ConnectID

Phishing for numbers

2009-06-30T18:25:00.000-04:00

Please sign-in by entering the grid numbers corresponding to your previously selected pattern (and indicate which site you believe you are signing in to. Not that we don't ourselves know, we're just testing you)

Contextual reputation metrics

2009-06-30T07:38:00.000-04:00

I received an invite to connect from a friend - this time from TripIt - the online travel organizer (which I love).

Presumably to encourage me to accept, the invite includes the phrase

X has traveled 31,102 km to 9 locations

Well that's good, cuz there is absolutely no way I would friend-up with anybody below the 30k threshold.

Vertical networks like TripIt of course have an advantage over horizontal networks in being able to offer such metrics - all they have to offer is # connections.

I swear this was not a set-up

2009-06-29T17:21:00.000-04:00

Eve's insight notwithstanding, I've seen no better application of Venn than this from my 7 yr-old daughter

Just think what she could have accomplished with some saran wrap....

Worth a try right?

2009-06-15T11:57:00.000-04:00

Open letter to my (lazy ass) neighbours

2009-06-12T08:38:00.000-04:00

Dear neighbour,

Hey no, let me pick that litter up for you. Yes I know it fell out from the garbage cans you placed at the bottom of your driveway 2 days ago and is technically still on your driveway but, still, let me get it. I know you are far too busy being important for such matters - I'm more than happy to help.

Pardon me, what's that? Toilet paper? Sure, here it is. Can I help you with that too?

Sincerely yours

Paul

p.s. I have my dog pee on your lawn.

Sensing a meme

2009-06-12T07:42:00.002-04:00

Just in the last few days, I've noticed two different ad campaigns (one for a coffee, another for a travel broker) that go something like this

'In these tough times, we decided not to spend money on a glitzy and expensive ad. Instead we made this cheap ad and used the money to do X '

where X is something altruistic or green.

It would seem that marketing research shows that the recently laid off find ostentatious and frivolous commercials offensive - go figure.

I can see an IdP trying it

'In these tough times, we decided not to spend money on an expensive identity proofing process.....'

Drinks, keys, and computers

2009-06-10T09:59:00.000-04:00

It seems a safe time for me to report that my MyVidoop image grid categories were drinks, keys/locks, and computers. K, B, and E in the below.

You might have even already guessed that (I'd guess I wasn't unique in the industry to make those choices)

Hmm, online access .... Now there's a thought

2009-06-10T06:47:00.000-04:00

Hartford Canada does not give individual investors online access to their accounts.

I played the 'user-centric card' in my complaint

Can you please explain why I am not given online access to my account? Is it that Hartford believes I am insufficiently intelligent or financially educated to understand the numbers? Must my advisor interpret them for me?

Their response

Thank you for your inquiry regarding online access for investors.

We are in the process of building our online presence and are investigating
how we can enhance our site to make it more useful to investors. Online
account access is one of several enhancements we are investigating

Well yes, allowing access is definitely one option for making the site more useful. Perhaps deprecate the flashing text and animated gifs as well?

I hope the fund managers show more insight and vision that does the Hartford CIO.

My technical analysis is showing a strong sell signal.

Identity-based Access Control Policy

2009-05-29T05:44:00.000-04:00

A Mathematical Model for Risk Scaling

2009-05-27T09:43:00.000-04:00

We posit that the risk (R) for identity leakage from some authority is proportional to both the volume (V) of identity data held and the surface area (A) by which identity can leak.
Therefore, we can deduce

Figure 1: Risk as function of size

where r is a measure of size as determined by number of users.

Conclusions

We can therefore see that risk scales with the fifth power of size. As an example, an OP with twice as many users as another is 32 times more vulnerable to identity leakage.

Acknowledgements

This research was made possible by generous financial assistance from TAPPOP (The Association of Pure Play OpenID Providers).

Burnt Sienna?

2009-05-25T17:12:00.000-04:00

That is Orange with a red tint isnt it?

I don't know whether the vulnerability is real or not, but if so, the ramifications don't stop there.

I expect there might be some French RPs temporarily taking down those cute square Orange buttons from their sign-in pages.

Tracking Chip Provenance

2009-05-25T14:37:00.000-04:00

No, not from Intel, the other kind of chips. It seems that consumers feel less guilt in gobbling down a bag of crisps once they determine that the potatoes were 'local grown'.

'Locally grown' reminds me another trendy term for which there is no agreed upon definition.

Deployment stats

2009-05-25T07:25:00.001-04:00

Some surprises here

Playing with Flock browser

2009-05-21T06:46:00.001-04:00

Liking the Facebook & Twitter integration.

Under the guise of a 'Normal' & 'Advanced' setup choice, the installer tries to sneak in

making Flock default browser
sending anonymous usage stats

Are these choices really only relevant to 'advanced' users? I can see proxy configuration ....

Blogged with the Flock Browser

Assurance-based RP decision tree

2009-05-19T19:17:00.000-04:00

Click on image for zoom

I believe the term is 'wacked'

2009-05-19T15:18:00.000-04:00

I was sent a Facebook friend request intended for a relative with a similar name.

Check out what I was forced to concede just so I could send a message explaining to the sender why I was declining the invite

A 4-corner model for risk

2009-05-19T13:07:00.000-04:00

Violent agreement

2009-05-18T17:00:00.000-04:00

I'm sure the sounds of confirmation from this panel must have been deafening.

Photo from Trent.

