fer­ent res­ults had they been car­ried out in oth­er coun­tries or oth­er cultures. 

In all, I recom­mend read­ing this book if you’re at all inter­ested in what makes people tick. Wheth­er you agree with all the points he makes or not, it cer­tainly will make you think about your own beha­viour, and give you explan­a­tions for oth­ers’ beha­viour that you may not have come up with otherwise. 

Miscellaneous Sysadmin

 Technology  1 Response »
May 182007
 

I’m usu­ally the chief sysad­min in the fam­ily for the things like the print­er and the Win­dows boxes. In the interests of mak­ing it easi­er for myself in the future and hope­fully oth­ers, here are a couple of things I fixed this week.

For some reas­on the print­er, an old but still very pro­duct­ive HP Col­or Laser­jet 4550 that cost a hor­rendous amount when we first bought it back in 1998 or there­abouts, star­ted hav­ing con­nip­tions when we wanted to print out files. Mostly it blew up on Open­Of­fice or Microsoft Word doc­u­ments. The error was 49.4C04 Ser­vice Error. Pok­ing around on the web revealed a bunch of com­pletely use­less information:

Turn the com­puter off, wait a minute, turn it back on, this only ever hap­pens once and reboot­ing the print­er solves the problem
Wrong! The next thing I prin­ted caused one line of wing­dings to be prin­ted per page for many pages des­pite press­ing the can­cel but­ton; turn­ing the power off res­ul­ted only in paper jams and the same error message.
Caused by a defect­ive net­work card; replace
Not in this case; it’s a par­al­lel (LPT1) con­nec­tion dir­ectly into the net­worked PC
Caused by third-party memory; take it out
Again, not in this case since I nev­er bothered installing more memory

What did work was rein­stalling the drivers. Not the PCL 6 drivers that Win­dows tried to tell me to take, the PCL 5 drivers. Those PCL 5 drivers actu­ally work on our sys­tem, unlike the PCL 6 drivers.

The oth­er prob­lem that I found the solu­tion to was the size of the Norton Pro­tec­ted Recycle Bin. I installed this some years ago, have nev­er used it, and found that it kept grow­ing. And grow­ing. And would­n’t let itself be cleaned up, no mat­ter how often I told it to purge itself. So I unin­stalled and then tried to delete the recycler/nprotect dir­ect­ory files. No dice. The Norton web­site sug­ges­tion did­n’t work either (sounds weird, but it’s true); what did work was the sug­ges­tion I found online: rmdir /s \\?\C:\RECYCLER\NPROTECT. I sus­pect the Norton recycle bin will not be rein­stalled on my system.

Evacuating the A‑380

 Travel  1 Response »
May 122007
 

Tim poin­ted me at the video of the test run for evac­u­at­ing the A‑380 — it’s worth a look. I noticed, how­ever, that it was­n’t exactly a very real­ist­ic test. If you read the page rather than just leap­ing to the video, you’ll see the dis­cus­sion of an earli­er MD-11 test where a woman over the age of 45 tripped and fell; bear that in mind when you watch the A‑380 evac­u­ation video.

What struck me about the video was that the evac­u­ation was not only car­ried out in ideal con­di­tions, but the par­ti­cipants were also all ideal. All between the ages of roughly 20 and 45, all wear­ing com­fort­able trousers, none of them over­weight, none of them car­ry­ing or cajol­ing chil­dren or babies, none of them in wheel­chairs or con­nec­ted to oxy­gen sup­plies, none of them in high heels or flimsy dresses (or good suits, come to that). All were fit and able to jump on the slide without hes­it­a­tion. In a plane car­ry­ing over 850 people, what pro­por­tion will be in some way encumbered, and how big a dif­fer­ence does that make to the evacuation?

In a lot of ways the video reminded me of the films that are always being shot around Van­couver. One I saw being shot at Van­couver air­port had lots of extras tow­ing bags around pre­tend­ing to go some­where and looked unreal­ist­ic for the same reas­ons — no-one was over­weight, or eld­erly, or had babies or chil­dren, unlike every air­port I’ve been to recently.

Mother’s Day

 Family, General  1 Response »
May 072007
 

Mother­’s Day, in its best mani­fest­a­tion, is a day to cel­eb­rate fam­ily and togeth­er­ness and chil­dren, as well as moth­ers. On this day though, it’s also good to spare a thought for those who would like to be moth­ers but can­’t be, for whatever reas­on, and for those who’ve lost their moth­ers, in whatever way. These cel­eb­rat­ory days aren’t unal­loyed joy for everyone.

Sun and OpenID

 Identity and Privacy  No Responses »
May 072007
 

I’ve been heads-down on a pro­ject which was just announced (though not yet up and run­ning, so I’m still work­ing hard with the rest of the team on final details) about Sun put­ting up an Open­ID IdP (iden­tity pro­vider). The idea is that this IdP will veri­fy that the per­son using an Open­ID of the form http://openid.sun.com/username is a Sun employ­ee. Everything else is self-asser­ted, so people can use pseud­onyms and non-Sun email addresses, but they will be a Sun employ­ee. It’ll be inter­est­ing to see what hap­pens and how we can use it, once it’s live. That info will be pos­ted to developers.sun.com/identity as soon as the IdP is up and running.

I’ll be post­ing some tech­nic­al details of what I’ve been doing, and some tips and tricks to help someone else take the OpenSSO code and cus­tom­ize it; oth­ers on the team will be blog­ging about their pieces. 

It’s been a fun pro­ject and it will be even more fun see­ing what people do with it. We’re using the tag sun­open­id, or you can fol­low along on Plan­et Iden­tity.

/* ]]> */