In line with my post last month about a crocheting project to represent the Lorenz equations, I see that Danese Cooper has an item about crocheted representations of the hyperbolic plane. Is it just me, or does it seem like geek crafters are coming out of the (tole-painted, of course) woodwork all of a sudden?
[Warning: Crude language ahead.]
Alex Beam has a Boston Globe column out this week about a new book by philosopher Harry G. Frankfurt called, I kid you not, On Bullshit:
Frankfurt defines ________ as “a lack of concern for the difference between truth and falsity. A _________er is not necessarily a liar; what he says may very well be true, and he may not think that it is false. I was careful to try to make clear the differences between _________ers and liars.” …
By now, you are wondering: What exactly is ________? Apparently, it is a word that can be the title of a book published by a prestigious academic press but that cannot appear in a family newspaper. It is a word that Jon Stewart can say on late-night TV but that Comedy Central had to excise from Stewart’s Harry Frankfurt interview when it was rebroadcast during the day.
All this Match Game coyness is kind of cute but a little irritating. I do like what happened when I searched Amazon’s book section and came up with “Most popular results for bullshit:”. Yowza — there was a pageful. It’s a shame they’re just doing an exact-match search on titles. Heck, if they could detect actual bullshit, there’d probably be thousands of hits.
Coincidentally, in an electronics store today I saw that they were selling box sets of the Showtime series Penn & Teller: Bullshit!. I’m a big fan; I’ve seen them perform live a couple of times and generally loved the TV show for its unsparing honesty and its ability to call bullshit on a wide variety of poseurs. Even though this was pay cable, TV guide listings are seen by all, and during the original cablecasts I remember being amused by the Tivo feed’s bowdlerization of the name to Penn & Teller: Bulls…!. As it happens, the box sets were labeled as Penn & Teller: B.S.!.
It would be nice if, sometimes, people could call a spade a _______ shovel. :-) In fact, if the book reviewers on Amazon aren’t bullshitting us, Frankfurt’s little tome sounds interesting and even insightful — so maybe he’s doing his part.
Just below I mentioned the SAML V2.0 interop event at the RSA conference. Mere moments after I put up that post, Rob Philpott (co-chair of the SAML committee at OASIS) made available the interop scenarios document that governed the interop. I was blown away by some of the conclusions from the exercise:
The SAML 2.0 Interop at the RSA Conference was definitely successful. Eleven vendors eventually presented demonstrations of interoperability. By the opening of the Interop booth on Wednesday, February 16th, 390 out of 405 base use case tests were successfully completed and 108 out of 112 optional use case tests, more than 96% in each instance. Some of the incomplete tests were successfully performed before the end of the show, raising the success rates even further. …
The Interop was very well received by the press and customers. A highpoint was a press conference just before the booth opened on Wednesday, when Georgia Marsh, Deputy Program Manager for the General Services Administration (GSA), said the government was extremely interested in this technology and they would create a marketplace for it by making it a factor in approving products for use by other agencies. The booth was well attended during its two day run.
Wowie. Most of the scenarios were straight out of the standard; the GSA eAuthentication scenario was handled really well too (as it was in last year’s interop). It’s also satisfying to see how little had to be exchanged in the way of deployment configuration info to make the whole thing work. So maybe standards meetings aren’t just about making meat sounds! (Yeah, I know, it’s an oldie, but it’s a goodie.)
Mmm, smell that wonderful scent coming from the OASIS kitchens? SAML V2.0 is out of the oven!*
It turns out that crossing the streams was a very good idea in the latest work on SAML. The new version unifies the approaches in SAML V1.x, the Liberty Alliance’s Identity Federation Framework (ID-FF V1.2), and Internet2’s Shibboleth initiative. A lot of industries have been following the progress of SAML V2.0; here’s one article covering the news, and here’s the official OASIS press release that provides the vital stats and quotes from some of the major participants in the work.
A snippet from the Executive Overview will provide some context if you’re unfamiliar with SAML:
Federation is the dominant movement in identity management today. Federation refers to the establishment of some or all of business agreements, cryptographic trust, and user identifiers or attributes across security and policy domains to enable more seamless cross-domain business interactions. As web services promise to enable integration between business partners through loose coupling at the application and messaging layer, federation does so at the identity management layer - insulating each domain from the details of the others’ authentication and authorization infrastructure.
Key to this loose coupling at the identity management layer are standardized mechanisms and formats for the communication of identity information between the domains – the standard provides the insulating buffer. The Security Assertion Markup Language (SAML) defines just such a standard.
The elevator pitch might be that SAML is the universal solvent of security and identity information. I’ve been excited about it for more than four years now, ever since its predecessor S2ML was published; SAML has proven to be a key component of honest-to-goodness success in cross-domain sharing of authentication and access control information. The addition of the Shibboleth and Liberty perspectives has ensured that SAML now has a more comprehensive solution for privacy protection, too.
A ton of people worked on this stuff, but Scott Cantor of Ohio State University has to be mentioned as the guy who went above and beyond the call of duty every single week. The original plan was to finish work by summer 2004, and we did manage to publish Committee Drafts (formal review drafts that are stable to a first approximation) last August. The process of discovering and fixing various nits led to a few more CD review cycles, and we also had a great interop exercise at the RSA conference recently, so I have a fair degree of confidence that the converged specs are clean, workable, interoperable, and even — dare I say it? — mature.
*Well, there is a section in the SAML Profiles spec that defines common domain cookies…
I’m a little late in noticing this excellent post by Stephen Walli analyzing the new OASIS IPR policy (and admirably managing to fit descriptions of the software patent problem, the tension between .orgs and patents, and the typical work of a standards committee into a nutshell). I agree that the new OASIS policy is considerably more useful and subtle than some have given it credit for.
I especially like this bit (emphasis mine):
Standards are about technology diplomacy. The goal of individual participating members is to expand their area of economic influence, while defending sovereign territory, and the balance point between those two positions is always difficult. The result is a specification document, but the process is a discussion and a negotiation each and every time at every level. The new OASIS IPR policy provides that space for discussion.
At the standards table you need to find the right intersection of everyone’s technical solutions using an intersection of everyone’s personal styles. The trick is that they both have to be non-empty.