Identity and Privacy - Page 5

Pat’s Lightbulb

I have the good fortune to work with Pat Patterson at Sun and one of the things we discussed quite a lot shortly before I went on maternity leave was how to make it easier for people to use Liberty protocols for their identity needs. One of the complaints I’ve heard is that there isn’t enough sample code in the world showing how to use and implement SAML. Given that Sun’s Access Manager does implement SAML, along with various other Liberty Alliance standards, it seemed like it should be possible to put together some sample code that uses Access Manager. And, given that Access Manager is now open source as part of OpenSSO, it made sense to create another open source project. But, this project should use languages other than Java, to give the LAMP (or MARS) developers and implementors some code that they can use, tweak, and further develop. And put back into the project of course <grin>. I came up with a bunch of useless names, and Pat came up with Lightbulb (goes with LAMP). Then as I waddled off into maternity leave, Pat did the programming and came up with a way to implement a SAML 2.0 service provider in pure PHP, without even needing the OpenSSO or Access Manager code.

Pat’s giving a webinar on this tomorrow morning Pacific time; you need to register for it first.

We’re hoping that other people will contribute relevant code, in any language, for people to use when they want to implement or integrate SAML capabilities into their systems, whether they’re blogging systems, wikis, or anything else where identity management is useful. The project is located here; it’s easy to join, add a sub-project, and commit some code. Or just browse and see what’s there and what’s useful. Have fun!

Liberty Deployments

It’s good to see analysts writing sentences like “the Liberty specifications are resonating with major IT user organizations” (quoted in an InfoWorld article entitled E‑government Group forms within Liberty Alliance). It shows that the Liberty specifications (and not just federation) are being implemented and deployed.

Which brings me to the main point of this posting — if you know of Liberty deployments that are worthy of public attention, propose them for the Identity Deployment of the Year awards. Nominations close on Monday, August 21st, and the judges are waiting to see what you can nominate! The winners will be announced on stage at Digital IDWorld. I’m hoping we get to see some deployments that are illustrative of the wide range of problems that Liberty Alliance specifications solve. Paul of course wants a People Service implementation to win; are there any cool ones out there that will sway the other judges as well?

Liberty Baby

The Liberty Alliance quarterly sponsors meeting was in Vancouver this week, so even though I’m still officially on maternity leave, I decided to attend as much as I could (baby allowing). It was worthwhile going, the baby was a little fussy but slept through enough of the time that I could take part in some of the meeting, although I will admit there was one time while I was watching a previously fussy baby lie on the changing mat in the ladies, waving her legs and arms and gurgling happily at the sight of the under-basin plumbing, when I wondered whether I should be at home instead. That “why am I here” feeling passed once she let herself be put in the sling so I could go back to the meeting.

The Liberty meeting itself seemed to go well from what I saw, quite a few people took advantage of it being opened up to non-members to observe and participate, at least in the meetings I was in. It’s always hard for new people to really take part, but I think this experiment was successful.

The Identity OpenSpace meeting, jointly produced by the Liberty people and some people from the Internet Identity Workshop, was scheduled for the Thursday and Friday after the Liberty meeting. Lots of people stayed over for this, lots more came specifically for the meeting. I didn’t see everyone on the list of attendees that I knew, but that’s probably at least in part because the baby melted down in a big way in the early afternoon on Thursday so I had to take her home, and decided making her take in a fourth day of meetings and presentations on Friday would be too much for all concerned. Still, she slept through Jane Winn’s Legal Basics, lunch, and Robin Wilton’s Privacy and ID Theft before throwing her wobbly, so I got to participate to some extent.

Jane’s presentation, as usual, was terrific. She’s quick to grasp the central points of issues, her talks are always thought-provoking and suitably cynical, and I was glad to be able to attend it, and also glad she took part in the Liberty meeting before the IOS event. Robin is also a deep thinker whose blog often portrays things in a different way to the generally accepted dogma; he’s part of the group I’m in at Sun, and I think we’re lucky to have him there.

The IOS did seem to go well from what I saw and heard, bringing together people with different experiences, knowledge, and viewpoints. Kaliya Hamlin organised it and ensured people documented the sessions on the wiki. This goes some way to negating one of the chief unavoidable problems of this format — that there are often things going on in parallel that I’d like to attend.

Kaliya put up a sign encouraging people to contribute or learn, or go where they could contribute or learn, and I hope that those who sat there quietly, not contributing, will contribute what they learned someplace else in the future. Identity management, with all its ramifications of privacy, security, and the user experience, is a complicated issue and affects all of us and the more people talk about the issues and try to come together on solutions, the better. I think this meeting helped with that and it’ll be interesting to see what comes out of it. Right now I’m an outside observer until my maternity leave is over but I’m already looking forward to participating lots when the baby allows.

