Ping Identity > Blogs > PingTalk 

PingTalk Blog

Adjust. Learn. Grow. It's a process well known in Agile software development, and key to ultimate success.

As part of last week's Denver Startup Week, Bill Wood, Ping Identity's vice president of engineering, shared with entrepreneurs and engineering managers from the local startup community how Ping has built a foundation on Agile development for the past 10 years. In those years, Ping has grown from a start-up with one product and a few engineers to a multi-product, 80-person engineering locomotive. And he explained how Agile held everything together and insured the trains ran on time.

Thumbnail image for Bill Wood speaking at Startup Week blog.png

Bill Wood, vice president of engineering at Ping Identity, talked Agile development during Denver Startup Week. Wood, an Agile expert, was just one of more than a hundred speakers featured at the annual event.              Photo: © Cynthia Fagan

Along the way, Wood showed how Ping's corporate values and other traits were aligned with the company's Agile methods and how that contributed to overall success.

"My challenge to you is to understand your [company] values," he said. "They can be effective in how you lead and how you work as an engineer. Know your values."

Last month we experimented with #ID140, an idea to bring together those with an interest in identity to discuss and debate specific topics, trends and news of the day. 

Twitter was the platform, the response was solid and we plan to make this a recurring forum.

Twitter chats are becoming common these days as a way to gather up voices on a specific subject and gauge the temperature of the debate.

The topic of our first 45-minute long #ID140 chat focused on the highlights of 2012 and predictions for 2013. The archive, unfortunately, didn't survive Twitter's housekeeping, but the discussion, I can tell you, was fast and furious with analysts, technologists and end-users contributing.

2012 highlights included the rise of mobile and standards advancements such as ratification of OAuth 2.0 and the emergence of the System for Cross-Domain Identity Management (SCIM). And it was noted that identity and its relelvance for security and access control gained respect outside the traditional circle of believers and advocates. In addition, a rash of password thefts, some which totaled millions in a single haul, hit major retailers such as Apple and Zappos and helped shine a light on fixes identity has to offer.

The predictions for 2013 ranged from authorization advancements, the birth of identity developers, privacy by design, enterprise OpenIDP providers, the proliferation of RESTful services, the sorry fate of passwords, digital death, and whether or another company, product or trend will be the major disruptor in identity this year.

The next #ID140 Twitter chat will take place Wednesday, Jan. 30. I invite you to join in the discussion and to keep a spot open on your calendar each month to talk identity.

In July, noted identity expert Bob Blakley called the National Strategy for Trusted Identities in Cyberspace (NSTIC) an historic opportunity to re-define identity and access management.

Last week, NSTIC fueled the opportunity by funding with $9 million five organizations (out of 186) that proposed pilot programs.

One of those selected was Criterion Systems, whose pilot proposal for an attribute exchange network (AXN) included a number of supporting organizations and companies including Ping Identity.

Team Criterion plans eight pilots for its program over the next two years that will address creation of the AXN, which ties together identity providers, relying parties and attribute providers into a federation that can more accurately validate an end-user's identity using selected data such as age, address, or mobile phone number aggregated from a number of trusted attribute providers.

The pilot services goals include replacing passwords, allowing individuals to prove online they are who they claim to be, and enhanced privacy.

Funded with nearly $4 million, the pilots involve retail, financial services, healthcare, and government entities. (Note: $1.97 million of the grant has been awarded; the other half hinges of Congressional budget approval in fiscal 2013).

It's a pilot for sure, but not a pie in the sky.

The groundwork was put down last year when ID Dataweb participated in creation of an attribute exchange infrastructure for a project called Street Identity.

San Diego - Nearly 75% of companies deploying an emerging, standardized provisioning protocol are doing so to link internal systems, according to a company that helped write the specification and was first to support it.

Directory provider UnboundID in January rolled out an implementation of the Simple Cloud Identity Management protocol (SCIM; now known as System for Cross-Domain Identity Management at the IETF) and three-quarters of those that have adopted it are provisioning users across their internal mix of platforms.

