IBM CEO stakes $10 billion on 'on-demand' future
....but this sounds like it has identity has one of the foundational pillars...

Perspective: The ID dilemma - Tech News - CNET.com

American Express vice president Barrett fights for Liberty Alliance
not sure if we got this posted -- so i'm posting again...

Jon's Radio
I've been following the discussion on Phil Windley's blog (he was at DIDWcon2002) about "The Transparent Society" (a great book). And now I see that Jon Udell (he was at DIDWcon2002 -- of course, all important people were ;-) has picked up the thread -- and brought forth the idea of "Freedom and Accountability" as opposed to "Freedom and Secrecy."

This brings up one of my favorite sub-topics that surrounds digital identity: anonymity. Many of the slashdotters recoil at Digital ID because it eliminates (supposedly) the anonymity of the web. And perhaps it does. But anonymity is NOT (never has been, never will be) an essential quality of a healthy democratic society. The ability to stay *unacknowledged* is a quality of that realm -- but not the ability to stay anonymous.

Anyway -- I follow with interest -- and love the fact that the identity discussion is moving into these very substantive realms....we're gonna have to put Jon onstage next year -- and give Phil a much bigger showcase. Nice work, gents...

Internet Week > Web Informant > Web Informant: Federated Identities Create New Security Risks > October 28, 2002
A truly well-done piece....so, an extensive quote:

So what is the answer? I think companies that are interested in getting involved in federated identities and Web services are going to have to move gingerly forward. First off, you can't really separate your production environment from your testing servers, not easily in any event. That will mean making copies of pieces of your production environment and figuring out some clean room to host it. But ultimately developers are going to have to throw the switch and let loose, as my friend Marshall Rose was fond of saying, the dogs of war.

Second, you will have to get your corporation's lawyers involved, and set up some legal limits of liability in case someone breaks the bond of trust, penetrates one of your federated partners or attacks your own network. While I am not a big fan of lawyering around a problem, now is the time to start this process going.

Third, you are going to need better instrumentation of applications to know what the norms are and be able to figure out when anomalies occur. Network analyzer vendors have been lobbying for this for decades, but it is even more important to do this with respect to the actual applications performance and operations. This is especially critical since pieces of the applications lie outside your control, so any "normal" operations instrumentation would be useful if you are under siege.

Finally, start paying attention to the various industry committees working on federated identities, such as the working groups on UDDI, SAML, and WS-Security. If all of these are just acronym soup to you, then you need to get involved in at least one of these efforts.

Corporate Big Brother got no overtime - Tech News - CNET.com

Promise of P3P stalls as backers regroup - Tech News - CNET.com

"You're seeing laws that really put a lot of the burden on companies to beef up their privacy practices," Steer said. "Health care companies are now scrambling to find a solution (to HIPPA) and they're saying if we're going to spend millions of dollars on privacy, then let's do it right. We will see more P3P adoption but it won't be a rush, it will be a trickle of sites that become P3P compliant. But then, at the end of the day, we're going to have to go out there and teach people how to use it."

And that, according to lawyers familiar with the technology, will be no small task.

Who owns your e-mail? - Tech News - CNET.com
once again, the physical and electronic collide around digital identity...

shopping cart identity
...tracking your steps throughout the store -- offering bargains based on your purchase history and location.....

once again: identity is the *bridge* between the physical and electronic worlds.

Microsoft Opens Up Passport Code
not sure if we posted this yet....just came across it.

Looks like a good day for articles than make you go hmmm... In addition to the truly seminal article by Kevin Werbach (noted below) this article about how the administration views the battle over copyright boundaries reinforces many things said here and elsewhere about the copyright and DRM debate.

Note that while 70% of the U.S. population uses the Internet, only 15% have any significant speed connection. Lack of legitimate, manageable content is given here as the reason, and that's sort of right. But while that focus is a little too "close in", all the info you need to see the real reasons and challenges is here.

This quote frames it about as well as any -- "The fight over digital content and rights management has it all -- critical industries battling over billions, lobbyists and lawyers maneuvering for position, disruptive technologies in a dynamic market, and self-possessed consumer advocates gearing up for a great crusade. Moral absolutism abounds -- you are either on the side of 'freedom and innovation' or the 'Eighth Commandment and the rule of law.'"

