Personal RFP Model and Information Sharing Report

The Kantara Information Sharing group, led by the intrepid Joe Andrieu and Iain Henderson, has been doing a ton of work to make the business justifications for Vendor Relationship Management scenarios concrete and and the use cases actionable.

The group has two documents out for review, and seeks your input. (I’m really tardy blogging this; comments are due tomorrow, but I’m sure they’d be welcome even coming in a little late…) See Joe’s writeup for document […]
Read more

Identity tweetup at OASIS conference next week

Ian Glazer and I were planning a get-together next week at the OASIS Identity Management conference in D.C., and he suggested we make it a tweetup (bona fides established here). So if you’re in town because of the conference, or just…around, join us at Buffalo Billiards next Monday at 6ish.

The agenda looks solid, and since it’s arranged in a single track, should get some intensity going. I’m looking forward to participating in the privacy/identity/cloud computing Read more

Making identity portable in the cloud

Yesterday I had the opportunity to contribute to BrightTALK’s day-long Cloud Security Summit with a webcast called Making Identity Portable in the Cloud.

Some 30 live attendees were very patient with my Internet connection problems, meaning that the slides (large PDF) didn’t advance when they were supposed to and I couldn’t answer questions live. However the good folks at BrightTALK fixed up the recording to match the slides to the audio, and I thought I’d offer thoughts […]
Read more

A privacy fear factor Venn

The excellent Wall Street Journal online privacy series got me thinking of a new Venn of human-to-application interaction, sort of an evil twin of this one.

Intersection A ∩ C ∩ U might be a video that starts playing the moment you visit a site with sound you can’t turn off … showing you a marketing message that seems eerily connected to your ongoing search for a new car … when you realize the video is of […]
Read more

Where web and enterprise meet on user-managed access

Phil Hunt shared some musings on OAuth and UMA recently. His perspective is valuable, as always. He even coined a neat phrase to capture a key value of UMA’s authorization manager (AM) role: it’s a user-centric consent server. Here are a couple of thoughts back.

In the enterprise, an externalized policy decision point represents classic access management architecture, but in today’s Web it’s foreign. UMA combines both worlds with the trick of letting Alice craft her own access authorization […]
Read more

SMART UMA application: call for testers

The SMART project (Student-Managed Access to Online Resources) at Newcastle University has issued a call for user experience testers for the smartam component of the UMA-based applications they have been building. Participation should take less than a half-hour; if you’re interested, check out the flyer for instructions. To keep up with general news on the project (there’s lots), follow the SMART JISC blog.

This is an exciting milestone in UMA development. Congratulations to the SMART team! […]
Read more

Tofu, online trust, and spiritual wisdom

At the European Identity Conference a little while back, Andre Durand gave a downright spiritual keynote on Identity in the Cloud. His advice for dealing with the angst of moving highly sensitive identity information into the cloud? Ancient Buddhist wisdom.

All experiences are marked by suffering, disharmony, and frustration.

Suffering and frustration come from desire and clinging.

To achieve an end to disharmony, stop clinging.

(I can’t wait to hear his pearls of wisdom at the Cloud Identity […]
Read more

OpenID and OAuth: As the URL Turns

In Phil Windley’s initial IIW wrap-up, he alluded to the soap-opera nature of the OpenID wrangling that went on last week. It’s an apt description.

In the spirit of real ones:

Margo wanted Parker to get an attorney before making a confession but he insisted on telling the truth anyway. Margo quickly called Jack with the latest development so he and Carly rushed to the station. Jack ordered his son to keep quiet but Parker said he was

 […]
Read more

Comparing OAuth and UMA

The last few weeks have been fertile for the Kantara User-Managed Access work. First we ran a half-day UMA workshop (slides, liveblog) at EIC that included a presentation by Maciej Machulak of Newcastle University on his SMART project implementation; the workshop inspired Christian Scholz to develop a whole new UMA prototype the very same day. (And they have been busy bees since; you can find more info here.)

Then, this past week at IIW […]
Read more

Data portability and wagon-circling

One of the breakout tracks at EIC last week was Cloud Platforms and Data Portability. Dave Kearns had asked me to speak for a few minutes on the subject of social data portability before joining Drummond and Christian for a panel discussion.

I brainstormed a bit and suggested that I could comment on the notion of data statelessness, and the continuum of individuals’ data portability on the web. That somehow turned into a boldface uppercase talk called […]
Read more