In the past few days, I have been exploring the OpenID community a bit. It has become apparent that all OpenID identifiers aren’t equal and many don’t bring a great deal of credibility to the table.

I visited MyOpenID.com and was issued an identifier for Harry Truman: http://harrytruman.openid.com. No validation, no verification of Harry’s real Identity. I just plugged in President Harry Truman’s birthday and home town. I did use my own personal email address, but it wasn’t even validated at the time.

Armed with my new bogus identifier, I marched over to Jyte.com and made a couple of claims: The Buck Stops Here and I Love Bess.

These claims didn’t generate much interest. Both visitors agreed that the buck stopped with Harry, but neither thought Harry loved Bess.

The real point has nothing to how much Harry Truman loved his wife. It just illustrates that with current infrastructure at least, OpenID identifiers lack much market credibility. Neither MyOpenID.com or Sxipper.com knew who I was when they issued me a personal identifier. At least OpenID.Sun.com validated that I held current valid Sun login credentials.

A relying party site would still need to independently validate my email address or my ability to pay for something. Perhaps this makes a good case that identity providers need to be enterprises where users have already established trusting relationships (e.g. banks, credit card companies, telephone service providers). They could actually vouch for commerce worthiness and actual identity.

They would probably even know that Harry Truman has been dead for 34 years

Technorati Tags: Identity,
Digital Identity,
Identity Management,
OpenID

Some more adventures on web sites using OpenID …

Sudokular allows me to play Sudoku on line, which I enjoy much less than on paper. I guess I’m old fashioned.

On Jyte, I can make sane or ridiculous claims to see what others think, and vote on what others say. So far, no one has responded to my claim that “Jyte is a parlor game with virtual friends,” but twelve have agreed and no one disagreed that “Arizona has dry heat, but it has a lot of it.” Fifteen folks disagreed, and no one agreed with my claim that “I was stabbed in the chest with a pitchfork and survived,” which is absolutely true. What do you think?

ClaimID may have more lasting promise. Recommended by John Drinkwater in response to my recent post, ClaimID looks like an interesting place where I can lay claim to various bits of web presence I have established at numerous places in cyberspace.

Technorati Tags: Identity,
Digital Identity,
Jyte,
Sudoku,
OpenID,
MyOpenID

I claimed my very own OpenID identifier at OpenID.sun.com today.

To test my newly minted personal URL, I visited some sites where I didn’t previously have a login account, including ziki.com and peopleaggregator.net, and some sites where I had already established an account, including netscape.com and technorati.com. OpenIDDirectory listed these sites among the many which allowed OpenID authentication.

The first three worked just fine the first time around. I couldn’t find a way to log into Technorati using my OpenID indentifier.

I did find one bug. If I waited too long before logging into a site and then tried to use the service to access another site, I got a message saying that my session had timed out (which is all goodness). But when I returned to the login page and presented my user name and password, I was re-directed to the first site I had visited, rather than the one where I was now trying to log in. Oops! A persistent variable needs to be updated somewhere.

I am not yet aware of a site that really cares that OpenID.sun.com can vouch for the fact that I am a Sun employee. Maybe that will emerge now that the OpenID@Sun is in place.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
OpenID

Sean O’Neil pointed out this interesting (but slightly embarrassing for IBM) tidbit last week:

“Was utilizing the IBM public website to review information about the latest on TAM.

“Middle of the page is a link for “Analyst Report: Gartner’s Magic Quadrant for User Provisioning for 1H06“. After you pass through one screen warning you that the next screen is out of IBM’s control, you go to the Gartner site and see a Magic Quadrant report with IBM clearly in the upper right.

“But here the funny thing – its not the report you think. Its for Magic Quadrant for Security Information and Event Management, 1H06, a category Sun does not have an entry for. If you weren’t paying attention, you would think IBM is the leader in Identity Management.

“If you look at the real Gartner report, you will see IBM up there. Well behind Sun. Oops!