This article by Kevin Werbach does a very good job of laying out a point I've been trying to make for many years - the real, relentless trend that networking is just one part of is the decentralization of computing. This point gets repeatedly missed, because some immediate manifestation of it is used as the explanation for what's going on, causing observers to miss the true underlying forces. Kevin highlights some recent examples of this as well.

The fact that computing infrastructure will inevitably move towards an ever more decentralized structure is the driving force behind digital identity. Again, people will see things like security, etc. as "the cause" of the trend of the moment, but this important article gives you all you need to know to see the real "big picture" of what's happening.

Identity is center because the human beings are by definition the center of whatever they do, and humans are who build and use computing systems. Because humans prefer decentralized, networked, communicating structures, that is what we will ultimately find a way to design, build, and deploy. It is the journey to discover and build this "correct" networked structure that digital identity, web services, application integration, DRM, and all the other things we talk about at Digital ID World are really part of.

Enterprise IT today is looking for rapid ROI in every project they undertake. A PR person (you know who you are) just alerted me to a new report by Jonathan Penn of Giga Group titled "Justifying the 2003 IT Budget: Identity Management Brings Quantifiable ROI to Security."

While I quibble a bit with his failure to differentiate Identity Management and Single Sign On as I think he should, Penn's overall premise that IdM provides rapid ROI has been seen (and reported on here at Digital ID World) for some time.

Penn quantifies Identity Management in ways that are both hard and soft. His analysis indicates that improved data management saves $350 per user per year, the reduced development of security features and user management save $12,000 per application, and that the general improvement in support capability yields $70,000 per year. For all of that he is really just looking at managing the identities involved in web single sign on.

He breaks out provisioning and indicates that through "improved efficiencies" (analysts get to use all the good terms) an enterprise can save $70,000 per 1000 managed users per year. Penn also indicates that $4,000 per security audit can be saved in audit expenses.

From there he goes to a somewhat softer analysis, and indicates that $75 per user per year can be saved in help desk costs, and that $1,000 per new employee and $350 per existing employee will be saved through "easier access to applications."

While he engages in some "analyst massaging" to get to these numbers which seem a bit harder when you read them than they are when you look behind them, Penn does do a good job of looking at where and how identity management provides solid return if it is implemented properly.

Maybe this can help some of you who are trying to cost-justify identity management, even as you know you'll drown without it, and need someone else's numbers as input.

An interesting survey of 700 companies about their views on Web Services indicates that things are getting ready to move in this arena soon. The article is a good review of how business currently sees Web services, and what they will be doing with them in the near future.

Most interesting to me was the question "Is Web Services a disruptive technology?" The response was 30% yes, 45% no (apparently 25% don't know -which may be the more honest answer.) This response rate tells me that we are in the very early days of Web Services and there is little experience with how they will affect business as they are deployed. If integrating business processes across company lines, and creating the real-time enterprise isn't disruptive, I'm not sure what would qualify.

It makes sense that deployment of Web Services would be about to accelerate, given that several key standards issues that have blocked them are being resolved. But real deployment will mean the identity issues in Web Services cannot be finessed much longer.

As in so many other areas, digital identity issues in Web Services will first be felt as security, manageability and control issues. If the survey in this article is representative, Web Services Security should become *the* hot issue from the customer's perspective in the computer industry mid to late next year.

An article today about how the European privacy policies may have undesirable side effects, illustrates again that no part of the digital identity conversation is simple.

The governments of Austria, Finland, Sweden, and the United Kingdom told the EC that there needs to be "a better balance" between individual privacy and the free flow of information.

Those who think regulation holds all the answers, and those who think that technology can fix the problems by itself are both very wrong. This is why we at Digital ID World are trying to encourage a wider, more productive, conversation between these groups, because finding a properly balanced answer will require the best thinking both groups have to offer.

As this article in Federal Computer Week shows, identity management is one of the first things enterprises run into as identity becomes center.

This article illustrates the process of "discovery through pain" that organizations tend to go through with regards to the need for identity management, how they struggle to understand its implications, and also how it impacts so many areas and processes.

But you can also hear the inevitability of IdM in comments like "Federal agencies' push to offer more services online make them likely candidates for user provisioning and identity management software."

