Tuesday, March 27, 2007

What was I about to say?

Short Attention Span System (SASS) does for radio what Cliff's Notes does for literature, condenses.

The value proposition is simple, radio listeners can't pay attention to the epic 4 minute pieces that some artists currently create.

Radio SASS. (Short Attention Span System) takes the playlist and musically condenses songs to their essence. Through time compression, you get the memorable heart of each song, with an average length of aproximately two minutes with NO self indulgent guitar solos, NO long intros, NO repetition of choruses again and again. Radio returns to the snappy song length of the 1960s.


I'd love to see the abbreviated model applied to airline fare rules - an example of which has me currently stumped as to whether I can upgrade or not
Fare rules and restrictions
Please review the rules and restrictions listed below.
When you purchase your ticket, you agree to these rules and restrictions.
Please note that the most restrictive set of rules below applies to your entire itinerary.
1 Rules and restrictions
Air Canada
From: Ottawa, ON (YOW-All Airports)
To: Brussels, Belgium (BRU-All Airports)
Fare Basis Code: Q0MSLWBE

YOWBRU-AC 28MAR07 *RULE DISPLAY* TARIFF 0101 RULE 9422
* ADD APPLICABLE TAX * FED INSP FEES *
-FARE BASIS CAD NUC PTC FT GI
Q0MSLWBE R 940.00 820.76 ADT EX AT
Q0MSLWBE R 960.00 838.23 ADT EX AT
Q0MSLWBE/CH25 R 705.00 615.57 CNN EX AT
Q0MSLWBE/IN25 R 705.00 615.57 INS EX AT
Q0MSLWBE/IN90 R 94.00 82.07 INF EX AT
BOOKING CODES Q
FIRST TRAVEL -12AUG06 LAST TRAVEL -30APR07
LAST TICKETING -30APR07
SEASONS - ORIG BELGIUM 01JAN-12JUN
DEPARTURE FIRST INTERNATIONAL SECTOR
19AUG-15DEC
DEPARTURE FIRST INTERNATIONAL SECTOR
ORIG CANADA
FURTHER RESTR APPLY SEE TEXT RULE
PENALTIES - ORIG CANADA CANCEL-200.00 CAD
CHANGE-200.00 CAD
ORIG AREA 2 CANCEL-100.00 EUR
CHANGE-100.00 EUR
FOR ALL CONDITIONS SEE TEXT RULE
DAY/TIME - TO CANADA FRI THRU SUN ALL DAY
DEPARTURE EACH TRANSATLANTIC SECTOR
FROM CANADA THU THRU SAT ALL DAY
DEPARTURE EACH TRANSATLANTIC SECTOR
ADV RES/TKT - TKTG WITHIN 72 HOURS AFTER RESERVATIONS
WAITLISTING NOT PERMITTED ALL SEGMENTS
MUST BE CONFIRMED
MIN STAY - RETURN FIRST SUNDAY AFTER
DEPARTURE FROM ORIGIN
MAX STAY - 12 MONTHS AFTER DEPARTURE FROM ORIGIN
BLACKOUTS - NO RESTRICTION
SURCHARGES - 10.00 CAD 7.00 USD SECURITY
ADDITIONAL RESTR APPLY SEE TEXT RULE
STOPOVERS - ORIG CANADA
PERMITTED-2 OUTBOUND 1 INBOUND 1 AT
50.00 CAD EACH
DEPARTURE FIRST INTERNATIONAL SECTOR
ORIG BELGIUM
FURTHER RESTR APPLY SEE TEXT RULE
TRANSFERS - UNLIMITED PERMITTED
FLT APPLIC - NO RESTRICTION
CHILD DISC - CNN 2-11 YRS 25 PCT ACCOMPANIED
INS UNDER 2 YRS 25 PCT WITH SEAT
INF UNDER 2 YRS 90 PCT NO SEAT
OTHER DISC - NONE
COMBINABLTY - SEE TEXT RULE
ELIGIBILITY - NO RESTRICTION
ACCOM PSGR - NO RESTRICTION
TRVL RESTR - NO RESTRICTION
SALES RESTR - SEE TEXT RULE
EXTENSION OF TICKET VALIDITY PERMITTED UNDER
GUIDELINES SET FORTH BY CARRIER. CONTACT
CARRIER FOR DETAILS.
NEGOTIATED - NO RESTRICTION
TKT ENDORSE - ORIGINAL TKT - VALID AC TRANSATLATIC ONLY
REISSUED TKT - NON-REF/NON-END
MUST APPEAR IN ENDORSEMENT BOX
APPLICATION - SEE TEXT RULE

