by "Steamboat", Summer 1974. The CoEvolution QuarterlyRecently, John Shewchuk and Kim Cameron from Microsoft introduced Microsoft’s strategy on identity with a cloud identity service called Windows Azure Active Directory. I included John and Kim’s writing in a blog post last week. KuppingerCole published on YouTube the video recording of Kim’s presentation at the European Identity and Cloud Conference 2012. In this presentation, Kim goes deeper into how he sees identity must inevitably work. My colleague John Fontana summaries all this in a blog entry and this provokes Kim to respond.

  • Kim Cameron: Conflicting Visions of Cloud Identity
    [This is the video of the 20 minute presentation Kim gave at EICC 2012, where he lays out his rationale for how cloud identity has to work.]
  • John Fontana: Microsoft unveils AD Azure strategy, ID management reset
    “The software giant begins talking publicly about Windows Azure Active Directory service and its strategy to use it as the foundation for its Identity Management as a Service strategy.”
  • Kim Cameron: Is an inevitability a strategy?
    “John Fontana of ZDNet has written a pretty high octane report on the blog posts John Shewchuk and I published last week. The article starts with a summary: [See above.] That’s an interesting take on things.  But is “Identity Management as a Service” actually a strategy?  I wonder. In my thinking it is an inevitability. In other words, IDMAAS is the world we will end up in rather than the means of getting there.”

[The drawing on the right is by Steamboat, from the Summer, 1974, issue of The CoEvolution Quarterly.]

There were several other items of interest to the identity community this week:


  • Your parents pick better passwords than you do
    “Computer users over the age of 55 employ passwords that are twice as secure as passwords used by those under 25 years old. A recent study conducted by Joseph Bonneau, a computer scientist at the University of Cambridge, analyzed almost 70 million passwords belonging to Yahoo users around the world.”
  • FTC Chairman Leibowitz: More Privacy Could Actually Bring Bigger Revenues For Web Giants
    “It’s not just regulatory agencies who are welcoming of some increased privacy policies on the web, Leibowitz added. Even profit-minded executives have expressed support for “Do Not Track,” according to him. “I’ve heard from chief captains of the tech industry and CEOs that this is a good thing for this industry, because there is a virtuous cycle here,” he said. “The more control consumers have over the internet, the more they trust it and the more commerce they do…. this is good for business.””
  • Make app privacy as simple as a cereal box, FTC chairman says
    “Privacy policies on apps ought to be as simple as a box of cereal, according to Leibowitz, who was speaking about protecting consumers at the 10th annual All Things D conference in Rancho Palos Verdes, Calif. "They have to be like a nutrition guide on the side of a cereal box," he said, according to CNET.”
  • Top Internet Trends for 2012 According to VC Firm Kleiner Perkins Caufield Byers
    “Mary Meeker, a partner at venture firm Kleiner Perkins Caufield Byers, has released a great report this morning at the All Things Digital conference. The report outlines some of the hot trends affecting the Internet.”
    [Her slides are embedded. The section toward the middle has slides with titles starting with “Reimagination of” which contain the names of all the coolest apps and sites.]
  • Brad Tumy: To Federate or not to Federate
    “While discussing this with another engineer on the project he mentioned that this really opened the door for tightly integrating with a lot of their existing partners. I said that while this is great I would prefer to federate with these partners and not have to deal with managing the extra infrastructure components as well has having to manage several trusted certificates provided by the partners (with intermediate certificates there were about 6 just for this partner alone … I am trying to picture how that scales for each new partner). “
  • Nishant Kaushik: Identity Management Doesn’t Make The Cloud Complex. It Makes it Real.
    “What does it take to wake me from my blogging slumber? I guess it takes someone bashing Identity Management as a security technology that is deployed just for the sake of it. In an article today on InfoWorld entitled ‘Killing the cloud with complexity‘, David Linthicum classifies Identity Management as a “trendy”, “newer” and “more expensive” security model in cloud deployments for which “there really is no requirement”. In his view, it just adds to the complexity of the deployment, helping to kill it. Makes your head spins, no?”
  • Dave Kearns: Dissing Identity
    “I don't know Infoworld's David Linthicum (he writes about Cloud Computing), never met him and - I don't think - I've ever read anything he's written. Odds are I won't read any of his stuff in the future, either.”
  • pii 2012: Building a Trusted Identity Ecosystem
    “• Moderator: Don Thibeau, Executive Director, OpenID Foundation and Chairman, OIX
    • Joe Andrieu, Founder and CEO, Switchbook
    • Joni Brennan, Executive Director, Kantara Initiative
    • Jim Fenton, Chief Security Scientist, OneID
    • Naomi Lefkovitz, Senior Privacy Advisor, NIST
    Recorded at pii2012 - Privacy Identity Innovation, May 15, 2012”
  • See presentations and videos from Kantara Summit and Workshop in Munich, April 2012
    [Links to slides for 14 sessions from the two events.]
  • Jennifer Cobb: The Promise of the Personal Cloud
    “ I find myself agreeing with Jon Udell who writes in Wired, “I see signs of the personal cloud in services like Dropbox, Evernote, and Flickr. You can use them for free, or you can pay for higher capacity and enhanced customer service. But the personal cloud also arises from a way of thinking about, and using, any of the services the web provides.””
  • How a trio of hackers brought Google's reCAPTCHA to its knees
    “Hackers exploit weaknesses in Google's bot-detection system with 99% accuracy”
  • John Fontana: Brian Campbell: The simple joy of understanding OAuth
    “Every time I think I am finally getting a firm grip on the ins and outs of OAuth along comes something else that I have to add to the puzzle. But last week, I came across one of the best layouts of the OAuth foundation from the ground up.”
  • Brian Katz: BYOD required for retention? Bollocks!!!
    “If you want to drive higher employee retention no matter whether they are millennials or any other group, learn to leave the legacy thinking behind and build a strategy that enables your employees to work anytime, anywhere with the information they need to get their job done. In the end, it leads to them being more productive which means that as a company you should become more profitable. A win-win if I ever saw one.”
  • John Fontana: Cloud provisioning spec step closer to IETF working group
    “A proposal to create a new standard for provisioning users to cloud services is making its way along the standards track and is soon to be the focus for a new IETF working group.”
  • Dave Winer: We *can* do better than Facebook
    “Google's problem is they used Facebook as their guide to upgrading their view of what the Internet is. And that led them away from their strength, and into what I think is a dead-end. Much as Microsoft was led into a dead-end by the web in the 1990s. The problem with Facebook's approach is more than it has centralized all access to user's data, which they have. They've also centralized the flow of new ideas to the Internet. If you buy the idea that Facebook is the Internet, which is of course the problem for Facebook. Because no matter how big they get, they're still just part of the Internet. All the devices people use to access Facebook can access other parts of the Internet. So if something more exciting comes along, people can get there. “



