May 22, 2009
Concepts and Methods V1.10
I've talked about a metadata exchange approach to inter-federation working here before. Since my last update, I think we've seen some level of acceptance in both the technical and policy communities that this is — at least in principle — a valid approach, and there is work going on in a variety of places on that basis.
One thing that has become apparent as that work has developed is that we need to look at some of our basic assumptions with a fresh eye: complex problems can be often be simplified by looking at them from a different direction. To that end, Chad La Joie (of SWITCH and Shibboleth) and I have put together Interfederation and Metadata Exchange: Concepts and Methods, the current version of which you can download here:
concepts-v1.10.pdf
The main aim of Concepts is to provide a framework in which it is possible to think clearly about identity federations in a multi-federation world. This involves first separating concerns and then recombining them in new ways, leading to what we think is probably best thought of as a global metadata layer. There is also coverage of some of the technical implications of such an approach, but we've tried to keep that part as light-weight as possible here.
During the recent Internet2 Member Meeting in Arlington, this document was also reviewed by Scott Cantor, Steven Carmody, Josh Howlett, Leif Johansson, Thomas Lenggenhager and Valter Nordh. We are grateful to our colleagues for their many constructive comments, which we have have tried to incorporate faithfully in the current version. I will leave it to those individuals to state whether, and to what degree, they endorse our conclusions.
Posted by Ian at 10:38 AM in Identity | Comments (0) | TrackBack (0) | Permalink
May 14, 2009
Details, Details
I've been using Apple's Mighty Mouse on my desktop machines for a couple of years now. I quite like them, although the mouse's inability to represent both mouse buttons being held down at the same time makes it necessary to keep a conventional mouse around for things like gaming.
This is a nice mouse to use, though. For example, it makes a nice solid mechanical click when you use the left or right buttons (even though there is really only one mechanical button — the whole mouse — touch sensors inside give you two "logical" buttons).
There's even a tiny clicking sound when you squeeze the side buttons or roll the little trackball around. You can hardly hear these sounds in a normal office, but they make all the difference to the "feel" of the device. And, until today, I would have meant that literally: I'd have sworn that I could feel the little clicks through my fingertips.
Today, quite by accident, I discovered that the mouse does not make these tinier sounds if it isn't plugged in… or, in the case of the wireless version, if you take the battery out.
Yes, there's a tiny speaker inside, whose only purpose is to make sounds that are almost — but not quite — too quiet to hear.
Posted by Ian at 3:27 PM in Hardware | Comments (2) | TrackBack (0) | Permalink
April 29, 2009
Lessons
I'm in Arlington, Virginia this week for the Internet2 Member Meeting. As usual, lots of good hallway conversations and meetings. I had to work my passage this time by contributing a presentation to a joint session on Building on Success: from Identity Federation to Interfederation.
As well as the traditional statistics about how large the UK federation has become, I talked a bit about some of the things I think contributed to its success. This was more in terms of broad concepts than details, the idea being to give people thinking of setting up new federations a guide to some of the tradeoffs involved.
As usual, here's a PDF version of my slides from the presentation:
20090428-Lessons-iay.pdf
Posted by Ian at 2:43 PM in Identity | Comments (0) | TrackBack (0) | Permalink
April 12, 2009
FAM Futures
Earlier this month, I led a couple of breakout sessions at the UK Serials Group's conference in Torquay.
I knew that I'd have a wide range of people in the room in each session, so I put together a slide deck that would have something for everyone and talked about different subjects to different levels on each of the two days.
Some of the slides won't make much sense without explanation, but others do stand alone, I think. If you're interested, here's a PDF version of the slides stripped of the animations:
20090331-Futures-noanim.pdf
Posted by Ian at 1:08 PM in Identity | Comments (0) | TrackBack (0) | Permalink
February 18, 2009
Bedside Chocolate
This is another "snapshots from my travels" picture, from a recent trip to Zürich, Switzerland.
In many countries, it's common to find an inedible boiled mint on your hotel pillow. In Switzerland, hoteliers apparently have tastebuds that work.
Posted by Ian at 6:09 PM in Photography | Comments (0) | TrackBack (0) | Permalink
October 15, 2008
Avoiding the Martians
Alastair at UHI comments on my most recent Metadata Interchange document revision. His post highlights a couple of places where I can see I need to clarify what I'm proposing in a future revision. I recently purchased a copy of the OmniGraffle diagramming tool, and Alistair's post is a good example of why… sometimes a simple diagram really can be clearer than large amounts of plain text. Misunderstandings aside, I think we agree on most things.
