Perhaps the Wizard of ID should be the official comic strip of Identity Management!

Tags: Identity
Digital Identity
Identity Management
Wizard of ID
Identity Theft

Wednesday’s Non Sequitur
comic reminded me of one of my favorite jokes:

How does a dyslexic, agnostic insomiac spend his time?

He lies awake all night wondering if there is a Dog.

Question: Does God have an Identity?

Tags: Identity
Digital Identity
God
Non Sequitur

Action: "The
causation of change by the exertion of power or a natural process."

Noel Franus’ blog,
"Reward Excellent Failures. Punish Mediocre Success," led
me to Tom Peters‘ presentation,
"Re-imagining Business Excellence in a Disruptive Age."

I’ve long admired Tom Peters’

passion. In my mind’s eye I can imagine him
on stage, leaning forward and raising his voice a bit, maybe waving his arms
as he presented slide #131, challenging the audience to "Lead the Action
Faction!"

This reminded me of two other famous quotes:

"I
never worry about action, only inaction." — Winston
Churchill

"Never
confuse motion with action." — Benjamin
Franklin

We
are here in this world to act, to do, to accomplish, to be agents of positive
change. Our actions largely determine our destiny. Peters, Churchill and Franklin
urge us all to sieze this opportunity. Or, in the simple words of the personal mottor of another of
my heros, Spencer
W. Kimball, "Do It."

Tags:
Action
Change
Tom Peters
Winston Churchill
Benjamin Franklin
Spencer W. Kimball
Noel Franus

No Need to Click Here – I’m just claiming my feed at Feedster feedster:d91cba784963bdf387714ae8ca40f5b0

Trust:
"assured reliance on the character, ability, strength, or truth of
someone or something."

Currency:
"a medium of exchange."

Last Sunday, Sun announced
a project called the Open Media Commons
initiative aimed at creating an open-source, royalty-free digital-rights management
standard. I was intrigued that the header to the Open Media Commons web page
featured the words, "Trust is the currency of the participation
age."

This coincides with a prevalent theme in current Identity Management thought
that trusted Identity Relationships enable interaction
between subjects represented by Digital Identities. In a recent
blog I proposed, "Identity technologies will transform computing into
the next paradigm, the Participation
Age, because trusted Identity Relationships between all types of online
participants will become ubiquitous and highly available."

Considering trust to be currency, or a medium of exchange, captures this concept
nicely. Each day, we use standard currency as a medium of exchange representing
our ability to pay and the government’s ability to stand behind the currency. Such currency is both ubiquitous and highly available.
In each financial transaction, we not only express faith or trust a dollar bill
or credit card as a representation of wealth, but we place trust in the government
that issued the money or the credit card company that issued that card. This
is a good example of a

trusted third party validating or standing behind a transaction.
In the Participation Age, a higher level of on line interpersonal interaction
will be enabled by the digital embodiment of such trust.

So, each time you conduct a transaction on line, think not only of the money
you spend, but think of the trust that acts as a medium of exchange – Currency
of the Participation Age.

p.s. Isn’t it ironic that the designs for US currency and coin include the
words "In God We Trust?"

Tags: Identity
Digital Identity
Identity Management
Trust
Currency
Sun Microsystems
Open Media Commons
Digital Rights Management
Participation Age

Leverage: "Positional
advantage; power to act effectively."

Much has been said about the necessity to secure trusted
business relationships between parties in order to make federated identity
worthwhile. Eric Leach, Sun‘s director of product
management for Federated Identity products,
put a different spin on the subject in a recent presentation I attended. He
stressed that many companies, particularly in the telecom and financial services
industries, see the the emerging federation technology as an enabler to leverage
the trusted business relationships they already have in place. Federated Identies
make it possible for them to offer new products and services in a more efficient
manner.

Tags: Identity
Digital Identity
Identity Management
Sun Microsystems
Federation
Leverage
Eric Leach

The footer attached to Sun Microsystems’ press
releases states, "A singular vision — ‘The Network Is The Computer’
— guides Sun in the development of technologies that power the world’s most
important markets. Sun’s philosophy of sharing innovation and building communities
is at the forefront of the next wave of computing: the Participation Age."

I
met Sara Gates,
Sun’s Vice President of Identity Management for the first time yesterday when she
addressed a group of us Sun folks. She proposed: "We have said ‘the Network
is the Computer.’ We now say ‘Identity is the Network.’"

Quite a bold statement! What in the world does that mean? Should we care?

Here’s my interpretation …

Networking technologies transformed computing from isolated functional
islands into a highly inter-connected information universe, enabling the Information
Age – because both computing and connnectivity became ubiquitous and highly
available.

Identity technologies will transform computing into the next paradigm, the
Participation Age, because trusted Identity Relationships between all types
of online participants will become ubiquitous and highly available. The information
universe will expand to become a highly interconnected universe of trusted relationships
between digital Identities, representing real people, real enterprises, and
real communities, participating actively as never before.