Another 25% are using it for what the SCIM creators envisioned; enterprises avoiding the headache of writing another connector. Those companies are linking to software-as-a-service providers via SCIM to provision users to cloud services, namely

'We turned a protocol and schema problem into a mapping problem, which is easier to solve. I map my SCIM thing to my LDAP thing," said Trey Drake, an architect for Unbound ID and an editor of the SCIM specification.

He appeared last week as part of a roundtable hosted by Gartner analyst Mark Diodati at the Catalyst Conference. Others on the panel were SCIM specification contributors Patrick Harding, CTO of Ping Identity, and Darran Rolls, enterprise security specialist at SailPoint.

Catalyst 2012

We've establish a tradition, and a bit of a reputation, at the Gartner (Burton Group) Catalyst Conference and we want you to help us continue it. So after you're done with conference sessions, demo pods, lunch, panels and hospitality suites...


Interested in playing it?

Today starts your chance. The group that will try to build the pieces, standards and policies of an infrastructure that could put passwords on a shelf in the Computer History Museum is holding its historic first meeting.

The Internet Ecosystem Steering Group for the National Strategy for Trusted Identities in Cyberspace (NSTIC) is convening in Chicago (and online) and the opening line of its Workplan Outline is simple:

"Imagine if you could arrive at a website already holding a secure credential for authentication - eliminating the need to create yet another username and password."

The goal - eliminate the word "imagine." But the process for doing so is difficult.

The considerations include privacy, security, interoperability, accountability, liability and how to build that into digital infrastructure.

The work begins in the context of hundreds of millions of passwords stolen online in the past seven months from A(pple) to Z(appos).

I hope you enjoy reading my weekly digest of Internet lore, This Week in Identity. In case you're interested in how this comes together, let me share my secrets with you.

This Week in Identity is a condensed version of a longer form weekly internal newsletter, Ping Identity & the World. I edit out a few things that are for internal consumption only so I can stil have a job tomorrow, but the rest comes to you. When I was hired two years ago, I was given the internal newsletters as one of my jobs. After a while, Andre suggested that I put out a public version, and now you have it.

This curation falls out of another part of my job, monitoring social media and the Internet for mentions of Ping - both good and bad. (Yes, Virginia, even Ping, with our vaunted customer service, manages to make people crabby sometimes.).  I have a collection of Google Alerts, Twitter searches, and over 200 RSS feeds I follow. In May, for example, I reviewed 8,300+ pages from Google, 15,000+ tweets and 2,400+ blog entries. Whew! By the way I am @TooTallSid on Twitter if you feel so inclined.

If you want to drink from the firehose, you can easily set up your own Google Alerts. I happen to use Salesforce for Twitter for my Twitter searches, but HootSuite is a good tool. I'm old-school and use Google Reader for blogs. The iPad Web version works great. Reader works well with enterprise Google Apps. I just sign into our corporate CloudDesktop and then I can SSO into Reader.

I started doing curation back in the '80s when I worked on a microcomputer development team. Then it was easy. I just subscribed to EE Times, ComputerWorld and Network World. I even read all the ads, for information. I keyed a summary page into MS Word, printed it out, stapled it to the front of the issue and then circulated it around the office. My, how times have changed!

Let me give a shout-out to a great source of curation, Pat Patterson's Planet Identity. If you want a short, sweet, comprehensive listing of just the identity news, this is the source for you.

The user-centric identity gang is all here.

Next week, it’s the 14th edition of the Internet Identity Workshop – now just called IIW – a collection of technologists, developers and dwellers from the identity weeds who grow ID from the ground up. This isn’t an end-user conference with a tchotchke prize list. What gets hashed out here is likely to end up in your enterprise products, your cloud services or your mobile devices.

This year, the conference kicks off with a backdrop of mounting privacy concerns across both government and privacy groups, the proliferation of devices, the emerging API economy, the deterioration of the password and the almost-completion of both OAuth 2.0 and OpenID Connect.

