Here are some links to things I’ve written or created. This is by no means complete, but I will add items as I remember or come across them.

Topic categories appearing below:


Privacy and Data Usage Control: I submitted a position paper to a W3C workshop on privacy and data usage control held 4-5 Oct 2010. I blogged the paper here. [Permalink to this item.]

Making Identity Portable in the Cloud: I did a webcast as part of the BrightTALK Cloud Security Summit on 9 Sep 2010. The recordings for the entire summit are here. The recording for my session is here, and a (large) PDF of my slides is here; it’s hard to see slide detail in, and impossible to follow embedded links from, the version shown in the recording. I blogged the webcast and Q&A here. [Permalink to this item.]

UMA at Cloud Identity Summit: In and among many presentations on UMA in the spring and summer of 2010, I spoke at the Cloud Identity Summit on 21 July 2010. The slides are something of a “summary pitch” for the UMA concept and current work. [Permalink to this item.]

Venn at EIC: My Venn and the Art of Data Sharing best-practices talk at the European Identity Conference in May 2010 is available in video form. [Permalink to this item.]

UMA Technical Report: Technical Report No. CS-TR-1196 on User-Managed Access to Web Resources was made available on (no joke) 1 Apr 2010, under the auspices of Newcastle University. I served as a coauthor, along with Domenico Catalano (UMA Graphics/UX Editor), lead author Maciej Machulak (UMA Implementation Coordinator), and Aad van Moorsel. [Permalink to this item.]

Open Identity Trust Framework: A white paper proposing an “Open Identity Trust Framework” model for identity assurance was published on 3 March 2010, in association with the launch of the Open Identity Exchange (OIX) trust framework. I served as a coauthor of this paper, along with Tony Nadalin, Drummond Reed, Mary Rundle (our intrepid managing editor), and Don Thibeau. [Permalink to this item.]

UMA webinar: Paul Bryan and I ran a webinar on the User-Managed Access work on 29 January 2010. Materials and recordings are available on the UMA Explained page. [Permalink to this item.]

IETF Journal: I had a minor role in contributing to the IETF Journal article The Kantara Initiative for Online Identity: A One-Year Progress Report (Trent Adams was the primary author). [Permalink to this item.]

Tek-Tips video blogging: I contributed some video blog entries to the Tek-Tips site for IT professionals. The first was on What Identity Issues Should The Enterprise Be Aware of With Public Cloud Computing?. The second was on Cloud Computing Authentication – It’s All About Changing Behaviors. I was also interviewed by Alex Williams at RSA 2009 on the OAuth and the consumerization of IT. [Permalink to this item.]

ProtectServe at IIW8: I convened a very dense transfer-of-information session on ProtectServe at IIW8. Paul Bryan and I presented these slides and a set of protocol flows (Step 0, Step 1, Step 2, Step 3); video is also available. [Permalink to this item.]

Keynote at EIC 2009: I did one of the keynotes at the European Identity Conference held in Munich 5-8 May 2009. The title of my talk was The Care and Feeding of Online Relationships; slides are here. Video is available. Kuppinger-Cole has also published a video interview in which I described the talk. (My blog entry about the event is here.) [Permalink to this item.]

VRM webcast on BrightTALK: I did a webcast on Vendor Relationship Management as part of an identity summit on 2 December 2008. If you have or register for a (free) BrightTALK login, you can view the recording at any time. I intended the slides to look like this (there were a few bobbles in conversion); having them available at full size with working hyperlinks may be a helpful adjunct. [Permalink to this item.]

Identity Forum 2008: I spoke about Project Concordia at a conference in Rotterdam, The Netherlands, on 7 October 2008. My slides give an overview of the work done so far and invite people to join in the fun. [Permalink to this item.]

Gnomedex 8.0: At 2008’s Gnomedex event 22-23 August 2008, I presented my take on Vendor Relationship Management and the issues and opportunities it shares with other disciplines; here are my slides and the video. (Note that hyperlinks for sources and suggested reading are scattered throughout the slides — the borrowed photos, the things that look like URLs, and also random other underlined stuff.) See blog post Venn and the art of data-sharing for more detail on the themes discussed here. [Permalink to this item.]