The information age was all about interconnected nodes of computing power and
information. The Participation Age is all about Identity Relationships.

Establishing trusted Identity Relationships among online participants expands
the inherent value of the information universe. As trusted relationships are
established, online commerce, information sharing, community formation and interpersonal
interaction are all accelerated.

Our challenge? Build ubiquity and availability. Identity Relationships must
be more simple to establish, easier to use, more reliable, more sensitive to
personal privacy and much more secure than they are today.

I’ve been around the industry since connecting computers together required
custom hardware and software. I’ve experienced the transformation of computing
into the Information Age – to when my wife and kids miss email and IM more than
they miss television when cable TV fails. It’s great to be a part of the next
transformation – into the Participation Age — where Identity is the Network.

Tags: Identity
Digital Identity
Identity Management
Identity Relationships
Sun Microsystems
Sara Gates
Participation Age

What did you think when you read the title? Miller Genuine Draft? Or, more
correctly, Mark G. Dixon?

I find it quite ironic that a teetotalling Mormon
has the same initials as a famous beer! I still rue the day that I didn’t register
the domain mgd.com.

I just read David Matheson’s post, The
Personal and the Empirical, in which he proposes that "personal information
is empirical information specifically about an individual." He then provides
a brief summary of "six putative knowledge sources" defined by philosophers,
that can be used to determine whether or not information is private.

Based on David’s model, I will claim, through Introspection, that
MGD is my personal information, not Miller Brewing’s!
They may have the website, but the initials are mine!

As further proof, I registered =mgd
as my i-name on Identity Commons.
This time, Mr. Miller, I got there first.

p.s. Any guesses what “G” stands for? (My G, not Miller’s)

Tags:
Identity
Digital Identity
Identity Management
mgd
David Matheson
i-name
Identity Commons
Mormon

This morning I awoke at 5:00 a.m. (Austin, TX time) and posted an entry
on my blog in response to Rohan Pinto’s response
to my blog yesterday.
By the time I arrived at the Sun office at 8:30 a.m., Rohan had already posted
a thoughtful, detailed exploration of how vulnerable the whole authentication
process can be to Identity Theft. I encourage you to read his
post.

Let me share the comments I posted on his blog:

I believe you are absolutely correct that stolen identities can destroy
the whole authentication process. It was a recent article
I referenced in my
blog that got me thinking along this thread:

Your point that some method is necessary to make sure that the device from
which the authentication claim is issued is absolutely valid.

I recently learned from a good friend of mine, Dick
Luebke, about of a startup company in the Portland area, Iovation,
that is tackling this problem:

They claim the heart of their technology is "the Internet’s only
Device Reputation Authority™." I understand this to be sort of
a secure digital fingerprint for a device such as a PC or cell phone.

You may want to check it out.

Rohan is right that multiple steps of authentication are necessary to reduce
the doubt about an Identity claim to an acceptable level. As James Kobielus
stated in the Network World article I referenced above and previously, "… trust
– the foundation of identity-management federation – is in jeopardy if the industry
doesn’t proactively address identity theft on many levels." Perhaps Iovation can help provide the answers.

Tags:
Identity
Digital Identity
Identity Management
Rohan Pinto
Dick Luebke
James Kobielus
Iovation
Identity Theft
Federation

In
response to my blog yesterday, Rohan
Pinto stated that the correct response to an Identity claim should be "who
I think you are." Furthermore, the level of proof necessary to validate
my claim depends upon whether I’m offering something of value to you
or requesting something of value from you. I like that reasoning.

So, first comes my claim – "this is who I am, and this is what I offer
or request." Then comes your question – "who do I think he is, and
what does he want or offer?" Therein lies the big challenge for authentication
(do I believe him?) and authorization (what do I trust him to do?).

While the burden of proof for a claim lies with the subject that makes the
claim, the decision about how deep that proof must be and what transactions
will be authorized lies with the receving subject.

Last night I was with a group of my peer Identarati
from Sun cruising on beautiful Lake
Austin, near Austin, Texas. One
guy mentioned a customer requirement that Sun’s Access
Manager product should grant a user access to a financial application only
on weekdays between 8 a.m. and 5 p.m. and only if he or she had authorization
to deal with transactions over $100,000. (something like that)

In this scenario, the user would assert his claim – presumably user name and
password – and the Access Manager product would need to make the following decisions:

• AIs the claim believable to an acceptable
  level of proof? (authentication)
• Is this person allowed to access this system at all? (authorization)
• Is the current time within the authorized time frame? (authorization)
• Is this person authorized to deal with transactions over $100,000? (authorization)

Claim. Authentication. Authorization. It works for me!

Tags: Identity
Digital Identity
Identity Management
Identarati
RohanPinto
Sun Microsystems
Access Manager
Austin
LakeAustin