Its becoming clear to more and more people that getting an enterprise's identity house in order via good identity management software and practices is a prerequisite to EAI and Web Services, and that identity goes far beyond single sign on...

Max Most, our truly great Biometrics resource, has been telling me for some time that "voice biometrics are the truly hot item." Today I see an article indicating that Visa thinks so too.

The problems illuminated here, that these solutions "will require the development of technology to send speech pattern information over data channels, as opposed to phone lines" highlight why so many areas of digital identity hit the standards wall early in their deployment. Any given company can easily create technology to digitize voice and extract the key factors needed, but how do we reach the point where products from multiple vendors will interoperate?

The natural urge of technology vendors to try to build "killer technology that holds a customer captive" is a major impediment here. Even as companies realize interoperability and standards are key, they can't resist trying to find a way to build a structural reason that customers will be locked in to their technology. Developing a culture in technology that values interoperability and moving competition up a level in the stack is one of the biggest hurdles the industry faces. It will happen, the only question is how much pain will it take first. Early returns indicate it will take a lot...

If you want to know how bad it is in the conference world today, seeing that IDG is giving Apple an ultimatum about attending their show tells it all.

To succeed, a conference has to provide value to attendees and sponsors just like any other product does. In the current environment it appears that many conferences aren't sure what their value proposition really is as the industry changes.

I'm particularly pleased that in this environment the first Digital ID World conference was such a success, as it indicates we did provide value commensurate with the price. I had several "regular conference goers" tell me this was the best conference they had attended in years.

But this is a business that is all about "what have you done for me today" and that's why I constantly solicit input about what we can do to make the next Digital ID World conference even more valuable. So don't be shy about letting me know what you really think. My email is phil@digitalidworld.com

Well the week we mostly took off after the conference has passed, and it is time to get back to work. Somehow, Eric got two weeks off in Europe with his wife, so he won't be back for a few days yet. Wonder what we were thinking?

Re-entry is a time of looking around to see what happened while you were gone, and today is no different. Look for several new articles this week as we drill down into themany things happening in the accelerating world of digital identity.

One of the big drivers of digital identity is Web Services, which has struggled for years to figure out its "minimum first step" to deployment. An article about Rajiv Gupta, one of the early Web Services pioneers, speaks to exactly these issues. He created e-speak for HP, and is now doing a startup, Confluent, looking to offer management capabilities for Web Services.

The evolution of Web Services is instructifactors of its use will also struggle. This is one of several reasons why the deployment of digital identity will be more like that of the LAN than, say, Visicalc, and that searching for a "killer identity app" is a good way to miss it entirely while it happens all around you...

As the crew recovers from a simply spectacular first Digital ID World conference, Eric is running the Chicago Marathon with his wife, Andre is off to Columbia, and I'm sitting here trying to take in everything that occurred last week. For those who weren't in attendance, I refer you to our blog aggregator for a quick overview. A fast summary can be had by reading the different perspectives of Bryan-Field Elliott's recap, Jon Udell's recap, and Brett Fausett's recap. There are others as well, and you can reach them from the aggregator.

If you missed hearing about my sterling opening session, Denise Howell did a decent real-time report of it. I think Denise has spent too much time hanging out with court reporters, because her ability to real-time report on a session is simply unrivaled. She did this trick for several other sessions too.

The overall response from regular conference goers was that this was the best thing they had attended in several years. Somone indicated to me that it seemed like an "insider's event" and I suppose when folks like Craig Mundie and Esther Dyson sit in the audience of many presentations (including Liberty Alliance's) that can seem true. But in my view the success here was that many people who are never in the same room came together, and the networking was intense - day and night. Several deals were done, and I think nearly every one came away with a better opinion of those on the "other side" of the issues than they had going in.

Peter Biddle, inventor of Palladium, and Steven Sprague and Lark Allen of Wave systems were not only talking to each other but to anyone who wanted to talk to them about what is going on with trusted computing. With people like Doc Searls, Dave Weinberger, Jon Udell, AKMA, and others in direct conversation with these folks, its hard to imagine how things won't end up better understood on all sides. I can already see the results in the reporting from the show, and with reflection it can only be a good thing.

Meanwhile, the companies in attendance had an opportunity to see the bigger picture of digital identity. What they will choose to do with this remains to be seen, but again it is input they would have no other way.