  • Canadian Access Federation Workshop
    “In support of the Canadian Access Federation service, CANARIE invites you to attend a free training workshop on Shibboleth. The workshop will be co-located with CANHEIT 2012, and will be held on Wednesday June 13 and Thursday June 14, immediately following CANHEIT.”
  • Registration Open for Shibboleth Install Workshops - July 16-17 - Baltimore
    “Register now for the Shibboleth Workshop Series, July 16-17, 2012, at the campus of UMBC (University of Maryland Baltimore County) in Baltimore, Maryland. (Our next workshops are tentatively set for Gainesville, Florida, on Oct. 22-23.) Attendance is limited to 44 for each day. Registration will close when capacity is reached or one week prior to the workshop dates. Consider attending one or both:
    • Shibboleth Identity Provider Workshop on July 16, 2012
    • Shibboleth Service Provider Workshop on July 17, 2012


  • The API-ificiation of software – and LEGOs
    “Today everything has an API. Facebook has hundreds of APIs across such social areas as friends, photos, likes and events. Google has thousands of APIs across search/AdWords, Web analytics, YouTube, maps, email and many more. Amazon has APIs that cover the spectrum from Alexa Web traffic rankings to e-commerce product and pricing information and even the ability to start and stop individual machines. I spent a decade architecting and building component and services based software, and another decade after that evaluating and investing in infrastructure software, I believe this mobile and cloud influenced wave of RESTful service-oriented software may finally live up to its initial promise.”

Valuable Identity

  • NSTIC Relying Party Event
    “A Storify by Ian Glazer: A collection of tweets from and about the NSTIC event at the White House”
  • Anil John: FICAM Trust Framework Solutions - A Primer
    “It is in the government's best interest to not re-invent the wheel and leverage Industry resources whenever possible. To support E-Government activities, FICAM aims to leverage industry-based credentials that citizens already have for other purposes. At the same time, the government has specific Privacy and Security requirements that need to be satisfied in order for a government relying party to trust a credential that has been issued by an entity other than the U.S. Federal Government.”
  • Anil John: How to Verify Citizen Identity Easily and Effectively
    “One of the reasons for trying to articulate this is that I have found myself recently in multiple settings discussing protocol flows and privacy preserving crypto. But at the end of the discussion, I often feel as though we have not asked ourselves some foundational questions regarding choices made in identity proofing and credential issuance. This in turn has resulted in a lack of clarity around the downstream impact of those choices on privacy, security and flexibility. So here goes...”
  • FiXS: Identity Management
    [Slides from GMU C4I Center - AFCEA Symposium on May 23, 2012.]
  • IEEE Spectrum - A Special Report On The Future of Money
    “IEEE Spectrum has published a special report on The Future of Money, taking a look at the history of money and how "mobile, encryption, and other technologies let us plug directly into the digital economy." Over a dozen articles in total. Nicely done.”


* Required Fields