You are cordially required

…to check out the new Gluecon conference to be held in Colorado in late May. Early-bird registration closes this Friday — use code spkr12 for an extra 10% off.

It’s all about “the new technologies that are forming around web applications in a post-cloud world”. Since I’m on record as predicting we’re going to see more consumerization of IT rather than more ITization of consumers (cracking myself up here), this theme definitely appeals. I will be there to discuss […]
Read more

You are cordially invited

…to submit papers to the Context Awareness and Trust 2010 and ACM Digital Identity Management workshops. (I serve on the program committees of both.)

Time is short for EuroCAT! The paper submission deadline is March 30, and the workshop itself will be held in late August in Nice, France. Mmm…nice.

You have more time for ACM DIM; the paper deadline is June 28, with the workshop taking place in early October, colocated with CCS in Chicago.

Put […]
Read more

The Pushmi-pullyu problem of assurance

In the absence of any other controls, relying parties for identity info would like to be handed as much user data as they can get. It can’t hurt to have a little extra, right? But as we pointed out in the UMA webinar a few weeks ago, when web apps think they’ve gotten something valuable out of us, sometimes they’re just mistaken. When a site wants too much info and makes us give it to them in a self-asserted […]
Read more

UMA learns how to simplify, simplify

It seems like a good time to review where we’ve been and where we’re going in the process of building User-Managed Access (UMA).

The introduction to our draft protocol spec reads:

The User-Managed Access (UMA) 1.0 core protocol provides a method for users to control access to their protected resources, residing on any number of host sites, through an authorization manager that makes access decisions based on user policy.

For example, a web user (authorizing user) can authorize

 […]
Read more

The Economist and “ecto gammat”

Remember in The Fifth Element when Leeloo threatens to shoot Korben Dallas for stealing a kiss, saying “ecto gammat”? Turns out it means “never without my permission”. A good rallying cry for personal data sharing in today’s world!

The Economist has a thoughtful article called The Data Deluge on the benefits, and the privacy risks, of making better use of the torrent of data (it mostly focuses on, but doesn’t ever say, “personal” data) being generated in all […]
Read more

Digital shadow cruft

Robin Wilton’s post on Google Buzz hits the nail(s) right on the head(s). The benefits of social networking center on human-to-human connectedness and collaboration, but the entire “social networking” construct obscures the fact that it’s really human-to-application-to-human. In revealing information that its users never authorized nor expected to be revealed, Google has created digital shadow cruft.

Low-hanging fructose

Simon Phipps often feeds me tidbits — intellectual rather than gustatory — having to do with nutrition. Recently he recommended I watch a lecture by Dr. Robert Lustig of UCSF in August of last year, called Sugar: The Bitter Truth.

This lecture is really better described as a call to action with biochemistry diagrams. Lustig argues that fructose is an evil that’s been behind the rise in obesity and metabolic syndrome of the last few decades; that soda, […]
Read more

Experiences not to miss

Experiences not to miss:

• Helping the Concordia group understand your needs for confidence in outsourced identity data and your business and technical drivers for authorization, to inform future harmonization work in these areas — the surveys should take you only a few minutes

• Joining the User-Managed Access webinar on January 29 to learn about UMA benefits, progress to date, and next steps — register early, as there’s an attendance limit

 […]
Read more

How to rest assured

Everybody’s talking about identity assurance these days, meaning, generically, the confidence a relying party needs to have in the identity information it’s getting about someone so that it can manage its risk exposure.

A lot of the conversation to date has revolved around NIST Special Publication 800-63 (newer draft version here) and its global cousins, which boil down assurance into four levels — hence all the loose talk of LOA (for “level of assurance” or sometimes AL for […]
Read more

Fifth blogiversary

Mele Kalikimaka me ka Hau’oli Makahiki Hou!

While it’s true that Twitter has absorbed some of my blogging rays, I do have a post-of-substance in the works that I hope to share with you before the year is out. But I didn’t want to let this occasion* pass without a thank-you to my readers here on xmlgrrl.com (also known as carbgrrl.com and vennofidentity.org).

So, here goes: Mahalo nui loa!

*Hey, maybe this is another opportunity for […]
Read more