A couple of days ago, Jeremie Miller posted his ideas around MicroID. Now, today, we have our first example of a MicroID plugin from Phil Windley.

Quoting:
Yesterday’s entry on MicroID got me thinking that to be truly useful, blogs and other sites are going to have to including MIDs (as I call them) in every entry and comment as a matter of course. For that, you need a plugin. I’ve been wanting to learn to write plugins for MovableType for sometime, so I set out to do so this morning.

Phil Windley has published a really good article about overcoming the hidden challenges of federation -- highly recommended reading.

Federation, to this point, has been (and still is) a point-to-point deployment. Yes, large companies are beginning to do some turnkey partner deployments involving larger and larger numbers of partners, but those deployments are still "point to point" and not a "federation network."

Federation's true value will be realized in the network setting -- a setting that can only occur when the issues that Phil outlines are solved on a widespread scale.

If you were watching CNBC between 7am and 8am EST time this morning, you probably saw this company get highlighted -- not for what they do, but rather for the fact that they're using RFID chips implanted in employees for Access Control to a sensitive documents and imaging room.

While this probably isn't a first, it was the first that I'd heard of implanted RFID chips being used *specifically* for access control. Of note: the entire system cost them $3000.00 USD.

Deep from the bowels of user-centric identity emerged another entrant into the race last week --- Pass.net -- for those of you keeping track.

[Later]
Add MicroID to the growing list (interestingly, MicroID is from Jeremie Miller of Jabber-creation fame).

I just stumbled across a really interesting identity blog that lives inside of Microsoft's TechNet community.

If you are interested in product evaluations, code samples for working with MIIS, or generic identity and access management architectures, this baby is worth a look.

John Fontana has written a fantastic article on identity management (and no, I'm not just saying that because I'm quoted in it ;-).

Well worth the read...

Two bits of user-centric identity this morning:

1. Mike Jones of Microsoft has a new whitepaper that walks one through invoking Infocards in browsers and web apps.

2. Dick Hardt is reprising his popular Identity 2.0 talk - this time talking about SXIP 2.0 and sxore. View it here.

Mark your calendars - our own Editor in Chief, Phil Becker, will be joining TNT's Ian Glazer for an interactive discussion and webcast entitled, "Identity Management as a Lifestyle vs. a Project."

More information and the registration link are here.

Curious about the Liberty Authentication Service? John Kemp from Nokia is giving us the lowdown.

An interesting news release today about Entrust securing a patent for "grid authentication."

Quoting:
Assigned to Entrust in 2005 by the Eastman Chemical Company, this patent was issued on January 27, 1998 by the United States Patent and Trademark Office. Among other things, the '627 Patent covers all methods for determining whether a person seeking access to a secured system is authorized to do so where the determination about the right to access the secured system is confirmed using some form of grid authentication with or without an accompanying password.

This kind of authentication system typically would use grid cards that are distributed to persons authorized to access a secured system or resource, such as an online bank account. A person with one of those cards who wants to access a secured resource would be challenged to prove they have the grid card that was distributed to them by answering questions about the contents of that card -- helping prove that the person is who they say they are. To date, the grid authentication method has shown itself to be especially attractive for organizations looking to reduce the cost and complexity of securing their applications.

[Later: having perused the Entrust site, I now see that the "grid card" is a bingo card with letters horizontally and numbers vertically, where you're prompted to locate alphanumeric strings within the grid...ie, BINGO! ;-) ]

The University of Wisconsin e-business consortium has published a comprehensive report on Identity Management and Credit Unions. Highly recommended!

(disclosure: UW-Madison is my alma mater, so nearly everything associated with the Badgers is highly recommended ;-)

Phil Windley has a nice write-up of Dick Hardt's presentation at ETech - one that culminated in announcing version 2.0 of SXIP (simple extensible identity protocol).

It looks like Sxip is doing something pretty interesting here -- more on this as I learn it.

I'd call this something beyond a major mistake.

Quoting:
An Ohio man is suing the Ohio secretary of state for posting his and other residents’ Social Security numbers for years on state Web sites where publicly searchable records are stored, showing retail purchases made using credit cards or bank loans.

