Anyone care to comment on the following pic? Questions to ansers:
Thanks to Josh for this one.
Indonesia to try and plug mud volcano with concrete balls. First, that headline is in dire need of a comma or two. I didn’t know that volcanoes can spew different things. Mud volcano. Lava volcano. Refurbished iMac volcano. It is truly amazing what nature can produce. Also, I didn’t realize that volcanoes could have balls, let alone concrete ones. I’ll give Indonesia an A for creativity and effort. I just wonder what happens when the volcano is full of concrete balls. In the future will we read a headline that says: Indonesia pummeled by concrete balls launched from constipated mud volcano. Tune in and see.
[POSTTAGS]
Conor has graciously explained the “strangeness” I felt in the Advanced Client scenarios. He explains that this part of advanced client work:
addresses the problems involved in provisioning functionality to a secure container that is associated with a user somewhere nearby
That snippet was enough for me to grasp it. Read the rest of what he has to say for more. I wanted to clarify on two points he made. First:
While the SPML in the Draft Liberty ID-WSF Advanced Client Specifications discussion continues, I want to go back to what I really meant to ask in my previous post. (I have a tendency to jump ahead a few questions, skipping over what should have been asked first, and asking deeper knottier questions. Attribute this to my habit of jumping into the middle of river before figuring out how to cross it… once you are in the middle of the river, you tend to figure it out very quickly.) Back to the question - what, if any, is the bridge between user-centric identity and “enterprise” identity? I can see somewhat of a bridge for companies selling federation. Andre has done a good job of explaining his consumer-centric authentication solution. I can see how Ping “backed into” this solution. From the enterprise’s perspective, can user-centric identity be seen a ultra-federation? Certainly, the tooling needed to handle a federation of dozens of partners is very different from the tooling needed to handle internet-scale federation. Perhaps the only true linkage is on the Relying Party side of things. “Enterprise” identity systems manage the back-end work; user-centric tools handle the conversation between user, RP, and IDP. I’m in the middle of the river here figuring a way to the other shore; help me out if you can.
Thanks to Raj, Paul, and Conor for all chiming in on my previous post of SPML in the CardSpace world. Conor wrote:
However, we also decided that this “model of provisioning looked a bit strange” to try to shoehorn into SPML as the problem we were solving was just different. There was at least one contributor to SPML in the room while this disucssion was going on and the decision was being made, so I presume they also felt that the model was “strange” for SPML.
I love my iMac. Really. Truly. Love it. Every so often it does something to test my patience. When the mood strikes me, I like to take a self-portrait using Photo Booth, the cute little app that Apple has built. I send the photo of to friends and loved ones. It is a more interesting way of saying hi than:
Hey - What’s up? I’m bored. i
At any rate, I wanted to do that this afternoon. I fire up Photo Booth and it tells me another application is using the iSight camera, please close that application and try again.
I was reading about Conor Cahill’s workshop at RSA on secure provisioning of network credentials over the wire. It was a joint proof of concept between Intel, BT, and HP using Liberty’s ID-WSF Advanced Client. They talked about how to get credentials from service providers down into a client environment. (Although it is not a requirement, clearly Intel would love it if the client environment was a TPM-like object.) One aspect of all this is a provisioning service, one for which Liberty has cooked up a spec. As a user provisioning guy this model of provisioning looked a bit strange to me. Think telephone service provisioning, not enterprise user account provisioning. The funny thing is, I thought there already was a perfectly good provisioning service standard out there - Service Provisioning Markup Language (SPML). That got me thinking. Provisioning is an aspect of the identity lifecycle that you don’t really hear about in talks on Higgins and CardSpace and such. This is a bit of history repeating itself. Back in the day, the authentication guys got all the glory, all the publicity, and when it came time to make sure there were actually credentials in back-end services, they waved their hands. It was the lowly user provisioning system, the late-shift janitor of the identity world, that actually had to do the dirty work. Who is this janitor in the user-centric identity world? Before I go on without a better understanding, I’m looking for comments on this one. Where does SPML fit in this brace new identity world? Is the intention that SPML will be passed as part of a larger SAML assertion to establish credentials? Is the PSTC working on scenarios like this?
Mr. Bourdain shares his thoughts on the Food Network. The following gives you some idea what awaits you in this blog entry:
SANDRA LEE: Pure evil. This frightening Hell Spawn of Kathie Lee and Betty Crocker seems on a mission to kill her fans, one meal at a time. She Must Be Stopped. Her death-dealing can-opening ways will cut a swath of destruction through the world if not contained.
And when you finish your helping of Bourdain, try Buford’s take on the same subject.
New York is the location of yet another identity information on public website fun. It is sad, but I am kind of used to reading about these. What is slightly more shocking was the reason given why the data was out there in the first place:
The documents were posted on the New York site as a convenience to lenders looking to learn more about the financial status of potential borrowers.