Friday, March 23, 2007

You have to feel for the guy

On the Identity Trail reports that 'someone has their identity stolen every 4 seconds'.

They don't provide a name so we can't know for sure what it is that makes this particular individual such an attractive target. Is it just a case of this someone being unusually trusting?

Science is Truly Amazing

Scientists Discover New password in Alaskan Ice

JUNEAU, AK - Alaskan computer scientists are today reporting tentative evidence that they have discovered a new password - extending the number of known unique passwords to 47.

Dr. Peter Lyndstrom and his team of computer scientists at Alaska Tech University have been looking for the so-called 'X password' for 3 years now, using millions of dollars of expensive computer equipment. 'It's been a really long slog', said Dr Lyndstrom 'Sometimes I've even questioned whether the thing actually existed.'

In the end, it wasn't through expensive computers that the new password was discovered. Instead it was good ol' fashioned luck. “We were at a team party and somebody came up with the idea of just sticking existing passwords together, specifically 'm y' onto the end of 'm o m'. And well, after that it just kinda all came together” said team member Gail Svenson. “The frozen daiquiris definitely helped” she added.

Dr Lyndstrom's team is not stopping here. They plan on moving onto variations of the 'first car' theme, historically a rich ground for new passwords but relatively untapped since the car makers trend towards silly names.

Wednesday, March 21, 2007

Putt's Law

Putt's Law was pointed out to me yesterday

Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand.

Madsen's Corollary to Putt's Law

Putt's Law applies even when the people of the first type are 'promoted' to become people of the second type.

Just one Number

GrandCentral does for phone numbers what i-names would do for online identity - with the same advantages and risks.

I remember the previous incarnation of the 'Grand Central' identifier - completely different business model. Good thing names can be bought and sold.

Liberty Alliance Advanced Client

The Liberty Alliance Advanced Client specs were actually released for public comment some time ago but the press machine (Hi Russ) has caught up.

Most notable pieces of functionality are IMHO
  1. the over-the-air/wire provisioning of 'root' credentials and other identity into a client
  2. supporting a model of credential presentation in which the IDP need not be involved at run-time (relevant for both privacy value and in support of offline modes)

In the spirit of 'tail-wagging-dog', lots of attention.

I'm thankful Conor wasn't able to slip in his blog URL in his supporting quotes (I guarantee you he would have been thinking about how to do it).

History T'ID'bits

Overheard in Philadelphia

Oh absolutely President Hancock, digital signatures are wonderful technology. But we were actually expecting the old-fashioned ink-and-pen style for the declaration. It's the press you see, they want something nice and visible for the papers.

A says B can do X to Y

Lately, a model whereby some Entity A assigns certain privileges to Entity B with respect to the resources of Entity A is getting lots of discussion.

There are flavours of the above, depending on where the above logic is defined, where it's enforced, and whether all actors are cognizant of what's going on.

If the logic is captured and enforced at the provider hosting the resource in question, then it's a local affair and effectively boils down to an authorization rule at that provider. (Liberty People service is an enabler of this scenario, allowing such local authorization policies to be defined in terms of non-local identities.) In this scenario, even were Entity B to appear at the SP as a result of an SSO from an IDP, that IDP need not be aware of the policy.