Secretary of State J. Kenneth Blackwell’s office posts the UCC filings on the Web, and the data sometimes includes Social Security numbers.

Holy Schnikes! Posting SSNs online -that's just scary.

Browsing through the identity news of the morning - these things caught my eye:

1. While profits and revenues dropped at Novell - its identity management business grew by 20% year over year.

2. Yahoo! is releasing a browser-based authentication API - just like Google did about a month ago. Now developers from everywhere can leverage either Yahoo or Google for authentication services. Verrrrrrrrrry interesting....

Don't blink or you might miss the statement at the end of this article:

In the coming months, RSA expects to announce an expansion of its consumer business. The company is hoping to build on large-scale consumer deployments at ETrade and Washington Mutual and tap demand for strong authentication driven by the escalation in online fraud, Young said.

For example, RSA is considering ways to add features such as client health screening to Adaptive Authentication. The company also plans to integrate its authentication technology with the new "InfoCard" architecture from Microsoft, unveiled at this year's RSA Conference, Young said.

RSA's "layered" and "risk-based" authentication technology (acquired mostly from Cyota) is being rolled out at online banks and brokerages like ETrade and Washington Mutual -- and (apparently) being integrated with InfoCards.

I'd love some technical details on how that is working -- is the Cyota technology using WS-Trust to do some token translation? Can someone over at RSA help with answers?

Finally, a reporter gets the Higgins story right -- and we should expect that it would be John Fontana - one of the best in the identity reporting sphere.

John's right reporting tells us how Higgins is actually a *good* thing for identity because its an expansion of the ecosystem and NOT an "open source vs. Microsoft" story.

John then goes on to quote Jamie Lewis (CEO of Burton Group and also one of the best in the business):

"I've been railing on this for years - the tooling side of identity is really bad," says Jamie Lewis, president of the research firm Burton Group. "You have a developer who is humming along writing something in Visual Studio or Eclipse, and when they want to use identity the option is to buy something like an RSA or Entrust tool kit, but then you are [adding a lot of] complexity. So we shouldn't be surprised that developers are not using identity."

Lewis says Higgins, and the work Microsoft is doing with its development tools, are starting to erode concerns about tooling.

The irony, of course, is that the story that was so badly reported last week is not the real story at all. The real story is the rapid expansion of the identity ecosystem. While the press is focused on acquisition and vendor sports, the real activity is on the ground as A) customers demand ease of use from their products, B) the tools of identity grow tremendously, and C) the mainstream implementers is just beginning to come on board.

I realize this is a little "eric banging the same ole drum", but it really is great to see John and Jamie correcting reporting misconceptions.

Apparently, the Higgins announcement managed to confuse the analysts.

Good thing Phil's over here sorting it out for them. ;-)

This article points to an OEM relationship between Motorola and A4Vision. The relationship will drive Motorola's identity management business. Quoting:

A4Vision Inc. announced that the company has entered into a strategic OEM relationship with Motorola, Inc. A4Vision will provide its patent pending 2D/3D ICAO compliant camera and award-winning 3D facial recognition software to Motorola as a key software and hardware option. The technology is featured in Motorola's Identity Management and Security Solutions Portfolio, a complete document management and biometrics identification system for enrollment and issuance of secure national ID cards and passport documents.

One of the trends that Phil and I highlighted coming out of RSA was the movement of identity management *downstream* into the small and midsize business market. This movement could be seen in IBM's Tivoli Express product, in BMC's .NET suite of Identity management tools, and in companies like A10 networks.

I highlight A10 because they're a startup that is clearly aimed directly at the SMB marketplace. Their technology fits there. Their delivery mode fits there. And (most importantly) the way in which they're building out their sales model (via a channel) fits there.

All of this is extremely important as it lets us know that we're beginning to head toward the bulge of the bellcurve that makes up the majority of the marketplace.

There's a reason that IBM retooled their Tivoli suite (and reportedly got it down to 12 questions to set up an identity management system), and there's a reason that a company like A10 gets funded and then gets traction.

The reason: the market opportunity is enormous.