Summer Identity

The current weather forecast for Vancouver is sunny and warm (into the high 20s; around 80 F) making it a pretty good place to be right now. All the gardeners of course are busy turning on the watering systems, but given Vancouver also has lots of water this isn’t as much of a problem as in other places. We’re looking forward to having a decent summer this year, unlike the last one which was basically miserable for most of the time.

Which makes Vancouver a pretty good place to be in July: the weather is usually superb, sunny and warm but not too hot, life reasonably relaxed, the seawall and beaches full but not overflowing. Just the right time of year for standards committee meetings! I’ve hosted DOM WG meetings in Vancouver in August, with participants enjoying the combination of effective work and a bit of touristing. If you’re looking for an excuse to visit Vancouver, now’s your chance — not only is the Liberty Alliance holding one of its quarterly sponsors meetings in July (the week of July 17th, to be precise), it’s also holding a conference jointly with the Internet Identity Workshop on the Thursday and Friday. This will follow the standard IIW “unconference” format, to allow for lots of flexibility in topics and speakers. The attendee list is certainly impressive! I’ll be there for as long as the baby lets me (I assume she’ll be the youngest participant).

Liberty Alliance non-members will also be welcome to attend the Liberty Alliance meeting itself on Tuesday and Wednesday (NDAs will have to be signed). This is the first time that the Liberty Alliance has opened up a sponsor meeting to non-members in this way; I hope lots of people who are interested in identity issues take the opportunity to find out more about what the Liberty Alliance does and how it operates.

Registration for both the OpenSpace event and the Liberty meeting for non-members is at Identity OpenSpace Registration; early-bird registration is now closed but it’s still cheaper to register now than onsite.

If you want an alternative set of hotel, restaurant, and tourism recommendations, try the Northern Voice Vancouver page (Northern Voice is the blogging conference I help organise each year). The Liberty Alliance meeting hotel is about a block from the Northern Voice conference location.

BCNet Liberty

Yesterday I gave a talk at the (fortunately) local BCNET/Netera Converging Minds Conference. BCNet builds networks for the BC research and education community, and the conference was aimed at the administrators, deans, and IT managers who need to know what tools their researchers and students would find useful. The conference agenda had talks on lots of subjects relevant to that audience, ranging from high performance computing, networking, and security and identity management to advanced media and collaboration.

My talk was about Liberty specifications, of course. Since I was slotted for a 1.5 hour talk, I asked Alex Acton from the Sun Vancouver office to help out. I presented the slides, Alex drove the demos, we got lots of great questions, went 15 minutes overtime and still only got through 29 of the 41 slides. It was probably more useful to the audience that way, of course! I like having a small enough audience that more free-form talking and listening sessions are viable. Here are the slides (in PDF format) for posterity, including those I didn’t get a chance to present.

I had lots of help on creating these from Eve, I used demos from Pat and Hubert (Hubert also created good slides for the recent Liberty webcast that I could reuse), Scott Cantor sent me slide decks on Shibboleth to crib information from, and most of the deployment information comes from Yvonne Wilson’s excellent talk at XML 2005. I also used some information from the Liberty technology tutorial. Thanks, everyone!

User-Centric Liberty

The current buzzword of user-centric identity led some of us at one of the Liberty Alliance meetings to discuss actually writing down and showing how Liberty specifications could be used to implement user-centric identity systems. One of the outcomes of that discussion was a white paper entitled Personal Identity, edited by John Kemp of Nokia (who, incidentally is also a co-author of the book Mobile Web Services : Architecture and Implementation), with lots of input from Paul Madsen and Carolina Canales Valenzuela. The other was a demo that Hubert wrote (I did the CSS, so I contributed something concrete to the effort along with moral support). Hubert wrote up the demo on his blog, at Liberty ï¿½ la InfoCard (PDF version of the demo) and A much nicer experience… (which has the flash version of the demo). Now there’s going to be a Liberty Alliance webcast featuring both John and Hubert talking about these issues and showing the demo. So if you have questions, this would be a good place to find some answers.

Title: User Centric Identity: Success Today

April 12, 2006 at 8–9 am Pacific Daylight Time

Presenters: John Kemp, Nokia, and Hubert LeVanGong, Sun Microsystems

Abstract:

“User-centric identity” has been the latest description-de-jour floating around in the media, usually used to describe “up and coming” new technical offerings from a variety of entities. But why wait for future unknowns when it’s already happening here and now with Liberty Alliance specifications that have foundational elements of user consent and privacy? In fact, not only are these specifications available today, there are products built on them that are also commercially available today.

Registration is required and limited to the first 100 respondents. The presentation will be available in archive form after the event. To register follow the steps listed below. This webcast will be done via Webex. Please contact Tricia Dehart with any questions, tricia@projectliberty.org.

Go to http://projectliberty.webex.com
Under the heading Attend a Meeting, click Register
Search for User Centric
Select User Centric Identity: Success Today and click on the Register button.
Fill out the required information and click Register Now at the bottom of the page.