If however the resource in question is Entity A's IDP account, then there are potential non-local ramifications should Entity B attempt to use the privileges to access Entity A's resources at other SPs. As an example, if I've specified to my bank that my wife has full access to my account, and that bank account has been federated with other SP accounts (e.g. mutual funds), then 'full access' might mean my wife could access my mutual funds investment account through my bank account if and when she authenticated to the bank.

In this latter case, if the bank IDP creates an assertion for the mutual fund SP that claims my wife is me, that's an impersonation model.

If instead the assertion carries both my wife's identity (even if anonymous) as well as my own and expresses the privileges that have been granted by the latter to the former, then that's delegation.

And of course, depending on the technology, A can always give their credentials to B.

The following lays out these 4 models (the blue dot represents where the 'A says B can do X to Y' rule is enforced.)

I never forget a ...

Of Passfaces, Paul Toal writes
It is common knowledge that the brain can remember images better than anything else.

For myself, better than my ability to remember faces is my ability to remember ways in which I've been slighted - I never forget an insult.

Give me a login system that prompts me to choose particular past snubs from a broad list and I'll never call the Help Desk again. The only difficulty would be in choosing my 'challenge slights' - there are just too many choices, a representative sampling of which is
  • Kindergarten - Eli made fun of my toque.
  • Grade 8 - Keenan mocked my choice of favourite Kiss song.
  • University - Weird Julie claimed I had no physics bona fides in questioning her 'faster than light theory'.
  • Career - Conor (as a category).

History T'ID'bits

Overheard in the Sistine Chapel
Oh yes Maestro, I fully agree that His Holiness stipulated in your contract that you have full artistic control of the project. I am merely suggesting that the sweeping scope and magnificent colours of the work are signature enough, and your blog address in 5ft tall characters might actually be unnecessary? Additionally, I wonder if some of the cardinals might misinterpret the depiction of God reaching out with with His finger to create the URI?

Tuesday, March 20, 2007

Strange Loops

I wanted to try out Highrise - an online contacts manager.

In creating my account, I was given the choice of using an OpenID rather than provide a password. Great! I provided my ProtectNetwork.org OpenID.

After the account was created, I was asked to sign-in.

Saw the normal OpenID screens and redirects etc.

The login failed.

Current situation:
  • I can't use the ProtectNetwork.org OpenID to access Highrise because of above error
  • I can't use another OpenID because Highrise has a record only of the ProtectNetwork one and so refuses to accept another.
  • I can't get in 'locally' because I set up no password at registration time
My huge network of contacts, aching for management, languishes.

Monday, March 19, 2007

History T'ID'bits

Overheard on Tower Green

Yes Mistress Boleyn I do understand that this is not the best time but I'm afraid I have no choice in the matter. It turns out that Lady Seymour is unable to sign-in to the royal account without the password you set. So, it would really make my job much much easier if you could find your way to just writing it down for me. Oh, true, your hands are indeed tied together ... perhaps you might just whisper it then? And, um, the sooner the better I think ...

History T'ID'bits

Overheard on the banks of the Delaware

Yes General, once again I do apologize. I know I promised that you would be able to use the bridge. Unfortunately however the ice has jammed up the card reader for the gate and we're on hold with customer support trying to get a technician out here to get it fixed. Are you absolutely sure there is no other way you can get across?

History T'ID'bits

Overheard under the walls of Troy

C'mon Odysseus, put down the hammer would you? I'm not saying that the horse isn't a really great idea. But maybe, before we spend 3 months building the thing, we could just have a few shots at guessing the password for the gate? I'm thinking 'H E L E N' would be worth a try? or 'H E E L' maybe?

Game as identity analogy

Having just acquired a Sony PSP, I've discovered a new (to me) genre of game.

In both Loco Roco and Mercury Meltdown, you don't directly control a character's movements and actions with the various buttons and joysticks, instead you control the environment that surrounds them. It's by controlling their environment that you indirectly control the character and cause them to move, grab things, expire etc.