So the first Digital ID World conference definitely put the digital identity conversation into overdrive, and propagated it much more widely than before last week. In my opinion, that can only be good for all...

Well Eric, today as you wallowed in your misery, you missed mostly meetings with a lot of hotel people and the show staff, working out the pages and pages of last minute details to be sure the show comes off smoothly. Somehow, I suspect that missing the meetings where BP's, PoE's, etc. were checked item-by-item really doesn't disappoint you :-) These were the all-day meetings to set up a lot of people to work long days and have sleepless nights so the attendees never know that their jobs exist or were even necessary.

Tomorrow the real setup starts, while you drag yourself out of your sick bed to the secret Palladium meeting (oops, sorry, I wasn't supposed to say that - it was a secret.) While everyone is playing golf, we'll be wiring the Wi-Fi, getting the show floor set up, making sure the stages get set properly and the multi-media presentations can all get their proper rehersal slots, etc. By the time the reception starts tomorrow night, I hope those "cold medicines" you are taking have kicked in, because from there it will be "go" all the way...

Today is the last of the dull, drudgery part of putting on a high quality, energetic conference. Already the show staff is getting excited just thinking about what is to come. When you sit in the hotel planning out each event, each room, each presentation, it really hits you how amazing the quality of both the presenters and the attendees to this first Digital ID World conference are. It will definitely provide perspective on the central role of digital identity to all who attend - even (or perhaps especially) to those who already think they know.

I know I fully expect to see things differently after this event given the interactions of significant (and smart) people who have never talked to each other before. As to reporting and blogging about the event, you are right. We'll do our best, but we will also be so caught up in the occurrence of the event, our reporting on it may lag a bit.

But after all, it's not like we haven't told our readers often enough that they should come and be part of it themselves...

...Murphy's law has kicked in and i'm sick as a dog on the eve of the eve of the digital id world conference. No worries -- I've done a lot worse in a lot worse shape. I'll muddle through (although I am a bit worried about the Chicago Marathon which I'm supposed to run this sunday).

Nonetheless -- i'm not quite sure how these spaces will look over the next few days, as Phil and I will both be acting like chickens that have gone under the axe. We are planning an RSS feed from bloggers at the show -- so look for that...

Tech firm loses Bon Jovi battle - Tech News - CNET.com

Under the record label's plan, each Bon Jovi album will be distributed with a unique PIN (personal identification number) code that fans can use to register at Bonjovi.com, giving them membership in American XS. Members of the free worldwide club can get perks such as priority concerts tickets, bonus unreleased tracks, and exclusive online chats with the band.

Ericsson tech can track you down - Tech News - CNET.com

Ericsson said Monday it has begun offering U.S. wireless carriers its new network equipment that automatically e-mails a cell phone user's exact location to friends or loved ones.
The Swedish company's equipment uses software called Where Are They Now, developed by Israeli wireless software maker LocatioNet. The software lets cell phone users create a list of friends or relatives who have permission to receive location information. Users can choose how frequently the e-mails are sent.

Digital ID World - Conference 2002
today was one of those great days wherein all of the principals from DIDW brought friends and family to the "binder stuffing" party -- ie, building the hundreds of binders and bags to hand out to show attendees.

Amidst all of it was a *ton* of final detail talk --- folks like Phil and Griff talking last minute registration system details (griff was up all night doing god knows what with our show technology). To that end, I *doubt* that you'll find another show this year as wired and blogged out as we'll be (maybe PopTech! -- i'll be interested to see). As far as I know, we're breaking new ground....not only will we have the whole damn place wi-fi'd for like a 5 block area, but we're also providing an RSS aggregator that folks can sign up for to have their blogs linked in the feed.....it'll be nice having experience programmers and bloggers there (like Dave Winer, Halley, Doc, Rageboy, Dr. Weinberger, AKMA) to tell us how we can improve things for next year...

The excitement builds (despite my cold) -- it is going to be fabulous.

David Margulius has put together one of the better Identity Management Overviews I've seen in the mainstream press - highlighting that identity management is driven by IT integration needs in addition to just managing things.

It has input from at least Netegrity, Oblix, Waveset, and Access360 (recently acquired by IBM/Tivoli), and does a good job of reviewing the issues about standards, XML, the Directory/Metadirectory issues, etc. It drills down a bit on the differences between provisioning, access management, security, etc. and how XML standards will play a part in integrating all this.

