I was thinking about David Maynor’s post on Cisco’s latest security updates. His feelings are quite clear on the danger of a homogenous network:
Again let me state for the record how I feel about this: do not buy a single vendor solution for something as important as the very basis for how your network operates. I know you may get volume discounts or sales reps might take you to nice lunches but eventually something like this will happen.
Mike has clearly been doing some heavy thinking and his recent post on his Law of Relational Risk is evidence of that. Mike’s last idea in the piece caught my attention, the notion of Relational Continuity Sockets Layer. The idea is that:
It would allow multiple participants to interact on a channel that is secure for the duration of the relationship or at least one risk cycle (this means longer-lived sessions than SSL) and allows for relation IDs (similar to session IDs).
If we have security theater, then we must have security actors. Wouldn’t you love to be one? Now you can.
Tuesday Night started as a social club at the Toledo Lounge. We used to gather, oddly enough, on Tuesday nights and mull over the week that had passed, current events, and Yuengling. From that spawned a mailing list, then a blog on Blogger, and finally, this site. Most of this stuff is Ian Glazer’s rantings. When he’s not working on this, which is most of the time, he can be found traveling, cooking, taking photos, doing taiji, and, most likely, eating. Feel free to drop him a note using the following form and/or find out more about his professional life. The writers on this blog have day jobs - honest, they do. The postings on tuesdaynight reflect only their personal views; they do not necessarily represent the views, positions, strategies or opinions of the authors’ employers. [contact-form subject=’[ian glazer%26#039;s tuesdaynight’][contact-field label=‘Name’ type=‘name’ required=‘1’/][contact-field label=‘Email’ type=‘email’ required=‘1’/][contact-field label=‘Website’ type=‘url’/][contact-field label=‘Comment’ type=‘textarea’ required=‘1’/][/contact-form]
During his talk to day, Jim mentioned that as he began to write his book, his surveyed the existing identity literature and theory and found them extremely lacking. Fair enough. There really isn’t a lot out there on credentialing and identification. This triggered a thought/memory/realization. I’ve never quite understood why I like working in the identity space. The people are interesting, sure. The concepts are approachable and visceral… after all, identity management is about me: my stuff, what am I allowed to do, who is allowed to know what about me, etc. At the bottom of it, the problems of identity are fascinating to me. And in the instant I pondered Jim’s point that there was little identity literature, I realized that he might not have been looking in the right place. He probably didn’t expect that one of the greatest bodies of writing on identity lives in Scottish Literature. Years ago, I spent my junior year abroad at the University of Edinburgh. Scottish lit was part of my course work. Ian Campbell, Cairns Craig, and Alieen Christianson were my guides through everything from Redgaunlet to Mary Queen of Scots Got Her Head Chopped Off. Scottish writers have a strong tradition of approaching identity and duality issues. Three that books I read and highly recommend: • The Private Memoirs and Confessions of a Justified Sinner by James Hogg • Strange Case of Dr. Jekyll and Mr. Hyde by Robert Louis Stevenson • Lanark: A Life in Four Books by Alasdair Gray Each one is packed with identity fun. Identity fraud, identity theft (the real, metaphysical kind… wait, can something be real and metaphysical?), self-asserted credentials, and more. Ok, I grant you that none of those titles cover strong multi-factor identification, federation, URL-based identity and the like, but they do make for a great read. And if it ever gets cold around here again, I’ll definitely be picking one of them back up for some fireside reading.
While Washington, DC may not have a lot of companies working on identity technologies, it certainly has a lot of bright people working on identity policies. This afternoon I got to hear one them, Jim Harper, speak about his research into identity and identification and his subsequent book, Identity Crisis: How Identification Is Overused and Misunderstood. If you haven’t read it yet, do so. It is an approachable survey of identity management and identification issues facing the U.S., set in the context of the REAL ID Act. (The short blurb I gave my mother-in-law about the book was enough to get it into her reading stack.) This wasn’t the first time I had the opportunity to hear Jim; Phil roped him into giving a keynote at Digital ID World last year. There were two items I took away from his talk. First, Jim has an excellent analogy on how we protect physical assets versus how we “protect” electronic financial data. How many keys do you have in your pocket or purse? I’d wager it’s probably more than three. I’m also confident that you have a bunch more keys at home in the drawer somewhere. Each key matches up to an important physical asset: an apartment, a bike, a car, a safe, etc. In fact, you may even use multiple different keys to secure the same physical asset. Although convenient, I don’t think anyone would use the same key for every asset they own; just the idea of it seems somehow unsettling. Jim makes the point, if people don’t use a single key for securing their physical assets, how come we have (or are coming dangerously close to) using a single key, social security number, for “securing” all of our financial data? Second, the point that credentialing, or authorizing, is just as important as identifying. At a point-of-sale terminal, merchants are primarily interested in can you pay, not who you are. Knowing that you are allowed to travel, but hiding who is doing the traveling. This smacks of both Dick’s Identity 2.0 talk and Bob’s talk on the Identity Oracle from last year’s Catalyst. The question was raised what are the real opportunities that people have to opt-out of large scale identification. In reality, it is hard to opt-out of being identified and continue to fully function in society. There is a glimmer of hope in stronger identification systems allowing citizens more choice as what is needed to identify them. This sits somewhere between Kim’s Law of Minimal Disclosure and the Identity Governance Framework. All in all, it was great to hear Jim speak and heartening to find parallels between identity policy and identity technology. I am concerned that too many bright identity minds are wrapped up in “enterprise” projects and have lost a bit of the wider societal view of the implications and impact of their work
I never knew that Sir-Mix-A-Lot covered “I like big butts.” I also didn’t know that Bod Dylan wrote it. It must be true because the Internets told me so. See… this rockumentary explains it all.
So, if these articles are to be believed, then Sarbanes-Oxley is the real reason why Apple is going to charge Intel Mac owners 5 bucks to unlock their 802.11n wireless cards. In Apple’s eyes, if they release a product, recognize the revenue from said product, and then enable a funciton in that product that you’ve already paid for, they violate SOX. Any SOX experts out there?
I suppose, when casting for a movie, you look for some special actor that can turn an ordinary movie into a magical one. Often times, in American movies, you grab a foreign actor to play that role. But, if you are a foreign director, you get… Tom Waits. For some reason, I cannot help but see this trailer and think: did Thomas Pynchon and Umberto Eco team up to write the script?
Over the holidays, I was starting to feel Americans are defined only by our possessions. How much do you have? How many? What quality is it? Kev commented on a similar topic of buying nothing. I try to be a good anti-consumer. I have more crap than I really need. I have way more stuff than a good chunk of the world’s population. These things I know. But, that being said… I really NEED one of these and I need it now.