In Mercury Meltdown, by tilting floating platforms from side to side, you determine where a shiny blob of mercury rolls. Tilt too much and the blog rolls off the platforms into space - you lose.

In both games the character has no control over its fate - simply rolling passively from one spot to another at the whim and vagaries of its surroundings (the marriage of a 'friend' of mine comes to mind). Whether aware (as in Loco Roco) or not (as in Mercury Meltdown) of their destiny, the main character is manifestly not in charge of it.

These are clearly not user-centric games.

Sunday, March 18, 2007

Live Preview

Microsoft's Jensen Harris posts on the new Live Preview feature in Office 12.

whenever you hover over a formatting option with your mouse cursor, Office shows you what your document would look like if you chose to apply that formatting. For example, say that you drop down the font picker in Word. As you hover over each choice in the font picker, your document updates to show you what it would look like if you chose that font.

Why not apply the model to identity selection in Cardspace?

Hover over a card containing your shipping address and see a video of a package being delivered to your doorstep. Hover over another linked to an IDP with poor security policies and see an animation of a burglar climbing out your window carrying a TV.

Intriguing possibilities for the 'proof of age' card.

Friday, March 16, 2007

Identity sprouts in Brussels

The Liberty Alliance and Internet Identity Workshop (IIW) are organizing another Identity Open Space (IOS) - this time in Brussels.

In preparing for travel to the Liberty meetings directly preceeding the IOS, I must make sure to remember to pack my unconference skepticism (I wonder if Canadian skepticism will work in Belgium or do I need an adaptor?).

Crunchy

Da Vinci Code

I just listened to a BBC news article on the upcoming move by the UK National Health Service to electronic health records.

The NHS wants the health data available to medical professionals elsewhere in Europe so that, if a Brit is on holiday in Mallorca, the list of their medications or allergies etc can be accessed by the Spanish emergency room physician.

This was described by an NHS administrator as the 'Holy Grail'.

I expect that in the inevitable sequel to the Da Vinci Code, the plot will have Tom Hanks running around Europe gathering clues in order to decipher

'L I B E R T Y A L L I A N C E'.

Maybe I can get myself into one of the crowd scenes.

Thursday, March 15, 2007

Delegation is the new SSO

Delegation seems to have popped up from the identisphere as the hot meme de jour.

I know that just about every use case we discussed at a recent Ipswich (who says UK spring weather sucks?) meeting of the Liberty Alliance Technology Expert Group could be modeled as some form of delegation.

Examples include
  • a client delegating the right to a network provider to serve up identity attributes on a user's behalf if and when the client was unavailable
  • an IDP delegating the right to a client to mint assertions on its behalf if and when the IDP was unavailable
  • a Mom delegating the right to members of her extended family to view online photos
  • a business owner delegating the right to an accounting firm's accountants to view/submit to the business's account at a government tax agency
The last two are particularly interesting for me because of their implications for the Liberty People Service. As it currently stands, the People Service perfectly supports the Mom and her photos (it was designed to) but doesn't elegantly support the latter. (it also hit home personally because of my own recent experience with the Government of Canada, see photo)

As we roughed it out this week, a solution might work something like the following

  1. BusinessOwner adds a group for his accounting firm CheckYourBooks to the company's People Service
  2. The new group, instead of directly defining a collection of specific individuals, instead points at a different group managed by a CheckYourBooks admin in that company's People Service
  3. BusinessOwner visits GovernmentTax and sets delegation policy by saying 'Allow members of CheckYourBooks to access my tax account'.
Subsequently, when an accountant from CheckYourBooks arrives at GovernmentTax, GovernmentTax will be able to determine that she is authorized by dint of her membership in the relevant (once removed) group. Consequently, she will be given appropriate access to BusinessOwner's tax accounts and can get to work claiming hot-tub purchases as business expenses (ha-ha, now that would be just crazy Mr CCRA Auditor, just wrong)

Importantly, if and when BusinessOwner discovers that the CheckYourBooks CEO has been skimming off the top and has moved with his mistress to the British Virgin Islands, it's easy to shut off access and switch it to the new accounting firm (until such time they feel the call of the sun).

