Clippings

From InternetIdentityWorkshop

Contents 1 2007-06-20 2 2007-06-19 3 2007-06-18 4 2007-06-17 5 2007-06-15 6 2007-06-14 7 2007-06-12 8 2007-06-09 9 2007-05-27 10 2007-03-02 11 2007-02-06 12 2006-12-04 13 2006-10-22 14 2006-06-26 15 2005-10-12

2007-06-20

• Ethan Ackerman: The 4th Ammendment in Your Inbox supplementing Randy Picker's 2007-06-18 analysis of the privacy-significant Warshak vs. US decision at the 6th Circuit.
• Kim Cameron: Collusion takes effort; how much? wherein Eric Norman expands our sensibilities about collusion (see yesterday) and ties in Warshak vs. US to boot.
• Michael Kaplan: Overheard Recently where we might consider the identity of someone whose voice is dubbed by the same translator throughout the international run of a television series: Who is your character? Who are you (the actor)? What are the identities involved? In all of the translations and language/culture markets?
• Joshua Porter: Common Pitfalls of Building Social Web Applications and How to Avoid Them, Part 2 evoking déjà vu with conversations about Identity Commons as a community and despair over the missing archived knowledge for Internet Identity Workshop

2007-06-19

• Stefan Brands: Anonymous Credentials? No, Minimal Disclosure Certificates! continues the web-wide discussion on Kim Cameron's starting-gun post on evolving privacy technology.
• Kim Cameron: Long live minimal disclosure tokens!, responding to Stefan Brands post, proposing a remedy that separates privacy and anonymity. Kim abandons some misleading nomenclature and proposes an alternative to the correction by Brands.
• Eric Norman: Collusion takes effort; how much? introducing Eric Norman's new blog, drawing a bridge between Kaliya and Kim Cameron, Washack vs. US and Evolving Technical Privacy (Orcmid 17:46, 20 June 2007 (MDT))
• Pat Patterson: Single Logout with SAML 2.0 and PHP, describing the OpenSSO extension for Single Logout, illustrated by a worked case. I need to read this because I can't understand why it's important. Also, why do we say Sign On but Log Out? Neither Sign In nor Log In? Who makes up these rules?

2007-06-18

• Kim Cameron: No masks in the grocery store discusses the response to Kim's 2007-06-17 post by David Kearns (responding to Paul Madsen) on the prospect of a relying party linking through correlation across time.
• Kim Cameron: Colluding with yourself continues the discussion by quoting the full Paul Madsen article and discussing a couple of its points. I do not propose to make a habit of clipping this sort of back-and-forth. The individual blogs provide examples aplenty. These two citations are illustrative of the flavor, at least from Kim Cameron's perspective. Orcmid 13:45, 19 June 2007 (MDT)
• Kim Cameron: Revealing patterns when there is no need to do so follows on the earlier discussion of collusion (while we are still on step #1 of Kim's planned analysis. What shows up beautifully here is how a cross-blog conversation is used to sharpen the edges of the discussion and also surface an important tie-in between correlation and Too Much Information (TMI). I promise I am not going to clip all of these, but demonstrating the pattern of these inquiries seems valuable, IMHO Orcmid 13:45, 19 June 2007 (MDT)
• Pat Patterson: SAML 2.0 HTTP-SimpleSign Support in OpenSSO SAML 2.0 PHP Extension allowing digital signatures that avoid XML canonicalization by encoding the XML in Base64 and signing that blob. This responds to an old complaint about XML signatures but leaves the problem that any directly-accessible XML copy leaves the signature behind and there is no way out of that. An useful demonstration of how to do it if you can tolerate operating inside the limitation.
• Randy Picker: Regulating the Cloud: Warshak v. United States discusses litigation that has an impact on the expectation of privacy for data of ours and about us in the cloud. (Kaliya Hamlin adds some great color to this case in "Yeah! for the Fourth Ammendment." Orcmid 13:56, 19 June 2007 (MDT))

2007-06-17

• Kim Cameron: Evolving technology for better privacy, the first in a series describing ways to prevent linking of information by relying parties and/or identity providers. This post is also handy for establishing the terms of discussion with a basic example of X.509 certificates and PKI signing as a form of authentication.