Burton Catalyst 2008: I spoke in Bob Blakley‘s segment of the “Identity Management: Are We There Yet?” track at the Catalyst conference in San Diego on 25 June 2008, on The Care and Feeding of Online Relationships. I found the title graphic on Flickr. You may also want to visit my series of blog posts related to this presentation and the one below: Everyday identity and human-centered design, Imperatives driving human-centered identity, Practical human-centering and VRM, The care and feeding of online relationships, [Permalink to this item.]

Managing Identity in New Zealand Conference 2008: I gave one of the keynotes on 29 April 2008 at this conference. Here are the slides for my talk, The Design of Everyday Identity (watch out for slight font anomalies in the PDF). Videos of all the conference sessions are available. And as of June 2009 the corresponding proceedings paper is also available ($) in Volume 33, Issue 3 of the 2009 Online Information Review journal. Here are some additional bibliographic links not provided in the slides themselves (I quoted some of the books below, and referred to the other sources, during the talk):

[Permalink to this item.]

IEEE Security and Privacy magazine, Mar/Apr 2008 issue: Drummond Reed and I collaborated on an article for this special digital identity management issue, called The Venn of Identity: Options and Issues in Federated Identity Management. This link goes to a free PDF copy of the article; you can subscribe to the magazine here or see the last page of the article. I wrote a bit more about this special issue of the magazine in this blog post. [Permalink to this item.]

Concordia at OASIS workshop: The OASIS IDTrust Member Section held a workshop in concert with the Burton Group just prior to the Catalyst Europe conference in October 2007, and I spoke on what Project Concordia is doing to help solve multi-protocol problems in identity. My slides and those of other speakers are all available at the workshop link. (This blog entry riffs on my APIs/protocols slide in detail.) [Permalink to this item.]

XML Summer School 2007: I spoke on Federated Identity Technologies on 27 July 1007, in the Web Services and Identity track of the XML Summer School held in Oxford. Additional thoughts on this talk’s “user centricity” analysis are in this post.

Internet Identity Workshop 2007: On the Monday afternoon of the event, held 14-16 May 2007 in Mountain View, CA, I gave a 12-minute spiel on SAML, the Liberty Alliance,, and the Concordia program.

RSA Feb 2007: Brett McDowell and I gave a talk on “Federated Identity: Evolving Past Industry Strife” at the RSA conference in the Industry Experts track. The slides are here.

ID-WSF Basics Jan 2007: I gave a talk on “ID-WSF Basics” at the Liberty 2.0 Workshop held in Redwood City on 22 January 2007. Other talks in the same workshop are available here.

IIWb Dec 2006: My “SAML, Liberty, and Federation” talk from the second 2006 Internet Identity Workshop on 4 December 2006 is here.

SAML Basics Oct 2006: I finally updated my now-famous “SAML Basics” presentation. A version that covers SAML V2.0 is now available in PDF and source forms. [Permalink to this item.]

W3C Web Security Mar 2006: I submitted a position paper to the March 2006 workshop run by W3C on the usability and transparency of web authentication.

OSCMS Feb 2006: Slides from my appearance on an identity panel at the Open Source CMS Summit on 9 February 2006 are available here. (Blogged here.)

Synnovation Jan 2006: An article that Robin Wilton, Pat Patterson, and I co-authored for Vol. 1 Issue 1 of the EDS Agility Alliance’s synnovation magazine, published in January 2006, is here. (Blogged here.)

SAML at XML Jan 2006: A slightly modified version of the slides (and speaker notes) for my XML 2005 conference talk on “Federated Identity Management: An Overview of Standards and Concepts” is here (.pdf), and a copy of the proceedings paper is here (.html). (I changed the location of this on my server, but links to the old location should still work. Also note that the XML 2005 proceedings version of the paper is now available publicly here.) It covers basic SAML V2.0 and Liberty Identity Federation Framework concepts and gives a few SAML-compliant syntax samples.


For a while, I went around giving talks and tutorials on the Universal Business Language (UBL), whose schema design rules subgroup I chaired for a good chunk of its first version. I’m pretty sure that the details of the schema design rules have changed a bit since my involvement ended, but the UBL talk I gave at XML 2002 (slides, paper) is likely still to be useful in understanding where UBL is coming from.


See my page on the book I co-wrote with Jeanne El Andaloussi, Developing SGML DTDs: From Text to Model to Markup.