Friday, March 09, 2007

Programmable Google

From the Programmable Web, more on Google's use of SAML for SSO.
Neither of these are ’simple’ APIs in the sense of the Google Maps API, but that makes sense, these are inherently more complex operations.

It seems only appropriate to dust off one of my first screencap attempts.

(I look at that video now and just shudder. What was I thinking, there is no plot, little character development, and the lighting is just so film noire. I've grown so much as a filmmaker since then.)

Tags: , , ,

Thursday, March 08, 2007

The Un-Un-cola

Timeshifted Delegation Use-Case

In order to guarantee our 4 yr old daughter a spot in a city run 'Sporty Kids' program, my wife had to stay up till midnight last night as registration did not open till that time. (I had my beeper by the bedside in case I was needed for tech support but fortunately no call came in).

The time difference between Ottawa and India suggests an alternative.

My wife delegates her rights to a 'Municipal Service Registration Provider' based in Mumbai, for which the ungodly hour of 12 EST is a far more civilized mid-morning.

I can see it. Sipping his chai, a MSRP employee navigates through the various pages of the City of Ottawa registration site, referring to my wife's instructions as appropriate, selecting the right program, and providing my wife's credit card information at the end to finalize the transaction. If further interaction with the city were necessary to clarify some point, the representative would be authorized to send emails or IMs on my wife's behalf, or even impersonate her on the phone (existing call center training that teaches operators to use a nondescript mid-West accent would be relevant here, but would need to be localized with some 'eh's peppered indiscriminately throughout).

I see no downside. My wife gets extra sleep, we leverage the bandwidth surplus of deep Pacific submarine cables, and India gets needed exposure to Canadian sports programs (when have they last had a contending curling team?).

A possible alternative would be a Firefox extension that would submit a form at a specific time. I just can't see the desktop having the equivalent identity smarts of a Tata educated Masters student in the forseeable future.

Tuesday, March 06, 2007

Money Markets

O'Reilly's Kevin Farham throws some water on the OpenID rave.

To Kevin's friends' initial objection
"I'd never want to use that! What if your password is stolen?"
I'd suggest that she consider the security advantages of banks vs mattresses for her money (assuming she banks somewhere other than a payday cheque-cashing outfit)

Kevin continues
So, a currency that is useless in most stores was given to 100 Million Web users, most of whom have no awareness that they now hold this new not-very-useful currency.

Of course, if you buy one currency at the right time, it can turn out to your advantage. Invest now for arbitrage later.

And some of those 100 Million users are only too aware of the gift that AOL gave them.

Signal to Noise

From Johannes, the world generated 161 exabytes of info last year.

I wonder how much of that total consists of

  1. blog posts examining the criteria for 'user-centric' identity?
  2. duplicated account profiles from repeated user form-fill?
  3. redundant content from misuse of blog copy-and-pasting?
  4. MySpace profiles of girls named Tiffany?

SordID Thought

Whenever somebody asks me for a definition of 'user-centric' identity, I spin them around, twist their arm up between their shoulder blades and whisper in their ear 'Well it's nothing like this'. By the time the police have arrived most people will have completely forgotten about their original question.

Koi


Received the following e-mail

1-1 Hinodai 3-chome,
Hino-shi,
Tokyo 191-8660.
http://www.hino.co.jp/j/index.html

TO WHOM IT MAY CONCERN

I wish to intimate you with a request that would be of immense Benefit to you. I am Mr Shoji Kondo, Representative Director, President and Board Member of Hino Motors. Hino Motors was Founded 1910 and Established May 1, 1942.
.
The purpose of my contacting you is because you live outside Japan. The reason I seek your assistance is that American and Canadian cheques take a long time to clear here in Japan, thereby holding business down for my associates and me.
.
We would be glad to have you as one of our esteemed Representative in your location and be rest assured that adequate pecuniary and lucrative compensations will be given and other benefits follows.
.
My regards to your family and associate.