2007-06-15

• Oren Eini: The Myth of the All-Inclusive Meta-Entity, reminding us to consider that an identity might be of merely an aspect in relevant context
• Johannes Ernst: Sun's OpenID Provider is On-line
• Jerry Fishenden: From Oxford to Rio - identity and privacy, links to a webcast and some other material
• Eric Goldman: Lawyer Rating Service Sued—Browne v. Avvo, having to do with reputation/rating and services, groups, people that do it, perhaps wrongfully, perhaps not
• Pat Patterson: OpenID @ Work - Architecture, source of details on openid.sun.com
• Joshua Porter (Bokardo): Comic - Et tu, Brute?
• Gina Trapani (Lifehacker): Shutdown - What To Do with your Yahoo! Photos and indeed, what happens to an identity and related artifacts (i.e., "your" stuff) when a hosted service (e.g., an identity provider) shuts down or a service (a relying party) introduces/changes identity authentication regime. Is now the time to start thinking about end-of-life scenarios? Orcmid 10:34, 15 June 2007 (MDT)
• Jon Udell: Facebookizing the Web, Webifying Facebook, on diffusion between walled gardens (presence silos, in my thinking) such as Facebook and Internet presence: can we have it (when there's a business model?) and what rôle will identity metasystems serve? Orcmid 11:36, 15 June 2007 (MDT)

2007-06-14

• Hubert A. Le Van Gong: OpenID @ Work - Architecture, providing some much-needed diagrams (and perhaps the start of a picture-clippings section here? Orcmid 12:04, 15 June 2007 (MDT))
• Robert Scoble: I Love Dawn ..., wondering what can be done when people say stuff about us that isn't so and it takes on a life of its own, an identity not of our making, Orcmid 11:01, 15 June 2007 (MDT)
• Robert Scoble: Too Accessible, reflecting an identity+presence silo problem (check the comments)
• Robert Scoble: Valleywag Offers Me a Job ... on being misrepresented by a gossip columnist, not quite up there with cyber-bullying but certainly a question around having mischief done with our identity and rôles, Orcmid 11:01, 15 June 2007 (MDT)

2007-06-12

• Avi Bryant: Technorati Needs To Catch Up to Facebook, bridging an interesting conversation with Jon Udell about Facebookizing the Internet, raising interesting challenges for identity metasystems (Orcmid 11:45, 15 June 2007 (MDT))
• Eric Norman: What Does an IdP Do? eye-opening simple explanation of the Identity Provider's rôle and the Identity Selector's rôle, with a cautionary wink toward OpenID Provider? (Orcmid 17:56, 20 June 2007 (MDT))

2007-06-09

• Paolo Massa: Reputation is in the eye of the beholder - on subjectivity and objectivity of trust statements, position paper for the Security Issues in Reputation Systems workshop at the European e-Identity Conference, in Paris 2007-06-11 to -13 (Orcmid 13:22, 15 June 2007 (MDT))
• Eric Norman: Horrible Human Engineering with a quick crotch-kick to an ugly CardSpace example as a not-too-subtle reminder that the human factor is always paramount and no one is exempt from fumbling it up — the big test is how rapidly repairs are made (Orcmid 18:11, 20 June 2007 (MDT))

2007-05-27

• Eric Norman: OpenID as a Laboratory eyeing OpenID (with a little less framework, perhaps) as a wonderful laboratory for working out identity-system concerns, with an eyebrow raised in the direction of Higgins too (Orcmid 18:15, 20 June 2007 (MDT))

2007-03-02

• Hubert A. Le Van Gong: Deep Dive on SAML 2.0 vs. WS-Federation, for those keeping score at home (Orcmid 12:00, 15 June 2007 (MDT))

2007-02-06

• Jon Udell: Critical Mass and Social Network Fatigue focuses on social-network fatigue and how what's needed is to factor those overlays out as something that works on the global Internet (where identity metasystems should surely matter? Orcmid 11:45, 15 June 2007 (MDT)), with great discussion in the comments

2006-12-04

• Danah Boyd: Friends, Friendsters, and Top 8 — writing community into being on social network sites, First Monday 11, 12 (December 2006), where the notion of writing into being and the repercussions for identity merit careful attention (via Robert Scoble, Orcmid 19:09, 20 June 2007 (MDT))
• Hubert A. Le Van Gong: IIW2006b SAML/Liberty Presentation (digging up background items deep in this blog, Orcmid 12:10, 15 June 2007 (MDT))

2006-10-22

• Hubert A. Le Van Gong: Identity Federation overview and illustration of where one Circle of Trust shows up (Orcmid 12:29, 15 June 2007 (MDT))

2006-06-26

• Hubert A. Le Van Gong: A Taxonomy on User-Centric Identity mainly links on this useful topic (Orcmid 12:44, 15 June 2007 (MDT))

2005-10-12

• Hubert A. Le Van Gong: Liberty Releases Deployment Guidelines (later moved, but available on the Papers section of the Liberty Resource Center - Orcmid 12:44, 15 June 2007 (MDT))