One area where I've felt for some time we all need to express things more clearly is with regard to that thing we call "trust". I usually break this down first into "technical" trust (which allows you to know you're talking to the entity you think you are) and "behavioural" trust (which gives you expectations about the behaviour of a known entity). This isn't the whole story by all means, but does allow us to see that trust isn't a singular property; it's more like a stack or chain of elements that we can build up into something we can actually use.
Any federation can choose to act as a trust broker at many levels; for example, one federation may have strictly enforceable rules controlling member behaviour while another may leave behavioural trust to bilateral arrangements between members (such as the commercial contracts that are usually present in content licensing situations). The UK federation is towards the latter end of the scale: as all federations do, it acts as a broker of technical trust, but mere presence of an entity within the UK federation's metadata has never carried any behavioural guarantees.
What this means is that if you're used to operating in something like the UK federation, your stance is already to treat everyone as a potential ray-gun-toting Martian unless you have some specific reason to view them otherwise. Adding more Martians from other federations therefore doesn't change anything; the important thing that an inter-federation agreement adds is the assurance that the originating federation has registration procedures strong enough to prevent a Martian from masquerading as someone you have a real relationship with, and conversely provides technical trust strong enough to support you in picking the entities you do want to do business with out of the sea of entities you don't care about.
Posted by Ian at 5:33 PM in Identity | Comments (0) | TrackBack (0) | Permalink
October 12, 2008
Metadata Interchange V3
Many thanks to everyone who commented on the previous edition of Some Notes on Metadata Interchange. I'm in New Orleans for the Internet2 Fall Member Meeting this week, and as I expect to be discussing this area with a number of the other people attending I think this seems like a good time to publish a revision. This edition goes into more detail in some areas, as well as improving sections which needed clarification.
- snomi-v3.pdf is a clean copy of the document for new readers
- snomi-v3-diff.pdf includes change indications for people who have read the previous edition
I continue to welcome comments and discussion. The next edition might be a couple of weeks away, but will likely go into more detail on what I think an aggregation appliance might need to include.
Posted by Ian at 9:55 PM in Identity | Comments (1) | TrackBack (0) | Permalink
October 10, 2008
Vendor Lock-in
I own two Uninterruptable Power Supply units. Each has a button on the front with which you can perform a self-test; I do this once a month to make sure that they are "still good".
On unit A, you tap the button and it does a self-test. If you press and hold the button then the unit turns off, taking the attached hardware with it.
Unit B (from a different vendor) requires you to hold the button in to perform the self-test. Tapping the button… no, why don't you guess what that does?
Sneakiest attempt at vendor lock-in I think I've ever come across.
Posted by Ian at 5:32 PM in Hardware | Comments (0) | TrackBack (0) | Permalink
September 16, 2008
Metadata Interchange Notes
I've been working with SAML-based identity federations for a bit over four years now. For most of that time, it's been obvious that after basic federations like the UK federation and InCommon were up and running in production, the next big question would be how to break out of the "federation of my close friends" model. I've spent the last couple of years bending ears at conferences with my own particular views about how this might be done.
Impromptu in-person rants of that kind are very useful for finding out whether ideas have any appeal to other people at all, but I've felt for a while that something more coherent might be useful. I've therefore put together Some Notes on Metadata Interchange as a personal position paper on this area.
snomi-v2.pdf is the current version of the document;
snomi-v2-diff.pdf is the same document with change bars from the previous version. This means you can deduce what V1 looked like if that's of interest.
I very much welcome comments and discussion on this document. If you'd like to, you can leave a comment here (if you don't have a TypeKey account, there will be a delay before it's published) or post on your own blog or just send me e-mail.
Some disclaimers: This document does not represent the official position of any organisation or group, nor is it an attempt to describe any consensus view; it's purely a personal summary. It's not a collaborative document, except in the sense that if you change my mind I'll change the text.
I expect this document to change fairly often over the next few months; hopefully, some consensus-building (and even specification-building) efforts can be budded off from it when that seems appropriate; they will probably be hosted elsewhere.
Posted by Ian at 6:41 PM in Identity | Comments (0) | TrackBack (1) | Permalink
September 16, 2008
More Pixies Inside
There used to be a joke in photographic circles that most people had rolls of film printed with "Christmas at each end and a beach in the middle". This blog hasn't been idle quite that long, but I've just got back from a very nice vacation in Bruges inspired by the visit I made for the conference mentioned in the last two entries.
Mmmmmm, chocolate… and, apparently, pixies. Who knew?
Posted by Ian at 5:46 PM in Miscellanea | Comments (0) | TrackBack (0) | Permalink