Thanks
Shoji Kondo
The President of Hino Motors

Someone with less knowledge of Japanese business customs might have been taken in by this.

But, in my experience, every message sent to me by a Japanese colleague has a postscript of 'Paul-san, I'm still laughing at your pronounciation of "Ohayo Gozaimasu"'. Not seeing it here was the giveaway.

Tags: ,

Monday, March 05, 2007

On behalf of Eve

Pete agrees with Kim on the importance of 'user-offline' scenarios.
There really is no big secret to how this stuff is possible - at some point in time an offline user will be online, and during that time instead of ceding their credentials to the service in the sky (or worse, it happens without choice), they spend the time granting access specific to the service that needs access.
Pete continues
I have to agree with Kim on the notion of impersonation - at no time should anybody give the required access level for impersonation of themselves, on or offline.
Pete is agreeing with Kim's assertion that the (as yet undefined?) WS-Trust delegation mechanism was preferable to Liberty Alliance's ID-WSF 'impersonation' mechanism.

Minor nitpick, quibble really, I hesitate to bring it up even.

ID-WSF in no way uses an impersonation model. The identity of the requestor is made explicit in any call to a service for some slice of a user's identity, and (in most cases) distinct from that of the user in question. The requestor acts in their own identity, and does not pretend to be something else, i.e. the user. So, like Rich Little at a funeral, no impersonation.

Liberty's model assumes that, as per Pete above, that the user will have previously defined access rules that state 'Service X can do operation Y to identity Z' (importantly, whilst still allowing for the user to add/clarify such policy at run-time).

But, instead of the request carrying a token created by the user (and of course presumably signed by them as well) expressing the delegation rights of the requestor, these access rights are assumed to be stored at the identity service itself. The user specifies policy for Identity Z where Z is held, not at any provider who might request it (privacy alarms sounding here).

As far as I can tell, Kim's misunderstanding is based on his interpretation of 'on behalf of' as used by Eve in a chat with Jim Kobelius. Kim must think that this means impersonation. As Eve is currently vacationing, I'll take the "liberty" of clarifying on her behalf (please note that both our identies were used) - it doesn't.

Social Engineering

Somehow the password-protected parental-control feature on our PlayStation was enabled. As we use the console as a DVD player, everytime we want to watch a video that isn't Sponge Bob, we have to log-in.

No problem when I'm home, it's a relatively intuitive interface for character entry. Big problem for my wife when I'm travelling (she is squarely down in the 'Luddite' sector of technological aptitude).

Simple solution, she asks my 10 year old to authenticate for her. She even woke him once for this 'approval' process. He is of course under strict instructions as to not use his knowledge of the password for inappropriate purposes.

In a federated household, there would be no need for a separate credential for the PlayStation. Instead, family members would authenticate to the home gateway IDP, and from there, be able to access all the connected relying party services.

In such a house, my wife would only have to get my son to log-in for her TO THE GATEWAY. Simpler for everybody (and more sleep for my son).

Sunday, March 04, 2007

Homo Sapiens Federatesis

Ping ID's Andre Durand has posted a screencast portraying the parallel development of human kind and the tools we've created to assist in dealing with everything 'Nature, red in tooth and claw' has thrown at us.

Post It notes are the latest tool in the series; the corresponding branch in the human family tree is Homo Sapiens Passwordensis.

I do love an evolutionary analogy. I can just see Charles Darwin sitting at his deck muttering to himself trying to authenticate to his publisher's web site.
OK, let's see, is it 'b e a g l e'? Nope, damn it!
Let's try 's e l e c t i o n'. Bloody Hell! Oops sorry Emma .
I have to get in, Wallace is about to publish my ideas!
K, one more try, how about 'g a l a p a g o s'?
.
.
I'm in, why the *@#&^#*@ did I pick something that long?.