The moral – always take what you learn on the Internet with a grain of salt. Even this blog. 🙂

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
IBM

I agree with Dave Kearns that “the expression (i.e., the “performance”) of what’s termed “intellectual property” is intrinsically part of the expressor’s/performer’s identity and can only be promulgated with their consent.”

The few songs I have created and performed are way, way out in the nether regions of the long tail of the music industry, but I feel strongly that I retain my “original expressor’s right to control the promulgation” of such. Such rights “cannot be abrogated and exists in perpetuity,” as Dave puts it.

Well spoken, Dave.

Technorati Tags: Identity,
Digital Identity,
Identity Management

My dad and my wife often talk about “technostress” when describing their relationship with computers. I feel that way myself, sometimes.

Dave Kearns pointed out a an interesting article by Richard Stacy which proposed that ‘Digital Identity Stress’ and ‘Digital Schizophrenia’ will emerge as recognized medical conditions for those who battle internally over the differences between their “real” selves and personas they have created for themselves in the digital realm.

Perhaps the term “Identity Stress” will become commonplace to describe individuals’ relationship with themselves in the Participation Age.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Identity Stress

Always a pleasure to be included in Mark MacAuley’s circle of Identity friends!

Technorati Tags: Identity,
Digital Identity,
Identity Management

Last night, I listened to and blogged about Leslie Lambert’s podcast about Identity and Information Security. At one point, Leslie was discussing with her hosts the potential disaster of losing a mobile smart phone with its rich collection of Identity information. As the precise time this discussion was proceeding, I was reading Michelle Dennedy’s blog, detailing how she lost her Java smartcard that “serves as both my access to my work facilities and as my workstation access card for my Sun Ray thin client.”

Michelle, Sun’s Chief Privacy Officer, then warns us all of the danger of carrying loads of important data on our laptop computers and smart phones. She strongly admonishes, “If you find that you have lost or have had your device stolen, run– do not walk– to your privacy and security teams. Speed is your best weapon to prevent harm when data goes wandering free. (If you don’t have p & s teams, you really must get started. Switch off that 8 track & get with it already.)”

I do hope the coincidence of receiving advice about losing data from two of Sun’s ranking security officers at the same time is not a portent of bad things to come in my life.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
Michelle Dennedy,
Information Security

In the latest issue of the Sun Identity Insights newsletter, Leslie Lambert,
VP and Chief Information Security Officer, Sun IT, provides an insightful article entitled, “The Growing Importance of Identity to Information Security.” Leslie writes the article from her perspective as CISO, “As chief information security officer for Sun IT, I’m interested in identity largely in terms of its role in keeping Sun’s information assets secure.”

She writes of the transition from a security model whose primary purpose was to keep unauthorized users out, to a state where “business models that rely on outsourcing and collaboration have turned ‘inside’ and ‘outside’ on end, and Sun’s security model has shifted from simply keeping the bad guys out to actually supporting innovative new ways of doing business.”

For further insight into how Leslie views the role of Identity Management in information security, you can listen to the recent Identity Management Buzz podcast where Leslie has a lively conversation with Don Bowen and Brandon Whichard about her responsibilities as the new Sun CISO, the wireless internet at Sun, JavaOne and the NBA playoffs.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
Leslie Lambert

I am pleased to announce that my colleague Rakesh Radhakrishnan, Senior IT Architect with Sun Microsystems, has written a new book, entitled “Identity & Security – A Common Architecture & Framework For SOA and Network Convergence. It is available now through the publisher, Futuretext, in London, UK.

Rakesh is well known for his passionate advocacy of Identity Enabled Architecture. He continues exploration of this subject by addressing “the alignment and functional integration of an Identity System as a Common Security Framework for Enterprise Services …”

Congratulation, Rakesh on the publication of this book. Thank you for sharing the knowledge and insight you have accumulated through your years with Sun and before.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems