The five-things virus

Uh, thanks, Tim. I think. (And congrats on becoming a Distinguished Engineer!)

Here’s a list of five things most people probably don’t know about me:

1. I have a bit of graphite embedded in my left palm from a knife game — only with pencils! — gone awry when I was five years old.

2. I have a severe case of bovilexia.

3. There are nine distinct versions of Bohemian Rhapsody on my iPod:

   • The original (three copies, from A Night at the Opera, Queen Greatest Hits, and the Wayne’s World soundtrack)
   • The live version from the Wembley ’86 concert
   • The We Will Rock You musical soundtrack (coincidentally recorded in London soon after the first time I saw it there)
   • The London Symphony Orchestra version
   • A rap version by Molotov on a Spanish-language “tributo a Queen“
   • Two substantially different versions by the Braids (a capella and instrumental), along with two extra mixes based on these
   • Two versions (Constantine and the Flaming Lips) off the intermittently amazing Killer Queen: A Tribute to Queen album (if you like the song Stone Cold Crazy, check out this version)

   And I don’t even have the ID Gang Choir’s version of Bohemian Rhaps-ID on there yet.

4. I have performed in a strip club.

   I used this in playing a game of three truths and a lie with Sara Gates, Michelle Dennedy, and some other great folks at a conference last year, so I guess they know this about me, at least. It was supposed to be the one “ringer truth” that everyone would assume was a lie, but I got tripped up by Michelle, who independently joked, just before my turn, about my “stripping career”… In fact, my first band Sleeper did play in a club (I think it was somewhere on the Pearl Harbor military base) that did indeed have, y’know, dancers as part of the entertainment. A weird experience, especially since the poor dancers had to cue up their own music on the jukebox.

5. I think watermelon-flavored Jolly Ranchers are an abomination.

Conor, Pat, Paul, JeffH, John: tag, you’re it! (As if there’s anything left we don’t know about Conor. Or Paul.)

Just doing my part to be a vector…

[UPDATED to fix link to John's blog.]

Can’t do this to me, baby

I’m wondering if this was more fun in the doing than in the watching, but hey, you be the judge — Conor has posted a (subtitled!) YouTube video of our performance! Thanks a million to Conor for doing this. By the way, Peter Tapling of Authentify, one of my co-perpetrators on this, sent me a note suggesting that the title of the song should be Bohemian Rhaps-ID. Most excellent.

So now, a little more of the backstory. When Kaliya asked me to help with the un-talent show, I asked some friends ahead of time what I could do to encourage participation. I knew there would be a karaoke setup there, though we didn’t want to have to pull that out of the bag first thing, to give people a chance to perform with a guitar or whatever. My sister-in-law does some DJing, and she’s the one who suggested the idea of writing parody lyrics (thanks, Leah!).

I had absolutely no time to think about doing this until I got through my SAML/Liberty Alliance/federation presentation on Monday, and found myself tossing around ideas with my dinner companions, whose names you can see listed as coauthors, on Monday night. It’s all Laurie Rae’s fault, really — she was like a dog with a bone. Being totally honest here, I was like that with getting the lyrics done, but she actually promoted it and got our “choir” lined up.

She suggested doing something with Summer Lovin’, and then a Talkin’ ‘Bout My Federation parody (which has possibilities — maybe at the next IIW? who’s in?). Once we thought of BoRap, I pulled up the original lyrics on my Treo and we worked from there. Peter Tapling was astonished, nay, actually somewhat disturbed that we saw it through — and he brought over someone after the performance who insisted we couldn’t possibly have written it the previous night.

Luckily, this wasn’t the only performance at the un-talent show! John Kemp and Pat Patterson performed Whole Lotta Love, I did a Hotel California duet with Kelly Mackin from CA and an I Got You Babe duet with Laurie, and Nick from Silent Rhino (I hope I got that right!) recited I Am the Clorox and I Speak for the Me’s, which was awe-inspiring.

I’ll update this post sometime today with a link to my photos from the event. You won’t want to miss ‘em, especially the Whole Lotta Love ones…

UPDATE: No, not about the photos yet, but about the gong. I’m not sure exactly what possessed JeffH to bring it with him, but he’s local and he’s a drummer, so QED, I guess! Kaliya used it throughout the IIW event to signal session transitions and such. Just imagine how wide my eyes got when we worked through the whole set of lyrics and I realized…what comes at the end.

UPDATE 2: Okay, photos are up! Here’s a teaser.

To see my whole collection of un-talent show pix, go here. Wes has a bunch of good ones from the un-talent show and the event in general too.

Tag: iiw2006b

Bohemian Rhapsody in the key of ID

On request, here are the lyrics to the parody song performed tonight at the IIWb “un-talent show” by what Kaliya calls the ID Gang Choir. Many thanks to my co-writers and co-performers, who were apparently game for anything! (When I’m less tired I’ll put up some of the pix and maybe share more of the backstory…)

Bohemian Identity

a parody of Bohemian Rhapsody by Eve Maler, Laurie Rae, Peter Tapling, Derek Fluker, Bill Johnson, and Wes Kussmaul, with apologies to the late great Freddie Mercury

Is this the real life, or a directory
Caught in the OSIS, no escape from identity
Open your I-D to be spied and see
I’m just an agent, and I’m an entity
Because I ask who am, I to you, I don’t care, I thought you knew
Any way the claim flows doesn’t really matter to me, to me

Mama, just killed a man, his name is password hell, and he’s not encrypted well
Drama from websites outdone, Web 2 dot 0 had blown them all away
Passport, ooh, didn’t mean to make us cry
If my session’s gone away this time tomorrow
Single off, single on, as if nothing really matters

Login, the time has come, time to prove what’s mine is mine, fingers aching all the time
Logout everybody, I’ve got to go, when I broke that seventh law I faced the truth
Mama ooh (any way the claim flows), I must now rely, on attributes not seen before at all

I see a little silhouetto of a man, Scaramouche, Scaramouche, will you do the fandango
Thunderbolt and lightning, very very frightening me
Authorizer (authorizer), authorizer (authorizer)
Authorizer LID – O-pen I-D
I’m just a token nobody knows me
He’s just a token from a weak authority
Spare him his life from anonymity
Single off, single on, will you authorize
Bismillah! No, we will not authorize (authorize)
Bismillah! No, we will not authorize (authorize)
Bismillah! No, we will not authorize (authorize)
Will not authorize (authorize)
Will not authorize (authorize)
No, no, no, no, no, no, no
Mama mia, mama mia, mama mia authorize
Beelzebub has a devil put aside for me, for me, for me

So you think SAML2 can solve all your use cases
Let me SXIP in and OpenID some CardSpaces
Oh baby, can’t do this to me baby
Just gotta sign out, just gotta sign right outta here

But it really matters, AuthN and authZ,
Yes it really matters, it’s all that really matters – I-D

Any way the claim flows

(Written on 4 December 2006 and performed on 5 December 2006 at the Internet Identity Workshop in Mountain View, CA. Creative Commons license: This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.)

Tag: iiw2006b

The future’s so bright I gotta wear shades

Pat Patterson went and did it: He implemented the Service Provider (relying party) side of SAML V2.0′s browser/POST single sign-on profile…entirely in PHP. A number of people have been concerned that SAML is somehow just too hard to implement, particularly with that nasty XML Signature bit, but I think this shows the concern wasn’t warranted. He was apparently inspired by the ease with which Kim Cameron implemented InfoCard in PHP; of course, that has a significant SAML token-handling component, so there are a lot of similarities in what you have to do underneath.

At the same time, Jeff Hodges and Scott Cantor have continued to improve their SimpleSign and Lightweight SSO specs for doing SSO using SAML in an entirely XML-Signature-free way. The best way to keep up with this work is to track JeffH’s IdentityMeme.org blog. (He’s also got a recent post surveying the landscape of IETF I-D references to SAML, and other handy stuff.)

The next thing I’d love to see (I should get off my duff and do it, or at least browbeat Peter Davis into it — he’s the main guy behind the specs for SSO using both i-names and SAML) is a very simple spec showing how to use Yadis as the metadata and discovery component for SAML. With this, you could not only use Yadis for identities that have non-URL, non-XRI identifiers (such as the millions upon millions of “legacy” identities out there), but avoid some privacy issues as well.

The security considerations section of Peter’s spec profiling SAML for XRIs contains the seeds of everything you need to know to pull this off:

The use of XRI’s for authentication service discovery introduces a new potential correlation handle of the principal. Authentication service providers should carefully consider the risks associated with this shared identifier.

One suggested remedy is allow the principal to only supply the XRI of the authentication service provider (eg: @IdentityProvider), and not their personal i-name.

(I tried figuring out if the OpenID V2.0 work includes this approach as a possibility for URL-based identifiers, and it appears to go part of the way, though the underlying purpose seems to be different. Revision 10′s Appendix C.1 says “Supports IdP-driven identifier selection. This new variation of the protocol flow is initiated by entering an Identifier for an IdP instead of an Identifier for an End User, and allows the IdP to assist the End User in selecting an Identifier.” But I’m having trouble finding where in the normative spec this is defined.)

All in all, I think Pat’s lightbulb metaphor is apt — lightweight identity, shining a light on the identity issue, having the lightbulb suddenly go on, I get it, I get it. Now, with the “gotta wear shades” song in my head, I just have to avoid the next step down into earworm hell: “I wear my sunglasses at night”. Oh no! Too late! Even worse, the lyrics actually lend themselves to security and privacy themes…

Island rhythms

I got to visit San Juan Island for the first time recently — yeah, I’m still a northwest newbie — to take in an end-of-summer weekend of fun and funk. The people who run The San Juan Preservation Trust booked Mudcat to play their Harvest Festival, and we had a most excellent time doing so. (Click on the pictures for bigger versions.)

Peekaboo stage with hay bales

I really knew nothing about the San Juan Islands before this. My old Boston mindset made it feel as though we were “going to Martha’s Vineyard for the weekend.” It took about the same amount of time to get there; there was a ferry involved; and all the rhythms of life slowed down as soon as we arrived.

We played at Lacrover Farm, where we had a lovely view out onto their acreage.

My view from the stage

Each band member — along with assorted family members, including kids and dogs — was offered a place to stay with one of the SJPT board members. Eli and I were “assigned” to Sven Haarhoff and Allison Shadday, and it was a pleasure to get to know these nice and talented folks. She’s an author who has a book about multiple sclerosis on the cusp of release, and he’s the SJPT development director — the guy to talk to if you’re interested in supporting their mission of protecting the San Juans through voluntary private action. (You can get a special-edition Gary Larson T-shirt for donating to the Save the Turtleback Mountain project!)

The band now has a solid three hours of material, and we played until it got almost too dark to break down our equipment — though the lack of light pollution was welcome! Not being an outdoorsy sort, until that weekend I probably hadn’t seen the Milky Way for years.

Feeling vine

Luckily, modern musical equipment is generally lightweight and easy to tear down. Once upon a time I lugged a Hammond M1 organ, though I gave that up pretty quickly. Maybe back then I could’ve made do with this antique “portable” organ I found in a Friday Harbor shop — I’m guessing that’s got a couple of pounds of weight per key.

Portable band equipment

This weekend we’re playing at an apple-picking party on Bainbridge Island. This music stuff is really taking me places…

Hot in Oxford

The XML Summer School was quite the steamy experience this year. I’d ascribe it to global warming, except that last year’s final week in July was quite chilly. I believe it was at some point on the pub crawl when one of the locals in our delegation told me, in a moment of drunken honesty, that the same thing happens every year: The English forget it gets hot in summer and act all shocked when it happens.

Bob DuCharme writes here about his School experience. His track looked really great — I wish it weren’t opposite mine. But I did have a great time hanging out with Bob, Priscilla Walmsley, Jeni Tennison, and everyone else in the off-hours. As Bob describes, we squeezed in a singing-and-playing session outside the college bar, where I tried out my new roll-up piano for the first time. All in all, the keyboard…doesn’t entirely suck. Marc Hadley managed to capture a picture of the scene, along with some stunning Oxfordscapes (he’s a real photographer, unlike me).

At the Trends and Transients session, we added something new: all the track chairs had a chance to opine (rant?) briefly. Peter Flynn and Sean McGrath went back and forth on microformats; there was a great moment when Sean insisted, almost tenderly, that “Microformats are beautiful.” Peter shot back some advice on avoiding Tag Abuse, and advocated joining his SDATA club.

I got cute with the concept and spent my five minutes on Tr*: two Tropes, three Trends, two Transients, and a Transparent for the web services area. I think it was when I mentioned “architectures” as a Trope that Paul Downey (who took some wonderful photos himself) commented (slightly paraphrased), “Protocols are really difficult to write. Look at TCP/IP! Giving people ways to create new protocols is like giving children machine guns.” You go, Paul! If by architectures we mean the building of frameworks wherein people constantly have to invent new protocols to use them, I worry for the security of systems based on them.

The Transparent I mentioned was “policy”. Technology is rarely more than 30% of a solution, with governance, policy, legal, and other messy human issues making up the rest, and yet many of us rush to work on the technology because it’s cool and it’s tractable. I’ve seen this done recently by people who really should know better.

I’m insanely biased, of course, but I thought my track rocked. I hope my illustrious speakers don’t take this the wrong way, but I thought we achieved many moments of actual edutainment. A few highlights:

• Sean made a compelling argument for temporal decoupling in service development, meaning asynchrony. If you agree with SPLJ but you accept too much coupling by pointing directly into business logic instead of into message queues/holding areas of some kind, what you’ve got is inherently brittle. Someone followed up on this point, noting that “Asynchronous programming is defensive programming.” Sean also noted that a staged event-driven architecture lets you do better load balancing. (This prompted me to mention something I heard Don Box say some years ago — the older distributed computing technologies tried to treat all the components as equally close together, whereas web services treats them as equally far apart. Perhaps this can’t be achieved without Sean’s approach.)

  As part of this, he observed that mashups are great for information integration, but don’t seem to be so good for application integration. The transactions being done are all simply idempotent (Paul Downey preferred to say merely “safe”) GETs, and yet the results are powerful. I wonder what the next huge enterprise SOA would look like if it strove for SPLJ in this fashion…

• Robin Wilton, in discussing the notions of reputation vs. identity, pointed out that privacy features of a system can prevent your ability to make a determination that two digital identities correlate to the same person, which can mess up reputation systems.

• John Kemp noted that “The web of services is not just a web of servers”, on his way to demonstrating, live, how a mobile client device (Nokia, natch) could host an attribute service about you.

• Paul Madsen‘s talk managed to flow seamlessly from beer, to identity services, to “plumber’s crack”. :-)

Finally, here’s a portrait of Bill Clinton that hangs in the Rhodes House, taken at one of the evening events. If you want to get a closer look at Bill Clinton and what are apparently his favorite objects, go ahead, click…you know you want to.

Unleash your inner rock diva

Yesterday a magazine came in the mail whose cover had this teaser title. The article was about a rock ‘n’ roll fantasy camp. Coincidentally, Mudcat had a gig last night. Don’t dream it, be it!

(Kaliya was a great sport about my pulling her up on stage for our karaoke caper at Catalyst — I can’t help singing, even in odd circumstances.)

This little rock ‘n’ roll hobby is feeling a lot more substantial these days. Last night was our fourth time playing the Montlake Ale House, and our now-regular audience members (wow, regulars! dare I call them “fans”?) have begun to ask where the CD is. No plans for that at the moment; nor do we have T-shirts, mugs, or holiday ornaments. But a modest website and email list are in the works.

We’re playing again on the 4th of July at a school fundraiser in Seattle. If you’re interested in coming to the gig, drop me a line for more info…

Nothing comes to a sleeper but a dream

In the living-out-a-dream category: Last weekend Mudcat played gig #6, this time a private party in a great location: a chocolate factory that resides in the old Red Hook Brewery in the Fremont neighborhood of Seattle. The atmosphere was so comfortable and welcoming, and the crowd so enthusiastic about our being there, that the experience was transcendent. We were reading each others’ minds about the natural arcs of solos and song endings, and we jammed much like we do in our practice sessions when we think no one else is listening.

We played for beer (and chocolate), but our host surprised us by presenting us with a bit of lucre at the end of the night — along with a lecture about how we should get used to being paid! For me it’s been, um, well, more than two decades since I made money from a gig. I’m tempted to frame it.

(The title of this post is from Lowell Fulson’s Sleeper, a tune we cover in Mudcat and one of our favorites. As it happens, the first — and only — band I ever made an actual living from was called Sleeper.)

Next gig: Saturday, June 24, 9pm, at the Montlake Ale House again. Be there or be square.

Band practice

I just read this great New York Times article on Condoleezza Rice and her amateur chamber music group. I would never claim to have the same dedication or virtuosoisticness, and it’s for sure that our genres are pretty far apart (mine requires playing in pubs rather than living rooms — and we practice in a place called the Groovebox). I’m pretty sure Condi would never say “Sorry, I can’t make that state dinner with the President of Burundi next weekend; I’ve got band practice.” But I understand well the satisfaction that comes from rehearsal sessions and performances.

Though the Schumann went well, Ms. Rice felt that things had become shaky in the exuberant push to the coda. “Can we try the ending again,” she asked, “just for our pride?” So they did, and they played it with more solidity and just as much spirit.

…

Ms. Kim commented on the articulate way Ms. Rice played a series of thick chords. “You’re playing them really short, Condi,” she said. “I hadn’t thought of that,” she added, warming to the idea.

“I like them separated,” Ms. Rice replied. “Not too short, maybe kind of sticky.” Everyone knew what she meant.

The process of tweaking and ultimately nailing a passage feels great, particularly when you’re playing with emotionally (and actually) mature people who can give and take constructive criticism, and who can appreciate and take advantage of each person’s talents and insights. Let me tell you, the maturity is worth as much as the talent.

Our gigs tend to fall a couple of months apart at this point, and in between we try to learn a handful of new tunes and improve the weakest handful of our current tunes. Right now we’re learning, among other pieces, Lonnie Smith’s Love Bowl — big fun. I often joke about practicing keyboards without a license, but since the band keeps picking keyboard-heavy tunes, I’m definitely stretching my abilities. Luckily, a pocketful of blues organ riffs goes a long way…

Paraphrasing Condi, “‘It’s not exactly relaxing if you are struggling to play [Stevie Wonder],’ she explained. ‘But it is transporting.’”

An evening with Mudcat

Yep, we’re starting to make a habit of it. Mudcat (notice the by-now incredibly stable name; that’s our mascot over to the left) is performing once again at the Montlake Ale House, on Saturday, March 25, starting at 9pm.

Speaking of band names, try the jam band name generator if you think it’s time for us to be changing things up, or if you’ve got your own ensemble in search of a handle. Perpetual Love Express? Hmm, sounds good.

We’ve continued to expand our repertoire. On the whole we tend to play blues and funk “deep tracks”; most tunes that ever saw airplay to the point of Top-40-hood are barred from consideration. But occasionally I’m able to sneak one in, and I’m still crowing about the latest addition. I will admit that I resorted to buying a disc from the “Super Hits of the ’70s: Have a Nice Day” series to get a copy of the original. But I won’t tell you the name of the song; you’ll just have to show up and guess which one it is…