Evolutionary pressure must be driving us towards Homo Sapiens Federatesis. The downside would appear to be that this species, freed of the requirement to remember countless passwords, will surely be characterized by decreased intellectual capacity.

Hang in there George Dubya! Things could turn around in your popularity numbers.

Friday, March 02, 2007

Garden State

The State of New Jersey's Shared IT Architecture lists the open standards on which it builds
This infrastructure will support the following industry standards:

- Java Authentication and Authorization Service
- Kerberos
- Liberty Alliance Phase 2 (Identity-based Web Services Framework (ID-WSF))
- Online Certificate Status Protocol (OCSP)
- SAML 1.1 Specification
- SOAP (Simple Object Access Protocol) 1.1
- SPML (Service Provisioning Markup Language)
- SSL (Secure Sockets Layer)
- XML Digital Signature
- XML Encryption.
- LDAP version 2 and version 3
- X.509 Digital Certificates


Identity Selector Permutations

In trying to make sense of the various combinations of OS, browser, plugins etc for enabling a client with a Cardspace compatible identity selector, I created the following graphic (click to enlarge)

Caveat: It's almost certainly wrong in places, and doesn't account for Higgins.


Update: Neil Macehiter adds some details.
  • Chuck's extension appears to require Firefox 2
  • XMLDAP requires Java 1.5
  • CardSpace on XP requires .NET Framework 3

  • #1 is the all Microsoft scenario
  • #2 ties Firefox into the Cardspace identity selector through the selector from Kevin Miller.
  • #3 ties Firefox into Cardspace through Kevin's plug-in, but allows for the scenario of a user choosing to use a different identity selector than Cardspace
  • #4 is Chuck Mortimer's Firefox plugin as an alternative identity selector to Cardspace.
  • #5 is a non-Cardspace identity selector for Safari.

Green identity management

This Wall Street Journal article makes me think that all our efforts to minimize the number of login, form fill etc operations for users are, at best, misguided, and at worst, damaging the planet.

Instead of devising ways to decrease such identity operations for end-users, we should be asking ourselves the more fundamental question - "Can we harness the energy of these identity operations?"

Countless watts from untold mouse movements, key taps, and button clicks go wasted, lost as friction and sound. But it needn't be so. Small generators (patent soon to be pending, details TBD), if attached to our keyboards and mouses (mice?), could tap into this power source.

The math is compelling

1) ~ 1 billion internet users
2) ~ 30 login operations per day
3) unknown amount of power generated per login operation

That's got to be a big number, probably in the 'teraergs' range if I had to guess.

Of course, when every login operation serves to mitigate greenhouse gases, there would no longer be any motivation for SSO or attribute sharing, we'd want to maximize the number of mouse-driven identity operations as much as possible.
  • You suspect a phish email? So what, login anyway, it's for the planet.
  • You don't want to enter your URI at every site you visit? Suck it up buddy, the ice caps are melting.
  • Carpal tunnel syndrome have you contemplating voice recognition software? Sure, go ahead, my kids can learn to breathe CO2.

We in the Identity Management industry would of course be out of work. I for one would be willing to make this sacrifice - there is also immense untapped power in the motion of the arm as it raises a Gin & Tonic to the mouth.

"Hey Mr. Bartender, make it a double, I'm saving Antartica one drink at a time".

Thursday, March 01, 2007

Powerful Anti-phish Security

Hartford Investments Canada has a surefire way to protect their clients from being phished for their account credentials. I for one am confident that there is no way I could be tricked into providing my password to a phisher, even without the benefit of a smart client mediating server authentication for me.

The mechanism works as follows (I confess it took me a while to work out the subtleties):
  1. Do not allow clients online access to their accounts

  2. When challenged, respond with 'It's to ensure the safety of your account information'.


Ingenious - I can't share what I don't have.

I understand their hesitancy about enabling client access - who knows just whether or not this 'Whole Wide Web' thing is going to take off.