As always, the agenda gets created in real-time, but some of the emerging popular topic choices, as listed on the IIW website, include the two protocols mentioned in the last paragraph, the National Strategy for Trusted Identities in Cyberspace, trust, trust frameworks, personal data stores and emerging cloud identity work such as the Simple Cloud Identity Management spec.

All of these will go through the discussion mill.

OpenID Connect, one of the more important emerging identity protocols, is nearing completion and is poised to be battle tested in 2012.

As those milestones approach, the OpenID Foundation, which is developing the spec, will kickoff this Monday ( Jan. 9) its annual election for community board members.

Experts are predicting that OpenID Connect and protocols such as OAuth 2.0, which is the foundation for OpenID Connect, will make a big impact this year on the identity landscape. 

The two provide glue for creating a distributed identity network in the cloud. OpenID helps define how two parties can use OAuth2.0 to communicate about identity. In addition, they both figure prominently in the development of the National Strategy for Trusted Identities in Cyberspace (NSTIC). (Go here for a graphical representation of the spec and to read more about its technical side ).

Now might be the time to get involved and have a say. Perhaps not as a board member, but as an active participant or interested corporate executive or identity architect. Only OpenID Foundation members can vote, but there is still time to join.

Up for grabs are two seats on the community board. Each is a two-year appointment. There are five returning corporate board members (disclosure: including Ping Identity).

Here is the election schedule:
Nominations open: Monday, Jan. 9
Nominations close: Monday, Jan. 23
Election begins: Wed., Jan. 25
Election ends: Wed., Feb. 8
Results announced by: Wed., Feb. 15
New board terms start: Thurs., March 1

Times for all dates are Noon, U.S. Pacific Time.

Ping Identity has a culture of valuing people and community. One of the examples of this is that every employee is encouraged to take a day of paid time-off and volunteer for one of their favorite charities.

I took a day this week and worked for Food Bank for the Heartland, the local regional food bank. Food Bank for the Heartland accepts donations of food and then redistributes them to other agencies such as churches and neighborhood non-profits for distribution to hungry people.

Casing up food

My day as a volunteer saw me spending the morning working with Food Bank for the Heartland volunteer, Scotty Williams, sorting donated cardboard boxes by size. We worked through five tall pallete loads, nearly 2½ tons of cardboard.

Nicole Schlueter and Laurie Mac. HP

Then in the afternoon, I learned why so many boxes. I packed cans of food into cases, 20 or 25 pounds per box, sealed them up and then stacked them on pallets.

I was assisted by a team from a local Hewlett-Packard office who volunteer a half a day a month to local charities. By the end of the afternoon, we had packed over 160 boxes with tuna, green beans, and juice. Whew!

As I was packing the cases, I realized that the can of food in my hand, such an inexpensive object, was going to make the difference whether someone in the Omaha area, probably a kid, was going to go hungry or not. A very sobering, very meaningfull moment. A small thing for me was literally going to be life or death for someone else. I made a pledge to myself to go back and volunteer regularly for the Food Bank.

Today I asked how some other Ping Identians spent their volunteer day this year. Let me share a couple of stories with you.

Jennifer Dragstedt, a Marketing Specialist, among all her other amazing talents is a registered nurse. She volunteered through the Cary Church of God, Cary, NC. With a team of other medical professionals, she went to Ecudor and spent a week providing basic medical services to a village.

Jennifer and patientsVillage home

The entire Marketing deparment decided to work together and spend a day volunteering at Volunteers of America, Colorado. They worked at The Mission, a food bank/soup kitchen/day shelter, where they packed food bags and cleaned and stocked the store room.

The volunteers from Marketing


Additionally, they adopted two families for Christmas through Volunteers of America. Julie Smith, director of product marketing, delivered the car full of gifts this week.

Gifts for the two families


Working for a company that supports our employees in being good citizens and full human beings means a lot to me and my coworkers. We are given an opportunity to be more than numbers in an HR database, to share the passion we have with our communities, too. It feels great!

Food Bank for the Heartland

Food Bank of the Heartland

         Volunteers of America - Colorado Branch     

Volunteers of America - Colorado Branch


   Cary Church of God

Cary Church of God