1. POSTCARD FROM IDENTITYNEXT 2013
IdentityNext is a unique conference that pulls aspects from several of the identity
events I’ve attended over the years. As only a handful of Americans attend, it
reminded me of Kuppinger’s EIC (European Identity Conference). There were
delegates from many Western European counties, for example Sweden, Denmark,
France, Germany, Austria, Spain, Belgium, the Netherlands (of course), England
and probably a few more. The focus on privacy reminded me of the PII (Privacy,
Identity, Innovation) which is held several times around the US. And finally, it was
the second conference I attended this year that had an “un-conference” portion,
inspired by IIW (Internet Identity Workshop).
It was a great honor for me to deliver the opening keynote. I wanted to give a
general interest talk about federations, an introduction to OAuth2, and describe
how these two technologies could be combined to the net benefit of society. I was
a little tense, especially as I’d never attended this conference. My slides are here. I
was amused that Martin Wegdam quoted me on Twitter as apologizing for
previous XML identity standards. I was not really serious… As Andre Durand says,
“Identity” is a big and complex domain of knowledge. If we (as in the global
community of identity architects) had figured “it” out on the first try, it would have
been a miracle. Defining standards for identity has been an iterative process. And
13 years later, I think the work done on OpenID Connect puts us on the verge of a
good technical standard for one aspect of Identity–authentication. “Connect” has
achieved something even more elusive: consensus.
2. One of the best talks was given by author, journalist and teacher Pernilla Tranberg. She
presented an up-to-date view of the current state of online privacy, and some pragmatic
strategies we can consider to achieve more control of our personal data. For example,
don’t use Google search… use “Start Page”, which strips out all the tracking cookies that
sell to advertisers the interested implied by your Internet searches. Also, advise your kids
to sign up for Facebook using a different name so they can start their adult life with a
clean slate.
One of the most amusing talks was given by Mike Chung from KPMG on the topic of
predications. He recommended a number of books: Nate Silver’s The Signal and the
Noise, two books by Nassim Nicholas Taleb: The Black Swan and Fooled by Randomness.
Dan Ariely’s book Predictably Irrational. Robert Kaplan’s Revenge of Geography and
Daron Acemoglu’s Why Nations Fail. Robert McNamaras In Retrospect and Jim Paul’s
What I Learned Losing a Million Dollars. Apparently none of which helped him very much
given his self-proclaimed abysmal record making accurate forecasts in identity and access
management. For example, he forecast in the mid 2000’s that WS-* would be the
predominant federation protocol among other equally inaccurate claims. He totally
missed the rise of mobile computing. And even more amazingly, companies paid him his
inaccurate advice. Hearing stuff like this makes me nervous about the big bets Gluu has
placed on OAuth2, and reminded me that if Gluu is able to invest our scarce resources
properly in one of the most dynamic technical markets, we’re probably more lucky than
smart.
3. Most Americans are unaware of the identity card programs that have been
undertaken by almost all European governments. The conference featured talks on
the efforts of Sweden, Germany, and Belgium. All of these cards can be used to
access government services. But many are expanding to B2B and B2C purposes.
For example, in Belgium there are beer vending machines that read the birthday off
of your national id cards to figure out if you’re old enough to be served. In Japan I
video-taped a machine that automatically poured a glass of beer. Its clear… our
country is just so far behind, it’s ridiculous.
Given my keen interest for federation, the talk I got the most out of was Rainer
Horbe’s ’s talk on federation. Austrians clearly understand the value of federations,
and also that these federations are hard to form. So the Austrian Chamber of
Commerce formed the Wirtschaftsportalverbund (which believe it or not is an
abbreviation for something like the Austrian Identity Federation Authority) which
aims to establish B2B and B2C federations the cost of identity management and
SSO. This group is creating a framework to help businesses jumpstart federations,
including the required technical and governance components.
One of the most interesting conversations I had at the conference was with Haydar
Cimen from KPN and Steve Pannifer from Hyperion Consulting regarding Snowden.
While a majority of Americans now regard him as a heroic whistle blower, his
support in Europe is even higher. In fact, I seem to be the only one in my industry
who thinks he needs to answer for his actions.
4. My problem is that if more people follow his precedent, our government and
businesses couldn’t operate. If he thinks the moral imperative to uncover this wrong
was sufficient to justify his actions, he shouldn’t be hiding in Russia. If he had stayed
in the US, I’d support him for standing up for his beliefs. Many people don’t think he
would have gotten a fair trial if he had stayed. Or that maybe the government would
have water-boarded him, or left him in solitary for years like they did to Manning.
Whatever you think of Snowden, it’s clear that our allies view the US as little better
than China, are hesitant to travel to the US for fear of being the victim of a big-data
analysis snafu, and are resentful that their systems are being hacked in the pursuit of
America’s enemies in a covert cyber war for which we apparently have a great talent
(and an insane amount of budget).
I was happy to see many old friends, especially from Surfnet and Kinnesnet. I also
got a chance to chat with Hans Zandbelt from Ping Identity. Apparently after working
all day on helping companies implement federation, he can’t get enough, so he has
been moonlighting to write his own OpenID Connect plugin for Apache. It’s much
simpler than the one Gluu has undertaken in our crowd-sourcing project. The nice
thing about it is that it is standalone. Gluu uses a local process, “oxd”, to handle the
OAuth2 messaging. Some people don’t want this additional complexity.
5. We used this approach because it enabled us to leverage our Java libraries for
OpenID Connect and UMA, and it would have taken us too long to do all the
messaging in C (as we already have Java libraries written). Hans’ plugin supports
less features, but its a great example of how you can use a subset of the features if
it suits your purpose. More options for developers is great, so I hope Hans has the
energy to keep working on it, and to make it available to other developers. If you
want to look at the code, its currently here.
Finally, one of the best uses of technology on display in a video from the UK by
hipster the “Urban Wizard.” To express his identity he likes to dress up like a wizard
when he walks around London. He melted his Oyster card (subway debit card), and
attached the chip to his staff. As he walks into the subway, he touches his staff to
the turnstiles, and magically, the doors swing open. Apparently the police were not
amused, and won’t let him do this anymore. But it’s a reminder that technology is
not a one-size fits all affair. People will use things in ways the developers never
intended. Who knows what OX will be used for one day… open source and open
standards are more embracing of this phenomenon than the metro police
Article Resource:-http://thegluuserver.tumblr.com/post/68143784696/postcardfrom-identitynext-2013