a good thing!
This Week in Identity - IDPs that are profitable
Andrew Nash, CTO of Trulioo, and a Google and PayPal identity alumnus, gets at the heart of why Internet-scale identity is pretty much stuck with only Facebook Connect. He offers some ideas about several ways to make it work for other large consumer IDPs like banks:
Andrew Nash: "Meeting an Immovable Object" - The Economics of Consumer Identity Providers
"In many parts of the world, governments have been trying to engage industry IDPs to provide consumer identities to support government & citizen service requirements. In cases such as the US FICAM these results have at best been marginal. [1]"
Additionally, Stephen Wilson, John Fontana, and Anil John have articles about related topics. Â Read those and more below:
General
Stephen Wilson: The devil is in the legals
"And it's the same with federated identity. Accepting another bank's identification of an individual is something that cannot be done casually. Regardless of the common sense embodied in federated identity, the banks' lawyers are saying to all institutions, sure, we know you're all putting customers through the same identity proofing protocols, but unless there is a contract in place, you must not rely on another bank's process; you have to do it yourself."
John Fontana: DMV driving Virginia's next-gen identity system
"The Commonwealth may well be proving that a national effort to build an identity layer for the internet has the tools it needs to meet the challenge."
Anil John: Will Consumer IdPs Become the Maginot Line of Federated Identity?
"I've recently been thinking about risk management and compensating controls as it applies to the delivery of online services that require higher assurances of identity. One item that regularly comes up in this area is the existence of entities that are conducting sensitive (financial or otherwise) transactions using nothing more than a userid and password. Their ability to do so is attributed to the downstream (from the authentication event) analytics and compensating controls that they have implemented. The questions being asked are "Can the assertion of identity from these entities be treated as having an assurance level greater than what can be attributed solely to the token that they are using (userid/password at LOA1)?" or "Should the granularity of the LOA levels themselves be changed to accommodate these additional capabilities that are being used?""
Mike Schwartz: OpenID Connect Lesson of the Day: Discovery & Transient ID's
"Could the user simply enter "@host" instead? It's not a valid address, but for discovery, it could be sufficient. Perhaps this would facilitate the return of a non-correlatable (transient...) identifier by the OP to the RP, which could help protect the privacy of the person."
Ian Glazer: Representation over Storage: Responding to "Killing IAM"
"I put my 18 minute ramble/rant on Killing IAM out on the blog a few weeks back, and I have to say, I have been blown away by the response. Besides all the comments on the blog itself, I've had multiple people take me aside to discuss some of the implications of killing IAM off so that it can be reborn. And I have to give Michel Prompt at Radiant Logic a special call-out for not one, but two, blog posts in response to what I said."
Phil Windley: Build the World You Want to Live In
"I gave a talk and then was on a panel at the Silicon Valley edition of the New Digital Economies conference on Wednesday. During the panel, I gave this challenge to the audience: you have an ethical responsibility to build the world you want to live in."
John Fontana: Password's rotten core not complexity but reuse
"SANS Institute's list of the top 7 human risks in computing includes phishing, passwords, and devices."
Gunnar Peterson: Your Password Is The Crappiest Identity Your Kid Will Ever See
"Ever watch an episode of 'Mad Men' and see everyone smoking? Some kid in 2045 will look at their parent and ask, did you really have to enter a password that many times?"
Ben Adida: Users don't like social login
"In particular, we think login should be personal and minimal first, social later. We're not the only ones who think so, as TechCrunch reported:"
APIs
Craig Burton: The Façade Proxy
"A Façade is an object that provides simple access to complex - or external - functionality. It might be used to group together several methods into a single one, to abstract a very complex method into several simple calls or, more generically, to decouple two pieces of code where there's a strong dependency of one over the other."
Cloud Computing
Jason Bloomberg: The Sound of Water Dripping in the Cloud
"In fact, there are so many different mistakes you can make that will run up your Cloud bill unnecessarily that it's a wonder anybody can save money in the Cloud at all. The most commonly discussed of these mistakes is the problem of zombie instances. If your IT shop doesn't have adequate deprovisioning policies, then people will tend to leave instances running long after they've served their purpose. Over time, people forget why they're still around, and nobody will want to deprovision them on the off chance there's something important on them."
Mark Dixon: #SquareTag Experiment - Take 2
"I have begun to formulate in my mind a blog post or two about personal clouds, based on this experiment. Â Please stay tuned for more"
Mark Dixon: SquareTag Identity Relationship Diagram
"Combining my thoughts about my SquareTag Blogtagging experiment and Identity Relationship Diagrams, I created the following diagram, which illustrates my understanding of how the SquareTag system works:"
Social
Nominations are now open for OpenSocial Community Board Members
"We are pleased to announce that the nominations for the Community Elected Board seat are now Open! The nomination period will run from March 22, 2013 through April 5, 2013. "
Drummond Reed: Please Send Wicked Simple Email
"My day job right now involves developing newer, smarter forms of Internet messaging. But until that's available (stay tuned), we're still stuck with email. After 20 years of averaging a third of every working day doing email, I realized I could save hundreds of hours a year--and collectively we could save hundreds of millions of hours a year--by just writing wicked simple email. Here's how:"
Zynga will no longer require Facebook sign-in on Zynga.com
"Zynga is crossing a bridge in its relationship with Facebook. The social game company will no longer require its users to sign into Facebook before they can play games on Zynga.com."
Mobile
Barb Darrow: Amazon Web Services ramps up mobile development
"A new mobile engineering effort out of Palo Alto, Calif., appears to be all about client-side development, but it's likely that AWS will get into the Mobile Backend as a Service (MBaaS) market too."