IIW Submission

2009-05-17T07:04:00.001-04:00

While I may not be attending in person, I do feel that there are still significant contributions I can make towards identity progress - specifically the following idea for a skit for the IIW Untalent show.

The following idea for a skit for the IIW UnTalent show is licensed under Creative Commons as 'Ignore & Forget'.

Here follows my idea for a skit for the IIW Untalent Show.

My idea for a skit for the IIW UnTalent Show is a take-off on the Dating Game. On stage will be an RP/SP (I see somebody from eGov or Health in the role, ideally in a dress for comic effect) asking all sort of hilarious and probing questions of the 3 candidate issuing parties (an IdP, OP, & STS) also on stage.

Questions such as

1) #1, there is nothing I find more romantic than a moonlight stroll down an audit trail. What parts of assurance do you find romantic?
2) #3, have you ever been proprietary? Are you still taking medication for it?
3) #2, My girlfriends say I'm a risk taker when it comes to choosing partners. How would you describe your own attitude towards risk, using, oh lets say, a scale from 1 to 4?
3) #3, Pop-up or redirect - I go both ways, what about you?
4) All, if you want to 'do business' with me, its WS-Federation or nothing. Ha ha just joking, just wanted to see if you were listening.

And of course the answers to the questions will be filled with all sorts of identity innuendo and protocol double-meanings. I'm laughing already. A guaranteed riot.

A pain in the neck

2009-05-14T15:45:00.000-04:00

Johannes has a pain in the neck.

As someone who has had a headache (the same one, to varying intensity) for approximately 12 years now, I am totally with Johannes on the importance of posture, neck, back & abs strength to fighting back.

My headache began one week after I started a job which had me at a desk the whole day. I will not bore you with the countless fixes I tried over the years (suffice to say Neti pot). It's only the fact that I now work from home, with the flexibility for work location, integrated stretching/exercise, G&Ts etc that has given me control.

I do all the same neck stretches that Johannes describes. Ultimately though, for myself, the only thing that can effectively kill a headache in its tracks are pressure point massagers that I found in the Tokyu Hands department store in Tokyo (the Japanese take stress reduction very seriously). If you have neck pain and find yourself anywhere west of San Francisco, make a trip to Tokyu Hands.

Early friend request

2009-05-14T11:14:00.000-04:00

A letter from Prince Henry (future Henry VIII) to King Philip of Castile

n,To PHILIP, KING OF CASTILE

RlGMT EXCELLENT, RIGHT HIGH AND MIGHTY PRINCE,

I commend myself unto you in most hearty and affectuous
manner. And because the Chamberlain of my dear and best-
beloved consort, the princess my wife, goeth presently to you,
for certain matters which, as he says, concern him there, he has
besought and required me that I should write to you in his
behalf. Right excellent, right high and mighty Prince, very
cordially I pray you that you will hold him recommended in
these his affairs; and that from time to time you will ascertain
me and let me know of your good health and prosperity, the

which most singularly and with all my heart I do desire to be
of long continuance as in manner mine own. And tor my part,
whensoever I may find fit bearer, I am entirely resolved to do the

like for you.

Furthermore, on your signifying if there he anything here,
in the which I may do you honour and pleasure, I will take the
pains to satisfy you therein with all my heart, with the help of
our Lord, whom I pray, right high, right excellent and mighty
Prince, give you good life and long.

Written at the manor of Greenwich, the yih day of April,
Your humble cousin,

HENRY, PRINCE OF

Choices choices

2009-05-12T16:50:00.001-04:00

On Twitter today I saw a thread between Nishant and others bemoaning the negative impact of Twitter on their blog statistics (posting not readers).

I see the effect on my blogging as well. Why go to the effort of a 1 minute blog post when a 30 sec tweet can scratch the itch?

For myself, I think I need to define some criteria to help me assess when a given topic warrants the 'weight & complexity' of a full blog post, or is such that the 'lightweight & open' Twitter will suffice.

Hmmm. Might be able to apply those sort of criteria elsewhere....

AA not AAA

2009-05-11T15:20:00.000-04:00

Hey Phil, how about a variation of this for a KNX use case?

Problem drinker (intentionally) gets a card from AA, KNX scripts filter his web content to remove any ads for booze.

All the other 12 step programs would issue their own cards to their members.

Addictive personalities could get hybrid cards as an efficiency.

Buy page area, they aren't making any more of it (well not enough)

2009-05-07T15:15:00.011-04:00

Phil responded to my post with his own balanced analysis comparing GreaseMonkey and the KNX model for page augmentation/customization. I don't doubt that the KNX model is more powerful, secure and flexible than GreaseMonkey - my original point was only that it was evolutionary more than .... well you know.

Whatever mechanism you use to augment/annotate the page at the browser, there is only so much page real-estate to go around.

I upgraded my version of Xmarks, a Firefox extension that syncs bookmarks across multiple browsers and afterwards saw the following on Google's search page.

The blue icon is the extension's 'Smart Search', appending its own links to Google's search results page based on some criteria I know not what. It snuck onto my page.

Makes me wonder how many different extensions, GreaseMonkey scripts, and information cards/selectors are going to be fighting for those precious few square centimetres (even fewer square inches) of real-estate besides the search results.

How will the user manage these? Cards, if grouped into personas (e.g. I'm in shopping mode), could be useful.

Also makes me think there is a market for SAO - search augmentation optimization.

Reuse

2009-05-07T14:35:00.000-04:00