Good read for those who want to understand how identity management fits into the overall identity and enterprise IT structure...

Just when the Liberty Alliance's momentum was looking unstopable, AOL/TW decides to remind us it could change its mind on those patents it contributed and hold the effort hostage.

Sun, who has reliably been the champion of "no taxes on the internet" with other peoples' patents, responded with a statement that "it will give free access to the intellectual property Sun contributed to the project with only one condition: Any companies that charge royalty fees for their contributions will have to pay Sun for its intellectual property."

Now that's a good alley-fight move - one you sort of have to grudgingly admire...

The concern, of course, is that AOL/TW's move may well derail the Liberty Alliance and freeze its progress. Why? Because while AOL/TW acknowledges that it promised not to charge for its patents in Version 1.0, it is saying that promise doesn't necessarily apply to future versions of the spec.

If AOL/TW persists in this stupid move, Liberty may have to alter the basic foundation of its specification and break the upward compatible growth path it worked so hard to acheive.

And it's not just the Liberty spec at stake here, these patents cover things like SSL and use of cookies, so as new Liberty President Michael Barrett said, "If they choose to license (their patents) they could hold half the Internet for ransom."

Let's hope AOL can be brought to its senses and quit being overcome by a greed that will kill it for everyone...

As a newbie to blogging, pardon me if I wax enthusiastic as I witness the effects of this medium that others already know about. But I just noticed that Phillip Windley, CIO of Utah, is "bloggin out loud" about his presentation at the Digital ID World conference next week.

Several things struck me, but the biggest one was a sudden realization of how much high-powered thinking is at work finding the best way to package presentations about every aspect of digital identity for those who attend. This is going to be one high powered event!

In the most acronym filled press release I've seen in 18 months, Qualcomm announced its new integrated chip set for building GSM cell phones with very sensitive and accurate GPS positioning built in. They also talk about a bunch of software that they hope will make people want to do stuff with their phones besides just talk on them.

Only read this press release if talk of IF saw filters, phase lock loops, and high-linearity pre-LNA stages make you warm up - but it looks like the convergence of GPS and cell phones have taken another step, so you can always know where you are.

Maybe that's why they made this read like a '90s press release - so you'd still have somewhere you could get lost...

New alerts have analysts doubting Microsoft security
...knowing a bit about the concept of security -- might i add: security isn't *never* having a breakdown; its fixing it in a timely fashion and controlling the extent of the damage.

Busboy pleads guilty to ID theft - Tech News - CNET.com

A 32-year-old restaurant busboy pleaded guilty on Thursday to pilfering personal and financial data belonging to America's rich and famous, including billionaire Warren Buffett.

Congress asked to unpick copy lock laws - News.com

A bill to repeal and/or alter significant portions of the Digital Millenium Copyright Act has been introduced after a two year effort to build support. This reflects a realistic political process by congressmen who truly want to see this law passed (otherwise they would have introduced it years ago, taken the good PR, knowing it had no chance to pass, posed for pictures and moved on.)

Interesting parts of the Digital Media Consumer Rights Act work to return the law to addressing illegal acts themselves instead of technology which might be used for crime. Thus this law would end the current condition where it is illegal to talk about, engineer, build, or sell technology that could defeat copy protection. Instead, the law would say it's only illegal if you use that technology in violation of the law (allowing fair use to be negotiated.)

This bill has no chance to be voted on this late in the legislative session, but if you read this article you can see that it is a serious move to do the work required to pass a law that would return the digital intellectual property rights arena to the same position that the physical intellectual property rights arena has. That is, the law will not assume that certain techological acts imply a crime which has not actually occurred, but will return to focusing on the crime itself.

This is a good step, as it paves the way for properly negotiated solutions. It also indicates that the heavy-handed actions of Hollywood and RIAA have not gone un-noticed.

I see that both RSA and Baltimore have released web services digital signature SDKs to ease the burden of putting identity based security in web services applications. Both make comments in their press releases that "without the appropriate security measures the adoption of Web services will be severely curtailed."

I guess after two years of looking at things, they realize that people don't really want their data out in public. Wonder if the new survey that indicates corporate data theft is over $58 billion annually is related?