Ericka Chickowski: When Active Directory And LDAP Aren't Enough
"Scalability, tight coupling with Microsoft infrastructure, and ease of management in the on-premise world all contributed to catapulting Active Directory and the associated LDAP protocol into the centerpiece of today's typical enterprise IAM strategy. However, with new mobile platforms diversifying the operating system ecosystem, SaaS applications proliferating by the day, and hybrid cloud approaches fast becoming de riguer, Active Directory and LDAP are starting to show their limitations."
Big Data
Doc Searls: Surf's down. For now.
"I was talking with @ErikCecil yesterday about the sea change we both detect in people's tolerance for unwanted tracking. They're getting tired of it. So are lawmakers and regulators. (No, not everybody. But not a small percentage. And it's growing.) See here, here, Â here, here, here, here, here, here and here."
Steve Lohr: Big Data Is Opening Doors, but Maybe Too Many
"But the latest leaps in data collection are raising new concern about infringements on privacy -- an issue so crucial that it could trump all others and upset the Big Data bandwagon. Dr. Pentland is a champion of the Big Data vision and believes the future will be a data-driven society. Yet the surveillance possibilities of the technology, he acknowledges, could leave George Orwell in the dust."
Valuable Identity
LinkedIn: Oregon Tax News: Senators press national ID Card's as immigration fix
"Senators Consider National Biometric ID Card. In an attempt to deal with the immigration issue, key senators are considering a bill which would force all workers, citizens and non..."
NSTIC: New Pilots Funding Opportunity: Trusted Online Credentials for Accessing State Government Services
"We're pleased to announce that NIST will soon release a second NSTIC pilot opportunity for 2013, distinctly separate from the initial FFO that just closed. Whereas the first FFO focused on a broad call for pilots from all sorts of private sector stakeholders, this new opportunity is targeted specifically at state governments."
Election #1 Results Announced IDESG At-Large Officers
"On behalf of the Secretariat to the Identity Ecosystem Steering Group (IDESG), I  am pleased to announce the following results for the 2013 Election for At-Large  Officers (Election 1)."
FinCEN Takes Note of Bitcoin, Facebook Credits, and the Rest
"FinCEN's guidance declines to define virtual currencies as legal tender and thus, has no regulatory authority over any schemes, including Bitcoin, Facebook Credits, or others. "
Gregory Ferenstein: Military ID Verification Service, Troop ID, Raises $2.1 Million
"The concept of the business is simple. We noticed that brands were relying on offline channels -- and largely neglecting their digital channels -- to offer active military and veterans commercial discounts, employment opportunities, skill training vouchers, etc," writes Hall to TechCrunch in an email. "When we talked to the marketing and corporate citizenry teams, we discovered that marketers were afraid of fraud and abuse if they offered an exclusive discount via their web and mobile apps -- read a military discount URL getting shared on RetailMeNot or Fat Wallet -- so we developed a Single Sign On that accesses authoritative data stores on the back end so that merchants can offer exclusive discounts, employment opportunties [sic], skill training, etc to service members, veterans, and their immediate family members via their digital channels. "
Events
Identity Woman: Interesting events in 2013
"This is a calendar of events that I know of in 2013 (and beyond). I think they're interesting, I'm currently planning attending all the events in BLACK, I'm helping co-organize all the events with RED headlines. Some events will change from interesting to attending as they approach."
Identity Woman: She's Geeky Seattle: April 26-27
"She's Geeky is a kind of magical event where women geeks of all kinds, gaming geeks, linux geeks, fandom geeks, crafting geeks, beekeeping geeks, drupal geeks, raspberry pi geeks, Arduino geeks, geeks in training, come together and hang out learning from each other."
Dan Whaley: I Annotate: A Workshop
"After two decades of progress in infrastructure and web technologies, we believe the time is finally at hand to realize the widespread annotation of human knowledge. On a recent call a suggestion was made to bring together people building annotation solutions with those that ultimately will use them. The obvious sensibility of that idea led a number of us to approach the Andrew W. Mellon Foundation for funding for a workshop, which they approved several weeks ago. We're calling it I Annotate, and it will be April 10-12, here in San Francisco, at the Fort Mason Center."
Internet Identity Workshop XVI #16 - 2013A
"Phil Windley, Kaliya Hamlin, & Doc Searls
Tuesday, May 7, 2013 at 8:00 AM - Thursday, May 9, 2013 at 4:00 PM (PDT)
Mountain View, CA
European Identity & Cloud Conference 2013
"May 14 - 17, 2013 at the Dolce Ballhaus Forum Unterschleissheim, Munich/Germany,"
Identity Woman: Online Community Unconference "Its BACK!
"May 21st at the Computer History Museum
I am really excited to be working with a super awesome crew of leaders of the Online Community Manager Tribe - or OCTribe. Â We have been considering reviving the event and the pieces have finally come together to do it."
Call For Papers - Open Identity Summit 2013
"September 10th - 11th 2013, Kloster Banz, Germany
Deadline for electronic submissions: May 15th, 2013
The aim of Open Identity Summit 2013 is to link practical experiences and requirements with academic innovations. Focus areas will be Research and Applications in the area of Identity Management and Open Source with a special focus on Cloud Computing."
eID & ePass 5th edition
"National eID & ePassport Conference - the Global Forum on the drivers behind the digitalization of citizen ID documents proudly announce the 5th edition in Berlin - 2013, 28th & 29th of October @Intercontinental Berlin."