Without identity-based end-to-end security, the Internet relentlessly drives intellectual property that touches it towards the public domain. And connectivity that can't be managed or controlled isn't a plus.

The Doc Searls Weblog : Wednesday, October 2, 2002
here's doc's blog talking about te recent DRM panel at the O'Reilly OS X conference...some of the links talk about MSFT and Apple being *unwilling* to sit on the panel...dunno what that's about, but I know they were more than willing (they being msft) to sit on our DRM panel...

Netscape loses privacy dispute - Tech News - CNET.com
Ah yes, the privacy battles start to gain some heat...

Computer Associates CTO gives recipe for extended enterprise

In a keynote address at Internet World, CA CTO Yogesh Gupta described what he considers to be the critical factors for a successful extended enterprise. He talked about how things will change in a networked world, but what jumped out at me was his recognition that among the factors required to make this possible are information control, information security, and business continuity for the data itself.

It's fascinating how many different ways people bump up against identity, but coming to it from a recognition of what functions are required to take any steps forward isn't too bad...

First day of the Gilder/Forbes Telecosm and I fell like I was put in a time warp and sent back 20 years. While standing in the hall with Phillipe Kahn and Paul Allen trying to convince each other we know what's happening (all the while trying not to look like we're listening to see what the other guy knows that we don't) it dawned on me that the only real difference from 20 years ago is we're all a little calmer about it (at least outwardly.)

This is a group of real optimists, who are sure that the next big thing is here somewhere and they want to find it before everyone else does. The audience seems to be a combination of VCs looking to see how to recoup their losses (the grumpy ones), companies trying to show they have the next new thing (the optimistic energetic ones) with a few pundits (trying to figure out what's going on) thrown in. Including the obligatory ex-journalist working the halls selling his new book. Just like old times...

The lunch speaker (Worldcom) was a bit sobering to the audience. Got to admire that he showed up, but everyone left saying some version of "that was rough" working to get rid of the gray cloud that has no place here.

It took about 5 minutes to do that, as Brian Halla, CEO of National Semi put up the graph of the three major computer industry boom/bust cycles dated by their peaks ('74 mainframe/timesharing, '84 PCs, '00 connected PCs) showing how much larger each was than the one before (based on semiconductor sales numbers.) This is a subject I spend a lot (probably too much) time on, as I love the perspective it provides on whats coming next - so it was right up my alley. Brian claims to have developed a formula to pinpoint the next cycle upswing, but didn't share the details as he is planning to release it at Comdex in his keynote. But the audience was happy to know that his graph doesn't show things going down forever (I wonder if they caught the part where the new cycle will occur with new things.) I was happy to see that his projections lead to conclusions similar to my own :-)

One thing for certain, this group is definitely looking past the Telechasm and dreaming of getting to the great things that lie beyond. It reminds me why the high tech industry has been such a draw for me for over 30 years -you just can't go too long without that same wide-eyed enthusiasm you had as an 10 year old returning, and failure is seen as just the next step on the road to success.

We'll see how they react to my Digital Identity presentation in the morning...

Internet World: Web services boosting business processes
Almost sounds like Charles Fitzgerald has been reading Digital ID World....oh wait, that's right -- he has.

Check it out -- he nails key stuff in this speech.

An AC Neilson study (commissioned by Yahoo!) indicates consumer confidence in the Internet is up. I'd caution against seeing this as much more than the amazing ability of humans to adapt to things once they have some experience with them. This is especially important to keep in mind when reading statements like:

"In large part, credit for the impnts goes to increasing numbers of broadband users and growing feelings of security when it comes to protecting personal information online, the researchers said. "

The real "wishful thinking" part of this report is:

"The jump seems to be due to greater confidence and security of personal information, as we know that's been a major issue, and it seems that across many groups, people are feeling more confident."

Note the use of the word "seems" here, which you can safely read as "we hope." Just what has happened in the last year to make anyone more confident their personal data is secure?

Consumers, like everyone else, really need some way to know they are in control of their own information and their own computers. Digital Identity in some form, is ultimately how this will occur.

I'm writing this from the airport, on my way to the Gilder Telecosm conference where I present tomorrow. I'm very curious to see how the world looks from the Telechasm these days...